Some endpoints include a "filter" parameter that enables you to filter the set of incidents, alerts, or metrics.

You can do the following types of search:

  • Free-text search in the Global Search window in the top left.

  • "Smart look-ahead" filtering in the Incidents, Alerts, and Metrics tables. Place your cursor in the search field above the table. A pull-down menu shows the data fields or users that are valid for that position in the filter string.

    After you validate a filter you can save, edit, reuse, and delete it as needed. You can also copy and paste a filter string into a relevant API request. You can define compound filters such as:

    source in ("MCsource01", ["MCsource02") and severity in (Critical, Major, Minor)

Note the following:

  • It is good practice to use the smart-lookahead features to create your incident, alert, and metric filters.

  • Incident, alert, and metric filters support different sets of fields. This means that you cannot necessarily use filters across data types. The filter service in (svc00, svc01) works for incidents and alerts but not for metrics, because incidents and alerts have a service field but metrics do not.