This repository has been archived by the owner on Jul 22, 2024. It is now read-only.
Using "Contains" for a list with no key/value pairs #16
Comments
|
If I use this filter "source_address_ids contains 3277" on the "9.0 - GET - /siem/offenses" endpoint it works. However when I try this (source_address_ids contains 100001) on the log_sources endpoint I get a 500 response code. Are these filters not universal? |
|
Hi, The filters are supposed to be universal. Your filter is correct. A 500 response means there was a problem on the server. You should be able to see an exception related to this endpoint in /var/log/qradar.error on the server. You should contact customer support with the filter you are using and the error from the log. David |
|
Should this be closed? |
|
I suppose. I submitted it and it was identified as a bug. Don't know what the status is. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
and others
I'm trying to GET log sources that are in a specific log source group in the interactive API (api_doc). I can't seem to figure out the syntax for the filter.
Endpoint: 9.0 - GET - /config/event_sources/log_source_management/log_sources
Example of the field:
{ "group_ids": [ 100001 ] },I'm pretty sure the filter is supposed to start with "group_ids contains" but I can't figure out what to put after that.
The text was updated successfully, but these errors were encountered: