List and query incidents.
External DocumentationTo learn more, visit the Splunk Observability documentation.

Basic Parameters

ParameterDescription
Include ResolvedControls which incidents to retrieve, based on their status.
QueryControls which incidents to retrieve, based on the team linked to the dectectors that created the incidents. For Example: teamId:FO1Vq3ABXYZ.

Advanced Parameters

ParameterDescription
LimitThe number of results to return from the result set.
OffsetThe result object in the result set at which the API should start returning results to you.

Example Output

[
	{
		"active": false,
		"anomalyState": "ANOMALOUS",
		"detectLabel": "string",
		"detectorId": "string",
		"duration": 0,
		"events": [
			{
				"anomalyState": "ANOMALOUS",
				"detectLabel": "string",
				"detectorId": "string",
				"detectorName": "x",
				"event_annotations": {
					"<property name>": "any"
				},
				"id": "string",
				"incidentId": "string",
				"inputs": [
					{
						"dimensions": {
							"<property name>": "any"
						},
						"fragment": "string",
						"value": 0
					}
				],
				"severity": "Critical",
				"timestamp": 1557484230000
			}
		],
		"incidentId": "string",
		"linkedTeams": [
			"AbcdEf1ABCD",
			"FO1Vq3ABXYZ"
		],
		"severity": "Critical"
	}
]

Workflow Library Example

List Incidents with Splunk Observability and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop