REST API Basic Filters
Last updated on 09 October, 2023When making API calls using LogicMonitor REST API, you may get too many results. To make your search more specific, you can use API filters. You can use the pattern <field name><operator><values> to create filters.
In this support article we have used REST API /alert/alerts and /device/devices as examples to explain how filters can be used. You can filter endpoints with the values supported by the following operators:
| Operator | Description |
| : | Equal |
| !: | Not equal |
| > | Greater than |
| < | Less than |
| >: | Greater than or equal |
| <: | Less than or equal |
| ~ | Contain |
| !~ | Does not contain |
Users with administrator role will receive more results than users with non-admin roles. Users with administrator role have more privileges and access to most of the devices. Whereas, users with non-admin roles get results based on the devices they have access to.
General Examples
In this section you can refer the following examples for any REST API endpoint.
Note: These are samples only and must be modified to suit your business requirements.
- Filter resources whose color is red
filter=color:"red"- Filter resources whose name is *
aaaand status isactive
filter=name:"*aaa",status:"active"- Filter resources whose status is
activeorsuspend
filter=status:"active"|"suspend"- Filter resources whose contact object’s name is
hoo
filter=contact.name:"hoo"- Filter resources whose property array has at least one element with name as
location
filter=properties.name:"location"- Filter resources whose status is
suspendor name isaaaorbbborccc
filter=name:"aaa"|"bbb"|"ccc"||status:"suspend"- Search for all resources that contain keywords
filter=_all~"keyword"Filters for /alert/alerts API Endpoints
You must consider the following points when using the filters:
- When you filter an endpoint based on parameters, the result is consistent as long as there is no change (no new addition or deletion of alert) in the alert count even if you hit the API multiple times.
If you provide the Sort request attribute, then the result is sorted as per the alert property. For example, if the alert is sorted based on the startEpoch alert property, the result is sorted as per the startEpoch of the alert. If the startEpoch of some alerts is equal, then the result is sorted based on the ascending order of the alert ID property. Thus, the result is always consistent. - You can filter endpoints of GET alert list API (
/alert/alerts). The response of the GET alert list API can be filtered using the request parameters (filters). - You can filter alert properties and their values only using the AND operator. For example, filter=<condition>,<condition>,… Where condition is <field name><operator><values>
- You can filter
/alert/alertsendpoints with multiple properties at a time. For example,
Request URL
{{url}}/alert/alerts?offset=0&size=300&sort=startEpoch&filter=startEpoch>:1653295431,startEpoch<:1658146793,severity:"4"|"3",cleared:"*",resourceTemplateName:"Host status",monitorObjectName~"pod-kube"Here five filters are applied on alert properties: startEpoch, severity, cleared, resourceTemplateName, and monitorObjectName.
startEpochis1653295431 <= startEpoch <= 1658146793severitycan be either3or4clearedvalue can be true or falseresourceTemplateNameequals toHost statusmonitorObjectNamecontainspod-kube
In the response body this query lists the result as per the filters.
{
"total": -301,
"items": [
{
"resourceId": 12596234,
"anomaly": false,
"instanceName": "HostStatus",
"monitorObjectId": 775798,
"endEpoch": 1653295561,
"rule": "",
"threshold": "> 300 300 300",
"type": "dataSourceAlert",
"startEpoch": 1653295431,
"enableAnomalyAlertGeneration": "",
"internalId": "LMD50170983",
"ackComment": "",
"monitorObjectName": "kube-proxy-mj7w2-pod-kube-system-dashboard-test",
"dataPointName": "idleInterval",
"instanceId": 284641854,
"dataPointId": 99721,
"suppressDesc": null,
"nextRecipient": 0,
"suppressor": null,
"id": "DS101384979",
"ruleId": 0,
"alertValue": "395.0",
"adAlert": false,
"ackedBy": "",
"severity": 4,
"sdted": false,
"ackedEpoch": 0,
"chain": "",
"SDT": null,
"subChainId": 0,
"enableAnomalyAlertSuppression": "",
"receivedList": "",
"monitorObjectType": "device",
"acked": false,
"resourceTemplateType": "DS",
"clearValue": "44.0",
"instanceDescription": "",
"dependencyRoutingState": null,
"monitorObjectGroups": [],
"dependencyRole": null,
"chainId": 0,
"resourceTemplateId": 143475810,
"cleared": true,
"adAlertDesc": "",
"resourceTemplateName": "Host Status"
},
{
"resourceId": 12596120,
"anomaly": false,
"instanceName": "HostStatus",
"monitorObjectId": 775797,
"endEpoch": 1653295561,
"rule": "",
"threshold": "> 300 300 300",
"type": "dataSourceAlert",
"startEpoch": 1653295431,
"enableAnomalyAlertGeneration": "",
"internalId": "LMD50170864",
"ackComment": "",
"monitorObjectName": "coredns-78fcd69978-snnq2-pod-kube-system-dashboard-test",
"dataPointName": "idleInterval",
"instanceId": 284641831,
"dataPointId": 99721,
"suppressDesc": null,
"nextRecipient": 0,
"suppressor": null,
"id": "DS101384981",
"ruleId": 0,
"alertValue": "396.0",
"adAlert": false,
"ackedBy": "",
"severity": 4,
"sdted": false,
"ackedEpoch": 0,
"chain": "",
"SDT": null,
"subChainId": 0,
"enableAnomalyAlertSuppression": "",
"receivedList": "",
"monitorObjectType": "device",
"acked": false,
"resourceTemplateType": "DS",
"clearValue": "4.0",
"instanceDescription": "",
"dependencyRoutingState": null,
"monitorObjectGroups": [],
"dependencyRole": null,
"chainId": 0,
"resourceTemplateId": 143475810,
"cleared": true,
"adAlertDesc": "",
"resourceTemplateName": "Host Status"
}
],
"searchId": "",
"isMin": false
}Examples: /alert/alerts filter
- Filter alerts which are generated between the epoch range 1653295431 <=
startEpoch<= 1663756550
{{url}}/alert/alerts?filter=startEpoch>:1653295431,startEpoch<:1663756550- Filter alerts with
severity= 3 or 4. Severity 3 indicates error and severity 4 indicates critical alert.
{{url}}/alert/alerts?filter=severity:"4"|"3"- Display all alerts including
clearedandunclearedalerts
{{url}}/alert/alerts?filter=cleared:"*"- Filter
clearedalerts
{{url}}/alert/alerts?filter=cleared:true- Filter alerts with
resourceTemplateName=Host status
{{url}}/alert/alerts?filter=resourceTemplateName:"Host status"- Filter alerts with
monitorObjectNamecontainingpod-kube
{{url}}/alert/alerts?filter=monitorObjectName~"pod-kube"- Filter alerts using 5 alert properties –
startEpoch,severity,cleared,resourceTemplateName, andmonitorObjectName. The result is sorted based on startEpoch (ascending order). Because the offset is 0 and the specified size is 300, out of all filtered alerts, the first 300 alerts are fetched.
{{url}}/alert/alerts?offset=0&size=300&sort=startEpoch&filter=startEpoch>:1653295431,startEpoch<:1658146793,severity:"4"|"3",cleared:"*",resourceTemplateName:"Host status",monitorObjectName~"pod-kube"- Filter alerts whose type is
dataSourceAlertand are acknowledged
{{url}}/alert/alerts?filter=acked:true,type:"dataSourceAlert"- Filter alerts whose escalation chain is
Secondaryand alert rule name containsCritical
{{url}}/alert/alerts?filter=chain:"Secondary",rule~"Critical"- Filter alerts whose
instanceNameisHostStatus
{{url}}/alert/alerts?filter=instanceName:"HostStatus"- Filter alerts whose
dataPointNameisLatency
{{url}}/alert/alerts?filter=dataPointName:"Latency"- Filter alerts that are in SDT
{{url}}/alert/alerts?filter=sdted:true- Filter alerts which are
clearedand haveendEpoch<=1658820186
{{url}}/alert/alerts?filter=cleared:true,endEpoch<:1658820186- Filter alerts which are
clearedand haveendEpoch>1658820186
{{url}}/alert/alerts?filter=cleared:true,endEpoch>1658820186- Filter alerts which are
clearedand haveendEpoch<=1658820186 andendEpoch>=1658820079
{{url}}/alert/alerts?filter=cleared:true,endEpoch<:1658820186,endEpoch>:1658820079Filters for /device/devices API Endpoints
You can use the following filters to refine API calls.
- Filter device whose id is 44
{{url}}/device/devices?filter=id:44- Filter devices with name that ends with string
service, anddevicetypeis6
{{url}}/device/devices?filter=name:"*service",deviceType:6- Filter devices with
hostGroupIds24517or31
{{url}}/device/devices?filter=hostGroupIds:"24517" | "31"- Filter devices with
inheritedPropertieswhere one of the property names issnmp.communityirrespective of the value of property.
{{url}}/device/devices?filter=inheritedProperties.name:"snmp.community"- Filter devices whose
displayNamecontains stringMemberOR devices withid>11. The result will display those devices which match one or both the filters.
{{url}}/device/devices?filter=displayName~"*Member" || id>11- Filter devices whose
displayNamecontains stringMemberAND devices withid> 11. The result will display only those devices which match both the filters.
{{url}}/device/devices?filter=displayName~"*Member", id>11- Search for all devices that contain the keyword
new device
{{url}}/device/devices?filter=_all~"new device"Operator Examples
Contain and Does Not Contain (~ and !~) Operators
Run the following query:
{{url}}/device/devices?fields=autoProperties,name,id&filter=autoProperties.name:"predef.externalResourceID",autoProperties.value~"service"In the response body this query lists IDs, names, and autoProperties of devices with autoProperties.name = predef.externalResourceID or any autoProperties.value with substring = service.
Note: It also lists autoProperty value containing only special characters or numbers.
{
"total":4865,
"items":[
{
"id":44,
"name":"Instance",
"autoProperties":[
{
"name":"predef.externalResourceID",
"value":"service_44"
},
{
"name":"predef.externalResourceType",
"value":"Service"
}
]
},
{
"id":63,
"name":"gcp",
"autoProperties":[
{
"name":"predef.externalResourceID",
"value":"service_63"
},
{
"name":"predef.externalResourceType",
"value":"Service"
}
]
},
{
"id":65,
"name":"cloudAndNormal",
"autoProperties":[
{
"name":"predef.externalResourceID",
"value":"service_memberdevice_65"
},
{
"name":"predef.externalResourceType",
"value":"ServiceMember"
}
]
{
"id": 2378,
"name": "1.1.1.3",
"autoProperties": [
{
"name": "predef.externalResourceID",
"value": "service_2378"
},
{
"name": "predef.externalResourceType",
"value": "Service"
},
{
"name": "auto.host",
"value": "1.1.1.3"
}
]
},
}Equal To, Contain, Greater Than, and Less Than (:, ~, >, <) Operators
Run the following query:
{{url}}/device/devices?filter=id<5000,displayName~"service",hostGroupIds:"1",createdOn>1559000000In the response body this query lists all devices with ID less than 5000 AND displayName containing “service” string, hostGroupIds = “1”, and createdOn time > 1559000000
{
"total": 1,
"items": [
{
"id": 4389,
"name": "czservice",
"displayName": "czservice",
"deviceType": 6,
"relatedDeviceId": -1,
"currentCollectorId": -4,
"preferredCollectorId": -4,
"autoBalancedCollectorGroupId": 0,
"preferredCollectorGroupId": 1,
"preferredCollectorGroupName": "@default",
"description": "",
"createdOn": 1559236150,
"updatedOn": 1632927244,
"disableAlerting": false,
"autoPropsAssignedOn": 0,
"autoPropsUpdatedOn": 0,
"scanConfigId": 0,
"link": "",
"enableNetflow": false,
"netflowCollectorId": 0,
"netflowCollectorGroupId": 0,
"netflowCollectorGroupName": null,
"isPreferredLogCollectorConfigured": false,
"currentLogCollectorId": 0,
"logCollectorId": 0,
"logCollectorDescription": null,
"logCollectorGroupId": 0,
"logCollectorGroupName": null,
"lastDataTime": 0,
"lastRawdataTime": 0,
"hostGroupIds": "1",
"sdtStatus": "none-none-none",
"userPermission": "write",
"rolePrivileges": [],
"hostStatus": "normal",
"alertStatus": "none",
"alertStatusPriority": 100000,
"awsState": 1,
"azureState": 1,
"gcpState": 1,
"alertDisableStatus": "none-none-none",
"alertingDisabledOn": null,
"collectorDescription": "Service Data Aggregator",
"netflowCollectorDescription": null,
"customProperties": [
{
"name": "predef.bizservice.evalMembersInterval",
"value": "30"
},
{
"name": "predef.bizservice.members",
"value": "{\"device\":[{\"deviceGroupFullPath\":\"Devices by Type*\",\"deviceDisplayName\":\"127.0.0.34_PhysicalDatastore\",\"deviceProperties\":[]}],\"instance\":[]}"
},
{
"name": "system.categories",
"value": ""
}
],
"resourceIds": null,
"upTimeInSeconds": 0,
"deletedTimeInMs": 0,
"toDeleteTimeInMs": 0,
"hasDisabledSubResource": false,
"ancestorHasDisabledLogicModule": false,
"systemProperties": [
{
"name": "system.enablenetflow",
"value": "false"
},
{
"name": "system.collectorplatform",
"value": "n/a"
},
{
"name": "system.collectorid",
"value": "-4"
},
{
"name": "system.deviceId",
"value": "4389"
},
{
"name": "system.prefcollectordesc",
"value": "Service Data Aggregator"
},
{
"name": "system.collectordesc",
"value": "Service Data Aggregator"
},
{
"name": "system.deviceGroupId",
"value": "1"
},
{
"name": "system.resourceCreatedOn",
"value": "1559236150"
},
{
"name": "system.devicetype",
"value": "6"
},
{
"name": "system.collectorversion",
"value": "0"
},
{
"name": "system.prefcollectorid",
"value": "-4"
},
{
"name": "system.displayname",
"value": "czservice"
},
{
"name": "system.hostname",
"value": "czservice"
}
],
"autoProperties": [
{
"name": "predef.externalResourceID",
"value": "service_4389"
},
{
"name": "predef.externalResourceType",
"value": "Service"
}
],
"inheritedProperties": [
{
"name": "test.pass",
"value": "********"
},
{
"name": "esx.user",
"value": "n n "
},
{
"name": "snmp.community",
"value": "********"
},
{
"name": "esx.pass",
"value": "********"
},
{
"name": "ssh.pass",
"value": "********"
}
],
"syntheticsCollectorIds": null
}
],
"searchId": null,
"isMin": false
}