Skip to main content

Hi Folks,

Apologies if this is a simpleton question, however it’s doing my head in. I have the api working and am able to use the dataexport endpoint to extract malware alerts. My issue is that I only receive one record in the response and I know there is 115 in the time period of the search. The record I receive is the very first in the results. I can confirm that by checking in the console.

My (hopefully simple) question is what is the format of the api query to iterate through the results so that the full list can be retrieved? I’ve tried ?operation=next&index=(the index name supplied in the first query). However that returns an empty response.

I’d appreciate any guidance.

Regards,

Campbell

That is the correct logic as far as I can tell, though if you are using a script make sure you are not resetting the index to the same position after each loop.


@cjcarew Are you able to provide your entire query you are using for this?


You may want to try from the beginning by using head, but if you can send your entire query string, minus your tenant information I can try to get to the bottom of it for you.  

api/v2/events/dataexport/alerts/malware?operation=head&index=myindex'

Reply