0 Replies Latest reply on Jun 14, 2017 5:33 AM by rvandenbrandt

    qryExecuteGrouped API


      I'm trying to perform a grouped query using the REST API, for example I would like to fetch the amount of events with a certain source IP


      The query I'm using is:




              "config": {

                  "timeRange": "LAST_HOUR",

                  "fields": [{"name": "SrcIP"}],

                  "filters": [{

                      'values': [{

                          'value': "",

                          'type': 'EsmBasicValue'


                      'type': 'EsmFieldFilter',

                      'operator': 'EQUALS',

                      'field': {'name': 'SrcIP'}}]



      However, the response is a filter error


      Error executing query, filterString=Alert.LastTime[$Last,?Hour,DV,DV]#Alert.SrcIP[] (ERROR_InvalidFilter (228))


      Does anyone knows what the issue could be?