fetchAlerts

Fetches alerts from alerts under case management.

Operator Usage in Easy Mode

1. Click + on the Start node.
   Note: Fetch Alerts is a data source and therefore can be used only at the beginning under Start.

2. Enter the Fetch Alerts operator in the search field and select the operator from the Results to open the operator form.

3. In the Query field, use * to fetch all alerts.

4. Optional. In the Limit field, enter the number of alerts to fetch. Enter a value of less than 100000.

5. Optional. In the Table field, enter or select the name of the table that contains the input values for the query template.

6. Click Run to view the result.

7. Click Save to add the operator to the playbook.

8. Click Cancel to discard the operator form.

Usage Details

LQL

Input Parameters

• query (String): Query to filter the alerts. Use * to fetch all.

• limit (Long)(Optional): Number of alerts to fetch. Limit has to be less than 100000 alerts.

• table (TableReference) (Optional): The table that contains the input values for the query template. The table should not have more than 500 rows.

Output
A table with all alerts that are retrieved by the query.

Example

Input

LQL Command

Output

Relative-Time Filters

Currently, we don’t support relative-time filters while fetching alerts. However, this is feasible by adding an extra node to define the start/end time:

• Parent node query

```Text LQL select DATE_FORMAT(DATE_SUB(CURRENT_TIMESTAMP(), 1), "yyyy/MM/dd HH:mm") as start_time, DATE_FORMAT(CURRENT_TIMESTAMP(), "yyyy/MM/dd HH:mm") as end_time from _Start_Node