Table of contents Analyze Application Anomalies with REST API (version 2.0) Use ANOMALY_DETECTION_INCIDENTS to return incidents triggered by anomalies in data across your organization, such as low usage of applications or increase in application crashes. Note About how long Aternity keeps this data (retention period) and how far back you can go, as well as about how many hours or days of data Aternity returns by default read here. Before You BeginTo send a REST API query in Excel, PowerBI or a browser, enter the URL of the REST API, your Aternity username (must have the OData REST API role) and its password. You can find this by selecting User icon > REST API Access. SSO users must generate (once) and use a special password, as Aternity's REST API does not authenticate with your enterprise's identity provider.To view Aternity REST API, enter the base URL from Aternity > User icon > REST API Access, followed by the name of the API into a browser, Excel or PowerBI (learn more). For VIEWING, use <base_url>/latest/API_NAME; for INTEGRATIONS, use <base_url>/<version number>/API_NAME (for example, <base_url>/v1/API_NAME, or <base_url>/v1.0/API_NAME, or <base_url>/v2/API_NAME, or <base_url>/v2.0/API_NAME). Get the latest REST API version for analyzing in the external appTip Wherever possible, use $select and $filter to narrow your query, to avoid receiving an error like Returned data is too large. Learn more. Examples To access this API from a browser, Excel or Power BI (learn more), enter <base_url>/latest/ANOMALY_DETECTION_INCIDENTS Supported Parameters You can view the data by entering the URL into Excel, into a browser, or into or any OData compatible application such as Power BI. You can add parameters to the URL to filter the returned data, by adding a question mark (?) followed by a parameter and value, such as .../API_NAME?$filter=(USERNAME eq 'jsmith@company.com'), or several parameter-value pairs each separated by an ampersand (&), like .../API_NAME?$format=xml&$top=5. Query Options Description $select= Use $select to return only specific columns (attributes), to make queries more efficient: ...API_NAME?$select=COL1,COL2,COL3 $format= Use $format to force the returned data to be either in XML or JSON format. This is only useful for testing the raw data in a web browser. For example: .../API_NAME?$format=xml $orderby= Use $orderby to sort the returned data according to the value you choose. For example, .../API_NAME?$orderby=LOCATION Also, use $orderby to sort the returned data in ascending or descending order. For example, .../API_NAME?$orderby=Activity_Response_Time desc or .../API_NAME?$orderby=Activity_Response_Time asc The default is ascending. $count= Use $count=true to get the total count of items within a collection matching the request. This provides not distinct number of results. Every REST API that supports aggregation will aggregate data automatically based on the columns in the $select parameter. If you use $select to display only specific columns, it makes the query faster by grouping all rows with identical attribute values into a single row with aggregated measurements. This eliminates the repetitive appearance of the same data. So, the combination of the $count and Aternity aggregation mechanism will give you a distinct count of an attribute (or a combination of attributes). For example, if you want to know how many distinct applications were used in the last week you can run the following query: .../aternity.odata/latest/applications_daily?$filter=relative_time(last_7_days)&$select=application_name&$count=true&$top=0 Another example, if you select a combination of attributes application_name,username, then you get a count of all the user/application combinations:.../aternity.odata/latest/applications_daily?$filter=relative_time(last_7_days)&$select=select=application_name,username&$count=true&$top=0 Note that you cannot get distinct count in addition to other information. For example: You cannot in one query get the number of distinct applications and the number of distinct users. You cannot in one query get the number of distinct applications per day for every day in the last week. You cannot in one query get all the data from applications_daily (usage, UXI, etc.) and the number of distinct applications. Every distinct count for a specific attribute (or an attribute combination) and a specific filter requires a separate query. $top= Use $top (lower case only) when you are initially testing the response of the API by returning the first few entries. Also, use $top to filter the returned data and to return only the first N entries. For example, to return the first five entries (not sorted), use: ...API_NAME?$top=5 $filter= Use $filter to insert conditions that narrow down the data, to return only entries where those conditions are true.. To limit the timeframe of a query, add $filter=relative_time() like, .../API_NAME?$filter=relative_time(last_x_hours) or (last_x_days). Learn more. Create conditions for filtering with any of the following operators: Query Operators Description eq Equal to For example, COL4 eq 'val4' ne Not equal to For example, COL4 ne 'val4' gt Greater than For example, COL4 gt 'val4' ge Greater than or equal For example, COL4 ge 'val4' lt Less than For example, COL4 lt 'val4' le Less than or equal For example, COL4 le 'val4' and Logical and For example, COL1 eq 'value1' and COL2 ne 'value2' or Logical or For example, COL1 eq 'value1' or COL2 ne 'value2' not Logical negation Create conditions for filtering with any of the following functions: Query Functions Description startswith For example, $filter=startswith(account_name,'Aternity') endswith For example, $filter=endswith(account_name,'Aternity') contains $filter=contains(COL5,'val5') For example, $filter=contains(account_name,'Aternity') in() Instead of using AND, OR: $filter=device_name eq ‘adam_covert_wks’ or device_name eq ‘adam_covert_vdi’ or device_name eq ‘adam_covert_tablet’ You can now use: $filter=in(device_name,‘adam_covert_wks’,‘adam_covert_vdi’,‘adam_covert_tablet’) Read carefully specific instructions for writing this function: In must be followed directly by the opening parenthesis (no space allowed) The first parameter is the field name (case insensitive) The function requires at least two parameters, the field name and at least one field value The rest of the parameters are the optional values that the field can have (i.e. the values we want to filter in) also case insensitive Values are separated by comma and no spaces allowed The maximum number of values in all clauses is 1,500 (e.g. It is possible to have 1 In() with 1500 values, or 2 In() clauses with 750 each). The last value must be followed by the closing parenthesis (no space allowed) In() can be combined with any other filter using AND or OR There can be more than one in() function in a filter. For example, $filter=in(location,’loc1’,’loc2’) or in(subnet,’sub1’sub2’). Another example, $filter=in(location,’loc1’,’loc2’) and in(subnet,’sub1’sub2’) relative_time(last_x_hours) Limit the timeframe of a query. If no relative_time filter is used to set a specific timeframe, Aternity will return the default last N days worth of data. Default values vary for different APIs. Learn here about specific REST API. Use operators with parentheses to group conditions logically: .../API_NAME?$filter=(COLUMN1 eq 'value1' or COL2 neq 'val2') and (COL3 gt number) and not (COL4 eq 'val4' or contains(COL5,'val5')) $search is NOT supported. Do not use $search in Aternity's REST APIs. Tip Wherever possible, use $select and $filter to narrow your query, to avoid receiving an error like Returned data is too large. Learn more. Output Each returned entry from ANOMALY_DETECTION_INCIDENTS contains one reported incident, with its type and state, details and time. You can access data using this API (retention) going back up to 400 days. If you do not add a relative_time filter, by default Aternity returns data for the past seven days. The API returns two types of columns: Attributes (or dimensions) which are the properties of an entry, and Measurements which are the dynamic measured values. Type Returned columns Measurements None Attributes Account_ID,Account_Name,Calendar_Date,Calendar_Month,Calendar_Week,Incident_Close_Timestamp, Incident_Creation_Timestamp,Incident_ID, Incident_Object_Name, Incident_Object_Type,Incident_State, Incident_Type Parent topic Overview for Analyzing with Aternity REST API v2 (OData)Related tasksCreate Script for Collecting All Deployed Software on All DevicesSave the Cost of Unused Licenses by Viewing Software Installed but Never UsedRelated referenceBest Practices for Returning Large Data Sets and How to Focus Your REST API Queries if Returned Data Too LargeSynchronize Aternity REST API (OData) With External Systems (Beta)View All Reported Activities with REST API (version 2.0)Analyze Resource Usage of a Managed Application (PRC) with REST API (version 2.0)Analyze the Raw List of Application Performance Reports with REST API (version 2.0)Analyze Application Performance Hourly or Daily with REST API (version 2.0)Analyze Application Performance Daily Anonymized (no PII) with REST API (version 2.0)View Baseline Values with REST API (version 2.0)Audit Aternity Access with REST API (version 2.0)Audit the Number of Dashboard Views with REST API (version 2.0)Audit the Changes Made by Aternity Users with Rest API (version 2.0)View Application Events with REST API (version 2.0)Analyze the Raw List of Activities with REST API (version 2.0)Analyze Activities Per Hour with REST API (version 2.0)Analyze Activities Per Day with REST API (version 2.0)Analyze Activities Per Day Anonymized (no PII) with REST API (version 2.0)View All Activities Not Reported to Aternity with REST API (version 2.0)Analyze the Boot Times of Devices with REST API (version 2.0)Analyze Daily Boot Times Anonymized with REST API (version 2.0)Analyze the Boot Times of Windows Boot Components with REST API (version 2.0)Analyze Device Inventory with REST API (version 2.0)Analyze Device Health Events with REST API (version 2.0)Analyze Daily Device Health Anonymized (no PII) with REST API (version 2.0)Analyze Device (Agent) Status with REST API (version 2.0)Analyze Daily Device Resource Usage (HRC) with REST API (version 2.0)Analyze Daily Device Resource Usage (HRC) Anonymized (no PII) with REST API (version 2.0)Analyze Device's Resource Usage (HRC) with REST API (version 2.0)Analyze the Incidents Opened in Aternity with REST API (version 2.0)View Deployed Applications on All Devices with REST API (Installed Software) (version 2.0)View Software Changes on All Devices with REST API (Installed Software Change Log) (version 2.0)View Requests of Licenses in REST API (License Events)Analyze Inventory of Monitored Mobile Apps with REST API (version 2.0)Analyze Service Desk Alerts with REST API (version 2.0)Analyze Skype for Business Performance with REST API (version 2.0)Analyze WiFi Signal Strength and Reliability with REST API (version 2.0)Analyze the Raw List of Custom Data with REST API (version 2.0)Analyze Custom Data Hourly or Daily with REST API (version 2.0)Analyze Custom Data Daily Anonymized (no PII) with REST API (version 2.0)Analyze Inventory of Remediation Actions with REST API (version 2.0)View Executed Remediation Actions With REST API (version 2.0)Analyze Daily Remediation Actions Anonymized (no PII) with REST APIAnalyze the Raw List of Remote Display Latency Reports with REST APIAnalyze Remote Display Latency Hourly or Daily with REST APIAnalyze Remote Display Latency Daily Anonymized (no PII) with REST API (version 2.0)Analyze the Raw Data of the Calls in MS Teams with REST API (version 2.0)View the Details of a User with REST API (version 2.0)View the Details of Users Who Requested Access to your Account (REST API version 2.0)Analyze Survey Summary with REST APIAnalyze the Raw List of Survey Responses with REST APIRelated informationAternity REST API Column Names (version 2.0) SavePDF Selected topic Selected topic and subtopics All content Related Links
Analyze Application Anomalies with REST API (version 2.0) Use ANOMALY_DETECTION_INCIDENTS to return incidents triggered by anomalies in data across your organization, such as low usage of applications or increase in application crashes. Note About how long Aternity keeps this data (retention period) and how far back you can go, as well as about how many hours or days of data Aternity returns by default read here. Before You BeginTo send a REST API query in Excel, PowerBI or a browser, enter the URL of the REST API, your Aternity username (must have the OData REST API role) and its password. You can find this by selecting User icon > REST API Access. SSO users must generate (once) and use a special password, as Aternity's REST API does not authenticate with your enterprise's identity provider.To view Aternity REST API, enter the base URL from Aternity > User icon > REST API Access, followed by the name of the API into a browser, Excel or PowerBI (learn more). For VIEWING, use <base_url>/latest/API_NAME; for INTEGRATIONS, use <base_url>/<version number>/API_NAME (for example, <base_url>/v1/API_NAME, or <base_url>/v1.0/API_NAME, or <base_url>/v2/API_NAME, or <base_url>/v2.0/API_NAME). Get the latest REST API version for analyzing in the external appTip Wherever possible, use $select and $filter to narrow your query, to avoid receiving an error like Returned data is too large. Learn more. Examples To access this API from a browser, Excel or Power BI (learn more), enter <base_url>/latest/ANOMALY_DETECTION_INCIDENTS Supported Parameters You can view the data by entering the URL into Excel, into a browser, or into or any OData compatible application such as Power BI. You can add parameters to the URL to filter the returned data, by adding a question mark (?) followed by a parameter and value, such as .../API_NAME?$filter=(USERNAME eq 'jsmith@company.com'), or several parameter-value pairs each separated by an ampersand (&), like .../API_NAME?$format=xml&$top=5. Query Options Description $select= Use $select to return only specific columns (attributes), to make queries more efficient: ...API_NAME?$select=COL1,COL2,COL3 $format= Use $format to force the returned data to be either in XML or JSON format. This is only useful for testing the raw data in a web browser. For example: .../API_NAME?$format=xml $orderby= Use $orderby to sort the returned data according to the value you choose. For example, .../API_NAME?$orderby=LOCATION Also, use $orderby to sort the returned data in ascending or descending order. For example, .../API_NAME?$orderby=Activity_Response_Time desc or .../API_NAME?$orderby=Activity_Response_Time asc The default is ascending. $count= Use $count=true to get the total count of items within a collection matching the request. This provides not distinct number of results. Every REST API that supports aggregation will aggregate data automatically based on the columns in the $select parameter. If you use $select to display only specific columns, it makes the query faster by grouping all rows with identical attribute values into a single row with aggregated measurements. This eliminates the repetitive appearance of the same data. So, the combination of the $count and Aternity aggregation mechanism will give you a distinct count of an attribute (or a combination of attributes). For example, if you want to know how many distinct applications were used in the last week you can run the following query: .../aternity.odata/latest/applications_daily?$filter=relative_time(last_7_days)&$select=application_name&$count=true&$top=0 Another example, if you select a combination of attributes application_name,username, then you get a count of all the user/application combinations:.../aternity.odata/latest/applications_daily?$filter=relative_time(last_7_days)&$select=select=application_name,username&$count=true&$top=0 Note that you cannot get distinct count in addition to other information. For example: You cannot in one query get the number of distinct applications and the number of distinct users. You cannot in one query get the number of distinct applications per day for every day in the last week. You cannot in one query get all the data from applications_daily (usage, UXI, etc.) and the number of distinct applications. Every distinct count for a specific attribute (or an attribute combination) and a specific filter requires a separate query. $top= Use $top (lower case only) when you are initially testing the response of the API by returning the first few entries. Also, use $top to filter the returned data and to return only the first N entries. For example, to return the first five entries (not sorted), use: ...API_NAME?$top=5 $filter= Use $filter to insert conditions that narrow down the data, to return only entries where those conditions are true.. To limit the timeframe of a query, add $filter=relative_time() like, .../API_NAME?$filter=relative_time(last_x_hours) or (last_x_days). Learn more. Create conditions for filtering with any of the following operators: Query Operators Description eq Equal to For example, COL4 eq 'val4' ne Not equal to For example, COL4 ne 'val4' gt Greater than For example, COL4 gt 'val4' ge Greater than or equal For example, COL4 ge 'val4' lt Less than For example, COL4 lt 'val4' le Less than or equal For example, COL4 le 'val4' and Logical and For example, COL1 eq 'value1' and COL2 ne 'value2' or Logical or For example, COL1 eq 'value1' or COL2 ne 'value2' not Logical negation Create conditions for filtering with any of the following functions: Query Functions Description startswith For example, $filter=startswith(account_name,'Aternity') endswith For example, $filter=endswith(account_name,'Aternity') contains $filter=contains(COL5,'val5') For example, $filter=contains(account_name,'Aternity') in() Instead of using AND, OR: $filter=device_name eq ‘adam_covert_wks’ or device_name eq ‘adam_covert_vdi’ or device_name eq ‘adam_covert_tablet’ You can now use: $filter=in(device_name,‘adam_covert_wks’,‘adam_covert_vdi’,‘adam_covert_tablet’) Read carefully specific instructions for writing this function: In must be followed directly by the opening parenthesis (no space allowed) The first parameter is the field name (case insensitive) The function requires at least two parameters, the field name and at least one field value The rest of the parameters are the optional values that the field can have (i.e. the values we want to filter in) also case insensitive Values are separated by comma and no spaces allowed The maximum number of values in all clauses is 1,500 (e.g. It is possible to have 1 In() with 1500 values, or 2 In() clauses with 750 each). The last value must be followed by the closing parenthesis (no space allowed) In() can be combined with any other filter using AND or OR There can be more than one in() function in a filter. For example, $filter=in(location,’loc1’,’loc2’) or in(subnet,’sub1’sub2’). Another example, $filter=in(location,’loc1’,’loc2’) and in(subnet,’sub1’sub2’) relative_time(last_x_hours) Limit the timeframe of a query. If no relative_time filter is used to set a specific timeframe, Aternity will return the default last N days worth of data. Default values vary for different APIs. Learn here about specific REST API. Use operators with parentheses to group conditions logically: .../API_NAME?$filter=(COLUMN1 eq 'value1' or COL2 neq 'val2') and (COL3 gt number) and not (COL4 eq 'val4' or contains(COL5,'val5')) $search is NOT supported. Do not use $search in Aternity's REST APIs. Tip Wherever possible, use $select and $filter to narrow your query, to avoid receiving an error like Returned data is too large. Learn more. Output Each returned entry from ANOMALY_DETECTION_INCIDENTS contains one reported incident, with its type and state, details and time. You can access data using this API (retention) going back up to 400 days. If you do not add a relative_time filter, by default Aternity returns data for the past seven days. The API returns two types of columns: Attributes (or dimensions) which are the properties of an entry, and Measurements which are the dynamic measured values. Type Returned columns Measurements None Attributes Account_ID,Account_Name,Calendar_Date,Calendar_Month,Calendar_Week,Incident_Close_Timestamp, Incident_Creation_Timestamp,Incident_ID, Incident_Object_Name, Incident_Object_Type,Incident_State, Incident_Type Parent topic Overview for Analyzing with Aternity REST API v2 (OData)Related tasksCreate Script for Collecting All Deployed Software on All DevicesSave the Cost of Unused Licenses by Viewing Software Installed but Never UsedRelated referenceBest Practices for Returning Large Data Sets and How to Focus Your REST API Queries if Returned Data Too LargeSynchronize Aternity REST API (OData) With External Systems (Beta)View All Reported Activities with REST API (version 2.0)Analyze Resource Usage of a Managed Application (PRC) with REST API (version 2.0)Analyze the Raw List of Application Performance Reports with REST API (version 2.0)Analyze Application Performance Hourly or Daily with REST API (version 2.0)Analyze Application Performance Daily Anonymized (no PII) with REST API (version 2.0)View Baseline Values with REST API (version 2.0)Audit Aternity Access with REST API (version 2.0)Audit the Number of Dashboard Views with REST API (version 2.0)Audit the Changes Made by Aternity Users with Rest API (version 2.0)View Application Events with REST API (version 2.0)Analyze the Raw List of Activities with REST API (version 2.0)Analyze Activities Per Hour with REST API (version 2.0)Analyze Activities Per Day with REST API (version 2.0)Analyze Activities Per Day Anonymized (no PII) with REST API (version 2.0)View All Activities Not Reported to Aternity with REST API (version 2.0)Analyze the Boot Times of Devices with REST API (version 2.0)Analyze Daily Boot Times Anonymized with REST API (version 2.0)Analyze the Boot Times of Windows Boot Components with REST API (version 2.0)Analyze Device Inventory with REST API (version 2.0)Analyze Device Health Events with REST API (version 2.0)Analyze Daily Device Health Anonymized (no PII) with REST API (version 2.0)Analyze Device (Agent) Status with REST API (version 2.0)Analyze Daily Device Resource Usage (HRC) with REST API (version 2.0)Analyze Daily Device Resource Usage (HRC) Anonymized (no PII) with REST API (version 2.0)Analyze Device's Resource Usage (HRC) with REST API (version 2.0)Analyze the Incidents Opened in Aternity with REST API (version 2.0)View Deployed Applications on All Devices with REST API (Installed Software) (version 2.0)View Software Changes on All Devices with REST API (Installed Software Change Log) (version 2.0)View Requests of Licenses in REST API (License Events)Analyze Inventory of Monitored Mobile Apps with REST API (version 2.0)Analyze Service Desk Alerts with REST API (version 2.0)Analyze Skype for Business Performance with REST API (version 2.0)Analyze WiFi Signal Strength and Reliability with REST API (version 2.0)Analyze the Raw List of Custom Data with REST API (version 2.0)Analyze Custom Data Hourly or Daily with REST API (version 2.0)Analyze Custom Data Daily Anonymized (no PII) with REST API (version 2.0)Analyze Inventory of Remediation Actions with REST API (version 2.0)View Executed Remediation Actions With REST API (version 2.0)Analyze Daily Remediation Actions Anonymized (no PII) with REST APIAnalyze the Raw List of Remote Display Latency Reports with REST APIAnalyze Remote Display Latency Hourly or Daily with REST APIAnalyze Remote Display Latency Daily Anonymized (no PII) with REST API (version 2.0)Analyze the Raw Data of the Calls in MS Teams with REST API (version 2.0)View the Details of a User with REST API (version 2.0)View the Details of Users Who Requested Access to your Account (REST API version 2.0)Analyze Survey Summary with REST APIAnalyze the Raw List of Survey Responses with REST APIRelated informationAternity REST API Column Names (version 2.0)
Analyze Application Anomalies with REST API (version 2.0) Use ANOMALY_DETECTION_INCIDENTS to return incidents triggered by anomalies in data across your organization, such as low usage of applications or increase in application crashes. Note About how long Aternity keeps this data (retention period) and how far back you can go, as well as about how many hours or days of data Aternity returns by default read here. Before You BeginTo send a REST API query in Excel, PowerBI or a browser, enter the URL of the REST API, your Aternity username (must have the OData REST API role) and its password. You can find this by selecting User icon > REST API Access. SSO users must generate (once) and use a special password, as Aternity's REST API does not authenticate with your enterprise's identity provider.To view Aternity REST API, enter the base URL from Aternity > User icon > REST API Access, followed by the name of the API into a browser, Excel or PowerBI (learn more). For VIEWING, use <base_url>/latest/API_NAME; for INTEGRATIONS, use <base_url>/<version number>/API_NAME (for example, <base_url>/v1/API_NAME, or <base_url>/v1.0/API_NAME, or <base_url>/v2/API_NAME, or <base_url>/v2.0/API_NAME). Get the latest REST API version for analyzing in the external appTip Wherever possible, use $select and $filter to narrow your query, to avoid receiving an error like Returned data is too large. Learn more. Examples To access this API from a browser, Excel or Power BI (learn more), enter <base_url>/latest/ANOMALY_DETECTION_INCIDENTS Supported Parameters You can view the data by entering the URL into Excel, into a browser, or into or any OData compatible application such as Power BI. You can add parameters to the URL to filter the returned data, by adding a question mark (?) followed by a parameter and value, such as .../API_NAME?$filter=(USERNAME eq 'jsmith@company.com'), or several parameter-value pairs each separated by an ampersand (&), like .../API_NAME?$format=xml&$top=5. Query Options Description $select= Use $select to return only specific columns (attributes), to make queries more efficient: ...API_NAME?$select=COL1,COL2,COL3 $format= Use $format to force the returned data to be either in XML or JSON format. This is only useful for testing the raw data in a web browser. For example: .../API_NAME?$format=xml $orderby= Use $orderby to sort the returned data according to the value you choose. For example, .../API_NAME?$orderby=LOCATION Also, use $orderby to sort the returned data in ascending or descending order. For example, .../API_NAME?$orderby=Activity_Response_Time desc or .../API_NAME?$orderby=Activity_Response_Time asc The default is ascending. $count= Use $count=true to get the total count of items within a collection matching the request. This provides not distinct number of results. Every REST API that supports aggregation will aggregate data automatically based on the columns in the $select parameter. If you use $select to display only specific columns, it makes the query faster by grouping all rows with identical attribute values into a single row with aggregated measurements. This eliminates the repetitive appearance of the same data. So, the combination of the $count and Aternity aggregation mechanism will give you a distinct count of an attribute (or a combination of attributes). For example, if you want to know how many distinct applications were used in the last week you can run the following query: .../aternity.odata/latest/applications_daily?$filter=relative_time(last_7_days)&$select=application_name&$count=true&$top=0 Another example, if you select a combination of attributes application_name,username, then you get a count of all the user/application combinations:.../aternity.odata/latest/applications_daily?$filter=relative_time(last_7_days)&$select=select=application_name,username&$count=true&$top=0 Note that you cannot get distinct count in addition to other information. For example: You cannot in one query get the number of distinct applications and the number of distinct users. You cannot in one query get the number of distinct applications per day for every day in the last week. You cannot in one query get all the data from applications_daily (usage, UXI, etc.) and the number of distinct applications. Every distinct count for a specific attribute (or an attribute combination) and a specific filter requires a separate query. $top= Use $top (lower case only) when you are initially testing the response of the API by returning the first few entries. Also, use $top to filter the returned data and to return only the first N entries. For example, to return the first five entries (not sorted), use: ...API_NAME?$top=5 $filter= Use $filter to insert conditions that narrow down the data, to return only entries where those conditions are true.. To limit the timeframe of a query, add $filter=relative_time() like, .../API_NAME?$filter=relative_time(last_x_hours) or (last_x_days). Learn more. Create conditions for filtering with any of the following operators: Query Operators Description eq Equal to For example, COL4 eq 'val4' ne Not equal to For example, COL4 ne 'val4' gt Greater than For example, COL4 gt 'val4' ge Greater than or equal For example, COL4 ge 'val4' lt Less than For example, COL4 lt 'val4' le Less than or equal For example, COL4 le 'val4' and Logical and For example, COL1 eq 'value1' and COL2 ne 'value2' or Logical or For example, COL1 eq 'value1' or COL2 ne 'value2' not Logical negation Create conditions for filtering with any of the following functions: Query Functions Description startswith For example, $filter=startswith(account_name,'Aternity') endswith For example, $filter=endswith(account_name,'Aternity') contains $filter=contains(COL5,'val5') For example, $filter=contains(account_name,'Aternity') in() Instead of using AND, OR: $filter=device_name eq ‘adam_covert_wks’ or device_name eq ‘adam_covert_vdi’ or device_name eq ‘adam_covert_tablet’ You can now use: $filter=in(device_name,‘adam_covert_wks’,‘adam_covert_vdi’,‘adam_covert_tablet’) Read carefully specific instructions for writing this function: In must be followed directly by the opening parenthesis (no space allowed) The first parameter is the field name (case insensitive) The function requires at least two parameters, the field name and at least one field value The rest of the parameters are the optional values that the field can have (i.e. the values we want to filter in) also case insensitive Values are separated by comma and no spaces allowed The maximum number of values in all clauses is 1,500 (e.g. It is possible to have 1 In() with 1500 values, or 2 In() clauses with 750 each). The last value must be followed by the closing parenthesis (no space allowed) In() can be combined with any other filter using AND or OR There can be more than one in() function in a filter. For example, $filter=in(location,’loc1’,’loc2’) or in(subnet,’sub1’sub2’). Another example, $filter=in(location,’loc1’,’loc2’) and in(subnet,’sub1’sub2’) relative_time(last_x_hours) Limit the timeframe of a query. If no relative_time filter is used to set a specific timeframe, Aternity will return the default last N days worth of data. Default values vary for different APIs. Learn here about specific REST API. Use operators with parentheses to group conditions logically: .../API_NAME?$filter=(COLUMN1 eq 'value1' or COL2 neq 'val2') and (COL3 gt number) and not (COL4 eq 'val4' or contains(COL5,'val5')) $search is NOT supported. Do not use $search in Aternity's REST APIs. Tip Wherever possible, use $select and $filter to narrow your query, to avoid receiving an error like Returned data is too large. Learn more. Output Each returned entry from ANOMALY_DETECTION_INCIDENTS contains one reported incident, with its type and state, details and time. You can access data using this API (retention) going back up to 400 days. If you do not add a relative_time filter, by default Aternity returns data for the past seven days. The API returns two types of columns: Attributes (or dimensions) which are the properties of an entry, and Measurements which are the dynamic measured values. Type Returned columns Measurements None Attributes Account_ID,Account_Name,Calendar_Date,Calendar_Month,Calendar_Week,Incident_Close_Timestamp, Incident_Creation_Timestamp,Incident_ID, Incident_Object_Name, Incident_Object_Type,Incident_State, Incident_Type Parent topic Overview for Analyzing with Aternity REST API v2 (OData)Related tasksCreate Script for Collecting All Deployed Software on All DevicesSave the Cost of Unused Licenses by Viewing Software Installed but Never UsedRelated referenceBest Practices for Returning Large Data Sets and How to Focus Your REST API Queries if Returned Data Too LargeSynchronize Aternity REST API (OData) With External Systems (Beta)View All Reported Activities with REST API (version 2.0)Analyze Resource Usage of a Managed Application (PRC) with REST API (version 2.0)Analyze the Raw List of Application Performance Reports with REST API (version 2.0)Analyze Application Performance Hourly or Daily with REST API (version 2.0)Analyze Application Performance Daily Anonymized (no PII) with REST API (version 2.0)View Baseline Values with REST API (version 2.0)Audit Aternity Access with REST API (version 2.0)Audit the Number of Dashboard Views with REST API (version 2.0)Audit the Changes Made by Aternity Users with Rest API (version 2.0)View Application Events with REST API (version 2.0)Analyze the Raw List of Activities with REST API (version 2.0)Analyze Activities Per Hour with REST API (version 2.0)Analyze Activities Per Day with REST API (version 2.0)Analyze Activities Per Day Anonymized (no PII) with REST API (version 2.0)View All Activities Not Reported to Aternity with REST API (version 2.0)Analyze the Boot Times of Devices with REST API (version 2.0)Analyze Daily Boot Times Anonymized with REST API (version 2.0)Analyze the Boot Times of Windows Boot Components with REST API (version 2.0)Analyze Device Inventory with REST API (version 2.0)Analyze Device Health Events with REST API (version 2.0)Analyze Daily Device Health Anonymized (no PII) with REST API (version 2.0)Analyze Device (Agent) Status with REST API (version 2.0)Analyze Daily Device Resource Usage (HRC) with REST API (version 2.0)Analyze Daily Device Resource Usage (HRC) Anonymized (no PII) with REST API (version 2.0)Analyze Device's Resource Usage (HRC) with REST API (version 2.0)Analyze the Incidents Opened in Aternity with REST API (version 2.0)View Deployed Applications on All Devices with REST API (Installed Software) (version 2.0)View Software Changes on All Devices with REST API (Installed Software Change Log) (version 2.0)View Requests of Licenses in REST API (License Events)Analyze Inventory of Monitored Mobile Apps with REST API (version 2.0)Analyze Service Desk Alerts with REST API (version 2.0)Analyze Skype for Business Performance with REST API (version 2.0)Analyze WiFi Signal Strength and Reliability with REST API (version 2.0)Analyze the Raw List of Custom Data with REST API (version 2.0)Analyze Custom Data Hourly or Daily with REST API (version 2.0)Analyze Custom Data Daily Anonymized (no PII) with REST API (version 2.0)Analyze Inventory of Remediation Actions with REST API (version 2.0)View Executed Remediation Actions With REST API (version 2.0)Analyze Daily Remediation Actions Anonymized (no PII) with REST APIAnalyze the Raw List of Remote Display Latency Reports with REST APIAnalyze Remote Display Latency Hourly or Daily with REST APIAnalyze Remote Display Latency Daily Anonymized (no PII) with REST API (version 2.0)Analyze the Raw Data of the Calls in MS Teams with REST API (version 2.0)View the Details of a User with REST API (version 2.0)View the Details of Users Who Requested Access to your Account (REST API version 2.0)Analyze Survey Summary with REST APIAnalyze the Raw List of Survey Responses with REST APIRelated informationAternity REST API Column Names (version 2.0)