Api pooler body depends on an other api poller

Hello,

I create an API Poller with the Json result is for example : 

reply : b323387cd50f43_240023_inv

So I manage the result "reply" and the variable NumQuerry

I duplicate this Api poller to ask an other with the body :


{
"request_data": {
"query_id": "b323387cd50f43_240023_inv" ,
"pending_flag": true,
"limit": 100,
"format": "json"
}
}

Do you know, what is the good syntaxe to replace in the body of the second api poller the value b323387cd50f43_240023_inv by the variable NumQuerry .

I try $(NumQuerry)  , "$(NumQuerry)" but none works

Best regards

Jonas

Parents
  • Finaly I do it with powershell

    This is my code If someone in the futur comme here ;) 

    Multiple result of the powershell

    # Variables pour l'authentification
    $xdrAuthId = "XX"
    $authorization = "YY"

    # URL de l'API
    $urlStartQuery = "">URL/.../start_xql_query"
    $urlGetResults = "">URL/.../get_query_results"

    # Corps de la première requête
    $bodyStartQuery = @{
    request_data = @{
    query = "dataset=incidents | fields incident_id, severity,status | comp count(incident_id) as nbincident by severity,status | filter status = new or status = under_investigation | comp count(nbincident) as nbincident by severity"
    tenants = @()
    }
    } | ConvertTo-Json -Depth 10

    # Envoi de la première requête POST pour démarrer la requête
    $responseStartQuery = Invoke-RestMethod -Uri $urlStartQuery -Method Post -Headers @{
    "x-xdr-auth-id" = $xdrAuthId
    "Authorization" = $authorization
    "Content-Type" = "application/json"
    } -Body $bodyStartQuery

    # Vérification de la réponse de la première requête
    if (-not $responseStartQuery.reply) {
    Write-Output "Erreur : L'API n'a pas renvoyé d'ID de requête."
    exit 1
    }

    # Extraction de l'ID de requête
    $queryId = $responseStartQuery.reply
    #Write-Output "Query ID obtenu : $queryId"

    # Corps de la deuxième requête
    $bodyGetResults = @{
    request_data = @{
    query_id = $queryId
    pending_flag = $true
    limit = 100
    format = "json"
    }
    } | ConvertTo-Json -Depth 10

    # Boucle pour vérifier si les résultats sont disponibles
    $maxRetries = 10
    $retryInterval = 5 # en secondes
    $resultAvailable = $false
    $responseGetResults = $null

    for ($i = 0; $i -lt $maxRetries; $i++) {
    # Write-Output "Tentative $($i + 1) de récupération des résultats..."
    $responseGetResults = Invoke-RestMethod -Uri $urlGetResults -Method Post -Headers @{
    "x-xdr-auth-id" = $xdrAuthId
    "Authorization" = $authorization
    "Content-Type" = "application/json"
    } -Body $bodyGetResults

    # Vérifiez si les résultats sont prêts
    if ($responseGetResults.reply.status -eq "SUCCESS" -and $responseGetResults.reply.results) {
    $resultAvailable = $true
    break
    }

    Start-Sleep -Seconds $retryInterval
    }

    if (-not $resultAvailable) {
    Write-Output "Erreur : Les résultats ne sont pas disponibles après $maxRetries tentatives."
    exit 1
    }

    # Affichage des résultats
    #Write-Output "Résultats obtenus :"
    #$responseGetResults.reply.results.data

    # Variables pour stocker les résultats par niveau de severity
    $lowCount = 0
    $mediumCount = 0
    $highCount = 0

    # Parcourir les résultats
    if ($responseGetResults.reply.results.data) {
    foreach ($item in $responseGetResults.reply.results.data) {
    switch ($item.severity) {
    "LOW" {
    $lowCount = $item.nbincident
    }
    "MEDIUM" {
    $mediumCount = $item.nbincident
    }
    "HIGH" {
    $highCount = $item.nbincident
    }
    }
    }
    }

    # Affichage des résultats
    #Write-Output "Nombre d'incidents par niveau de sévérité :"
    write-host "Message: Low"
    write-host "Statistic: " $lowCount
    write-host "Message: Medium"
    write-host "Statistic: " $mediumCount
    write-host "Message: High"
    write-host "Statistic: " $highCount

  • If you search the result on database 

    --LOW

    select max(NumericData) as NbIncident, max(StringData) as Severity from APM_DynamicEvidence_Current where ComponentID = 22096 and ColumnSchemaID in (4790, 4791)
    union all

    -- MEDIUM
    select max(NumericData) as NbIncident, max(StringData) as Severity from APM_DynamicEvidence_Current where ComponentID = 22096 and ColumnSchemaID in (4792, 4793)
    union all

    --HIGH
    select max(NumericData) as NbIncident, max(StringData) as Severity from APM_DynamicEvidence_Current where ComponentID = 22096 and ColumnSchemaID in (4794, 4795)

  • And SWQL Version is :

    select max(NumericData) as NumIncident, max(StringData) as Severity from Orion.APM.DynamicEvidenceCurrent where ComponentID = 22096 and ColumnSchemaID in (4794, 4795)

    union all

    ( select max(NumericData) as NumIncident, max(StringData) as Severity from Orion.APM.DynamicEvidenceCurrent where ComponentID = 22096 and ColumnSchemaID in (4792, 4793) )

    union all

    ( select max(NumericData) as NumIncident, max(StringData) as Severity from Orion.APM.DynamicEvidenceCurrent where ComponentID = 22096 and ColumnSchemaID in (4790, 4791) )

Reply
  • And SWQL Version is :

    select max(NumericData) as NumIncident, max(StringData) as Severity from Orion.APM.DynamicEvidenceCurrent where ComponentID = 22096 and ColumnSchemaID in (4794, 4795)

    union all

    ( select max(NumericData) as NumIncident, max(StringData) as Severity from Orion.APM.DynamicEvidenceCurrent where ComponentID = 22096 and ColumnSchemaID in (4792, 4793) )

    union all

    ( select max(NumericData) as NumIncident, max(StringData) as Severity from Orion.APM.DynamicEvidenceCurrent where ComponentID = 22096 and ColumnSchemaID in (4790, 4791) )

Children
No Data