How to get log_entry id knowing id of the incident


(Erik Etropolski) #1

I am trying to get the custom details of the incident with id PXXXXXX. For that, I read in the documentation that I need to get log_entry id for the incident first. How do I do that? Please give me an example call and NOT a link to the documentation. I’ve already went through it with no luck. Thanks.

(John O'Donnell) #2


Thanks for reaching out. As requested can find a link to one of our examples calls here and you can find even more code examples in our library here.

In the documentation there is also the ‘Try’ button, which will fill in a call for each of our examples on the API.

Hope this helps, please keep us posted if you have any trouble.


(Erik Etropolski) #3

Thank you for the quick response.
I tried the script in the link - API_Python_Examples/REST_API_v2/LogEntries/
On line 31 I put the token of our company and on line 34 the ID of an incident which was triggered a minute ago. The output of the script was: Status Code: 404
{‘error’: {‘code’: 5001, ‘message’: ‘Log Entry Not Found’}}
What did I do wrong ?

(John O'Donnell) #4

HI Erik,

Thanks for the follow up. As there may be some account specific trouble shooting involved, can you please email and we will pick it up from there?

Kind regards,

(Simon Fiddaman) #5

That call ({id}) is expecting the ID of the Log Entry itself (not the Incident it belongs to). Note it starts with a Q, although mine are much longer as start with an R.

You’d probably need to get /incidents/{} (Incident ID), then find in the response and get /log_entries/{} (Log Entry ID).

That’s the case for non-alerts Incidents (i.e. unmergeable Incidents - the old style of Incidents).

For “new style”, mergeable Incidents where you have Alerts, you can get /incidents/{}/alerts (using Incident ID) and find body in the response which should contain all of the submitted fields – even better you now have the original details plus the Common Event Format cef_details.

Hope that helps,

(system) #6