2 Replies Latest reply on Jul 23, 2017 10:07 PM by artanis

    Getting empty results when using REST api query (ESM)

    meirwah

      I'm using ESM (version 9.5.2, appliance)

      Trying to integrate with REST API to fetch and query events in the SIEM.
      I'm using the qryExecuteDetail API , I'm using simple query (no filters) to test I can fetch all events.

      But i always get in the response body :

      {"return": {

          "attributeColumn": 0,

          "countColumn": 0,

          "drilldownColumn": 1,

          "groupByString": "",

          "labelColumn": 0,

          "resultID": {"value": 140532958030616},

          "startTime": "03\/01\/2016 00:00:00",

          "stopTime": "03\/02\/2016 00:00:00",

          "totalResultID": {"value": 0},

          "totalRows": 0

      }}

       

      Then If I try to use the qryGetResults api to fetch the results(using the last resultID) , I get 400 response code and this error in body :

      ERROR_QueryResultNotAvailable (238)

       

      Any idea? what i'm doing wrong?