Alerts API - Size Limit
Hi Everyone,
I am running into a size limit issue in my pursuit of creating a quarterly report for a customer. What I am trying to do is narrow down my filter to have any cleared alert that is a severity 4 that was closed during that quarter. My issue is two-fold. I am not sure of the syntax that would only show alerts that cleared during that quarter (I am trying to do the equivalent of ‘between’ in python IF statements) and the size limit of 1000 is limiting because I cannot get a count of cleared alerts. I couldn’t find anything regarding pagination that can be used.
I have also attempted to do the F12 then network button trick, but there is nothing that stands out there or anything that I can identify. And I have tried looking at other questions and couldn’t find anything relating this.
This is my query:
?size=1000&filter=severity:4,cleared:true,startEpoch>:{startEpoch}&filter=severity:4,cleared:true,endEpoch<:{endEpoch}
Any guidance would be greatly appreciated.
You’d use the size query parameter along with the offset. Size is how many items to fetch, offset is which item (by index) to start with. So, you’d need to loop through making multiple API calls and aggregating the results into a single list/dict. Each iteration would increment the offset by the size:
Call 1: Items 0-999 size=1000&offset=0
Call 2: Items 1000-1999: size=1000&offset=1000
Call 3: Items 2000-2999: size=1000&offset=2000
Call 4: Items 3000-3475: size=1000&offset=3000
On call 4, you’d notice that the number of returned items is less than the size (475<1000) so you’d know you’d reached the end. In Python, I do it like this:
items = []
last_item_found = False
query_size=1000
while not last_item_found:
current_call_result = <your method to fetch the items from the api, I use the sdk>
fetched_items = current_call_result.items
items += fetched_items
last_item_found = len(fetched_items) < query_size
for item in items: print(item)
