/filters/alerts - Get aggregated alert filters

GET /filters/alerts
Bearer auth

Aggregated endpoint for the alerts views' filter dropdowns.

systems, severities and organizations are data-driven: only values that actually appear in alert history within the caller's scope are returned. alerts is a static catalog of every alert a NethServer (NS8) or NethSecurity system can raise — it is NOT scoped to the caller's data, so the dropdown can filter on alerts not yet received.

Auth is checked once, then the data-driven datasets are fetched in parallel.

Scope follows the same rules as the other alerts endpoints: organization_id omitted = caller's full hierarchy; one or more organization_id = those tenants (validated, Owner exempt); Customer is always pinned to its own organization.

Query parameters

  • organization_id array[string]

    Tenant scope. Omit for the caller's full hierarchy, or repeat to target specific tenants (each validated against the caller's hierarchy; Owner exempt).

  • include string

    When set to descendants, expand each organization_id to itself plus its sub-tree.

    Value is descendants.

Responses

  • 200 application/json

    Alert filters retrieved successfully

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object
      Hide data attributes Show data attributes object
      • systems array[object]
        Hide systems attributes Show systems attributes object
        • id string

          System local ID

        • name string

          System display name

        • type string

          System type (empty string if unknown)

        • key string

          Unique system key

      • alerts array[object]

        Static catalog of every alert a NethServer (NS8) or NethSecurity system can raise. Not scoped to the caller's data — returned in full regardless of what alert history exists.

        Hide alerts attributes Show alerts attributes object
        • name string

          Alert name (alertname label)

        • severity string

          Default severity for this alert type

          Values are critical, warning, or info.

        • service string

          Sub-service that raises the alert (omitted when not applicable)

      • severities array[string]

        Distinct severities present in alert history

      • organizations array[object]
        Hide organizations attributes Show organizations attributes object
        • logto_id string

          Organization Logto ID

        • name string

          Organization name

        • type string

          Organization type

          Values are distributor, reseller, or customer.
  • 401 application/json

    Unauthorized - invalid or missing token

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
  • 403 application/json

    Forbidden - insufficient permissions

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
GET /filters/alerts 
curl \
 --request GET 'https://api.your-domain.com/api/filters/alerts' \
 --header "Authorization: Bearer $ACCESS_TOKEN"
Response examples (200) 
{
  "code": 200,
  "message": "alert filters retrieved successfully",
  "data": {
    "systems": [
      {
        "id": "sys_abc123",
        "name": "Milan Office Server",
        "type": "ns8",
        "key": "ABCD1234"
      }
    ],
    "alerts": [
      {
        "name": "DiskSpaceLow",
        "severity": "warning",
        "service": "storage"
      },
      {
        "name": "ServiceDown",
        "severity": "critical"
      }
    ],
    "severities": [
      "critical",
      "warning"
    ],
    "organizations": [
      {
        "logto_id": "org_abc123",
        "name": "ACME Corp",
        "type": "customer"
      }
    ]
  }
}
Response examples (401) 
{
  "code": 401,
  "message": "invalid token",
  "data": {}
}
Response examples (403) 
{
  "code": 403,
  "message": "insufficient permissions",
  "data": {}
}