Analyze Service Desk Alerts with REST API (version 2.0)

SERVICE_DESK_ALERTS_RAW returns all service desk alerts which occurred in your organization. A service desk alert (SDA) indicates that the same health event occurred several times on the same device within a certain time. Aternity sends SDAs to draw attention to devices which suffer repeated application errors, system crashes or hardware issues. Use this API to analyze for patterns on similar types of alerts, and to check for correlations with device attributes, subnet or location.

For example, you can investigate reports of BSODs to see if they are due to low RAM or small disk capacity, by looking for System Crash alerts on laptops with 4GB RAM, and compare by checking if those same devices also have a Low Disk Space alert.

You can add an alert for any health event. The following list is an example of available predefined out of the box alerts:

  • HD Failure Windows event ID 52 occurs with an imminent failure of the hard disk. Back up your data immediately, then use a scanning tool to detect problems. For example, if a disk is too hot, switch off the PC and disconnect the power of that hard disk until you replace it.

  • Application Crash (after hang) (Windows) Event ID 1002 occurs when a user manually forced an application's process to close after it stopped responding. (Mac) Aternity uses the system log to determine when a user has manually forced an application's process to close after it stopped responding. To resolve, note any common actions leading to the hang, then consult the app vendor's support site.

  • Battery Wear (Windows laptops only) Aternity checks if the battery capacity drops below a threshold (default is 50%), compared with the vendor's factory settings. This indicates that a full battery charge drains much faster than it should. To resolve, replace the battery.

  • HD Bad Blocks Windows event ID 7 occurs with a corrupted block of data on the hard disk. If many bad sectors develop, the drive may fail and needs attention. Replace a physically damaged disk immediately. For 'soft' or logical bad sectors, you can use Windows Disk Check.

  • Low Disk Space Aternity creates this event if the device's system disk has less than 5% free space and less than 500MB available, which limits the size of virtual memory. Event will be created when both condition are met. To resolve, free some disk space (empty trash, remove unused apps) or increase its capacity.

  • Overheat Related Shutdown Windows event ID 86 occurs when the device shuts down due to overheating (critical thermal event). It indicates a hardware problem, like a dusty CPU, broken fan or obstructed air vent. Turn off your computer, clean the heat sinks, and make sure that air circulates properly.

  • System Crash (Windows) Aternity reports a system crash when Windows created a memory dump file after a BSOD. Aternity analyzes the Windows dump and extracts data. (Macs) Aternity reports a system crash when it detected a kernel panic from the macOS system logs. To troubleshoot, view the details of the event and research further on the name of the process or module and its error codes.

Tip

You can also configure SDAs to view them via automated emails or in your enterprise's ServiceNow. Learn more.

Each entry from SERVICE_DESK_ALERTS_RAW represents a single SDA, and includes its name, the underlying health event which triggered the alert, the error details of the last time this health event occurred, and details of the monitored device.

Note

You can access data using this API (retention) going back up to 91 days. If you do not add a relative_time filter, by default it returns data for the past 7 days.

Note

This article covers the latest REST API version. For older version 1.0, click here.

Before You Begin

To send a REST API query in Excel, PowerBI or a browser, enter the URL of the REST API, your Aternity username (must have the OData REST API role) and its password. You can find this by selecting User icon > REST API Access. SSO users must generate (once) and use a special password, as Aternity's REST API does not authenticate with your enterprise's identity provider.

To view Aternity REST API, enter the base URL from Aternity > User icon > REST API Access, followed by the name of the API into a browser, Excel or PowerBI (learn more). For VIEWING, use <base_url>/latest/API_NAME; for INTEGRATIONS, use <base_url>/<version number>/API_NAME (for example, <base_url>/v1/API_NAME, or <base_url>/v1.0/API_NAME, or <base_url>/v2/API_NAME, or <base_url>/v2.0/API_NAME).

Get the latest REST API version for analyzing in the external app
:
Tip

Wherever possible, use $select and $filter to narrow your query, to avoid receiving an error like Returned data is too large. Learn more.

Examples

To access this API from a browser, Excel or Power BI (learn more), enter <base_url>/latest/SERVICE_DESK_ALERTS_RAW or <base_url>/v2/SERVICE_DESK_ALERTS_RAW.

To return the device hostnames which issued a System Crash SDA and are laptops with 4GB RAM or less, use:

.../SERVICE_DESK_ALERTS_RAW?$select=DEVICE_NAME&$filter=(SD_ALERT_RULE_NAME eq 'System Crash') and ((DEVICE_MEMORY eq '4GB') or (DEVICE_MEMORY eq '3GB') or (DEVICE_MEMORY eq '2GB') or (DEVICE_MEMORY eq '1GB'))

To view the devices which issueD the Application Crash (after hang) SDA for Microsoft Outlook, enter:

.../SERVICE_DESK_ALERTS_RAW?$select=DEVICE_NAME&$filter=(contains(SD_ALERT_RULE_NAME,'Application Crash') and SD_ALERT_IDENTIFIER eq 'Microsoft Outlook'))

Supported Parameters

You can view the data by entering the URL into Excel, into a browser, or into or any OData compatible application such as Power BI.

You can add parameters to the URL to filter the returned data, by adding a question mark (?) followed by a parameter and value, such as .../API_NAME?$filter=(USERNAME eq 'jsmith@company.com'), or several parameter-value pairs each separated by an ampersand (&), like .../API_NAME?$format=xml&$top=5.

Query Options Description
$select=

Use $select to return only specific columns (attributes), to make queries more efficient: ...API_NAME?$select=COL1,COL2,COL3

$format=

Use $format to force the returned data to be either in XML or JSON format. This is only useful for testing the raw data in a web browser. For example: .../API_NAME?$format=xml

$orderby=

Use $orderby to sort the returned data according to the value you choose. For example, .../API_NAME?$orderby=LOCATION

$top=

Use $top (lower case only) when you are initially testing the response of the API by returning the first few entries.

For example, to return the first five entries (not sorted), use: ...API_NAME?$top=5

$filter=

Use $filter to insert conditions that narrow down the data, to return only entries where those conditions are true..

To limit the timeframe of a query, add $filter=relative_time() like, .../API_NAME?$filter=relative_time(last_x_hours) or (last_x_days). Learn more.

Create conditions for filtering with any of the following operators:

Query Operators Description
eq

Equal to

For example, COL4 eq 'val4'

ne

Not equal to

For example, COL4 ne 'val4'

gt

Greater than

For example, COL4 gt 'val4'

ge

Greater than or equal

For example, COL4 ge 'val4'

lt

Less than

For example, COL4 lt 'val4'

le

Less than or equal

For example, COL4 le 'val4'

and

Logical and

For example, COL1 eq 'value1' and COL2 ne 'value2'

or

Logical or

For example, COL1 eq 'value1' or COL2 ne 'value2'

not

Logical negation

Create conditions for filtering with any of the following functions:

Query Functions Description
startswith

For example, $filter=startswith(account_name,'Aternity')

endswith

For example, $filter=endswith(account_name,'Aternity')

contains

$filter=contains(COL5,'val5')

For example, $filter=contains(account_name,'Aternity')

Use operators with parentheses to group conditions logically: .../API_NAME?$filter=(COLUMN1 eq 'value1' or COL2 neq 'val2') and (COL3 gt number) and not (COL4 eq 'val4' or contains(COL5,'val5'))
$search is NOT supported.

Do not use $search in Aternity's REST APIs.

Tip

Wherever possible, use $select and $filter to narrow your query, to avoid receiving an error like Returned data is too large. Learn more.

Output

Each entry from SERVICE_DESK_ALERTS_RAW represents a single SDA, and includes its name, the underlying health event which triggered the alert, the error details of the last time this health event occurred, and details of the monitored device.

You can access data using this API (retention) going back up to 90 days. If you do not add a relative_time filter, by default it returns data for the past 7 days.

Types Columns returned

Measurements

N/A

Attributes

Account_ID,Account_Name,Business_Location,Calendar_Date,Calendar_Month,Calendar_Week,Device_CPU_Cores,Device_CPU_Frequency,Device_Days_From_Last_Boot,Device_Manufacturer,Device_Memory,Device_Model,Device_Name,Device_Subnet,Device_Type,OS_Name,SD_Alert_Identifier,SD_Alert_Last_Event_Details,SD_Alert_Last_Event_Timestamp,SD_Alert_Reference_ID,SD_Alert_Rule_Name,Timeframe,User_Department,User_Domain,User_Title,Username