Extract incidents of the year

As part of an external audit, i am trying to extract the entire list of Incidents of last year.
Issue is that using the UI i can see but not export results in csv for example.

I also tried using NRQL but it seems that number of return records are limited…

Can you help me ?


Hi @ndossantos - You probably want to filter out warning incidents but also there is an event for when the incident opens and closes. Either filter on the event attribute to show only the open or close events.

SELECT * FROM NrAiIncident WHERE event='close' AND priority='critical' SINCE 12 months ago LIMIT MAX


It seems that i only get 2000 records with ‘limit max’. Anything else to change ?

That is the limit for a NRQL query, 2000 rows. If you want all of the records you will have to add SINCE UNTIL for small periods, for example a month, to get all of the data you require.

1 Like

Hi @ndossantos

There are a couple of details that I’d like to clear up.

Firstly, NrAiIncident is named using the new terminology (that we’re only starting to use), where “Incidents” are what we used to call “Violations.” I’ve written a brief post about this change, that is happening right now, and you can find it here. Documentation on the NrAiIncident event type can be found here.

In short, NrAiIncident will detail what you think of as violations on your account, not what we show in the list that your first screenshot shows.

Secondly, if you’d like a list of all Incidents (as are shown in your first screenshot), you can use the REST API for Incidents, documented at this link.

If you are, in fact, trying to gather information on all of the violations that occurred over 2021, using NrAiIncident is perfect and Stefan’s suggestions will definitely come in helpful.


This topic was automatically closed after 365 days. New replies are no longer allowed.