Retrieve and Acknowledge Alerts

Using the correlation APIs, you can retrieve and acknowledge alerts. Real-time instances generate alerts; replay instances do not.

You can perform the following operations on alerts using REST API:
  • Retrieve and view alerts: 
    GET https://<host>:9682/api/v1/instance/<instanceID>/alerts?alertNameFilter=LoginFailureAttempt
  • Retrieve alert details: 
    GET https://<host>:9682/api/v1/instance/<instanceID>/alert/<alertID>
  • Acknowledge alerts: 
    POST https://<host>:9682/api/v1/alerts

List of REST API services

Resource API Description
GET instance/{id}/alerts Get a list of alerts from an instance.
POST alerts Acknowledge alerts.
GET instance/{id}/alert/{alertID} Get the detailed summary of an alert.
GET instances/alert/severities Get a list of alert severities.
GET instances/alert/categories Get a list of alert categories.
POST instances/alert/fields Get a list of alert fields for the rule and source environment. The alert fields are different depending on the rule and source environment.
GET instance/{id}/alert/{alertID}/group/{groupName}/ eventKeys Get a list of event references and sources. This supports only realtime instances.
Related concepts