List Incidents
List and query incidents.
External Documentation
To learn more, visit the Splunk Observability documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Include Resolved | Controls which incidents to retrieve, based on their status. |
| Query | Controls which incidents to retrieve, based on the team linked to the dectectors that created the incidents. For Example: teamId:FO1Vq3ABXYZ. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Limit | The number of results to return from the result set. |
| Offset | The result object in the result set at which the API should start returning results to you. |
Example Output
[
{
"active": false,
"anomalyState": "ANOMALOUS",
"detectLabel": "string",
"detectorId": "string",
"duration": 0,
"events": [
{
"anomalyState": "ANOMALOUS",
"detectLabel": "string",
"detectorId": "string",
"detectorName": "x",
"event_annotations": {
"<property name>": "any"
},
"id": "string",
"incidentId": "string",
"inputs": [
{
"dimensions": {
"<property name>": "any"
},
"fragment": "string",
"value": 0
}
],
"severity": "Critical",
"timestamp": 1557484230000
}
],
"incidentId": "string",
"linkedTeams": [
"AbcdEf1ABCD",
"FO1Vq3ABXYZ"
],
"severity": "Critical"
}
]
Workflow Library Example
List Incidents with Splunk Observability and Send Results Via Email
Preview this Workflow on desktop