Hey All!
Can someone explain what the 'case_ids_free_search' parameter is used for here? -
My use case is to get all cases closed in the last x minutes that have a specific tag. So going to use a combination of 'get_cases_ids_by_filter' which offers the 'close_time_from_unix_time_in_ms' parameter to grab all recently closed cases.
Then I was going to use 'get_cases_by_filter' with the Tag I want to look for and then the parameter for free search against the output from the previous call (all recently closed case IDs). As 'end time' is actually the end time of the event that triggered the case as opposed to the closure time of the case.
It seems the case_free_search only accepts single Case IDs as opposed to an array, as this seems to work -
recent_cases = siemplify.get_cases_ids_by_filter(status='CLOSE', sort_by='CLOSE_TIME', close_time_from_unix_time_in_ms=(get_epoch_mins_ago(int(time_to_go_back))))
for recent_case in recent_cases:
recent_filtered_cases = siemplify.get_cases_by_filter(tags=['TAG-I-WANT'], case_ids_free_search=recent_case)
siemplify.LOGGER.info(recent_filtered_cases)
If there is a better way to do this then i'm all ears.