The following article explains how to close/modify and query incidents for a specific timeframe.
Solution
- Run the IRIS API to get the AIMS token (using an alias $TOKEN):
~$ TOKEN=$(curl -X POST -u '<UIuser>:<UIpass>' -d '{"mfa_code": "<INSERTCODE>"}' https://api.cloudinsight.alertlogic.com/aims/v1/authenticate/ | jq -r .authentication.token) - Check that you have a valid token using:
~$ echo $TOKEN - Query the IRIS API for a list of open incidents in the timeframe in question and output to a file:
curl -s -X POST -d '{"query":{"select":["*"]},"limit":99999,"offset":0}' -H "x-aims-auth-token: $TOKEN" "https://api.cloudinsight.alertlogic.com/iris/v2/<INSERT_Customer_ID>/incident/search" | jq -r ' .incidents[] | select(.createTime >= 1517490767) | select(.createTime <= 1559365187) | select(.customer_status.status == "open") | .incidentId' | tr -d '"' > incident.list
Note: The “createTime” epoch date will need to be changed to the expected start time “>=” and end time “<=”. - POST the required fields and notes to close the incidents:
~$ while read incidentID; do curl -s -X POST -d "{ \"operation\": \"completed\", \"reason_code\": \"other\", \"notes\": \"auto closed per cx request\", \"incidents\": [\"$incidentID\"] }" -H "x-aims-auth-token: $TOKEN" "https://api.cloudinsight.alertlogic.com/iris/v3/<INSERT_Customer_ID>/batch/complete" | jq .; done < incident.list
Note: This process will take longer if there are a higher number of incidents.
Comments
0 comments
Please sign in to leave a comment.