We are planing to send the incident to our own Help Desk system. We need the incident handler can search the incident related events from our Help Desk system by Sentinel REST API.

I have studied the Sentinel REST API , and can list the event by "Events - Event List and Create Methods".

ie.
https://164.99.19.131:8443/SentinelR.../objects/event

Howerver, this event list only have 4 parameters, including: query, field, page, pagesize. We can't submit the datetime range by this method. How can we submit the event list query with datetime range by Sentinel REST API? or, any other method can be use to submit the search query with datetime range then get the related event?

In addition, every time I submit the event list query by REST API, the 'Too many open files' error message will come out in server0.0.log.

Tue Aug 28 23:18:23 CST 2012|INFO|Thread-697013|esecurity.ccs.comp.audit.AuditLogger.execut e
Audit Medium:: Action by user admin via Sentinel service Indexed Search object Events method EventSearch client 127.0.0.1 succeeded : Event Search: Type USER, DATE-RANGE: Whenever, MAX-EVENTS=100,000, QUERY-EXPRESSION=[sev\:1], SECURITY-FILTER=[<empty>], TAGS-FILTER=[<empty>], INTERNAL-EVENT-FILTER=[<empty>], with XDAS taxonomy name: XDAS_AE_QUERY_DATA_ITEM_CONTENTS
Tue Aug 28 23:18:24 CST 2012|SEVERE|pool-153-thread-5|esecurity.ccs.comp.event.indexedlog.IndexedLogSe archJob$PartitionHitsRetrieverTask.call
IO Error performing search for the day Jul 12, 2012 (UTC).; Exception /var/opt/novell/sentinel/data/eventdata/events/20120712_6E1CCA35-4BD4-102D-91CD-000C2907C76D/index/_0.fdx (Too many open files); java.io.FileNotFoundException;
Tue Aug 28 23:18:24 CST 2012|SEVERE|pool-153-thread-5|esecurity.ccs.comp.event.indexedlog.IndexedLogSe archJob$PartitionHitsRetrieverTask.call
java.io.FileNotFoundException: /var/opt/novell/sentinel/data/eventdata/events/20120712_6E1CCA35-4BD4-102D-91CD-000C2907C76D/index/_0.fdx (Too many open files)

Regards,
Steven