Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    REST API Advanced Filters

    Last updated on 06 November, 2023

    LogicMonitor REST API advanced filters are applied to key-value pairs where values are in JSON format. For example, in /device/devices APIs you can apply advanced filters for the keys – autoPropertiesinheritedPropertiessystemProperties, and customProperties.

    This article uses REST API /alert/alerts and /device/devices as examples to explain how you can use advanced filters. 

    Note:

  • The advanced filter structure used for /device/devices/ API will not work for /alert/alerts/ API.
  • The json_key_parameter and escaped json_value_parameter will not work for /alert/alerts/ API.
  • The examples used in this support article are samples only and must be modified to suit your business requirements.
    •

    Structure of Advanced Filters

    The following examples show the structure of advanced filters.

    • Normal query
    {{url}}/<api>?filter=<json_key_parameter>:"{<escaped json_value_parameter>}"&fields=<if any separated by ,>
    • Operator not equal (!:) filter query
    {{url}}/<api>?filter=<json_key_parameter>!:"{<escaped json_value_parameter>}"
    • Operator contains (~) filter query
    {{url}}<api>?filter=<json_key_parameter>~"{<escaped json_value_parameter>}"
    • Operator not contains (!~) filter query
    {{url}}<api>?filter=<json_key_parameter>!~"{<escaped json_value_parameter>}"
    • Operator special_eq (:::) filter query where it checks both null and empty values
    {{url}}<api>?filter=<json_key_parameter>:::empty
    • Operator special_ne (!::) filter query where it checks if the value is not empty or null
    {{url}}<api>?filter=<json_key_parameter>!::empty
    • Operator special_ne (!::) filter query where it checks if the value is not null
    {{url}}<api>?filter=<json_key_parameter>!::null
    • Operator logical OR (||) filter query
    {{url}}<api>?filter=<json_key_parameter_1>:"{<escaped json_value_parameter_1>}" || <json_key_parameter_2>:"{<escaped json_value_parameter_2>}"
    • Single and advanced filter query
    {{url}}<api>?filter=<json_key_parameter>:"{<escaped json_value_parameter>}",<non-json_key_parameter>:<non-json_value_paramter>

    Components of Advanced Filters

    The components of the advanced filter queries are as follows:

    ComponentsDescription with Examples
    {{url}}https://<company>.logicmonitor.com/santaba/rest
    <api>APIs, for example, /device/devices and /device/groups
    <json_key_parameter>In case of /device/devices, values can be autoPropertiesinheritedPropertiessystemProperties, and customProperties
    {<unescaped json_value_paramter>}For example, {"name":"testPROPERTY","value":"service"}
    {<escaped json_value_parameter>}For example, {\"name\":\"testPROPERTY\",\"value\":\"service\"}
    <non-json_key_parameter>Key whose value is not JSON. For example, idnamedisplayName, and so on.
    <non-json_value_paramter>Single values for example, id: 100, “name”: “Instance”
    Here, the non JSON value for id is 100 and for name it is Instance

    Use Case

    You can use advanced filters to get key-value pairs for any property with JSON as the value parameter.

    Device 1 (“id”: 3793) has the following systemProperties.

    {
"id": 3793,
"name": "sfsf",
"systemProperties": [
{
"name": "system.enablenetflow",
"value": "false"
},
{
"name": "system.collectorplatform",
"value": "n/a"
},
{
"name": "system.description",
"value": "dummy"
},
{
"name": "system.collectorid",
"value": "-4"
},
{
"name": "system.deviceId",
"value": "3793"
},
{
"name": "system.prefcollectordesc",
"value": "Service Data Aggregator"
},
{
"name": "system.collectordesc",
"value": "Service Data Aggregator"
},
{
"name": "system.deviceGroupId",
"value": "1"
},
{
"name": "system.resourceCreatedOn",
"value": "1556854294"
},
{
"name": "system.devicetype",
"value": "6"
},
{
"name": "system.collectorversion",
"value": "0"
},
{
"name": "system.prefcollectorid",
"value": "-4"
},
{
"name": "system.displayname",
"value": "sfsf"
},
{
"name": "system.hostname",
"value": "sfsf"
}
]
}

    Device 2 (“id”: 3792) has the following systemProperties.

    {
"id": 3792,
"name": "cc",
"systemProperties": [
{
"name": "system.enablenetflow",
"value": "false"
},
{
"name": "system.collectorplatform",
"value": "n/a"
},
{
"name": "system.description",
"value": "sfsf"
},
{
"name": "system.collectorid",
"value": "-4"
},
{
"name": "system.deviceId",
"value": "3792"
},
{
"name": "system.prefcollectordesc",
"value": "Service Data Aggregator"
},
{
"name": "system.collectordesc",
"value": "Service Data Aggregator"
},
{
"name": "system.deviceGroupId",
"value": "1"
},
{
"name": "system.resourceCreatedOn",
"value": "1556852762"
},
{
"name": "system.devicetype",
"value": "6"
},
{
"name": "system.collectorversion",
"value": "0"
},
{
"name": "system.prefcollectorid",
"value": "-4"
},
{
"name": "system.displayname",
"value": "cc"
},
{
"name": "system.hostname",
"value": "cc"
}
]
}

    When you run the following basic filter query

    {{url}}/device/devices?filter=systemProperties.name:"system.description",systemProperties.value:"sfsf"

    In the response body this query lists all devices (device 1 and 2) with systemProperties name “system.description” and devices with systemProperties value “sfsf“.

    When you run the following advanced filter query

    {{url}}/device/devices?filter=systemProperties:"{\"name\":\"system.description\",\"value\":\"sfsf\"}"

    In the response body this query lists devices (only device 2) with key-value pair i.e. systemProperties system.description:”sfsf“.

    /device/devices Filter Examples

    The following sections provide examples of the /device/devices filter.

    /device/devices API

    Filter structure:

    {{url}}/device/devices?filter=systemProperties:"{\"name\":\"system.description\",\"value\":\"sfsf\"}"&fields=systemProperties,name,id

    Example:

    https://localdev.logicmonitor.com/santaba/rest/device/devices?filter=systemProperties:"{\"name\":\"system.description\",\"value\":\"sfsf\"}"&fields=systemProperties,name,id

    /device/groups API

    Filter structure:

    {{url}}/device/groups?filter=customProperties:"{\"name\":\"test11\",\"value\":\"test11\"}"

    Example:

    https://localdev.logicmonitor.com/santaba/rest/device/groups?filter=customProperties:"{\"name\":\"test11\",\"value\":\"test11\"}"

    Query Examples

    The following sections provide examples of filter queries.

    systemProperties

    Operator equals (:) filter queries:

    {{url}}/device/devices?filter=systemProperties:"{\"name\":\"system.description\",\"value\":\"sfsf\"}"&fields=systemProperties,name,id

    The response body returns all devices with systemProperties that contain name:system.description AND value:sfsf

    {
"total":1,
"items":[
{
"id":770544,
"name":"10.241.242.102",
"systemProperties":[
{
"name":"system.enablenetflow",
"value":"false"
},
{
"name":"system.collectorplatform",
"value":"linux"
},
{
"name":"system.description",
"value":"sfsf"
},
{
"name":"system.collectorid",
"value":"11934"
},
{
"name":"system.deviceId",
"value":"770544"
},
{
"name":"system.prefcollectordesc",
"value":"centos-systemd-1"
},
{
"name":"system.collectordesc",
"value":"centos-systemd-1"
},
{
"name":"system.groups",
"value":"Synthetics_Resource_Group,demo:/dasdas,152_SJ_dy,DeadDeviceGrp,175_SJ_2"
},
{
"name":"system.deviceGroupId",
"value":"56255,103904,23105,21122,142395"
},
{
"name":"system.resourceCreatedOn",
"value":"1652188809"
},
{
"name":"system.devicetype",
"value":"0"
},
{
"name":"system.collectorversion",
"value":"29107"
},
{
"name":"system.staticgroups",
"value":"Synthetics_Resource_Group"
},
{
"name":"system.prefcollectorid",
"value":"11934"
},
{
"name":"system.displayname",
"value":"my test vm"
},
{
"name":"system.hoststatus",
"value":"dead-collector"
},
{
"name":"system.hostname",
"value":"10.241.242.102"
}
]
}
],
"searchId":null,
"isMin":false
}

    customProperties

    Run the query filter: 

    {{url}}/device/devices?filter=customProperties:"{\"name\":\"testPROPERTY\",\"value\":\"service\"}"&fields=customProperties,name,id

    The response body returns all devices with customProperties that contain name:testPROPERTY AND value:service

    {
"total":1,
"items":[
{
"id":44,
"name":"Instance",
"customProperties":[
{
"name":"testPROPERTY",
"value":"service"
},
{
"name":"same case",
"value":"service"
},
{
"name":"snmp.test",
"value":"test"
},
{
"name":"predef.bizservice.evalMembersInterval",
"value":"30"
},
{
"name":"predef.bizservice.members",
"value":"{\"device\":[],\"instance\":[{\"deviceGroupFullPath\":\"jenny/jenny1*\",\"deviceDisplayName\":\"10.131.1.17\",\"deviceProperties\":[],\"dataSourceFullName\":\"jenny_script_time\",\"dataSourceId\":2001791,\"instanceName\":\"*\"}]}"
},
{
"name":"system.categories",
"value":""
}
]
}
],
"searchId":null,
"isMin":false
}

    autoProperties

    Run the query filter: 

    {{url}}/device/devices?filter=autoProperties:"{\"name\":\"predef.externalResourceID\",\"value\":\"service_63\"}"&fields=autoProperties,name,id

    The response body returns all devices with autoProperties that contain name:predef.externalResourceID AND value:service_63

    {
"total":1,
"items":[
{
"id":63,
"name":"gcp",
"autoProperties":[
{
"name":"predef.externalResourceID",
"value":"service_63"
},
{
"name":"predef.externalResourceType",
"value":"Service"
}
]
}
],
"searchId":null,
"isMin":false
}

    systemProperties and inheritedProperties

    Run the query filter:

    {{url}}/device/devices?filter=systemProperties:"{\"name\":\"system.displayname\",\"value\":\"qqq1\"}",inheritedProperties:"{\"name\":\"fdfdf\",\"value\":\"121212\"}"

    The response body returns all devices with systemProperties that contain name:system.displayname AND value:qqq1 AND inheritedProperties name:fdfdf AND value:121212

    {
"total": 1,
"items": [
{
"id": 770544,
"name": "10.241.242.102",
"displayName": "my test vm",
"deviceType": 0,
"relatedDeviceId": -1,
"currentCollectorId": 11934,
"preferredCollectorId": 11934,
"autoBalancedCollectorGroupId": 0,
"preferredCollectorGroupId": 581,
"preferredCollectorGroupName": "Netflow",
"description": "sfsf",
"createdOn": 1652188809,
"updatedOn": 1652188809,
"disableAlerting": false,
"autoPropsAssignedOn": 0,
"autoPropsUpdatedOn": 0,
"scanConfigId": 0,
"link": "",
"enableNetflow": false,
"netflowCollectorId": 0,
"netflowCollectorGroupId": 0,
"netflowCollectorGroupName": null,
"isPreferredLogCollectorConfigured": false,
"currentLogCollectorId": 0,
"logCollectorId": 0,
"logCollectorDescription": null,
"logCollectorGroupId": 0,
"logCollectorGroupName": null,
"lastDataTime": 0,
"lastRawdataTime": 0,
"hostGroupIds": "56255,103904,23105,21122,142395",
"sdtStatus": "none-none-none",
"userPermission": "write",
"rolePrivileges": [],
"hostStatus": "dead-collector",
"alertStatus": "unconfirmed-critical-none",
"alertStatusPriority": 1,
"awsState": 1,
"azureState": 1,
"gcpState": 1,
"alertDisableStatus": "none-none-none",
"alertingDisabledOn": null,
"collectorDescription": "centos-systemd-1",
"netflowCollectorDescription": null,
"customProperties": [
{
"name": "sn.cmdb_url",
"value": "https://ven02915.service-now.com/nav_to.do?uri=cmdb_ci.do?sys_id=a1750a00db11d110afef285b13961906"
},
{
"name": "sn.sys_id",
"value": "a1750a00db11d110afef285b13961906"
},
{
"name": "system.categories",
"value": ""
}
],
"resourceIds": null,
"upTimeInSeconds": 0,
"deletedTimeInMs": 0,
"toDeleteTimeInMs": 0,
"hasDisabledSubResource": false,
"ancestorHasDisabledLogicModule": false,
"systemProperties": [
{
"name": "system.enablenetflow",
"value": "false"
},
{
"name": "system.collectorplatform",
"value": "linux"
},
{
"name": "system.description",
"value": "sfsf"
},
{
"name": "system.collectorid",
"value": "11934"
},
{
"name": "system.deviceId",
"value": "770544"
},
{
"name": "system.prefcollectordesc",
"value": "centos-systemd-1"
},
{
"name": "system.collectordesc",
"value": "centos-systemd-1"
},
{
"name": "system.groups",
"value": "Synthetics_Resource_Group,demo:/dasdas,152_SJ_dy,DeadDeviceGrp,175_SJ_2"
},
{
"name": "system.deviceGroupId",
"value": "56255,103904,23105,21122,142395"
},
{
"name": "system.resourceCreatedOn",
"value": "1652188809"
},
{
"name": "system.devicetype",
"value": "0"
},
{
"name": "system.collectorversion",
"value": "29107"
},
{
"name": "system.staticgroups",
"value": "Synthetics_Resource_Group"
},
{
"name": "system.prefcollectorid",
"value": "11934"
},
{
"name": "system.displayname",
"value": "my test vm"
},
{
"name": "system.hoststatus",
"value": "dead-collector"
},
{
"name": "system.hostname",
"value": "10.241.242.102"
}
],
"autoProperties": [],
"inheritedProperties": [
{
"name": "test11",
"value": "test11"
},
{
"name": "testPropertyTel",
"value": "tel:18618198654"
},
{
"name": "testPropertyHttps",
"value": "https://test.com"
},
{
"name": "mayank.pass",
"value": "********"
},
{
"name": "test.pass",
"value": "********"
},
{
"name": "test",
"value": "test"
},
{
"name": "fdfdf",
"value": "121212"
},
{
"name": "jnj",
"value": "jnj"
},
{
"name": "snmp.community",
"value": "********"
},
{
"name": "xen.user",
"value": "root"
},
{
"name": "esx.pass",
"value": "********"
},
{
"name": "tomcat.jmxports",
"value": "9003"
},
{
"name": "netapp.user",
"value": "abhi9999"
},
{
"name": "testPropertyHttp",
"value": "http://test.com"
},
{
"name": "xen.url",
"value": ""
},
{
"name": "becca",
"value": "something"
},
{
"name": "testPropertySkype",
"value": "skype:21268822"
},
{
"name": "testPropertyMailto",
"value": "mailto:[email protected]"
},
{
"name": "mayank",
"value": "test"
},
{
"name": "fang_wan",
"value": "192.192.178.1"
},
{
"name": "SS",
"value": "wwww"
},
{
"name": "test22",
"value": "test22"
},
{
"name": "esx.user",
"value": "adsf"
},
{
"name": "test.ipsi",
"value": " "
},
{
"name": "rootProp",
"value": "test"
},
{
"name": "xen.pass",
"value": "********"
},
{
"name": "today.date",
"value": "8June"
},
{
"name": "Test_prop1",
"value": "test1"
},
{
"name": "test2",
"value": "test2"
},
{
"name": "api-property1553839486",
"value": "value"
},
{
"name": "ssh.pass",
"value": "********"
}
],
"syntheticsCollectorIds": []
}
],
"searchId": null,
"isMin": false
}

    Operator Usage in Advanced Filters for /device/devices API 

    • Operator not equal (!:) filter query
    {{url}}/device/devices?filter=customProperties!:"{\"name\":\"predef.bizservice.evalMembersInterval\",\"value\":\"*\"}"
    • Operator contains (~) filter query
    {{url}}/device/devices?filter=customProperties~"{\"name\":\"predef.bizservice.evalMembersInterval\",\"value\":\"*\"}"
    • Operator not contains (!~) filter query
    {{url}}/device/devices?filter=customProperties!~"{\"name\":\"predef.bizservice.evalMembersInterval\",\"value\":\"*\"}"

    Note: You will not get all possible values by merely using the contains (~) and not contains (!~) filter. Instead, these filter will give an exact match. To get all possible values, add an asterisk (*)to the filter. For example, you can write “ATT*” or “*ATT” in

    • Contains:
      url/device/devices/?filter=customProperties~”{\”name\”:\”FilterTest\”,\”value\”:\”ATT*\”}”&fields=id,name,customProperties
    • Not contains:
      url/device/devices/?filter=customProperties!~”{\”name\”:\”FilterTest\”,\”value\”:\”ATT*\”}”&fields=id,name,customProperties
    • Operator special_eq (:::) filter query
    {{url}}/device/devices?filter=inheritedProperties:::empty

    The response body returns all devices that do no have inheritedProperties. Empty checks for both null and empty.

    • Operator special_ne (!::) filter query
    {{url}}/device/devices?filter=netflowCollectorDescription!::empty

    The response body returns all devices where netflowCollectorDescription is not empty or null.

    • Operator special_ne (!::) filter query
    {{url}}/device/devices?filter=netflowCollectorDescription!::null

    In the response body this query gives all the devices where netflowCollectorDescription is not null.

    • Operator logical OR (||) filter query
    {{url}}/device/devices?filter=customProperties:"{\"name\":\"testPROPERTY\",\"value\":\"service\"}" || customProperties:"{\"name\":\"system.categories\",\"value\":\"KubernetesLogicalService\"}"
    • Single and advanced filter query
    {{url}}/device/devices?fields=systemProperties,name,id&filter=systemProperties:"{\"name\":\"system.description\",\"value\":\"sfsf\"}",id>100

    Example: 
    Run the query

    {{url}}/device/devices?filter=systemProperties:"{\"name\":\"system.hostname\",\"value\":\"ay_service1_*\"}",id>1528&fields=systemProperties,id

    In the response body this query gives the following result:

    {
"total": 1,
"items": [
{
"id": 1530,
"systemProperties": [
{
"name": "system.enablenetflow",
"value": "false"
},
{
"name": "system.collectorplatform",
"value": "n/a"
},
{
"name": "system.collectorid",
"value": "-4"
},
{
"name": "system.deviceId",
"value": "1530"
},
{
"name": "system.prefcollectordesc",
"value": "Service Data Aggregator"
},
{
"name": "system.collectordesc",
"value": "Service Data Aggregator"
},
{
"name": "system.groups",
"value": "Ay_service_group"
},
{
"name": "system.deviceGroupId",
"value": "478"
},
{
"name": "system.resourceCreatedOn",
"value": "1552015277"
},
{
"name": "system.devicetype",
"value": "6"
},
{
"name": "system.collectorversion",
"value": "0"
},
{
"name": "system.staticgroups",
"value": "Ay_service_group"
},
{
"name": "system.prefcollectorid",
"value": "-4"
},
{
"name": "system.displayname",
"value": "ay_service1_CLONE1"
},
{
"name": "system.hostname",
"value": "ay_service1_CLONE1"
}
]
}
],
"searchId": null,
"isMin": false
}

    Operator Usage in Advanced Filters for /alert/alerts API

    Note: Alert filters for monitorObjectGroups are supported only for fullpath property. Currently, only 2 operators – Equal (:) and Contain (~) are supported.

    Equal (:) and Contain (~) Operators

    • Filter alerts that have Resource Group or monitorObjectGroups’s fullpath=”Devices by Type/Collectors”
    {{url}}/alert/alerts?filter=monitorObjectGroups:"Devices by Type/Collectors"

    Example

    https://localdev.logicmonitor.com/santaba/rest/alert/alerts?filter=monitorObjectGroups:"Devices by Type/Collectors"
    • Filter alerts that have Resource Group (“Devices by Type”) or its subgroups. “*” at the end indicates that it also includes the subgroups. For example, a Resource Group (“Devices by Type”) has 2 subgroups: Collectors (“Devices by Type/Collectors”) and Linux Servers (“Devices by Type/Linux Servers”). Here, the result will include alerts having Resource Groups either (fullpath=”Devices by Type”) or (fullpath=”Devices by Type/Collectors”) or (fullpath=”Devices by Type/Linux Servers”)
    {{url}}/alert/alerts?filter=monitorObjectGroups:"Devices by Type*"
    • Filter alerts based on multiple Resource Group values (multiple fullpath values should be separated by “|”)
      Filter alerts that have (fullpath=”Devices by Type/Collectors”) or (fullpath=”Kubernetes Cluster: k8-test/Nodes/All”)
    {{url}}/alert/alerts?filter=monitorObjectGroups:"Devices by Type/Collectors|Kubernetes Cluster: k8-test/Nodes/All"
    • Filter alerts of root Group. If the fullpath of the root group is empty, then the company name (for example, qauat01) should be provided.
    {{url}}/alert/alerts?filter=monitorObjectGroups:"qauat01"
    • Filter alerts that match with “Collectors” in the Resource Group fullpath. If there are 2 groups with fullpath as “Devices by Type/Collectors” and “Collectors_Backup” then the result will contain alerts from both the groups.
    {{url}}/alert/alerts?filter=monitorObjectGroups~"Collectors"
    • Single and advanced filter query
    {{url}}/alert/alerts?filter=monitorObjectGroups:"Devices by Type/Collectors",startEpoch>:1653295431
    {{url}}/alert/alerts?filter=monitorObjectGroups:"Devices by Type/Collectors",type:"batchJobAlert"
    In This Article