All Apps and Add-ons

TA-ivanti-ism: URL parameters for unfiltered ingestion of incidents

misner
New Member

Hello -

Is there a recommended URL parameter to use in the TA for Ivanti Service Manager (TA-ivanti-ism) to essentially ingest all Incidents data?

The default is %24filter%3DStatus%20eq%20%27Active%27%20or%20Status%20eq%20%27Logged%27 which resolves to $filter=Status eq 'Active' or Status eq 'Logged'.

We attempted %24filter%3DStatus%20eq%20%27*%27 which resolves to $filter=Status eq '*', but this was not successful in bringing in data.

Simply leaving the URL parameter blank also was unsuccessful in returning any data.

Thanks for your help.

0 Karma

jme147
Engager

Did you ever get this working? I am running into the same issue.

I thought i could just login to the ISM and go to the Incident workspace and select the search i wanted to pull from "All Active Incidents" (i.e. http://ism_url/heat/Default.aspx#1622727356175).

I don't think this is working because i don't see any data in my index yet.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...