0 Replies Latest reply on Jun 14, 2017 5:33 AM by rvandenbrandt

    qryExecuteGrouped API

    rvandenbrandt

      I'm trying to perform a grouped query using the REST API, for example I would like to fetch the amount of events with a certain source IP

       

      The query I'm using is:

      qryExecuteGrouped?queryType=EVENT&groupType=COUNT

       

      ({

              "config": {

                  "timeRange": "LAST_HOUR",

                  "fields": [{"name": "SrcIP"}],

                  "filters": [{

                      'values': [{

                          'value': "172.16.105.100",

                          'type': 'EsmBasicValue'

                      }],

                      'type': 'EsmFieldFilter',

                      'operator': 'EQUALS',

                      'field': {'name': 'SrcIP'}}]

      }}

       

      However, the response is a filter error

       

      Error executing query, filterString=Alert.LastTime[$Last,?Hour,DV,DV]#Alert.SrcIP[172.16.105.100] (ERROR_InvalidFilter (228))

       

      Does anyone knows what the issue could be?