Cisco Crosswork Situation Manager 7.3.x Developer Guide

(Powered by Moogsoft AIOps 7.3)

 

 

Table of Contents

Developer Guide. 4

Graze API 4

Stats API 4

Moobot Modules. 5

Programmatic LAM... 5

Graze API 5

Endpoints. 5

Before you begin. 5

API definition. 6

Authentication. 6

POST parameters. 6

Graze API EndPoint Reference. 7

Integrations API 188

Alert Action Codes. 204

Situation Action Codes. 204

Situation Flags. 206

API Update Behavior. 206

Stats API 206

Integrations API 291

Endpoints. 291

API definition. 291

Authentication. 292

Integrations API Endpoint Reference. 292

/integrations. 292

/integrations/{integrationId} 296

/integrations/{integrationId}/status. 305

Export and Import Integrations. 307

MoogDb V2. 312

Load MoogDb V2. 312

Methods. 312

Methods. 312

checkSituationFlag. 354

deleteTeam.. 355

getProcesses. 356

getServices. 357

getSituationFlags. 358

getSituationPrimaryTeam.. 358

getSituationsWithFlag. 359

getToolShares. 360

getTopPrcDetails. 361

rateSituation. 363

removeSituationPrimaryTeam.. 364

setSituationFlags. 365

setSituationPrimaryTeam.. 366

shareToolAccess. 367

Moobot Modules. 367

Threads and Global Scope. 368

Moobot Modules. 368

Examples. 368

Using External Modules. 369

onLoad Function. 370

Config. 370

Constants. 372

Events. 374

Expose Active Moolets. 387

ExternalDb. 388

Graph Topology. 397

Logger. 402

Mailer. 404

Moolet Informs. 406

Moolet Information API 409

Process. 411

RabbitMQ.. 413

REST.V2. 417

Utilities. 429

Programmatic LAM... 432

Before You Begin. 432

Configure the LAM... 433

Example LAM Configuration. 433

Configure the LAMbot 433

 

Developer Guide

The Developer Guide provides resources for developers who want to perform advanced functions or build applications that integrate with Cisco Crosswork Situation Manager.

If you want to build a new integration or create a custom reporting dashboard, this guide outlines how you can expose API endpoints to invoke various actions and functionality.

You can use the following APIs and modules:

·         Graze API: Main API that can create, retrieve, and update data in Cisco Crosswork Situation Manager.

·         Stats API: API that you can use to retrieve statistics from Cisco Crosswork Situation Manager for reporting and dashboards.

·         Moobot Modules: You can create bots to perform automated tasks and expose functions in different Moolets.

·         Programmatic LAM: You can use this custom polling LAM to accept API calls and parse the responses into Cisco Crosswork Situation Manager events.

You can also use these APIs to perform tasks such as Situation enrichment. See Enrichment for more information.Enrichment

Graze API

You can use the Graze API to perform actions including the following:

·         Assign and de-assign alerts.

·         Create and close Situations.

·         Add processes and services.

·         Create and update SAML realms.

·         Create and delete maintenance windows.

The Graze API is useful if you want to perform repeated actions. For example, sending repeated cURL commands using a script. For example, you can create a ticketing integration to enable bi-directional communication between Cisco Crosswork Situation Manager and a ticketing system. See Integrations for available ticketing integrations in Cisco Crosswork Situation Manager.Integrations

An integration can raise and close Cisco Crosswork Situation Manager alerts in line with ticketing events, assign users and replicate comments. For all available endpoints see Graze API.

Stats AI

You can use the Stats API to retrieve statistics about:

·         Your Cisco Crosswork Situation Manager system's performance.

·         Teams' performance.

·         Individual users' performance.

You can use this statistical data to populate dashboards. For example, you can use call getNewEventsPerSituationsStats to see the noise reduction from events to Situations for your Cisco Crosswork Situation Manager system.

These endpoints have been designed and optimized for Grafana. See Stats API for all available endpoints. See the Grafana Setup Tutorial for more installation and configuration instructions.Configure Grafana Example

Moobot Modules

You can create and configure Moobot modules to perform automated tasks and expose functions including:

·         Access external databases.

·         Access an external RESTful API via HTTP.

·         Read configuration files within LAMbots and Moobots.

·         Build a key value dictionary shared across Moobots.

·         Query and manipulate entities in the Cisco Crosswork Situation Manager databases. See MoogDb V2 for all available methods.

·         Send an email in response to events occurring in Cisco Crosswork Situation Manager.

For more information see Moobot Modules.

Programmatic LAM

The Programmatic LAM is a custom polling LAM. It is an advanced version of the REST Client LAM. The REST Client LAM accepts a single API call and parses the responses it receives into Cisco Crosswork Situation Manager events. The Programmatic LAM can accept multiple calls but you must define the processing yourself in the LAMbot using JavaScript.

For more information see Programmatic LAM.

Graze API

The Graze API acts as an integration point for external services and exposes selected Cisco Crosswork Situation Manager functionality to authorized external clients.

Use caution when employing the Graze API. Excessive requests can impact overall system performance, especially getSituationIds and getAlertIds.

Contact Cisco Support if you experience difficulties or need further guidance.

Endpoints

See Graze API EndPoint Reference for details of all the Graze API endpoints.

Before you begin

Cisco Crosswork Situation Manager implements the Graze API as a set of servlets running in the Cisco Crosswork Situation Manager Apache Tomcat instance. This instance handles external Graze requests, making the UI servlet calls directly via cross-contexts.

Configure Apache Tomcat

You must configure Apache Tomcat to allow cross-context calls to be made by adding the following to the context.xml file in the Apache Tomcat $APPSERVER_HOME/conf directory:

<Context crossContext="true">

API definition

All Graze requests use the following URL format, where <server> is the hostname of the machine running the UI:

https://<server>/graze/v1/<request_type>

For example:

https://localhost/graze/v1/authenticate

Authentication

All requests, other than authenticate, require a basic authentication header or a valid auth_token. You must make a valid authenticate request before using any Graze API request without a basic authentication header.

If you make regular Graze requests within a one hour timeframe, you are considered active and your session does not expire. Inactive sessions are logged out after one hour, and you must make a new authenticate request to get a new valid auth_token.

Authentication troubleshooting

If an error occurs during Graze login authentication, Cisco Crosswork Situation Manager returns the following output:

{"message":"User is not authenticated","statusCode":3001}

As a security precaution, no more specific information is returned. This prevents information being provided to potential attackers about which part of the authentication failed (for example 'Password incorrect').

Entries in the log file catalina.out, at WARN level, provide more information on authentication errors:

·         For example, the user is not assigned the Grazer role:

User [john] does not have graze permission

·         For example, no user of that name:

User [NotAUser] account unknown in database

·         For example, incorrect password:

Password incorrect for user [graze]

POST parameters

You can send POST parameters as form-urlencoded or as application/json parameters.

form-urlencoded

To send POST parameters as form-urlencoded parameters, set the content type to application/x-www-form-urlencoded. If the character set is not set, UTF-8 is assumed.

Example cURL command:

"https://localhost/graze/v1/resolveSituation?auth_token=b40244fd79aa46fba76c60c56d538c49&sitn_id=10" --insecure -X POST -v

application/json

To supply POST parameters as JSON within the body of the request, set the content type to application/json. If the character set is not set, UTF-8 is assumed.

Example cURL command:

"https://localhost/graze/v1/resolveSituation" -H "Content-Type: application/json; charset=UTF-8" --insecure -X POST -v --data '{"auth_token" : "b40244fd79aa46fba76c60c56d538c49","sitn_id" : 10}'

Graze API EndPoint Reference

This is a reference list for the Graze API endpoints. Follow the links to see the details of each endpoint.

Alerts

The following endpoints relate to alerts:

·         addAlertCustomInfo: Adds and merges custom information for a specified alert.

·         addAlertToSituation: Adds a specified alert to a specified Situation.

·         assignAlert: Assigns the specified user as the owner of a specified alert.

·         assignAndAcknowledgeAlert: Assigns and acknowledges the specified user as the owner of a specified alert.

·         closeAlert: Closes one or more alerts.

·         deassignAlert: Deassigns the current owner from a specified alert.

·         getAlertActions: Returns the actions for one or more alerts.

·         getAlertDetails: Returns details, such as the description or severity, of a specified alert.

·         getAlertIds: Returns the total number of alerts, and a list of the alert IDs, for a specified alert filter and a limit.

·         removeAlertFromSituation: Removes a specified alert from a specified Situation.

·         resolveAlerts: Resolves a list of alerts.

·         setAlertAcknowledgeState: Acknowledges or unacknowledges the owner of a specified alert.

·         setAlertSeverity: Sets the severity level of a specified alert.

Algorithms

The following endpoints relate to Cookbooks and Recipes:

·         addBotRecipe: Creates a new Cookbook Bot Recipe.

·         addCookbook: Creates a new Cookbook.

·         addValueRecipe: Creates a new Cookbook Recipe using Value Recipe or Value Recipe v2 recipe types.

·         deleteCookbook: Deletes an existing Cookbook.

·         deleteRecipe: Deletes an existing Cookbook Recipe.

·         getCookbooks: Returns all the Cookbooks in Cisco Crosswork Situation Manager.

·         getRecipes: Returns all the Recipes in Cisco Crosswork Situation Manager.

·         updateBotRecipe: Updates a Cookbook Bot Recipe.

·         updateCookbook: Updates a Cookbook.

·         updateValueRecipe: Updates a Cookbook Recipe that uses either a Value Recipe or a Value Recipe v2 recipe type.

The following endpoints relate to merge groups:

·         addMergeGroup: Adds a new custom merge group.

·         deleteMergeGroup: Deletes an existing custom merge group.

·         getDefaultMergeGroup: Returns details of the default merge group in Cisco Crosswork Situation Manager.

·         getMergeGroups: Returns details of all the custom merge groups in Cisco Crosswork Situation Manager.

·         updateDefaultMergeGroup: Updates the default merge group in Cisco Crosswork Situation Manager.

·         updateMergeGroup: Updates a custom merge group.

·         The following endpoints relate to Tempus:

·         addTempus: Adds a new Tempus Moolet.

·         deleteTempus: Deletes an existing Tempus Moolet.

·         getTempus: Returns the details of all Tempus Moolets in Cisco Crosswork Situation Manager.

·         updateTempus: Updates an existing Tempus Moolet.

Dashboards and Reporting

See the Stats API for information on endpoints that provide statistics related to dashboards or reporting.

Processes and Configuration

The following endpoints relate to Cisco Crosswork Situation Manager processes and configuration:

·         addProcess: Adds a new process to the database.

·         addService: Adds a new external service to the database.

·         createMaintenanceWindow: Creates a maintenance window that filters alerts caused by a known period of maintenance.

·         deleteMaintenanceWindow: Deletes a single maintenance window.

·         deleteMaintenanceWindows: Deletes maintenance windows that match a specified filter.

·         findMaintenanceWindows: Returns maintenance windows that match a specified filter.

·         getIntegrationConfig: Exports the configuration and mapping needed for an integration in JSON format.

·         getMaintenanceWindows: Returns maintenance windows based on the window ID and how many should be fetched.

·         getProcesses: Returns a list of the processes in the database.

·         getServices: Returns a list of the services in the database.

·         getSeverities: Returns a list of possible severities and their severity IDs.

·         getStatuses: Returns a list of statuses that can apply to Situations and their IDs.

·         getSystemStatus: Returns current system status information for all processes.

·         getSystemSummary: Returns a summary of current alerts and Situations in Cisco Crosswork Situation Manager.

·         getToolShares: Returns the shared access for a specified tool.

·         shareToolAccess: Shares access to a tool with other users, teams, or roles, or makes it global so that all users can access it.

·         updateMaintenanceWindow: Updates an existing maintenance window.

Situations

The following endpoints relate to Situations:

·         addSigCorrelationInfo: Associates the external client with a specified Situation.

·         addSituationCustomInfo: Adds and merges custom information for a specified Situation.

·         addThreadEntry: Adds a new entry to an existing thread in a Situation.

·         assignAndAcknowledgeSituation: Assigns and acknowledges the moderator to the Situation for a specified situation ID and user ID.

·         assignSituation: Assigns the moderator to the Situation for a specified Situation ID and user ID.

·         assignTeamsToSituation: Assigns one or more teams to a Situation, or unassigns all teams from a Situation.

·         closeSituation: Closes a specified Situation which is currently open, and optionally closes alerts in the Situation.

·         createSituation: Creates a manual Situation. The Situation description is set with the description parameter.

·         createThread: Creates a new thread for a specified Situation.

·         createThreadEntry: Creates a new entry in an existing thread in a Situation. This endpoint has been superseded by addThreadEntry.

·         deassignSituation: Deassigns the current moderator from the Situation for a specified Situation ID.

·         getActiveSituationIds: Returns the total number of active Situations, and a list of their Situation IDs.

·         getPrcLabels: Returns probable root cause (PRC) information for all alerts or specified alerts within a Situation.

·         getResolvingThreadEntries: Returns thread entries for a specified Situation that have been marked as resolving steps.

·         getSigCorrelationInfo: Returns all correlation information related to a specified Situation.

·         getSimilarSituationIds: Returns a list of IDs of similar Situations, for a specified Situation ID and a limit.

·         getSimilarSituations: Returns the details of similar Situations for a specified Situation and a limit.

·         getSituationActions: Returns the actions for a list of Situations.

·         getSituationAlertIds: Returns the total number of alerts, and a list of the alert IDs for a specified Situation.

·         getSituationDescription: Returns the description for a specified Situation.

·         getSituationDetails: Returns the details of a specified Situation.

·         getSituationHosts: Returns the hosts for a specified Situation.

·         getSituationIds: Returns the total number of Situations, and a list of their Situation IDs, for a specified Situation filter and a limit.

·         getSituationPrimaryTeam: Returns the primary team on the specified Situation.

·         getSituationProcesses: Returns a list of process names for a specified Situation.

·         getSituationServices: Returns a list of external service names for a specified Situation.

·         getSituationTopology: Returns a JSON object that represents the nodes affected by the Situation.

·         getSituationVisualization: Returns information on the origin and cause of a specified Situation.

·         getThreadEntries: Returns thread entries for a specified Situation.

·         getTopPrcDetails: Returns the top most likely causal alerts, based on their Probable Root Cause value, for a specified Situation.

·         mergeSituations: Merges multiple specified Situations.

·         rateSituation: Applies a rating to a specified Situation.

·         removeSigCorrelationInfo: Removes all correlation information related to a specified Situation.

·         removeSituationPrimaryTeam: Removes the primary team from a Situation.

·         resolveSituation: Resolves a specified Situation that is currently open.

·         setPrcLabels: Sets the probable root cause (PRC) labels for specified alerts within a Situation.

·         setResolvingThreadEntry: Sets or clears a thread entry in a Situation as a resolving step.

·         setSituationAcknowledgeState: Acknowledges or unacknowledges the moderator to the Situation for a specified Situation ID and acknowledged state.

·         setSituationDescription: Sets the description for a specified Situation.

·         setSituationPrimaryTeam: Sets one of the teams already assigned to a Situation as the primary team.

·         setSituationProcesses: Applies a list of processes to a specified Situation.

·         setSituationServices: Applies a list of external services to a specified Situation.

Security Realms

The following endpoints relate to security realms:

·         createSecurityRealm: Creates a new security realm from an Identity Provider (IdP) URL.

·         getSecurityRealm: Returns a JSON object containing the names and configuration details of active security realms.

·         updateSecurityRealm: Updates an existing security realm in the database.

User Management

The following endpoints relate to the management of users, teams and roles:

·         applyNewLicense: Adds a Cisco Crosswork Situation Manager license via Graze.

·         authenticate: Provides the auth_token required by all other Graze API requests which do not provide the basic authentication header.

·         createTeam: Creates a new team.

·         createUser: Creates a new user.

·         deleteTeam: Deletes a single team.

·         getTeam: Returns a team's details by team ID or name.

·         getTeamsForService: Returns all teams related to the service with the specified ID or name.

·         getTeamSituationIds: Returns the total number of Situations that are assigned to a team, and a list of their Situation IDs.

·         getUserInfo: Returns information about a specified user.

·         getUserRoles: Returns the user's roles from the database.

·         getUsers: Returns a list of all users in the database.

·         getUserTeams: Returns the team names and IDs associated with the specified user ID or username.

·         updateTeam: Updates an existing team.

·         updateUser: Updates an existing user.

Workflow Engine

The following endpoints relate to the Workflow Engine:

·         createWorkflow: Creates a new workflow in the Workflow Engine.

·         deleteWorkflow: Deletes a workflow from the Workflow Engine.

·         getWorkflowEngineMoolets: Returns a list of all the workflows in all the Workflow Engine Moolets in Cisco Crosswork Situation Manager.

·         getWorkflows: Returns workflows for a specified Workflow Engine Moolet.

·         reorderWorkflows: Reorders the sequence of workflows within a Workflow Engine Moolet.

·         updateWorkflow: Updates an existing workflow in the Workflow Engine.

addAlertCustomInfo

A Graze API POST request that adds and merges custom information for a specified alert.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint addAlertCustomInfo takes the following request arguments:

Response

Endpoint addAlertCustomInfo returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint addAlertCustomInfo:

Request example

Example cURL request to add custom info to "field1", "field2", "field3", and "field4" in alert ID 9:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/addAlertCustomInfo" -H "Content-Type: application/json; charset=UTF-8" -d '{"alert_id" : 9, "custom_info" : { "field1" : "value1" , "field2" : "value2" , "field3" : ["item1","item2","item3"] , "field4" : {"field4-1" : "value4-1","field4-2" : "value4-2"} }}'

Response example

A successful request returns the HTTP code 200 and no response text.

addAlertToSituation

A Graze API POST request that adds a specified alert to a specified Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint addAlertToSituation takes the following request arguments:

Response

Endpoint addAlertToSituation returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

This endpoint does not add the alert to the Situation if the alert has been archived to the historic database even if the Situation is still in the active database.

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint addAlertToSituation:

Request example

Example cURL request to add alert ID 16 to Situation ID 7:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/addAlertToSituation" -H "Content-Type: application/json; charset=UTF-8" -d '{"alert_id" : 16, "sitn_id" : 7 }'

Response example

A successful request returns the HTTP code 200 and no response text.

addBotRecipe

A Graze API POST request that creates a new Cookbook Bot Recipe. To create Recipes using the Value Recipe and Value Recipe v2 recipe types, use addValueRecipe.

See /document/preview/114188#UUID1ecd7d867ea666f30327761f670221b7 for more information.Recipe Types

Back to Graze API EndPoint Reference.

Request arguments

Endpoint addBotRecipe takes the following request arguments:

Response

Endpoint addBotRecipe returns the following response:

Examples

The following examples demonstrate typical use of endpoint addBotRecipe:

Request example

Example cURL request to create a new Bot Recipe "BotRecipe2":

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/addBotRecipe" -H "Content-Type: application/json; charset=UTF-8" -d '{"cookbooks" : ["GrazeCookbook1"],"name":"BotRecipe2","alert_threshold":1}'

Response example

A successful request returns the HTTP code 200 and no response text.

addCookbook

A Graze API POST request that creates a new Cookbook.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint addCookbook takes the following request arguments:

Response

Endpoint addCookbook returns the following response:

Examples

The following examples demonstrate typical use of endpoint addCookbook:

Request example

Example cURL request to create a new Cookbook "GrazeCookBook1":

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/addCookbook" -H "Content-Type: application/json; charset=UTF-8" -d '{"name": "GrazeCookBook1", "process_output_of": ["Alert Workflows"], "recipes": ["Description","Source"], "run_on_startup":false, "first_recipe_match_only":true}'

Response example

A successful request returns the HTTP code 200 and no response text.

addMergeGroup

A Graze API POST request that adds a new custom merge group.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint addMergeGroup takes the following request arguments:

Response

Endpoint addMergeGroup returns the following response:

Examples

The following examples demonstrate typical use of endpoint addMergeGroup:

Request example

Example cURL request to create a new custom merge group:

curl -X POST
-u graze:graze
-k -v "https://example.com/graze/v1/addMergeGroup"
-H "Content-Type: application/json; charset=UTF-8"
-d '{"name":"Merge Group 1","moolets":["Time Based (Tempus)", "Recipe 2"],"alert_threshold":2,"situation_similarity_limit":0.6}'

Response example

A successful request returns the HTTP code 200 and no response text.

addProcess

A Graze API POST request that adds a new process to the database. Processes are external business entities related to business activities that are affected by the incidents that Cisco Crosswork Situation Manager captures in Situations.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint addProcess takes the following request arguments:

Response

Endpoint addProcess returns the following response:

Examples

The following examples demonstrate typical use of endpoint addProcess:

Request example

Example cURL request to add a new process "New Proc 1" with a description:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/addProcess" -H "Content-Type: application/json; charset=UTF-8" -d '{"name" : "New Proc 1", "description" : "This is my description 12345"}'

Response example

A successful request returns the HTTP code 200 and no response text.

addService

A Graze API POST request that adds a new external service to the database. An external service is a business entity monitored by Moogsoft AIOps via event streams.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint addService takes the following request arguments:

Response

Endpoint addService returns the following response:

Examples

The following examples demonstrate typical use of endpoint addService:

Request example

Example cURL request to add service "New Service 1" with a description:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/addService" -H "Content-Type: application/json; charset=UTF-8" -d '{"name" : "New Service 1", "description" : "This is my description 12345"}'

Response example

A successful request returns the HTTP code 200 and no response text.

addSigCorrelationInfo

A Graze API POST request that associates the external client with a specified Situation. This allows Cisco Crosswork Situation Manager to filter events and send only those of interest to an external system.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint addSigCorrelationInfo takes the following request arguments:

Response

Endpoint addSigCorrelationInfo returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint addSigCorrelationInfo:

Request example

Example cURL request to associate resource ID "my resource 7" in service "my service 7" with Situation ID 7:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/addSigCorrelationInfo" -H "Content-Type: application/json; charset=UTF-8" -d '{"sitn_id" : 3, "service_name" : "my service 7", "resource_id" : "my resource 7"}'

Response example

A successful request returns the HTTP code 200 and no response text.

addSituationCustomInfo

A Graze API POST request that adds and merges custom information for a specified Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint addSituationCustomInfo takes the following request arguments:

Response

Endpoint addSituationCustomInfo returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint addSituationCustomInfo:

Request example

Example cURL request to add custom info to "field1", "field2", "field3", and "field4" in Situation ID 5:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/addSituationCustomInfo" -H "Content-Type: application/json; charset=UTF-8" -d '{"sitn_id" : 5, "custom_info" : { "field1" : "value1" , "field2" : "value2" , "field3" : ["item1","item2","item3"] , "field4" : {"field4-1" : "value4-1","field4-2" : "value4-2"} }}'

Response example

A successful request returns the HTTP code 200 and no response text.

addTempus

A Graze API POST request that adds a new Tempus Moolet.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint addTempus takes the following request arguments:

Response

Endpoint addTempus returns the following response:

Examples

The following examples demonstrate typical use of endpoint addTempus:

Request example

Example cURL request to create a new Tempus algorithm:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/addTempus" -H "Content-Type: application/json; charset=UTF-8" -d '{"name":"GrazeTempusTest4", "description":"Situation Generated by Tempus","process_output_of":"Alert Workflows", "run_on_startup":false,"entropy_threshold":0.3,"execution_interval":60,"window_size":240,"bucket_size":3,"arrival_spread":9,"minimum_arrival_similarity":0.5,"alert_threshold":5,"partition_by":"source","significance_test":"Poisson2","significance_threshold":3,"detection_algorithm":"LouvainMulti"}'

Response example

A successful request returns the HTTP code 200 and no response text.

addThreadEntry

A Graze API POST request that adds a new entry to an existing thread in a Situation. Threads are comments or 'story activity' on Situations.

This endpoint returns the entry ID of the newly created thread entry.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint addThreadEntry takes the following request arguments:

Response

Endpoint addThreadEntry returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint addThreadEntry:

Request example

Example cURL request to add a new entry "Test Entry" to thread "Support" in Situation 3:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/addThreadEntry" -H "Content-Type: application/json; charset=UTF-8" -d '{"sitn_id" : 3, "thread_name" : "Support", "entry" : "Test Entry", "resolving_step" : true}'

Response example

Successful response providing the ID of the thread entry that has been created:

{"entry_id":27}

addValueRecipe

A Graze API POST request that creates a new Cookbook Recipe using Value Recipe or Value Recipe v2 recipe types. See /document/preview/114188#UUID1ecd7d867ea666f30327761f670221b7 for more information.Recipe Types

Back to Graze API EndPoint Reference.

Request arguments

Endpoint addValueRecipe takes the following request arguments:

Response

Endpoint addValueRecipe returns the following response:

Examples

The following examples demonstrate typical use of endpoint addValueRecipe:

Request example

Example cURL request to add a new Recipe "GrazeRecipe2":

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/addValueRecipe" -H "Content-Type: application/json; charset=UTF-8" -d '{"cookbook" : "GrazeCook1", "name": "GrazeRecipe2", "alert_threshold" : 1,
"matcher" : { "hop_limit" : 0},
 "components" :  [{ "name": "custom_1",
      "similarity": 0.2,
       "shingle_size": 2 } ]
       }'

Response example

A successful request returns the HTTP code 200 and no response text.

applyNewLicense

A Graze API POST request that adds a Cisco Crosswork Situation Manager license via Graze.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint applyNewLicense takes the following request arguments:

Response

Endpoint applyNewLicense returns the following response:

Examples

The following examples demonstrate typical use of endpoint applyNewLicense:

Request example

Example cURL request to add a valid license:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/applyNewLicence" -H "Content-Type: application/json; charset=UTF-8" -d '{"license" : "<your license key>"}'

Response example

A successful request returns the HTTP code 200 and no response text.

assignAlert

A Graze API POST request that assigns the specified user as the owner of the specified alert ID.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint assignAlert takes the following request arguments:

Response

Endpoint assignAlert returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint assignAlert:

Request example

Example cURL request to username "network1" to alert ID 7:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/assignAlert" -H "Content-Type: application/json; charset=UTF-8" -d '{"alert_id" : 7, "username" : "network1" }'

Response example

A successful request returns the HTTP code 200 and no response text.

assignAndAcknowledgeAlert

A Graze API POST request that assigns and acknowledges the specified user as the owner of the specified alert ID.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint assignAndAcknowledgeAlert takes the following request arguments:

Response

Endpoint assignAndAcknowledgeAlert returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint assignAndAcknowledgeAlert:

Request example

Example cURL request to assign user "Cloud DevOps 1" as the owner of alert 432:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/assignAndAcknowledgeAlert" -H "Content-Type: application/json; charset=UTF-8" -d '{"alert_id" : 432, "username" : "Cloud DevOps 1" }'???

Response example

A successful request returns the HTTP code 200 and no response text.

assignAndAcknowledgeSituation

A Graze API POST request that assigns and acknowledges the moderator to the Situation for a specified situation ID and user ID.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint assignAndAcknowledgeSituation takes the following request arguments:

There are no other arguments, as this endpoint returns data on all processes.

Response

Endpoint assignAndAcknowledgeSituation returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint assignAndAcknowledgeSituation:

Request example

Example cURL request:

 

Response example

A successful request returns the HTTP code 200 and no response text.

assignSituation

A Graze API POST request that assigns the moderator to the Situation for a specified Situation ID and user ID.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint assignSituation takes the following request arguments:

Response

Endpoint assignSituation returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint assignSituation:

Request example

Example cURL request:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/assignSituation" -H "Content-Type: application/json; charset=UTF-8" -d '{"sitn_id" : 7, "user_id" : 3 }'

Response example

A successful request returns the HTTP code 200 and no response text.

assignTeamsToSituation

A Graze API POST request that assigns one or more teams to a Situation. Once successfully run, Cisco Crosswork Situation Manager marks the Situation as overridden and the Teams Manager Moolet can no longer modify its team assignment. See Teams Manager Moolet for more information.Teams Manager Moolet

This endpoint replaces any teams previously assigned to the Situation. You can also use it to unassign all teams from a Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint assignTeamsToSituation takes the following request arguments:

Response

Endpoint assignTeamsToSituation returns the following response:

Successful requests return a JSON object containing one of the following, depending on the request argument used:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint assignTeamsToSituation:

Example assigning team IDs

Example cURL request to assign team IDs 1 and 2 to Situation 1:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/assignTeamsToSituation" -H "Content-Type: application/json; charset=UTF-8" -d '{"sitn_id" : 1 , "team_ids" : [ 1, 2 ]}'

Example response returning the team IDs (1 and 2) that have been successfully assigned to the Situation:

{"team_ids" : [ 1,2 ]}

Example assigning team names

Example cURL request to assign teams "Network_US" and "Network_UK" to Situation 2:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/assignTeamsToSituation" -H "Content-Type: application/json; charset=UTF-8" -d '{"sitn_id" : 2 , "team_names" : [ "Network_US", "Network_UK" ]'

Example response returning the team names ( "Network_US" and "Network_UK") that have been successfully assigned to the Situation:

{"team_names" : [ "Network_US", "Network_UK" ]}

Example unassigning teams

Example cURL request to unassign all teams from Situation 1:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/assignTeamsToSituation" -H "Content-Type: application/json; charset=UTF-8" -d '{"sitn_id" : 1 , "team_ids" : []}'

Example response returning an empty list showing that all the teams have been successfully unassigned from the Situation:

{"team_ids" : []}

authenticate

A Graze API GET request that provides the auth_token required by all other Graze API requests which do not provide the basic authentication header. Graze users can have multiple concurrent Graze sessions with the same username and password.

All requests (other than authenticate) require a valid auth_token or basic authentication header. Therefore before any Graze API request is used, a valid authenticate request must be successfully made unless basic authentication headers are used.

Inactive sessions will be logged out after one hour, and a new authenticate request must be made to get a new valid auth_token.

If you make regular Graze requests within a one hour timeframe, you are considered active and your session does not expire. Inactive sessions are logged out after one hour, and you must make a new authenticate request to get a new valid auth_token.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint authenticate takes the following request arguments:

Response

Endpoint authenticate returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint authenticate:

Request examples

Example cURL request to return an authorization token for username "JohnJones" and password "password":

curl -k -v "https://localhost/graze/v1/authenticate?username=JohnJones&password=password"

Example cURL request to return an authorization token for the Graze user:

curl -k -v "https://localhost/graze/v1/authenticate?username=graze&password=graze"

Response example

Example response returning the authorization token:

{"auth_token":"878b3ec57d464aee80d09893221be8e8"}

checkSituationFlag

A Graze API GET request that checks whether a flag is associated with a Situation.

See Situation Flags for more information on Cisco Crosswork Situation Manager Situation flags.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint checkSituationFlag takes the following request arguments:

Response

Endpoint checkSituationFlag returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint checkSituationFlag:

Request example

Example cURL request to request a Boolean whether the specified Situation has the flag "NOTIFIED" associated with it.

curl -X GET -u graze:graze -k -v https://localhost/graze/v1/checkSituationFlag?sitn_id=1&flag=NOTIFIED

Response example

Example response returning the Boolean value true because the Situation contains the specified flag:

true

closeAlert

A Graze API POST request that closes one or more alerts.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint closeAlert takes the following request arguments:

Response

Endpoint closeAlert returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint closeAlert:

Request example

Example cURL request to close alert IDs 78, 234, and 737:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/closeAlert" -H "Content-Type: application/json; charset=UTF-8" -d '{"alert_ids" : [78,234,737],"thread_entry_comment" : "Closing as agreed during team discussion 1/1/2018" }'

Response example

A successful request returns the HTTP code 200 and no response text.

closeSituation

A Graze API POST request that closes a specified Situation which is currently open, and optionally closes alerts in the Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint closeSituation takes the following request arguments:

Response

Endpoint closeSituation returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint closeSituation:

Request example

Example cURL request to close Situation 7 and leave all its alerts open:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/closeSituation" -H "Content-Type: application/json; charset=UTF-8" -d '{"sitn_id" : 7, "resolution" : 0 }'

Response example

A successful request returns the HTTP code 200 and no response text.

createMaintenanceWindow

A Graze API POST request that creates a maintenance window. A maintenance window filters alerts caused by a known period of maintenance.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint createMaintenanceWindow takes the following request arguments:

Response

Endpoint createMaintenanceWindow returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint createMaintenanceWindow:

Request examples

Example cURL request to create a window, which recurs once a month (from its start_date_time), with a filter where the source is "server1" and the external ID is one of "value1", "value2", or "value3":

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/createMaintenanceWindow" -H "Content-Type: application/json; charset=UTF-8" -d '{"name":"window1", "description":"window1 description here", "filter": "source = \"server1\" and external_id in (\"value1\", \"value2\", \"value3\")", "start_date_time": 1473849237, "duration": 55800, "forward_alerts": false, "recurring_period": 1, "recurring_period_units": 4}'

Example cURL request to create a one-time maintenance window, which is filtered when the source is equal to "hostIsDown":

curl "https://<YOUR_HOSTNAME>:8080/graze/v1/createMaintenanceWindow" -H "Content-Type: application/json; charset=UTF-8" --insecure -X POST -v --data '{"auth_token": "<YOUR_GRAZE_AUTH_TOKEN>", "name": "my_window_1", "description": "This is my description", "filter": { "column": "source", "op": 0, "value": "hostIsDown", "type": "LEAF" }, "start_date_time": 1473849237, "duration": 55800, "forward_alerts": false}'

Example cURL request to create a daily maintenance window in the "America/New York" time zone:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/createMaintenanceWindow" -H "Content-Type: application/json; charset=UTF-8" -d '{"name":"window", "description":"window with specified timezone", "filter": "source = \"server1\" and external_id in (\"value1\", \"value2\", \"value3\")", "start_date_time": 1564566188, "duration": 3600, "forward_alerts": false, "recurring_period": 1, "recurring_period_units": 2, "timezone": "America/New_York"}'

Example of escaped characters

Example cURL request using multiple escaped backslash characters in the filter to maintain the correct characters in the filter string:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/createMaintenanceWindow" -H "plication/json; charset=UTF-8" -d '{"name":"LON Server 1", "description":"[10453] ", "filter":"NOT (alert_id IS NULL) AND (agent_location MATCHES \"LON_S1\") AND (custom_info.eventDetails.alert_customer MATCHES \"LON\") AND (manager MATCHES \"LOGFILE\") AND (class MATCHES \"could not execute backup\") AND (custom_info.eventDetails.field_1 MATCHES \"C:\\\\\\\\\\LON_SVR1\\Backup\\2019\")", "start_date_time":1480483478, "duration":86400, "recurring_period_units":2, "recurring_period":1, "forward_alerts":false}'

 

The endpoint createMaintenanceWindow creates the correct filter:

((((( NOT (alert_id IS NULL)) AND (`Agent location` MATCHES "LON_S1")) AND (custom_info.eventDetails.alert_customer MATCHES "LON")) AND (Manager MATCHES "LOGFILE")) AND (Class MATCHES "could not execute backup")) AND (custom_info.eventDetails.field_1 MATCHES "C:\\\\LON_SVR1\Backup\2019")

Response example

A successful request returns the ID of the new maintenance window:

{"window_id":16}

createSecurityRealm

A Graze API POST request that creates a new security realm from an Identity Provider (IdP) URL. The request also adds the realm configuration you provide.

Warning: Warn any users who are logged into Cisco Crosswork Situation Manager using the default realm before using this request. Cisco Crosswork Situation Manager may log out users when the new realm becomes active.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint createSecurityRealm takes the following request arguments:

Response

Endpoint createSecurityRealm returns the following response:

Examples

The following examples demonstrate typical use of endpoint createSecurityRealm:

Request example

Example cURL request to generate a security realm:

curl -X POST \
        -u graze:graze \
        -k -v "https://localhost/graze/v1/createSecurityRealm" \
        -d {"name"="mySamlRealm", "type"="SAML2","active="true","configuration"=
        {
        "idpMetadataUrl":"http://exampleIdP:18080/auth/realms/master/protocol/saml/descriptor",
        "defaultRoles":["Operator"],
        "defaultTeams":["Cloud DevOps"],
        "defaultGroup":"End-User",
        "existingUserMappingField":"username",
        "username":"$username",
        "email":"$email",
        "fullname":"$firstname $lastname",
        "maximumAuthenticationLifetime":60
        }
}

Response example

A successful request returns the HTTP code 200 and no response text.

createSituation

A Graze API POST request that creates a manual Situation. The Situation description is set with the description parameter.

The following Situation settings are pre-set and not configurable here:

1.     Status: Opened

2.     Moderator: none assigned

Back to Graze API EndPoint Reference.

Request arguments

Endpoint createSituation takes the following request arguments:

Response

Endpoint createSituation returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint createSituation:

Request example

Example cURL request to create a Situation with the description "Database Outage 08/06/2019":

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/createSituation" -H "Content-Type: application/json; charset=UTF-8" -d '{"description" : “Database Outage 08/06/2019”}'

Response example

Example response returning the ID of the newly created Situation:

{"sitn_id":2300}

createTeam

A Graze API POST request that creates a new team.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint createTeam takes the following request arguments:

Response

Endpoint createTeam returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint createTeam:

Request example

Example cURL request to create a team called "my team name" consisting of user1, user2, and user3:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/createTeam" -H "Content-Type: application/json; charset=UTF-8" -d '{"name" : "my team name 1", "alert_filter" : "manager = \"my_manager\" and (class = \"my_class_12345\" or external_id = \"my_ext_12345\")", "services" : ["Identity Management","Yellow Pages"], "sig_filter" : "description = \"my_description_12345\" or queue = 50", "landing_page" : {"type":"situations","id":"open"}, "active" : true, "description" : "The team description 12345", "users" : ["user1","user2","user3"]}'

Response example

Example response returning the ID of the created team:

{"team_id":16}

createThread

A Graze API POST request that creates a new thread for a specified Situation. Threads are comments or 'story activity' on Situations.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint createThread takes the following request arguments:

Response

Endpoint createThread returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint createThread:

Request example

Example cURL request to create a new thread "Thread 0958" on Situation ID 176:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/createThread" -H "Content-Type: application/json; charset=UTF-8" -d '{"sitn_id" : 176, "thread_name" : "Thread 0958"}

Response example

A successful request returns the HTTP code 200 and no response text.

createThreadEntry

Note: This endpoint has been superseded. Use addThreadEntry instead. All new functionality will be delivered in addThreadEntry.

A Graze API POST request that creates a new entry in an existing thread in a Situation. Threads are comments or 'story activity' on Situations.

This endpoint returns a Boolean indicating whether or not the thread entry was created successfully.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint createThreadEntry takes the following request arguments:

Response

Endpoint createThreadEntry returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint createThreadEntry:

Request example

Example cURL request to create a new entry in thread "Support" in Situation 3:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/createThreadEntry" -H "Content-Type: application/json; charset=UTF-8" -d '{"sitn_id" : 3, "thread_name" : "Support", "entry" : "Test Entry", "resolving_step" : true}'

Response example

Example response showing that the new thread entry was successfully created::

true

createUser

A Graze API POST request that creates a new user.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint createUser takes the following request arguments:

Response

Endpoint createUser returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint createUser:

Request example

Example cURL request to create a new user "johndoe1":

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/createUser" -H "Content-Type: application/json; charset=UTF-8" -d '{"username" : "johndoe1", "roles" : ["Super User", "Operator"], "password" : "johndoe1", "active" : true, "email" : "johndoe@moogsoft.com", "fullname" : "John Doe", "primary_group" : "Network", "department" : "Support", "joined" : 1494951621, "timezone" : "Europe/London", "contact_num" : "555-1234", "session_expiry" : null, "teams" : ["my team 1","my team 2","my team 3"], "properties" : null}'

Response example

Example response returning the new user ID:

{"user_id":777}

createWorkflow

A Graze API POST request that creates a new workflow in the Workflow Engine. The new workflow is automatically active.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint createWorkflow takes the following request arguments:

Response

Endpoint createWorkflow returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint createWorkflow:

Request example

Example cURL request to create a new workflow with a /document/preview/120685#UUIDa4320c8e3b5b679f9b22e4aefc7222b5 action:setCustomInfoValue

curl -X POST -u graze:graze -k \
     -v "https://localhost/graze/v1/createWorkflow" \
     -H "Content-Type: application/json; charset=UTF-8" \
     --data ' {
        "first_match_only": false,
        "operations": [
            {
                "duration": 0,
                "reset": false,
                "type": "delay"
            },
            {
                "operation_name": "set support team value in custom info",
                "function_name": "setCustomInfoValue",
                "forwarding_behavior": "always forward",
                "function_args": {
                    "value": "NOC",
                    "key": "support_team"
                },
                "type": "action"
            }
 
        ],
        "moolet_name": "Alert Workflows",
        "workflow_name": "Alert Workflow Example",
        "entry_filter": {},
        "active": true,
        "description": "Alert Workflow API Example",
        "sweep_up_filter": {}
        }'

Response example

Example response returning the new workflow ID:

{"id":12}

deassignAlert

A Graze API POST request that deassigns the current owner from the specified alert.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint deassignAlert takes the following request arguments:

Response

Endpoint deassignAlert returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint deassignAlert:

Request example

Example cURL request to deassign the current owner from alert ID 7:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/deassignAlert" -H "Content-Type: application/json; charset=UTF-8" -d '{"alert_id" : 7}'

Response example

A successful request returns the HTTP code 200 and no response text.

deassignSituation

A Graze API POST request that deassigns the current moderator from the Situation for a specified Situation ID.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint deassignSituation takes the following request arguments:

Response

Endpoint deassignSituation returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint deassignSituation:

Request example

Example cURL request to deassign the current moderator from Situation 7:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/deassignSituation" -H "Content-Type: application/json; charset=UTF-8" -d '{"sitn_id" : 7}'

Response example

A successful request returns the HTTP code 200 and no response text.

deleteCookbook

A Graze API POST request that deletes an existing Cookbook.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint deleteCookbook takes the following request arguments:

Response

Endpoint deleteCookbook returns the following response:

Examples

The following examples demonstrate typical use of endpoint deleteCookbook:

Request example

Example cURL request to delete Cookbook "GrazeCookBook1":

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/deleteCookbook" -H "Content-Type: application/json; charset=UTF-8" -d '{"name" : "GrazeCookBook1"}'

Response example

A successful request returns the HTTP code 200 and no response text.

deleteMaintenanceWindow

A Graze API POST request that deletes a single maintenance window.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint deleteMaintenanceWindow takes the following request arguments:

Response

Endpoint deleteMaintenanceWindow returns the following response:

Examples

The following examples demonstrate typical use of endpoint deleteMaintenanceWindow:

Request example

Example cURL request to delete maintenance window 123:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/deleteMaintenanceWindow" -H "Content-Type: application/json; charset=UTF-8" -d '{"id"[123]}'

Response example

A successful request returns the HTTP code 200 and no response text.

deleteMaintenanceWindows

A Graze API POST request that deletes maintenance windows that match the specified filter.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint deleteMaintenanceWindows takes the following request arguments:

Response

Endpoint deleteMaintenanceWindows returns the following response:

Examples

The following examples demonstrate typical use of endpoint deleteMaintenanceWindows:

Request examples

Example cURL request to delete maintenance windows that match the filter where the maintenance window ID is 3 or 4:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/deleteMaintenanceWindows" -H "Content-Type: application/json; charset=UTF-8" -d '{"filter":"id in (3,4)"}'curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/deleteMaintenanceWindow" -H "Content-Type: application/json; charset=UTF-8" -d '{"id"[123]}'

Example cURL request to delete maintenance windows that match the filter where the host is "CSF_RD_243:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/deleteMaintenanceWindows" -H "Content-Type: application/json; charset=UTF-8" -d '{"filter":"host matches \"CSF_RD_243\""}'

Response example

A successful request returns the HTTP code 200 and no response text.

deleteMergeGroup

A Graze API POST request that deletes an existing custom merge group.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint deleteMergeGroup takes the following request arguments:

Response

Endpoint deleteMergeGroup returns the following response:

Examples

The following examples demonstrate typical use of endpoint deleteMergeGroup:

Request example

Example cURL request to delete the custom merge group "Merge Group 1":

curl -X POST -u graze:graze -k "https://localhost/graze/v1/deleteMergeGroup"
-H "Content-Type: application/json; charset=UTF-8"
--data '{
            "name" : "Merge Group 1"
        }'

Response example

A successful request returns the HTTP code 200 and no response text.

deleteRecipe

A Graze API POST request that deletes an existing Cookbook Recipe. You can use this endpoint to delete Recipes of all recipe types: Value Recipe, Value Recipe V2, and Bot Recipe.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint deleteRecipe takes the following request arguments:

Response

Endpoint deleteRecipe returns the following response:

Examples

The following examples demonstrate typical use of endpoint deleteRecipe:

Request example

Example cURL request to delete Recipe "GrazeRecipe1":

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/deleteRecipe" -H "Content-Type: application/json; charset=UTF-8" -d '{"name" : "GrazeRecipe1"}'

Response example

A successful request returns the HTTP code 200 and no response text.

deleteTeam

A Graze API POST request that deletes a single team.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint deleteTeam takes the following request arguments:

Response

Endpoint deleteTeam returns the following response:

Examples

The following examples demonstrate typical use of endpoint deleteTeam:

Request example

Example cURL request to delete team ID 33.

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/deleteTeam" --data-urlencode 'team_id=33'

Response example

A successful request returns the HTTP code 200 and no response text.

deleteTempus

A Graze API POST request that deletes an existing Tempus Moolet.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint deleteTempus takes the following request arguments:

Response

Endpoint deleteTempus returns the following response:

Examples

The following examples demonstrate typical use of endpoint deleteTempus:

Request example

Example cURL request to delete Tempus algorithm "newTempus":

curl -X POST -u graze:graze -k "https://localhost/graze/v1/deleteTempus" -H "Content-Type: application/json; charset=UTF-8" --data '{ "name" : "newTempus" }' 

Response example

A successful request returns the HTTP code 200 and no response text.

deleteWorkflow

A Graze API POST request that deletes a workflow from the Workflow Engine.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint deleteWorkflow takes the following request arguments:

Response

Endpoint deleteWorkflow returns the following response:

Examples

The following examples demonstrate typical use of endpoint deleteWorkflow:

Request example

Example cURL request to delete workflow ID 12:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/deleteWorkflow" -H "Content-Type: application/json; charset=UTF-8" --data "{"id":12}"

Response example

A successful request returns the HTTP code 200 and no response text.

findMaintenanceWindows

A Graze API GET request that returns maintenance windows that match a filter.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint findMaintenanceWindows returns the following response:

Response

Endpoint findMaintenanceWindows returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint findMaintenanceWindows:

Request example

Example cURL request to return the first two maintenance windows that match the filter where the description is "MyMaintenanceWindow":

curl -G -u graze:graze -k -v "https://localhost/graze/v1/findMaintenanceWindows" --data-urlencode 'filter=description matches "MyMaintenanceWindow"' --data-urlencode 'limit=2'

Response example

A successful request returns:

{
    "windows": [
        {
            "del_flag": false,
            "forward_alerts": false,
            "last_updated": 1567721780,
            "timezone": "Europe/London",
            "description": "Maintenance of server LON_DB_375",
            "recurring_period_units": 4,
            "filter": "{ \"column\": \"source\", \"op\": 10, \"value\": \"LON_DB_375\", \"type\": \"LEAF\" }",
            "duration": 3600,
            "recurring_period": 1,
            "name": "Server Maintenance",
            "updated_by": 3,
            "id": 2,
            "start_date_time": 1567812600
        },
        {
            "del_flag": false,
            "forward_alerts": true,
            "last_updated": 1567611914,
            "timezone": "Europe/London",
            "description": "Server maintenance scheduled every weekend",
            "recurring_period_units": 3,
            "filter": "{ \"column\": \"description\", \"op\": 10, \"value\": \"maintenance\", \"type\": \"LEAF\" }",
            "duration": 7200,
            "recurring_period": 1,
            "name": "Service Maintenance Window",
            "updated_by": 3,
            "id": 1,
            "start_date_time": 1567897200
        }
    ]
}

getActiveSituationIds

A Graze API GET request that returns the total number of active Situations, and a list of their Situation IDs. Active Situations are those that are not Closed, Resolved or Dormant.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getActiveSituationIds takes the following request argument:

There are no other arguments because this endpoint returns data on all active Situationses.

Response

Endpoint getActiveSituationIds returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getActiveSituationIds:

Request example

Example cURL request to return all active Situations in Cisco Crosswork Situation Manager:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/getActiveSituationIds"

Response example

Example response returning the IDs of ten Situations:

{
   "total_situations": 10,
   "sitn_ids": [4, 5, 6, 12, 14, 15, 16, 17, 18, 19]
}

getAlertActions

A Graze API GET request that returns the actions for one or more alerts, ordered most recent last. You can use the from and to arguments to specify a period that you want to retrieve alert actions for. If you do not specify these, actions for all dates and times are returned.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getAlertActions takes the following request arguments:

Response

Endpoint getAlertActions returns the following response:

Successful requests return a JSON object which contains alert details from the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getAlertActions:

Request Examples

Example cURL request to return the first 50 actions for alert IDs 1, 2, 3, and 6 for action codes 8 (Alert Resolved) and 9 (Alert Closed):

curl -G -u graze:graze -k -v "https://docsdev.moog.cloud/graze/v1/getAlertActions" --data-urlencode 'alert_ids=[1, 2, 3, 6]' --data-urlencode 'actions=[8, 9]' --data-urlencode 'limit=50' --data-urlencode 'start=0'curl -G -u graze:graze -k -v "https://localhost/graze/v1/getAlertActions" --data-urlencode 'alert_ids=[1, 2, 3, 6]' --data-urlencode 'actions=[8, 9]' --data-urlencode 'limit=50' --data-urlencode 'start=0'

Example cURL request to return the first 50 actions for action codes 8 (Alert Resolved) and 9 (Alert Closed) between Unix epoch times 1553861746 and 1553872546:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getAlertActions" --data-urlencode 'actions=[8, 9]' --data-urlencode 'limit=50' --data-urlencode 'start=0' --data-urlencode 'from=1553861746' --data-urlencode 'to=1553872546'

Response example

Example response returning the actions for alert ID 313:

[{
      "uid": 49,
      "action_code": 9,
      "description": "Alert Closed",
      "details": {},
      "alert_id": 313,
      "timed_at": 1557504912
 },{
      "uid": 49,
      "action_code": 8,
      "description": "Alert Resolved",
      "details": {},
      "alert_id": 313,
      "timed_at": 1557504393
 },{
      "uid": 3,
      "action_code": 10,
      "description": "Ran Tool",
      "details": {
              "tool_id": 271,
          "tool": "get data"
          },
      "alert_id": 313,
      "type": "event",
      "timed_at": 1557321088,
      "username": "admin"
}]

getAlertDetails

A Graze API GET request that returns details, such as the description or severity, of a specified alert.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getAlertDetails takes the following request arguments:

Response

Endpoint getAlertDetails returns the following response:

Successful requests return a JSON object which contains alert details from the following:

* = These details are derived from the input event text field, via the LAMs.

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getAlertDetails:

Request example

Example cURL request to return the details for alert ID 3968:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getAlertDetails" --data-urlencode "alert_id=3968"

Response example

Example response returning the details of alert ID 3968:

{
   "active_sitn_list":[1],
   "agent":"TestBed",
   "agent_location":"localhost",
   "alert_id":3968,
   "class":"WebMon",
   "count":2,
   "custom_info":null,
   "description":"Web Server HTTPD is DOWN",
   "external_id":"12345",
   "first_event_time":1416307126,
   "int_last_event_time":1416307188,
   "last_event_time":1416307131,
   "last_state_change":1416307144,
   "manager":"WebMon",
   "owner":2,
   "severity":0,
   "signature":"SIG:Web Server Down Trap:xldn1458pap:10",
   "significance":3,
   "source":"xldn1458pap",
   "source_id":"xldn1458pap",
   "state":9,
   "type":"HTTPDDown"
}

getAlertIds

A Graze API GET request that returns the total number of alerts, and a list of the alert IDs, for a specified alert filter and a limit.

Note: Take special care when using endpoint getAlertIds. Overuse of this endpoint can have a negative impact on the backend datastore.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getAlertIds takes the following request arguments:

Response

Endpoint getAlertIds returns the following response:

Successful requests return a JSON object which contains alert details from the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getAlertIds:

Request example

Example cURL request to return the first 20 alert IDs that satisfy the filter where the agent is not SYSLOG and the description matches "AUTH-SERVICE":

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getAlertIds" --data-urlencode 'query=agent!=SYSLOG and description matches "AUTH-SERVICE"' --data-urlencode 'limit=20'

Response example

Example response returning the first 20 alert IDs:

{"total_alerts":20,"alert_ids":[78,234,737,1253,1459,1733,2166,2653,2855,3133,3414,3538,3729,3905,3991,4110,4160,4536,4692,4701]}

getCookbooks

A Graze API GET request that returns all the Cookbooks in Cisco Crosswork Situation Manager.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getCookbooks takes the following request arguments:

There are no other arguments because this endpoint returns data on all Cookbooks in Cisco Crosswork Situation Manager.

Response

Endpoint getCookbooks returns the following response:

Successful requests return an array of JSON objects containing the following:

Examples

The following examples demonstrate typical use of endpoint getCookbooks:

Request example

Example cURL request to return all the Cookbooks in Cisco Crosswork Situation Manager:

curl -X GET -u graze:graze -k -v "https://localhost/graze/v1/getCookbooks"

Response example

Example response returning the details of the "Default Cookbook":

[
    {
        "recipes": [
            "Description",
            "Source",
            "Criticals"
        ],
        "run_on_startup": null,
        "description": "",
        "moobot": "Cookbook.js",
        "cluster_by": null,
        "cook_for": 900,
        "first_recipe_match_only": true,
        "max_cook_for": null,
        "cook_for_extension": null,
        "name": "Default Cookbook",
        "entropy_threshold": 0,
        "process_output_of": "Alert Workflows",
        "scale_by_severity": false
    }
]

getDefaultMergeGroup

A Graze API GET request that returns details of the default merge group in Cisco Crosswork Situation Manager.

Clustering algorithms, such as Cookbook and Tempus, use the default values in the default merge group unless you have set up custom merge groups with different values to merge Situations from these clustering algorithms. You can set up merge groups using the UI (see /document/preview/121633#UUIDdc5f5ef14beb1148529d6f5b50806b63 for details) or using the Graze API endpoint addMergeGroup.Configure Merge Groups

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getDefaultMergeGroup does not take any request arguments.

Response

Endpoint getDefaultMergeGroup returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint getDefaultMergeGroup:

Request example

Example cURL request to return the default merge group in Cisco Crosswork Situation Manager:

curl -G
-u graze:graze
-k "https://example.com/graze/v1/getDefaultMergeGroup"

Response example

Example response returning details of the default merge group in Cisco Crosswork Situation Manager:

{
    "alert_threshold": 2,
    "situation_similarity_limit": 0.7
}

getIntegrationConfig

A Graze API GET request that exports the configuration and mapping needed for an integration in JSON format.

The exported JSON file can be saved as a duplicate configuration of the original integration. For example, you can modify and save the returned object as webhook_lam_custom.conf. Run it with this command:

$MOOGSOFT_HOME/bin/webhook_lam --config=webhook_lam_custom.conf

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getIntegrationConfig takes the following request arguments:

Response

Endpoint getIntegrationConfig returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint getIntegrationConfig:

Request example

Example cURL request to return the configuration for the integration with ID 1:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getIntegrationConfig?integration_id=1"

Response example

Example return of a JSON object containing the integration configuration details:

{
    "config": {
        "filter": {
            "presend": "WebhookLam.js"
        },
        "process": "webhook_lam_webhook1",
        "conversions": {
            "sevConverter": {
                "output": "INTEGER",
                "lookup": "severity",
                "input": "STRING"
            },
            "stringToInt": {
                "output": "INTEGER",
                "input": "STRING"
            }
        },
        "mapping": {
            "catchAll": "overflow",
            "rules": [
                {
                    "name": "signature",
                    "rule": "$signature"
                },
                {
                    "name": "source_id",
                    "rule": "$source_id"
                },
                {
                    "name": "external_id",
                    "rule": "$external_id"
                },
                {
                    "name": "manager",
                    "rule": "$manager"
                },
                {
                    "name": "source",
                    "rule": "$source"
                },
                {
                    "name": "class",
                    "rule": "$class"
                },
                {
                    "name": "agent",
                    "rule": "$LamInstanceName"
                },
                {
                    "name": "agent_location",
                    "rule": "$agent_location"
                },
                {
                    "name": "type",
                    "rule": "$type"
                },
                {
                    "name": "severity",
                    "rule": "$severity",
                    "conversion": "sevConverter"
                },
                {
                    "name": "description",
                    "rule": "$description"
                },
                {
                    "name": "agent_time",
                    "rule": "$agent_time",
                    "conversion": "stringToInt"
                }
            ]
        },
        "agent": {
            "name": "webhook_lam_webhook1"
        },
        "monitor": {
            "address": "localhost",
            "authentication_cache": true,
            "use_ssl": false,
            "auto_port_assign": true,
            "authentication_type": "basic",
            "rpc_response_timeout": 20,
            "lists_contain_multiple_events": true,
            "proxy": "https://freida7/events/webhook_webhook1",
            "accept_all_json": true,
            "port": 51000,
            "name": "Webhook Lam Monitor (Webhook1)",
            "num_threads": 5,
            "rest_response_mode": "on_receipt",
            "class": "CRestMonitor"
        },
        "constants": {
            "severity": {
                "0": 2,
                "moog_lookup_default": 1,
                "3": 5,
                "5": 4,
                "CLEAR": 0,
                "2": 3,
                "MAJOR": 4,
                "CRITICAL": 5,
                "MINOR": 3,
                "INDETERMINATE": 1,
                "1": 2
            }
        }
    }
}

getMaintenanceWindows

A Graze API GET request that returns maintenance windows based on how many should be returned. Only returns active recurring windows and scheduled maintenance windows, not expired or deleted maintenance windows.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getMaintenanceWindows takes the following request arguments:

Response

Endpoint getMaintenanceWindows returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint getMaintenanceWindows:

Request example

Example cURL request to return the first 20 maintenance windows:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getMaintenanceWindows" --data-urlencode 'start=0' --data-urlencode 'limit=20'

Response example

Example successful response returning details of two maintenance windows:

{
    "windows": [
        {
            "filter":"{ \"column\": \"type\", \"op\": 10, \"value\": \"FireInServerRoom\", \"type\": \"LEAF\" }",
            "duration":3600,
            "recurring_period":1,
            "del_flag":false,
            "forward_alerts":false,
            "last_updated":1499425460,
            "timezone":"Europe/London",
            "name":"My window 1",
            "updated_by":5,
            "description":"My description 1",
            "id":1,
            "recurring_period_units":3,
            "start_date_time":1499425427,
            "timezone": "America/New_York"
        },
        {
            "filter":"{ \"column\": \"description\", \"op\": 10, \"value\": \"SVR_LON_3451\", \"type\": \"LEAF\" }",
            "duration":3600,
            "recurring_period":0,
            "del_flag":false,
            "forward_alerts":false,
            "last_updated":1499425489,
            "timezone":"Europe/London",
            "name":"Hostname; SVR_LON_3451",
            "updated_by":5,
            "description":"Downtime on host SVR_LON_3451",
            "id":2,
            "recurring_period_units":0,
            "start_date_time":1499425462,
            "timezone" : "Europe/London"
        }
    ]
}

getMergeGroups

A Graze API GET request that returns details of all the custom merge groups in Cisco Crosswork Situation Manager.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getMergeGroups does not take any request arguments.

Response

Endpoint getMergeGroups returns the following response:

Successful requests return an array of JSON objects containing the following:

Examples

The following examples demonstrate typical use of endpoint getMergeGroups:

Request example

Example cURL request to return all the custom merge groups in Cisco Crosswork Situation Manager:

curl -G
-u graze:graze
-k "https://example.com/graze/v1/getMergeGroups"

Response example

Example response returning details of all the custom merge groups in Cisco Crosswork Situation Manager:

[
{
    "name":"Default Cookbook",
    "moolets":
    [
        "Default Cookbook"
    ],
    "alert_threshold":2,
    "situation_similarity_limit":0.6
},
{
    "name":"Merge Group 1",
    "moolets":
    [
        "Recipe 1"
        "Recipe 2"
    ],
    "alert_threshold":null,
    "situation_similarity_limit":0.5
},
{
    "name":"Merge Group 2",
    "moolets":
    [
        "Recipe 2"
        "Time Based (Tempus)"
    ],
    "alert_threshold":2,
    "situation_similarity_limit":null
}
]

getPrcLabels

A Graze API GET request that returns probable root cause (PRC) information for all alerts or specified alerts within a Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getPrcLabels takes the following request arguments:

Response

Endpoint getPrcLabels returns the following response:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getPrcLabels:

Request example

Example cURL request to return the PRC labels for alerts 1, 2, 3, and 4 in Situation 157:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getPrcLabels?sitn_id=157&alert_ids=[1,2,3,4]"

Response example

Example response returning the PRC labels for alerts 1, 2, 3, and 4 in the Situation:

{
   "non_causal":
     [2,3],
   "unlabelled":
     [4],
   "causal":
     [1]
}

getProcesses

A Graze API GET request that returns a list of the processes in the database.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getProcesses takes the following request arguments:

Response

Endpoint getProcesses returns the following response:

Successful requests return an array of JSON objects containing the following:

Examples

The following examples demonstrate typical use of endpoint getProcesses:

Request example

Example cURL request to return the first 100 processes containing "Network" in the process name:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getProcesses" --data-urlencode 'query=Network' --data-urlencode 'exact_match=false'

Response example

Example response returning three process names containing "Network":

[
    {
        "process_id": 1,
        "name": "Network LON",
        "description": "Network London"
    },
    {
        "process_id": 2,
        "name": "NY Network A",
        "description": "Network New York A"
    },
    {
        "process_id": 3,
        "name": "NY Network B",
        "description": "Network New York B"
    }
]

getRecipes

A Graze API GET request that returns all the Recipes in Cisco Crosswork Situation Manager.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getRecipes takes the following request arguments:

Response

Endpoint getRecipes returns the following response:

Successful requests return an array of JSON objects containing the following:

Examples

The following examples demonstrate typical use of endpoint getRecipes:

Request example

Example cURL request to return all the Recipes in Cisco Crosswork Situation Manager:

curl -X GET -u graze:graze -k -v "https://localhost/graze/v1/getRecipes"

Response example

Example response returning all the Recipes in Cisco Crosswork Situation Manager:

[
    {
        "seed_alert_filter": "{}",
        "chef": "CValueRecipeV2",
        "description": "Alerts with a similar description",
        "recipe_alert_threshold": 2,
        "matcher": {
            "components": [
                {
                    "similarity": 1,
                    "name": "agent",
                    "shingle_size": -1
                },
                {
                    "similarity": 0.75,
                    "name": "description",
                    "shingle_size": -1
                }
            ]
        },
        "exclusion_filter": "{}",
        "cook_for": null,
        "max_sample_size": 10,
        "rate": 0,
        "min_sample_size": 5,
        "cook_for_extension": 0,
        "name": "Description",
        "trigger_filter": "{ \"column\": \"severity\", \"op\": 5, \"value\": 3, \"type\": \"LEAF\" }",
        "cookbooks": [
            "Default Cookbook"
        ]
    },
    {
        "seed_alert_filter": "{}",
        "chef": "CValueRecipeV2",
        "description": "Alerts from a similar source",
        "recipe_alert_threshold": 2,
        "matcher": {
            "components": [
                {
                    "similarity": 1,
                    "name": "agent",
                    "shingle_size": -1
                },
                {
                    "similarity": 0.75,
                    "name": "source",
                    "shingle_size": 3
                }
            ]
        },
        "exclusion_filter": "{}",
        "cook_for": null,
        "max_sample_size": 10,
        "rate": 0,
        "min_sample_size": 5,
        "cook_for_extension": 0,
        "name": "Source",
        "trigger_filter": "{ \"column\": \"severity\", \"op\": 5, \"value\": 3, \"type\": \"LEAF\" }",
        "cookbooks": [
            "Default Cookbook"
        ]
    },
    {
        "seed_alert_filter": "{}",
        "chef": "CValueRecipeV2",
        "description": "Remaining critical alerts",
        "recipe_alert_threshold": 1,
        "matcher": {
            "components": [
                {
                    "similarity": 1,
                    "name": "agent",
                    "shingle_size": -1
                },
                {
                    "similarity": 0.75,
                    "name": "source",
                    "shingle_size": 3
                }
            ]
        },
        "exclusion_filter": "{}",
        "cook_for": null,
        "max_sample_size": 10,
        "rate": 0,
        "min_sample_size": 5,
        "cook_for_extension": 0,
        "name": "Criticals",
        "trigger_filter": "{ \"column\": \"severity\", \"op\": 0, \"value\": 5, \"type\": \"LEAF\" }",
        "cookbooks": [
            "Default Cookbook"
        ]
    }
]

getResolvingThreadEntries

A Graze API GET request that returns thread entries for a specified Situation that have been marked as resolving steps. Threads are comments or 'story activity' on Situations. Operators can mark one or more thread entries as steps that were used to resolve a Situation.

You can select specific thread entries to return using start and limit values. If not, their default values return the first 100 entries. The entries returned are ordered by most recent first.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getResolvingThreadEntries takes the following request arguments:

Response

Endpoint getResolvingThreadEntries returns the following response:

Successful requests return an array of JSON objects containing the following:

The resolving_entries list contains the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getResolvingThreadEntries:

Request example

Example cURL request to return the first 100 resolving thread entries in Situation 358:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getResolvingThreadEntries" --data-urlencode "sitn_id=358"

Example cURL request to return the first 10 resolving thread entries in Situation 358:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getResolvingThreadEntries" --data-urlencode "sitn_id=358" --data-urlencode "start=0" --data-urlencode "limit=10"

Response example

Example response showing the three resolving thread entries in Situation 358:

{"sitn_id":358,
"resolving_entries":
[
{"entry_text":"hah","user_id":3,"thread_name":"Support","time":1549387456,"entry_id":1722},
{"entry_text":"asdfdsf","user_id":3,"thread_name":"Support","time":1549385762,"entry_id":1721},
{"entry_text":"sdfsdf\n","user_id":3,"thread_name":"Support","time":1549385747,"entry_id":1720}
]
}

getSecurityRealm

A Graze API GET request that returns a JSON object containing the names and configuration details of active security realms.

Back to Graze API EndPoint Reference.

Request arguments

There are no other arguments because this endpoint returns data on all active security realms.

Response

Endpoint getSecurityRealm returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint getSecurityRealm:

Request example

Example cURL request to return the configuration of any active security realm in Cisco Crosswork Situation Manager:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSecurityRealms"

Response example

Successful requests return a JSON object representing the active realms. The following example shows a test SAML realm and a Google realm:

{
        "Test Saml Realm": {
                "configuration":  {
                        "defaultGroup":"EndUser",
                        "realmType":"SAML2",
                        "existingUserMappingField":"username",
                        "spMetadataFile":"/usr/share/moogsoft/config/keycloak.my_sp_metadata.xml",
                        "defaultRoles":["Operator"],
                        "defaultTeams":["Cloud DevOps"],
                        "fullname":"$FirstName $LastName",
                        "email":"$Email",
                        "idpMetadataFile":"/usr/share/moogsoft/config/keycloak.my_idp_metadata.xml",
                        "username":"$Email",
                        "maximumAuthenticationLifetime":60},
                        "name":"Test Saml Realm",
                        "active":true,
                        "type":"SAML2"     
                                         }
        ,"Google realm": {
                "configuration": {
                        "realmType":"GOOGLE"},
                        "name":"Google realm",
                        "active":true,"type":"GOOGLE"}
}

getServices

A Graze API GET request that returns a list of the services in the database.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getServices takes the following request arguments:

Response

Endpoint getServices returns the following response:

Successful requests return an array of JSON objects containing the following:

Examples

The following examples demonstrate typical use of endpoint getServices:

Example Using Exact Matching

Example cURL request using exact matching of the query "Network LON":

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getServices" --data-urlencode 'query=Network LON' --data-urlencode 'exact_match=true'

Example response returning details of the service name "Network LON":

[{
   "service_id":3,
   "name":"Network LON",
   "description":"Network description"
}]

Example Using Approximate Matching

Example cURL request using approximate matching of the query "Network":

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getServices" --data-urlencode 'query=Network'

Example response returning details of all service names containing "Network":

[{
   "service_id":1,
   "name":"Network LON",
   "description":"Network London"
},{
   "service_id":2,
   "name":"NY Network A",
   "description":"Network New York A"
},{
   "service_id":3,
   "name":"NY Network B",
   "description":"Network New York B"
}]

getSeverities

A Graze API GET request that returns a list of possible severities and their severity IDs.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSeverities takes the following request argument:

There are no other arguments, as this endpoint returns data on all severities.

Response

Endpoint getSeverities returns the following response:

Successful requests return an array of JSON objects containing the following:

Examples

The following examples demonstrate typical use of endpoint getSeverities:

Request example

Example cURL request to return the list of all severities:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSeverities"

Response example

Example response returning a list of all severities:

[{
        "name": "Clear",
        "severity_id": 0
}, {
        "name": "Indeterminate",
        "severity_id": 1
}, {
        "name": "Warning",
        "severity_id": 2
}, {
        "name": "Minor",
        "severity_id": 3
}, {
        "name": "Major",
        "severity_id": 4
}, {
        "name": "Critical",
        "severity_id": 5
}]

getSigCorrelationInfo

A Graze API GET request that returns all correlation information related to a specified Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSigCorrelationInfo takes the following request arguments:

Response

Endpoint getSigCorrelationInfo returns the following response:

Successful requests return an array of JSON objects containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSigCorrelationInfo:

Request example

Example cURL request to return the correlation information for Situation ID 5:

curl -X GET -u graze:graze -k -v "https://localhost/graze/v1/getSigCorrelationInfo?sitn_id=5" -H "Content-Type: application/json; charset=UTF-8"

Response example

Example response returning :

[
     {
     "sig_id": 1,
     "service_name": "Example1",
     "external_id": "Example1",
     "properties": "{"Example1":"Example1"}
     },
     {
     "sig_id": 2,
     "service_name": "Example2",
     "external_id": "Example2",
     "properties": "{"Example2":"Example2"}
     }
   ]

getSimilarSituationIds

A Graze API GET request that returns a list of IDs of similar Situations, for a specified Situation ID and a limit.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSimilarSituationIds takes the following request arguments:

Response

Endpoint getSimilarSituationIds returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSimilarSituationIds:

Request example

Example cURL request to return the first 10 Situation IDs that are similar to Situation ID 1043:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSimilarSituationIds" --data-urlencode 'sitn_id=1043' --data-urlencode 'limit=10'

Response example

Example response returning the Situation IDs that are similar to Situation ID 1043:

{"similarity_ids":[43,156,177,221,576,1026,1327], "sig_id":1043}

getSimilarSituations

A Graze API GET request that returns the details of similar Situations for a specified Situation and a limit.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSimilarSituations takes the following request arguments:

Response

Endpoint getSimilarSituations returns the following response:

Successful requests return an array of JSON objects containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSimilarSituations:

Request example

Example cURL request to return Situations that are similar to Situation ID 38:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSimilarSituations" --data-urlencode '"sitn_id"=38' --data-urlencode 'limit=20'

Response example

Example response returning details of two Situations, IDs 39 and 40, that are similar to Situation ID 38:

{
    "similarities":[
        {
            "sim_sig_id":39,
            "similarity":1.0,
            "resolving_steps_count":0
        },{
            "sim_sig_id":40,
            "similarity":1.0,
            "resolving_steps_count":0
       }
    ],
    "similar_count":2,
    "sig_id":38
}

getSituationActions

A Graze API GET request that returns the actions for Situations, ordered most recent last. You can use the from and to arguments to specify a period that you want to retrieve Situation actions for. If you do not specify these, actions for all dates and times are returned.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationActions takes the following request arguments:

Response

Endpoint getSituationActions returns the following response:

Successful requests return an array of JSON objects containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationActions:

Request examples

Example cURL request to retrieve the first three actions for Situations 1, 2, 3 and 6:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSituationActions" --data-urlencode 'sitn_ids=[1, 2, 3, 6]' --data-urlencode 'actions=[1]' --data-urlencode 'limit=3' --data-urlencode 'start=0'

Example cURL command to retrieve the first 50 actions for Situations 1, 2, 3 and 6 between Unix epoch times 1553861746 and 1553872546:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSituationActions" --data-urlencode 'sitn_ids=[1, 2, 3, 6]' --data-urlencode 'actions=[1]' --data-urlencode 'limit=50' --data-urlencode 'start=0' --data-urlencode 'from=1553861746' --data-urlencode 'to=1553872546'

Response example

Example response returning the actions for Situation 451:

{
    "activities": [
        {
            "uid": 2,
            "action_code": 1,
            "description": "Situation Created",
            "details": {},
            "type": "event",
            "sig_id": 451,
            "timed_at": 1507039842
        },{
            "uid": 2,
            "action_code": 14,
            "description": "Added Alerts To Situation",
            "details": {}
            "alerts": [1, 2]
        },{
            "uid": 3,
            "action_code": 11,
            "description": "Ran Tool",
            "details": {
        "tool_id": 271,
        "tool": "get data"
            },
            "sig_id": 451,
            "type": "event",
            "timed_at": 1557321088,
            "username": "admin"
    }
    ]
}

getSituationAlertIds

A Graze API GET request that returns the total number of alerts, and a list of the alert IDs for a specified Situation. This can be either all alerts or just those alerts unique to the Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationAlertIds takes the following request arguments:

Response

Endpoint getSituationAlertIds returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationAlertIds:

Request example

Example cURL request to return all the alert IDs for Situation ID 362:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSituationAlertIds"     --data-urlencode "sitn_id=362" --data-urlencode "for_unique_alerts=false"

Response example

Example response returning all the alerts for Situation ID 362:

{"total_alerts":232,"alert_ids":[6,10,17,19,22,26,27,29,32,43,44,45,47,52,67,68,79,81,83,84,96,102,105,108,109,111,113,115,116,125,135,136,138,140,142,143,147,151,152,153,165,175,177,178,180,181,188,192,193,207,211,213,217,223,225,232,238,239,240,244,255,258,259,269,270,272,274,284,293,303,314,318,335,357,363,369,374,375,388,398,414,428,430,434,442,443,448,449,450,479,480,485,486,492,494,504,505,510,511,518,521,529,556,558,563,570,580,594,596,599,601,603,628,655,656,661,664,674,684,691,705,714,715,719,720,728,732,734,750,776,777,781,788,794,808,819,830,835,838,844,857,858,860,861,877,882,885,887,890,892,893,900,901,906,912,914,918,926,936,937,959,971,972,984,994,1004,1013,1016,1019,1020,1023,1033,1043,1045,1068,1076,1082,1083,1085,1099,1119,1124,1135,1137,1143,1147,1171,1185,1201,1207,1217,1225,1231,1238,1254,1271,1272,1274,1280,1282,1290,1292,1301,1320,1321,1322,1324,1326,1327,1331,1332,1333,1362,1379,1402,1414,1423,1433,1443,1454,1468,1472,1473,1481,1491,1510,1512,1517,1520,1522,1532,1534]}

getSituationDescription

A Graze API GET request that returns the description for a specified Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationDescription takes the following request arguments:

Response

Endpoint getSituationDescription returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationDescription:

Request example

Example cURL request to return the description for Situation ID 231:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSituationDescription" --data-urlencode 'sitn_id=231'

Response example

Example response returning the description for Situation ID 231:

{"sitn_id" : "231", "description" : "SyslogLamCookbook source"}

getSituationDetails

A Graze API GET request that returns the details of a specified Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationDetails takes the following request arguments:

Response

Endpoint getSituationDetails returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationDetails:

Request example

Example cURL request to the details of Situation ID 173:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSituationDetails" --data-urlencode 'sitn_id=173'

Response example

Example response returning the details of Situation ID 173:

{
    "category":"Detected",
    "created_at":1415814620,
    "custom_info":null,
    "description":"Sigaliser situation",
    "first_event_time":1415814600,
    "internal_priority":0,
    "last_event_time":1415814619,
    "last_state_change":1415868947,
    "moderator_id":2,
    "sitn_id":173,
    "status":1,
    "story_id":3,
    "superseded_by":null,
    "total_alerts":1403,
    "total_unique_alerts":1403,
    "primary_team_id":2
}

getSituationFlags

A Graze API GET request that returns the flags for one or an array of Situations.

See Situation Flags for more information on Cisco Crosswork Situation Manager Situation flags.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationFlags takes the following request arguments:

Response

Endpoint getSituationFlags returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationFlags:

Request example

Example cURL request to list an array of all flags associated with Situation 1.

curl -X GET -u graze:graze -k -v  https://localhost/graze/v1/getSituationFlags?sitn_ids=%5B1%5D

Response example

Example response returning the flags associated with Situation 1:

{
    "1": [
        "NOTIFIED",
        "TICKETED"
    ]
}

getSituationHosts

A Graze API GET request that returns the hosts for a specified Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationHosts takes the following request arguments:

Response

Endpoint getSituationHosts returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationHosts:

Request example

Example cURL request to return all the hosts that sent alerts to Situation ID 447:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSituationHosts" --data-urlencode 'sitn_id=447'

Response example

Example response returning all the hosts that sent alerts to Situation ID 447:

{ 
   hosts:[ 
      "xldn1204pap",
      "xldn1215pap",
      "xldn1220pap",
      "vxldn1230pap",
      "xldn1241pap",
      "xldn1252pap",
      "xldn1271pap",
      "xldn1278pap",
      "xldn1297pap",
      "xldn1299pap"
   ]
}

getSituationIds

A Graze API GET request that returns the total number of Situations, and a list of their Situation IDs, for a specified Situation filter and a limit.

Note: Take special care when using endpoint getSituationIds. Overuse of this endpoint can have a negative impact on the backend datastore.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationIds takes the following request arguments:

Response

Endpoint getSituationIds returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationIds:

Request example

Example cURL request to get the first 20 Situation IDs that match the query where the description is "lon_storage_636728" or the queue is 5:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSituationIds" --data-urlencode 'query=description="lon_storage_636728" or queue = 5' --data-urlencode 'limit=20'

Response example

Example response returning seven Situation IDs that match the query:

{"total_situations":7,"sitn_ids":[87,121,128,278,523,1003,1519]}

getSituationPrimaryTeam

A Graze API GET request that returns the primary team on the specified Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationPrimaryTeam takes the following request arguments:

Response

Endpoint getSituationPrimaryTeam returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationPrimaryTeam:

Request example

Example cURL request to return the primary team for Situation 1906:

curl -G -u graze:graze -k "https://localhost/graze/v1/getSituationPrimaryTeam" --data-urlencode 'sitn_id=1906'

Response examples

Example response returning that team 36 is the primary team for Situation 1906:

{
    "primary_team_name": "Cloud DevOps",
    "sitn_id": 1906,
    "primary_team_id": 1
}

Example response returning that Situation 1906 does not have a primary team assigned to it:

{
    "sitn_id":1906,
}

getSituationProcesses

A Graze API GET request that returns a list of process names for a specified Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationProcesses takes the following request arguments:

Response

Endpoint getSituationProcesses returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationProcesses:

Request example

Example cURL request to return all the process names for Situation 473:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSituationProcesses" --data-urlencode 'sitn_id=473'

Response example

Example response returning a list of all the Situation's process names:

{
    "processes":[
        "Knowledge Management",
        "Online Transaction Processing",
        "Web Content Management",
        "40GbE",
        "8-bit Unicode Transcoding Platform"
    ]
}

getSituationServices

A Graze API GET request that returns a list of external service names for a specified Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationServices takes the following request arguments:

Response

Endpoint getSituationServices returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationServices:

Request example

Example cURL request to return the services for Situation ID 345:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSituationServices" --data-urlencode 'sitn_id=345'

Response example

Example response returning the services for the specified Situation:

{
   "services":[
       "Cloud Management Platform",
       "Geographic Information Systems",
       "Knowledge Management",
       "Online Transaction Processing",
       "Storage Subsystem",
       "Web Content Management",
       "0-bit Emulation","40GbE",
       "8-bit Unicode Transcoding Platform"
   ]
}

getSituationsWithFlag

A Graze API GET request that returns all the Situations which have the specified flag.

See Situation Flags for more information on Cisco Crosswork Situation Manager Situation flags.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationsWithFlag takes the following request arguments:

Response

Endpoint getSituationsWithFlag returns the following response:

Successful requests return a JSON object containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationsWithFlag:

Request example

Example cURL request to retrieve all Situations that have the specified flag associated with them.

curl -X GET -u graze:graze -k -v  https://localhost/graze/v1/getSituationsWithFlag?flag=NOTIFIED

Response example

Example response returning an array of all of the Situations that have the specified flag associated with them:

[
    1,
    2,
    5
]

getSituationTopology

A Graze API GET request that returns a JSON object in NetJSON format that represents the nodes affected by the Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationTopology takes the following request arguments:

Response

Endpoint getSituationTopology returns the following response:

Successful requests return an array of JSON objects containing the following:

See http://netjson.org/ for more information on the topology data format.

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationTopology:

Request example

The following topology diagram shows the nodes affected by Situation ID 14, with a context of 1. In this example, each node represents a host in a network and the Situation represents a network outage. It shows six nodes directly affected by the Situation, their color depending on their severity, and one node which is one hop away, shown in gray.

The following cURL request demonstrates a request to return nodes affected by the Situation and nodes that are one hop away. The returned object is to contain the properties of severity, Vertex Entropy, Probable Root Cause (PRC), service, and description.

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSituationTopology" --data-urlencode "sitn_id=14" "context=1" "properties"=["severity","vertex_entropy","prc","service","description"]

Response example

The successful response returns the following topology information for this Situation. The response always returns the node names in lower case. Note that there is no PRC value for the node that is not directly affected by the Situation. In this example, consider investigating node "host2835" as the cause of the Situation because it has a high severity and a high PRC.

{
    "links": [
        {
            "source": "host2728",
            "target": "host2736"
        },
        {
            "source": "host2728",
            "target": "host1156"
        },
        {
            "source": "host2835",
            "target": "host2728"
        },
        {
            "source": "host2801",
            "target": "host2827"
        },
        {
            "source": "host2800",
            "target": "host2801"
        },
        {
            "source": "host2801",
            "target": "host2835"
        },
        {
            "source": "host2835",
            "target": "host2736"
        }
    ],
    "nodes": [
        {
            "id": "host2835",
            "properties": {
                "severity": 5,
                "prc": 0.9862626716344282,
                "service": "",
                "context": 0,
                "description": "",
                "vertex_entropy": 0.1794592472207979
            }
        },
        {
            "id": "host2736",
            "properties": {
                "severity": 4,
                "prc": 0.42722191049803876,
                "service": "",
                "context": 0,
                "description": "",
                "vertex_entropy": 0.08976540495989357
            }
        },
        {
            "id": "host2728",
            "properties": {
                "severity": 3,
                "prc": 0.007672752075071621,
                "service": "",
                "context": 0,
                "description": "",
                "vertex_entropy": 0.1794592472207979
            }
        },
        {
            "id": "host2827",
            "properties": {
                "severity": 5,
                "prc": 0.4262762946261391,
                "service": "",
                "context": 0,
                "description": "",
                "vertex_entropy": 0.05343516483103129
            }
        },
        {
            "id": "host2801",
            "properties": {
                "severity": 5,
                "prc": 0.42722511225514104,
                "service": "",
                "context": 0,
                "description": "",
                "vertex_entropy": 0.23927899629439717
            }
        },
        {
            "id": "host2800",
            "properties": {
                "severity": 5,
                "prc": 0.4269879766269776,
                "service": "",
                "context": 0,
                "description": "",
                "vertex_entropy": 0.05343516483103129
            }
        },
        {
            "id": "host1156",
            "properties": {
                "severity": null,
                "prc": null,
                "service": "",
                "context": 1,
                "description": "",
                "vertex_entropy": 0.05343516483103129
            }
        }
    ]
}

getSituationVisualization

A Graze API GET request that returns information on the origin and cause of a specified Situation.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSituationVisualization takes the following request arguments:

Response

Endpoint getSituationVisualization returns the following response:

Successful requests return an array of JSON objects containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getSituationVisualization:

Request example

Example cURL request to return information on the origin and cause of Situation ID 358:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSituationVisualization" --data-urlencode "sitn_id=358"

Response Examples

Example response for a Situation created by a Cookbook Recipe:

{
    "origin": "cookbook",
    "cause": {
        "cookbook_name": "Default Cookbook",
        "recipe_id": 4,
        "cookbook_id": 7,
        "recipe_name": "Recipe 1",
        "reference_event_id": 6
    },
    "sig_id": 1
}

Example response for a manually created Situation:

{
    "origin": "Manual Creation",
    "cause": {"uid": 3},
    "sig_id": 6
}

Example response when two Situations have been merged:

{
    "origin": "Manual Merge",
    "cause": {
        "uid": 3,
        "merged_sigs": [
            8,
            7
        ]
    },
    "sig_id": 9
}

If there is no Situation visualization data, the response returns the following information:

{
    "additional": {
        "debugMessage": "com.moogsoft.servletutils.CGeneralServerException: com.moogsoft.services.CGeneralServiceException: No visualize data found for Situation ID [2323]"
    },
    "message": "Internal server error",
    "statusCode": 1000
}

getStatuses

A Graze API GET request that returns a list of statuses that can apply to Situations and their IDs.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getStatuses takes the following request arguments:

There are no other arguments because this endpoint returns data on all statuses.

Response

Endpoint getStatuses returns the following response:

Successful requests return an array of JSON objects containing the following:

Examples

The following examples demonstrate typical use of endpoint getStatuses:

Request example

Example cURL request to return a list of statuses:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getStatuses"

Response example

Example response returning a list of statuses:

[{
        "status_id": 1,
        "name": "Opened"
}, {
        "status_id": 2,
        "name": "Unassigned"
}, {
        "status_id": 3,
        "name": "Assigned"
}, {
        "status_id": 4,
        "name": "Acknowledged"
}, {
        "status_id": 5,
        "name": "Unacknowledged"
}, {
        "status_id": 6,
        "name": "Active"
}, {
        "status_id": 7,
        "name": "Dormant"
}, {
        "status_id": 8,
        "name": "Resolved"
}, {
        "status_id": 9,
        "name": "Closed"
}, {
        "status_id": 10,
        "name": "SLA Exceeded"
}]

getSystemStatus

A Graze API GET request that returns current system status information for all processes.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSystemStatus takes the following request arguments:

There are no other arguments because this endpoint returns data on all processes.

Response

Endpoint getSystemStatus returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint getSystemStatus:

Request example

Example cURL request to return the system status:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSystemStatus"

Response example

Example response returning the system status:

{
    "processes": [{
        "running": true,
        "sub_components": {
        "moogpoller": {
            "run_on_startup": true,
            "instance": "",
            "service_name": "apache-tomcat",
            "display_name": "servlets",
            "type": "servlets",
            "last_heartbeat": 1491385834300,
            "passive": false,
            "running": true,
            "component": "moogpoller",
            "reserved": true,
            "stoppable": true,
            "missed_heartbeats": 0,
            "ha_conf": {
                "cluster": "MOO",
                "instance": "",
                "default_leader": true,
                "start_as_passive": false,
                "only_leader_active": false,
                "group": "servlets"
             }
          },
       "moogsvr": {
           "run_on_startup": true,
           "instance": "",
           "service_name": "apache-tomcat",
           "display_name": "servlets",
           "type": "servlets",
           "last_heartbeat": 1491385825246,
           "passive": false,
           "running": true,
           "component": "moogsvr",
           "reserved": true,
           "stoppable": true,
           "missed_heartbeats": 0,
           "ha_conf": {
               "cluster": "MOO",
               "instance": "",
               "default_leader": true,
               "start_as_passive": false,
               "only_leader_active": false,
               "group": "servlets"
            }
         }
      },
    "instance": "",
        "reserved": true,
        "service_name": "apache-tomcat",
        "stoppable": true,
        "missed_heartbeats": 0,
        "display_name": "servlets",
        "type": "servlets",
        "last_heartbeat": 1491385834300,
        "ha_conf": {
            "cluster": "MOO",
            "instance": "",
            "default_leader": true,
            "start_as_passive": false,
            "only_leader_active": false,
            "group": "servlets"
            },
        "passive": false
            }, {
                "running": false,
                "instance": "",
                "last_missed_heartbeat": 1491385820601,
                "reserved": false,
                "stoppable": false,
                "missed_heartbeats": 10,
                "display_name": "test_lam",
                "type": "lam",
                "last_heartbeat": 1491382820601,
                "additional_health_info": {
                        "thread_pool_queue_size": 0,
                        "published_events": {
                                "last_5_minutes": 130,
                                "last_10_minutes": 130,
                                "last_minute": 130
                        }
                },
                "ha_conf": {
                        "cluster": "MOO",
                        "instance": "",
                        "default_leader": true,
                        "start_as_passive": false,
                        "only_leader_active": true,
                        "group": "test_lam"
                },
                "passive": false
        "sub_components": {
            "SituationMgr": {
            "run_on_startup": true,
            "instance": "",
            "last_missed_heartbeat": 1491385821669,
            "service_name": "moogfarmd",
            "display_name": "moog_farmd",
            "type": "moog_farmd",
            "last_heartbeat": 1491382821669,
            "passive": false,
            "running": false,
            "component": "SituationMgr",
            "reserved": true,
            "stoppable": true,
            "missed_heartbeats": 10,
            "ha_conf": {
                "cluster": "MOO",
                "instance": "",
                "default_leader": true,
                "start_as_passive": false,
                "only_leader_active": true,
                "group": "moog_farmd"
             }
          },
    "AlertBuilder": {
        "run_on_startup": true,
        "instance": "",
        "last_missed_heartbeat": 1491385821669,
        "service_name": "moogfarmd",
        "display_name": "moog_farmd",
        "type": "moog_farmd",
        "last_heartbeat": 1491382821669,
        "passive": false,
        "running": false,
        "component": "AlertBuilder",
        "reserved": true,
        "stoppable": true,
        "missed_heartbeats": 10,
        "ha_conf": {
            "cluster": "MOO",
            "instance": "",
            "default_leader": true,
            "start_as_passive": false,
            "only_leader_active": true,
            "group": "moog_farmd"
         }
       },
    "TeamsMgr": {
        "run_on_startup": true,
        "instance": "",
        "last_missed_heartbeat": 1491385821669,
        "service_name": "moogfarmd",
        "display_name": "moog_farmd",
        "type": "moog_farmd",
        "last_heartbeat": 1491382821669,
        "passive": false,
        "running": false,
        "component": "TeamsMgr",
        "reserved": true,
        "stoppable": true,
        "missed_heartbeats": 10,
        "ha_conf": {
            "cluster": "MOO",
            "instance": "",
            "default_leader": true,
            "start_as_passive": false,
            "only_leader_active": true,
            "group": "moog_farmd"
         }
      }
    },
    "instance": "",
    "last_missed_heartbeat": 1491385821669,
    "service_name": "moogfarmd",
    "display_name": "moog_farmd",
    "type": "moog_farmd",
    "last_heartbeat": 1491382821669,
    "additional_health_info": {
        "event_processing_metric": 0.65
    },
"passive": false,
"running": false,
"reserved": true,
"stoppable": true,
"missed_heartbeats": 10,
"ha_conf": {
    "cluster": "MOO",
    "instance": "",
    "default_leader": true,
    "start_as_passive": false,
    "only_leader_active": true,
    "group": "moog_farmd"
    }
 },
{
    "running": false,
    "instance": "",
    "reserved": false,
    "service_name": "restclientlamd",
    "stoppable": true,
    "display_name": "rest_client_lam",
    "type": "lam",
    "ha_conf": {
        "cluster": "MOO",
        "instance": "",
        "group": "rest_client_lam"
     }
     "additional_health_info": {
         "pools": {
             "MoogPoller": [{
             "removed": 0,
             "ration": 0.0,
             "busy": 0,
             "resource_type": "com.mysql.jdbc.JDBC4Connection",
             "checkout_per_second": 0.0,
             "free": 10,
             "avg_checkedout_seconds": 0.0,
             "capacity": 10
          }],
          "Message sender pool": [{
              "removed": 0,
              "ration": 0.0,
              "busy": 0,
              "resource_type": "com.moogsoft.mooms.CMoomsMessageSender",
              "checkout_per_second": 0.09997000899730081,
              "free": 10,
              "avg_checkedout_seconds": 0.002,
              "capacity": 10
            }]
        }
    }]
}

getSystemSummary

A Graze API GET request that returns a summary of current alerts and Situations in Cisco Crosswork Situation Manager.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getSystemSummary takes the following request arguments:

There are no other arguments because this method returns data on all alerts and Situations.

Response

Endpoint getSystemSummary returns the following response:

Successful requests return a JSON object system_summary, containing the following statistics:

Examples

The following examples demonstrate typical use of endpoint getSystemSummary:

Request example

Example cURL request to return a summary of alerts and Situations in Cisco Crosswork Situation Manager:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getSystemSummary"

Response example

Example response returning a summary of alerts and Situations in Cisco Crosswork Situation Manager:

{
    "system_summary":
    {
        "total_events":61676,
        "open_sitns":571,
        "avg_events_per_sitn":305,
        "open_sitns_up":565,
        "open_sitns_down":2,
        "avg_alerts_per_sitn":16,
        "open_sigs_unassigned":310,
        "timestamp":1499425056
    }
}

getTeam

A Graze API GET request that returns a team's details by team ID or name.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getTeam takes the following request arguments:

Response

Endpoint getTeam returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint getTeam:

Request examples

Example cURL request to return details of the team ID 1:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getTeam?team_id=1"

Example cURL request to return details of the team "Cloud DevOps:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getTeam?name=Cloud DevOps"

Response example

Example response returning the details of the team:

{
    "room_id": 1,
    "alert_filter": "",
    "user_ids": [
        3
    ],
    "sig_filter": "",
    "landing_page": null,
    "description": "Example Team",
    "active": true,
    "team_id": 1,
    "services": [],
    "users": [
        "admin"
    ],
    "name": "Cloud DevOps",
    "service_ids": []
}

getTeamsForService

A Graze API GET request to return all teams related to the service with the specified ID or name.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getTeamsForService takes the following request arguments:

Response

Endpoint getTeamsForService returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint getTeamsForService:

Request examples

Example cURL requests to return the teams related to service ID 1:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getTeamsForService?service_id=1"

Example cURL requests to return the teams related to service "web":

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getTeamsForService?service_name=web"

Response example

Example response returning team and service details:

[
    {
        "room_id": 1,
        "alert_filter": "",
        "user_ids": [
            3
        ],
        "sig_filter": "",
        "name": "Cloud DevOps",
        "landing_page": "",
        "description": "Example Team",
        "active": true,
        "service_ids": [
            1,
            2,
            3,
            4,
            5,
            6,
            7,
            8,
            9,
            10,
            11
        ],
        "team_id": 1,
        "services": [
            "Commerce",
            "Compute",
            "CRM",
            "Database",
            "Mobile",
            "Networking",
            "Remote",
            "Social",
            "Storage",
            "Switch",
            "Web"
        ],
        "users": [
            "admin"
        ]
    }
]

getTeamSituationIds

Request that returns the total number of Situations that are assigned to a team, and a list of their Situation IDs.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getTeamSituationIds takes the following request arguments:

Response

Endpoint getTeamSituationIds returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint getTeamSituationIds:

Request example

Example cURL request to return the Situations assigned to team "Cloud Devops":

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getTeamSituationIds" --data-urlencode "team_name=Cloud Devops"

Response example

Example response returning the total number of Situations followed by the ID of each situation.

{"total_situations":35,"sitn_ids":[20,21,39,55,85,119,145,180,208,233,244,275,305,358,460,461,485,518,574,575,592,616,666,695,696,740,800,892,919,960,992,993,1027,1047,1092]}

getTempus

A Graze API GET request that returns the details of all Tempus Moolets in Cisco Crosswork Situation Manager.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getTempus takes the following request arguments:

There are no other arguments because this endpoint returns data on all Tempus Moolets in Cisco Crosswork Situation Manager.

Response

Endpoint getTempus returns the following response:

Successful requests return an array of JSON objects containing the following:

Examples

The following examples demonstrate typical use of endpoint getTempus:

Request example

Example cURL request to return the details of all Tempus Moolets:

curl -G -u graze:graze -k "https://localhost/graze/v1/getTempus" 

Response example

Example response returning the details of Tempus algorithm "New Tempus 1":

[
    {
        "detection_algorithm": "Louvain",
        "minimum_arrival_similarity": 0.6667,
        "run_on_startup": true,
        "arrival_spread": 15,
        "execution_interval": 120,
        "description": "New Tempus 1",
        "alert_threshold": 4,
        "pre_partition": "",
        "partition_by": "",
        "window_size": 1200,
        "edge_weight": false,
        "significance_threshold": 1,
        "name": "Time Based (Tempus)",
        "entropy_threshold": 0.0,
        "process_output_of": [
            "Alert Workflows"
        ],
        "significance_test": "Poisson1",
        "bucket_size": 5
    }
]

getThreadEntries

A Graze API GET request that returns thread entries for a specified Situation. Threads are comments or 'story activity' on Situations.

You can request to return specific thread entries using start and limit values. If not, their default values return the first 100 entries. The entries returned are ordered by most recent first.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getThreadEntries takes the following request arguments:

Response

Endpoint getThreadEntries returns the following response:

Successful requests return an array of JSON objects containing the following:

The entries list contains the following information:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getThreadEntries:

Request example

Example cURL request to return the first 10 thread entries on thread "Support" in Situation 358:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getThreadEntries" --data-urlencode "sitn_id=358" --data-urlencode "thread_name=Support" --data-urlencode "start=0" --data-urlencode "limit=10"

Response example

Example response returning the two thread entries on thread "Support" in Situation 358:

{
    "entries":[
        {
            "entry_text":"Test Entry",
            "user_id":4,
            "time":1549455051,
            "entry_id":2
        },
        {
            "entry_text":"Test Entry",
            "user_id":4,
            "time":1549455053,
            "entry_id":1
        }
    ],
    "sitn_id":358,"thread_name":"Support"
}

getToolShares

A Graze API GET request that returns the shared access for a specified tool.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getToolShares takes the following request arguments:

Response

Endpoint getToolShares returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint getToolShares:

Request example

Example cURL request to retrieve all the domain IDs that have access to tool 15:

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/getToolShares" -H "Content-Type: application/json; charset=UTF-8" -d '{"tool_id":15}'

Response example

Example response returning that tool ID 15 can be accessed by team ID 3:

{
    "tool_id": 15,
    "domain_ids": [
        3
    ],
    "domain": "team"
}

getTopPrcDetails

A Graze API GET request that returns the top most likely causal alerts, based on their Probable Root Cause value, for a specified Situation.

You can select the maximum number of causal alerts to return using a limit value. If not specified, the endpoint only returns the alert with the highest root cause probability.

The entries returned are ordered with the highest root cause probability first, for the specified Situation, irrespective of whether they have been labeled causal or are unlabeled. Alerts marked as symptoms are excluded from the return.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getTopPrcDetails takes the following request arguments:

Response

Endpoint getTopPrcDetails returns the following response:

Successful requests return an array of JSON objects containing the following:

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getTopPrcDetails:

Request example

Example cURL request to return the top three causal alerts with the highest root cause probability in Situation 145:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getTopPrcDetails" --data-urlencode 'sitn_id=145' --data-urlencode 'limit=3'

Response example

Example response returning the top three causal or unlabeled alerts for Situation ID 145:

{
    "alerts": [
        {
            "rc_probability":0.9933107459030244,
            "description":"Web Server HTTPD is DOWN",
            "rc_label":1,
            "alert_id":53
        },
        {
            "rc_probability":0.9933092393241993,
            "description":"Web Server HTTPD is DOWN",
            "rc_label":1,
            "alert_id":8
        },
        {
            "rc_probability":0.22480057080448923,
            "description":"Web Server HTTPD is DOWN",
            "rc_label":0,
            "alert_id":39
        }
    ]
}

getUserInfo

A Graze API GET request that returns information about a specified user.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getUserInfo takes the following request arguments:

Response

Endpoint getUserInfo returns the following response:

Successful requests return a JSON object containing the following:

Examples

The following examples demonstrate typical use of endpoint getUserInfo:

Request example

Example cURL request to return the information associated with user ID 57:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getUserInfo" --data-urlencode "user_id=57"

Response example

Example response returning the user information related to user ID 57:

{"full_name":"Lonnie Holmes","user_id":57}

getUserRoles

A Graze API GET request that returns the specified user's roles from the database.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getUserRoles takes the following request arguments:

Response

Endpoint getUserRoles returns the following response:

Successful requests return an array of JSON objects containing the following:

Examples

The following examples demonstrate typical use of endpoint getUserRoles:

Request example

Example cURL request to return the assigned roles for user "bigfish917":

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getUserRoles" --data-urlencode "username=bigfish917"

Response example

Example response returning the roles assigned to the user:

[
    {
        "id" : 2,
        "name" : "Administrator",
        "description" : "Administrator"
    },
    {
        "id" : 4,
        "name" : "Operator",
        "description" : "Operator"
    },
    {
        "id" : 5,
        "name" : "Customer",
        "description" : "Customer"
    }
]

getUsers

A Graze API GET request that returns a list of all users in the database.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getUsers takes the following request arguments:

Response

Endpoint getUsers returns the following response:

Successful requests return an array of JSON objects containing the following:

Examples

The following examples demonstrate typical use of endpoint getUsers:

Request example

Example cURL request to return a maximum of three users:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getUsers" --data-urlencode "limit=3"

Response example

Example response returning a maximum of three users:

[
    {
        "uid": 3,
        "teams": [
            "Cloud DevOps"
        ],
        "fullname": "Administrator",
        "username": "admin"
    },
    {
        "uid": 6,
        "teams": [],
        "fullname": "Nagios",
        "username": "Nagios"
    },
    {
        "uid": 5,
        "teams": [],
        "fullname": "Webhook",
        "username": "Webhook"
    }
  ]

getUserTeams

A Graze API GET request that returns the team names and IDs associated with the specified user ID or username.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getUserTeams takes the following request arguments:

Response

Endpoint getUserTeams returns the following response:

Successful requests return an array of JSON objects containing the following:

Examples

The following examples demonstrate typical use of endpoint getUserTeams:

Request example

Example cURL request to return the teams that user "admin" belongs to.

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getUserTeams" --data-urlencode "username=admin"

Response example

Example response returning the teams associated with username "admin":

[
    {
        "id" : 11,
        "name" : "Team1"
    },
    {
        "id" : 12,
        "name" : "Team2"
    },
    {
        "id" : 2,
        "name" : "Team3"
    },
    {
        "id" : 6,
        "name" : "Team4"
    },
    {
        "id" : 10,
        "name" : "Team5"
    }
]

getWorkflowEngineMoolets

A Graze API GET request that returns a list of Workflow Engine Moolets and the functions available in each. This endpoint returns an empty list if Moogfarmd is not running.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getWorkflowEngineMoolets takes the following request arguments:

There are no other arguments because this endpoint returns data on all the Workflow Engine Moolets and the workflows associated with them.

Response

Endpoint getWorkflowEngineMoolets returns the following response:

Successful requests return an array of JSON objects containing the following:

Examples

The following examples demonstrate typical use of endpoint getWorkflowEngineMoolets:

Request example

Example cURL request to return information on all the workflows in all the Workflow Engine Moolets in Cisco Crosswork Situation Manager:

curl -X GET -u graze:graze -k -v "https://localhost/graze/v1/getWorkflowEngineMoolets"

Response example

Example response returning information on all the Workflow Engine Moolets in Cisco Crosswork Situation Manager:

[
    {
        "active": true,
        "last_updated": 1567420771,
        "moolet_name": "Alert Workflows",
        "functions": {
            "alertInSituation": {
                "decision": true,
                "validators": null,
                "name": "alertInSituation",
                "description": "Check if the alert is in an active Situation.",
                "arguments": [],
                "actionOnAssociated": true,
                "type": [
                    "alert"
                ]
            },
            "alertNotInSituation": {
                "decision": true,
                "validators": null,
                "name": "alertNotInSituation",
                "description": "Check if the alert is not in an active Situation.",
                "arguments": [],
                "actionOnAssociated": true,
                "type": [
                    "alert"
                ]
            },
            "between": {
                "decision": true,
                "validators": null,
                "name": "between",
                "description": "Check to see if the trigger falls between two times, and optionally on specific days.",
                "arguments": [
                    {
                        "name": "from",
                        "validator": {
                            "regex": "^[0-9]{2}:[0-9]{2}:[0-9]{2}$"
                        },
                        "description": "The 'from' time in hh:mm:ss 24hr format",
                        "type": "string",
                        "required": true
                    },
                    {
                        "name": "to",
                        "validator": {
                            "regex": "^[0-9]{2}:[0-9]{2}:[0-9]{2}$"
                        },
                        "description": "The 'to' time in hh:mm:ss 24hr format",
                        "type": "string",
                        "required": true
                    },
                    {
                        "name": "days",
                        "description": "The optional list of days in short form (Mon,Tue,Wed...), for all days use a blank list []",
                        "type": "object",
                        "required": true
                    }
                ],
                "actionOnAssociated": false,
                "type": [
                    "alert",
                    "situation"
                ]
<