Search Incidents

🚧

Authentication

All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the User API Key type of Authorization token.

🚧

Folder Names

When searching in specific environment folders, the folder name must be in lower case

🚧

Environments with Incident Tags

Search functionality is currently unavailable for environments leveraging incident tags, and will return a 500 error.

If you are unsure which environments leverage incident tags, try searching the All Incidents environment.

Search functionality for environments with incident tags will be supported in the future.

📘

Epoch Format

Unix times for the from and to fields should be in Epoch time to the second. The API does not support millisecond timestamps.

📘

Correlation Matchers Log

The last array in the correlation_matchers_log array is the current array. If multiple correlation patterns match the incident, the pattern with the longest time window is the one that appears in the UI.

🚧

Expanding Alert Data

To include the full alert object for each retrieved incident, include expand=alerts in the query.

When making a call with alerts expanded, page size cannot be larger than 10. An expanded call with a page size greater than 10 will return a 400 error.

Returns

200: Success
{
"total": 123399,
"items" : [
{Incident Object according to the schema},
{Incident Object according to the schema}
]
}

Possible error codes include:

• 401 Unauthorized - Authentication violation - token is invalid or missing
• 403 Forbidden— Insufficient permissions
• 429 Too Many Requests— Rate limitation reached
• 500 Internal Server Error— Unexpected error