1 Reply Latest reply on Sep 20, 2017 3:47 PM by Peacekeeper

    EPO API Where Clause

    mrmatt

      I've been trying to run this query with two where clauses with no luck. I can run each where statement separately, but when I combine them the page simply returns "OK: " with no data. Can anyone offer any help? Here is my current query, I'd like to return all events for a specific user for the last 90 days:

       

      https://EPOServer:port/remote/core.executeQuery?target=DLP_EventView&:output=ter se&select=(select DLP_EventView.EventRowID DLP_EventView.EventType DLP_EventView.LocalTime DLP_EventView.UTCTime DLP_EventView.Score DLP_EventView.FocusDisplay DLP_EventView.RuleIDSet_DisplayName DLP_EventView.ApplicationSet_DisplayName DLP_EventView.ProcessInfo_Product DLP_EventView.ProcessInfo_FileName DLP_EventView.ProcessInfo_MD5 DLP_EventView.LabelSet_DisplayName DLP_EventView.TagSet_DisplayName DLP_EventView.ComputerName DLP_EventView.UserName DLP_EventView.Policy_Name DLP_EventView.Policy_DateModified DLP_EventView.AgentVersion DLP_EventView.EvidenceLocationPrefix DLP_EventView.TotalNumberOfCategoriesAndTags DLP_EventView.EventType_Administrative DLP_EventView.TotalNumberOfHits DLP_EvidenceTypeAndValue.EvidenceType  DLP_EvidenceTypeAndValue.EvidenceValue)&where=(where(and(contains DLP_EventView.UserName "user.name") (newerThan DLP_EventView.InsertionTime 3336000)))