•  
  • Admin Settings
  • API Settings
  • Asynchronous alerts
icon-pdfDownload PDF lhs-panel
lhs-panel Click here to expand

Asynchronous Alerts API

The API allows you to run alert search requests in the background. With help of this you can monitor the progress of the request and view the results as and when they become available.

Here are the steps involved in executing an asynchronous alerts query:

  • You can make a request with a set of required metadata and asynchronous parameters.
  • The server will respond with a request ID and the search is performed in background thread.
  • You can check the status of the request through the Jobs endpoint.
  • Once the job is done, you can fetch the results using the jobs/results endpoint.
  • The search results will be available in EventLog Analyzer for 24 hours after which they are deleted by the cleanup thread.
Synchronous Alerts Asynchronous Alerts
It retrieves data within the retention period.
The response time taken is based on data fetched.		 It retrieves large amount of data based on the given criteria.
The response will be a request ID and the search is performed in background thread
In order to acquire the next set of results, keep requesting with the next cursor. Once the job is done, in order to acquire the next result page, search with the next page_no using the job results endpoint.
Response is valid only for 5 minutes. Response will be valid upto 24 hours.

Request URL

POST http://hostname:8400/RestAPI/v1/alerts/async

Request Header

Header name Value Mandatory Description
Authorization Bearer {{AuthToken}} Yes AuthToken generated from API Settings page.

e.g:
Bearer
nzxcvda0odmtmznloc00ndziltg0mgutmwzkhtljmjvmzbyt

Request Parameters

The request needs to be sent in the body of the request using JSON format. And should contain following key/value parameters

Parameter name Default value Mandatory Type Description
query * No String Start value of the list
alert_profiles all No JSONArray List of alert profiles
severity all No JSONArray List of severity
status all No JSONArray List of status
from current time - 24 hours No Long Start time for search in Unix milliseconds
to current time No Long End time for search in Unix milliseconds
Note:
  1. Quotes i.e ( " ") in query string should to be escaped. If query in EventLog Analyzer's search page is REMOTE_INTERFACE = "switch 1", then for Rest Api the query parameter should be written as "REMOTE_INTERFACE = \"switch 1\""

Response

The response will be a JSON object which will contain the following key/value pairs

Parameter name Description
hits JSON object which contain search hits for the request

Contains following fields
hits: List of alert hits
hits_count_in_current_page: Hits count in current alert hit response

Example usage using cURL

i) Search request with query

Sample request

Copy to Clipboard

curl --location --request POST 'http://localhost:8400/RestAPI/v1/alerts/async' \ -H "Accept: application/json" -H "Authorization: Bearer mdrkoda0odmtmznloc00ndziltg0mgutmwzkztljmjvmzwmx " --data-raw '{ "query": "EVENTID = 16384 AND USERNAME = mhtoc", "alert_profiles": [1, 2, 601], "severity": ["CRITICAL"], "status": ["OPEN"], "from": 1643480792000, "to": 1643480479500 }'

Sample response:

Copy to Clipboard

{ "message": "Request submitted", "request_id": "AX6qKwX7hJby8kAkaqDG", "status": 200 }

Example usage using Postman (Third party tool)

Asynchronous Alert API

On this page

Copyright © 2025, ZOHO Corp. All Rights Reserved.

Don't see what you're looking for?

  •  

    Visit our community

    Post your questions in the forum.

     
  •  

    Request additional resources

    Send us your requirements.

     
  •  

    Need implementation assistance?

    Try OnboardPro

     
Get download link