The API Alert Rules - List does not support a filter parameter, for Odata filtering. This can also be seen in the preview versions of the API. You will need to return all the alert rules and then filter client side.
kind regards
Alistair Ross
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi
When i try to use the OData 4.0 notation in the alertRules API ex:
GET https://management.azure.com/subscriptions/<sub>/resourcegroups/<rg>/providers/microsoft.operationalinsights/workspaces/alasentinel-dev-euw/providers/Microsoft.SecurityInsights/alertRules?api-version=2021-10-01-preview&$filter=(properties/lastModifiedUtc gt 2022-06-09T16:06:49.2026471Z)
It seems to be returning all alertrules and not greater than the lastModifiedUtc (same happening with alertruletemplates).
I tried both with and without parentheses but it seems to be the same result.
Is there anything i am doing wrong, or does the API not support it yet? (As i know the Incident API does)
Best
Kristian
The API Alert Rules - List does not support a filter parameter, for Odata filtering. This can also be seen in the preview versions of the API. You will need to return all the alert rules and then filter client side.
kind regards
Alistair Ross
Thanks so much for a quick answer.
Tested it with api-version 2021-10-01 (seems like the same).
Do you know when the new version of the API is ready? (i.e. with techniques, versions etc.)