11-02-2023 03:04 AM
Hello all,
I am working with the task 'GetFailedTasks' withing the Integrations & Incidents Health Check playbook. When running this task within this system playbook I am only getting failed tasks from the beginning of the year and this is likely due to the Max_incidents flag for this task. How would I go about adding to the query a relative time-frame of 7 or 30 days so that I can view and analyze only recent failing tasks?
I have checked on another XSOAR deployment and the Playbook retrieves only recent incidents. Is this a bug or this is something that can be changed ?
Take note, I have upgraded the content pack to the latest versions and can confirm that the playbook remains attached.
Many thanks
12-13-2023 09:59 AM
The GetFailedTasks command takes in as argument a query, which you can edit to include a timeframe of interest. For example, if you'd like to get the failed tasks within the last 7 days, you can edit the query parameter and use:
-status:closed and runStatus:error and incident.created:>="7 days ago"
If you're using the Out of the Box playbook "Integrations and Incidents Health Check - Running Scripts", you will need to duplicate it or detach it as it is locked, in order to change the query in the task.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
