Search Incidents

Retrieves all BigPanda incidents that meet query parameters within an environment



All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the User API Key type of Authorization token.


Folder Names

When searching in specific environment folders, the folder name must be in lower case


Environments with Incident Tags

Search functionality is currently unavailable for environments leveraging incident tags, and will return a 500 error.

If you are unsure which environments leverage incident tags, try searching the All Incidents environment.

Search functionality for environments with incident tags will be supported in the future.


Epoch Format

Unix times for the from and to fields should be in Epoch time to the second. The API does not support millisecond timestamps.


Correlation Matchers Log

The last array in the correlation_matchers_log array is the current array. If multiple correlation patterns match the incident, the pattern with the longest time window is the one that appears in the UI.


Expanding Alert Data

To include the full alert object for each retrieved incident, include expand=alerts in the query.

When making a call with alerts expanded, page size cannot be larger than 10. An expanded call with a page size greater than 10 will return a 400 error.


Results Limit

Each query can only return results up to the 10,000th result (or page 1000 if each page includes 100 results).

If you are reaching the query limit, consider narrowing your search.