REST API Developer's Guide

Get Alerts

LogicMonitor's REST API allows you to programmatically get alerts for your account.  



Resource URI



Get a list of alerts

Returns a list of alerts


URI: /alert/alerts

Request Parameters:By default, a list of 50 alerts will be returned. You can include the following query parameters that control what data is included in the response and how it is formatted. Note that query parameters are not considered part of the resource path, and should not be included the calculation of the LMv1 authentication signature.




Example URI

sort sort={+ or -}property Sorts the response by the property specified in either increasing (+) or decreasing (-) order /alert/alerts?sort=-startEpoch
filter filter=_all~value Filters the response to include only the results that include the specified value. You can substitute _all with a field name to filter on only a specific field. Note that filtering is only available for id, type, acked, rule, chain, severity, cleared, sdted, monitorObjectName, monitorObjectGroups, resourceTemplateName, instanceName, and dataPointName. Operators include:
  • Greater than or equals: >:
  • Less than or equals: <:
  • Greater than: >
  • Less than: <
  • Does not equal: !:
  • Equals: :
  • Includes: ~
  • Does not include: !~
fields fields=list of properties separated by commas Filters the response to only include the following fields for each object /alert/alerts?fields=type,id,acked,severity
size size=integer The number of results to display, where a maximum of 1000 results can be requested /alert/alerts?size=10
offset offset=integer The number of results to offset the displayed results by /alert/alerts?offset=20
needMessage needMessage=true|false Whether or not the detailed alert messages should be included in the response /alert/alerts?needMessage=true
customColumns customColumns=value1,value2,value3 The property or token values that should display with the alert details. Note that if referencing tokens, you'll need to URL encode the # symbol. /alert/alerts?customColumns=%2523%2523system.collectorid%2523%2523,%2523%2523system.groups%2523%2523


Note that by default, only active alerts are returned.  To get cleared alerts & active alerts in the response, add a filter for 'cleared:*'


Note: The response 'total' will be a negative number if there are additional alerts that satisfy the request criteria that weren't included in the request, and that "at least" that number of alerts exist. For example, if you request the first 500 alerts and you have 3000 alerts in your account, the response may include total=-1000 (i.e. you have at least 1000 alerts, but you didn't ask for them all).


The following Python script requests a list of alerts, and the value of ##externalticketid## for each alert:

#!/bin/env python

import requests
import json
import hashlib
import base64
import time
import hmac

#Account Info
AccessId ='48v2wRzfK94y53sq5EuF'
AccessKey ='H_D9i(f5~B^U36^K6i42=^nS~e75gy382Bf6{)P+'
Company = 'api'

#Request Info
#Request Info
httpVerb ='GET'
resourcePath = '/alert/alerts'
queryParams ='?customColumns=%2523%2523externalticketid%2523%2523'

#Construct URL 
url = 'https://'+ Company +'' + resourcePath + queryParams

#Get current time in milliseconds
epoch = str(int(time.time() * 1000))

#Concatenate Request details
requestVars = httpVerb + epoch + data + resourcePath

#Construct signature
signature = base64.b64encode(,msg=requestVars,digestmod=hashlib.sha256).hexdigest())

#Construct headers
auth = 'LMv1 ' + AccessId + ':' + signature + ':' + epoch

headers = {'Content-Type':'application/json','Authorization':auth}

#Make request
response = requests.get(url, data=data, headers=headers)

#Print status and body of response
print 'Response Status:',response.status_code
print 'Response Body:',response.content