Hi everybody!

I want to know if is possible to use a filter previously created inside
of an EventSearch Method via Sentinel API?
More details about my question below:
Sample Request
POST https://172.23.0.76:8443/SentinelRES...s/event-search
{
"InitiatingHostName":"jdoe_desktop.company.com ",
"pgsize":125,
"type":"USER",
"ip":"10.0.0.23",
"aggregate-obj":{
"@href":"https://localhost:8443/SentinelRESTServices/objects/incident/201"
},
"start":"2012-11-01T19:46:58.309Z",
"max-results":50000,
"init-user":"jdoe",
"filter":"sev:4",
"end":"2012-11-01T19:46:58.309Z",
"fields":[
"dt",
"evt"
]
}

In the previous request I want to replace "sev:4" for a filter
previously created, suppose that the filter name's is: filter001
The filter has the content:
(st:C) AND (rv123:"SOME-ID-VALUE")

But because the filter definition could change in any moment, I wish to
use its name, like as:
POST https://172.23.0.76:8443/SentinelRES...s/event-search
{
"InitiatingHostName":"jdoe_desktop.company.com ",
"pgsize":125,
"type":"USER",
"ip":"10.0.0.23",
"aggregate-obj":{
"@href":"https://localhost:8443/SentinelRESTServices/objects/incident/201"
},
"start":"2012-11-01T19:46:58.309Z",
"max-results":50000,
"init-user":"jdoe",
"filter":"filter001",
"end":"2012-11-01T19:46:58.309Z",
"fields":[
"dt",
"evt"
]
}

I tried to use like as I showed, but its not works.

My idea is possible to apply, how can I use it?

Thanks in advance,


--
jesus_rivero
------------------------------------------------------------------------
jesus_rivero's Profile: https://forums.netiq.com/member.php?userid=3555
View this thread: https://forums.netiq.com/showthread.php?t=46388