09-08-2022 02:10 AM
"!SearchIncidentsV2 name:" is not working as expected. Doesn't find any entry.
Example command introduced:
!SearchIncidentsV2 name:"Example of incident name"
Answer:
Incidents found
No entries
09-08-2022 06:01 AM - edited 09-08-2022 06:10 AM
Hi there!
This is most likely a name mis-match in the search. The SearchIncidentsV2 script will attempt to use the name you provide in a lucene search for the incidents. However, once the incidents are searched for, the name is then used strictly in the filtering.
For example, with incidents that are named "Firewall Config - Enable", I can perform a search using the 'name' argument as "Firewall Config". The search finds incidents that are named appropriately so marks the output as "Found Incidents", but when performing the filtering, they are all filtered out due to the name mis-match ('Firewall Config' does not equal 'Firewall Config - Enable').
If you are using just the incident name and a partial name match, as per the example above, I would suggest using the 'query' argument. In my example my query would be query='Firewall Config*'. The filtering does not then apply (as filtering is done ONLY on name or type).
That being said, the results are slightly mis-leading. I will submit a change that ensures that the "Found Incidents" does not appear prematurely.
Regards
Adam
09-08-2022 06:01 AM - edited 09-08-2022 06:10 AM
Hi there!
This is most likely a name mis-match in the search. The SearchIncidentsV2 script will attempt to use the name you provide in a lucene search for the incidents. However, once the incidents are searched for, the name is then used strictly in the filtering.
For example, with incidents that are named "Firewall Config - Enable", I can perform a search using the 'name' argument as "Firewall Config". The search finds incidents that are named appropriately so marks the output as "Found Incidents", but when performing the filtering, they are all filtered out due to the name mis-match ('Firewall Config' does not equal 'Firewall Config - Enable').
If you are using just the incident name and a partial name match, as per the example above, I would suggest using the 'query' argument. In my example my query would be query='Firewall Config*'. The filtering does not then apply (as filtering is done ONLY on name or type).
That being said, the results are slightly mis-leading. I will submit a change that ensures that the "Found Incidents" does not appear prematurely.
Regards
Adam
09-08-2022 06:05 AM
Thanks Adam,
You are right Lucene Query must be used instead.
Thanks!!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
