Unable to use -Filter "Group:'Groupname'" to pull a list of Host IDs into a variable.

[Sievers79]

Looking to utilize the same query as in the Falcon UI for Group Names or Group Tags to pull a list of host ids quickly, and run RTR commands. This does not seem to work or be functional.

Filter only seems to work with "groups:','"

[bk-cs]

"Group" not being a valid filter is an API restriction and is not related to PSFalcon.

If you wanted to find hosts that exist within a certain group, here is another option besides using the "group" filter in a host search (note that "<groupname>" will only accept lowercase values):

Get-FalconHostGroupMember -Id (Get-FalconHostGroup -Filter "name:'<groupname>'") -All

You can search like this to find hosts matching specific tags (case sensitive):

Get-FalconHost -Filter "tags:'FalconGroupingTags/<tag>'" or Get-FalconHost -Filter "tags:'SensorGroupingTags/<tag>'".

See Filtering and the Falcon Query Language for more complex queries involving OR and AND conditions.