Analyze Service Desk Alerts with REST API (version 2.0)

SERVICE_DESK_ALERTS_RAW returns all service desk alerts which occurred in your organization. A service desk alert (SDA) indicates that the same health event occurred several times on the same device within a certain time. Aternity sends SDAs to draw attention to devices which suffer repeated application errors, system crashes or hardware issues. Use this API to analyze for patterns on similar types of alerts, and to check for correlations with device attributes, subnet or location.

For example, you can investigate reports of BSODs to see if they are due to low RAM or small disk capacity, by looking for System Crash alerts on laptops with 4GB RAM, and compare by checking if those same devices also have a Low Disk Space alert.

You can add an alert for any health event. The following list is an example of available predefined out of the box alerts:

  • HD Failure Windows event ID 52 occurs with an imminent failure of the hard disk. Back up your data immediately, then use a scanning tool to detect problems. For example, if a disk is too hot, switch off the PC and disconnect the power of that hard disk until you replace it.

  • Application Crash (after hang) (Windows) Event ID 1002 occurs when a user manually forced an application's process to close after it stopped responding. (Mac) Aternity uses the system log to determine when a user has manually forced an application's process to close after it stopped responding. (Web applications) Displays the number of browser crashes. To resolve, note any common actions leading to the hang, then consult the app vendor's support site.

  • Battery Wear (Windows laptops only) Aternity checks if the battery capacity drops below a threshold (default is 50%), compared with the vendor's factory settings. This indicates that a full battery charge drains much faster than it should. To resolve, replace the battery.

  • HD Bad Blocks Windows event ID 7 occurs with a corrupted block of data on the hard disk. If many bad sectors develop, the drive may fail and needs attention. Replace a physically damaged disk immediately. For 'soft' or logical bad sectors, you can use Windows Disk Check.

  • Low Disk Space Aternity creates this event if the device's system disk has less than 5% free space and less than 5GB available, which limits the size of virtual memory. Event will be created when both conditions are met. To resolve, free some disk space (empty trash, remove unused apps) or increase its capacity.

  • Overheat Related Shutdown Windows event ID 86 occurs when the device shuts down due to overheating (critical thermal event). It indicates a hardware problem, like a dusty CPU, broken fan or obstructed air vent. Turn off your computer, clean the heat sinks, and make sure that air circulates properly.

  • System Crash (Windows) Aternity reports a system crash when Windows created a memory dump file after a BSOD. Aternity analyzes the Windows dump and extracts data. (Macs) Aternity reports a system crash when it detected a kernel panic from the macOS system logs. To troubleshoot, view the details of the event and research further on the name of the process or module and its error codes.


You can also configure SDAs to view them via automated emails or in your enterprise's ServiceNow. Learn more.

Each entry from SERVICE_DESK_ALERTS_RAW represents a single SDA, and includes its name, the underlying health event which triggered the alert, the error details of the last time this health event occurred, and details of the monitored device.


About how long Aternity keeps this data (retention period) and how far back you can go, as well as about how many hours or days of data Aternity returns by default read here.


This article covers the latest REST API version. For older version 1.0, click here.

Before You Begin

To send a REST API query in Excel, PowerBI or a browser, enter the URL of the REST API, your Aternity username (must have the OData REST API role) and its password. You can find this by selecting User icon > REST API Access. SSO users must generate (once) and use a special password, as Aternity's REST API does not authenticate with your enterprise's identity provider.

To view Aternity REST API, enter the base URL from Aternity > User icon > REST API Access, followed by the name of the API into a browser, Excel or PowerBI (learn more). For VIEWING, use <base_url>/latest/API_NAME; for INTEGRATIONS, use <base_url>/<version number>/API_NAME (for example, <base_url>/v1/API_NAME, or <base_url>/v1.0/API_NAME, or <base_url>/v2/API_NAME, or <base_url>/v2.0/API_NAME).

Get the latest REST API version for analyzing in the external app

Wherever possible, use $select and $filter to narrow your query, to avoid receiving an error like Returned data is too large. Learn more.


To access this API from a browser, Excel or Power BI (learn more), enter <base_url>/latest/SERVICE_DESK_ALERTS_RAW or <base_url>/v2/SERVICE_DESK_ALERTS_RAW.

To return the device hostnames which issued a System Crash SDA and are laptops with 4GB RAM or less, use:

.../SERVICE_DESK_ALERTS_RAW?$select=DEVICE_NAME&$filter=(SD_ALERT_RULE_NAME eq 'System Crash') and ((DEVICE_MEMORY eq '4GB') or (DEVICE_MEMORY eq '3GB') or (DEVICE_MEMORY eq '2GB') or (DEVICE_MEMORY eq '1GB'))

To view the devices which issueD the Application Crash (after hang) SDA for Microsoft Outlook, enter:

.../SERVICE_DESK_ALERTS_RAW?$select=DEVICE_NAME&$filter=(contains(SD_ALERT_RULE_NAME,'Application Crash') and SD_ALERT_IDENTIFIER eq 'Microsoft Outlook'))

Supported Parameters

You can view the data by entering the URL into Excel, into a browser, or into or any OData compatible application such as Power BI.

You can add parameters to the URL to filter the returned data, by adding a question mark (?) followed by a parameter and value, such as .../API_NAME?$filter=(USERNAME eq ''), or several parameter-value pairs each separated by an ampersand (&), like .../API_NAME?$format=xml&$top=5.

Query Options Description

Use $select to return only specific columns (attributes), to make queries more efficient: ...API_NAME?$select=COL1,COL2,COL3


Use $format to force the returned data to be either in XML or JSON format. This is only useful for testing the raw data in a web browser. For example: .../API_NAME?$format=xml


Use $orderby to sort the returned data according to the value you choose. For example, .../API_NAME?$orderby=LOCATION

Also, use $orderby to sort the returned data in ascending or descending order. For example, .../API_NAME?$orderby=Activity_Response_Time desc or .../API_NAME?$orderby=Activity_Response_Time asc

The default is ascending.


Use $count=true to get the total count of items within a collection matching the request. This provides not distinct number of results.

Every REST API that supports aggregation will aggregate data automatically based on the columns in the $select parameter. If you use $select to display only specific columns, it makes the query faster by grouping all rows with identical attribute values into a single row with aggregated measurements. This eliminates the repetitive appearance of the same data.

So, the combination of the $count and Aternity aggregation mechanism will give you a distinct count of an attribute (or a combination of attributes). For example, if you want to know how many distinct applications were used in the last week you can run the following query:
Another example, if you select a combination of attributes application_name,username, then you get a count of all the user/application combinations:
Note that you cannot get distinct count in addition to other information. For example:
  • You cannot in one query get the number of distinct applications and the number of distinct users.

  • You cannot in one query get the number of distinct applications per day for every day in the last week.

  • You cannot in one query get all the data from applications_daily (usage, UXI, etc.) and the number of distinct applications.

Every distinct count for a specific attribute (or an attribute combination) and a specific filter requires a separate query.

Use $top (lower case only) when you are initially testing the response of the API by returning the first few entries.

Also, use $top to filter the returned data and to return only the first N entries.

For example, to return the first five entries (not sorted), use: ...API_NAME?$top=5


Use $filter to insert conditions that narrow down the data, to return only entries where those conditions are true..

To limit the timeframe of a query, add $filter=relative_time() like, .../API_NAME?$filter=relative_time(last_x_hours) or (last_x_days). Learn more.

Create conditions for filtering with any of the following operators:

Query Operators Description

Equal to

For example, COL4 eq 'val4'


Not equal to

For example, COL4 ne 'val4'


Greater than

For example, COL4 gt 'val4'


Greater than or equal

For example, COL4 ge 'val4'


Less than

For example, COL4 lt 'val4'


Less than or equal

For example, COL4 le 'val4'


Logical and

For example, COL1 eq 'value1' and COL2 ne 'value2'


Logical or

For example, COL1 eq 'value1' or COL2 ne 'value2'


Logical negation

Create conditions for filtering with any of the following functions:

Query Functions Description

For example, $filter=startswith(account_name,'Aternity')


For example, $filter=endswith(account_name,'Aternity')



For example, $filter=contains(account_name,'Aternity')


Instead of using AND, OR:

$filter=device_name eq ‘adam_covert_wks’ or device_name eq ‘adam_covert_vdi’ or device_name eq ‘adam_covert_tablet’

You can now use:


Read carefully specific instructions for writing this function:
  • In must be followed directly by the opening parenthesis (no space allowed)

  • The first parameter is the field name (case insensitive)

  • The function requires at least two parameters, the field name and at least one field value

  • The rest of the parameters are the optional values that the field can have (i.e. the values we want to filter in) also case insensitive

  • Values are separated by comma and no spaces allowed

  • The maximum number of values in all clauses is 1,500 (e.g. It is possible to have 1 In() with 1500 values, or 2 In() clauses with 750 each).

  • The last value must be followed by the closing parenthesis (no space allowed)

  • In() can be combined with any other filter using AND or OR

  • There can be more than one in() function in a filter. For example, $filter=in(location,’loc1’,’loc2’) or in(subnet,’sub1’sub2’). Another example, $filter=in(location,’loc1’,’loc2’) and in(subnet,’sub1’sub2’)


Limit the timeframe of a query.

If no relative_time filter is used to set a specific timeframe, Aternity will return the default last N days worth of data. Default values vary for different APIs. Learn here about specific REST API.

Use operators with parentheses to group conditions logically: .../API_NAME?$filter=(COLUMN1 eq 'value1' or COL2 neq 'val2') and (COL3 gt number) and not (COL4 eq 'val4' or contains(COL5,'val5'))

$search is NOT supported.

Do not use $search in Aternity's REST APIs.


Wherever possible, use $select and $filter to narrow your query, to avoid receiving an error like Returned data is too large. Learn more.


Each entry from SERVICE_DESK_ALERTS_RAW represents a single SDA, and includes its name, the underlying health event which triggered the alert, the error details of the last time this health event occurred, and details of the monitored device.

You can access data using this API (retention) going back up to 91 days. If you do not add a relative_time filter, by default Aternity returns data for the past 7 days.

Types Columns returned