Open GQnzo opened 6 years ago
If I use this filter "source_address_ids contains 3277" on the "9.0 - GET - /siem/offenses" endpoint it works. However when I try this (source_address_ids contains 100001) on the log_sources endpoint I get a 500 response code. Are these filters not universal?
Hi,
The filters are supposed to be universal. Your filter is correct. A 500 response means there was a problem on the server. You should be able to see an exception related to this endpoint in /var/log/qradar.error on the server. You should contact customer support with the filter you are using and the error from the log.
David
Should this be closed?
I suppose. I submitted it and it was identified as a bug. Don't know what the status is.
I'm trying to GET log sources that are in a specific log source group in the interactive API (api_doc). I can't seem to figure out the syntax for the filter.
Endpoint: 9.0 - GET - /config/event_sources/log_source_management/log_sources Example of the field:
{ "group_ids": [ 100001 ] },
I'm pretty sure the filter is supposed to start with "group_ids contains" but I can't figure out what to put after that.