/events
Mount Point: /api/v11/events
GET
Allows you to query events in the system.
Parameters
name |
description |
type |
default |
maxResults |
The maximum number of events to return.
|
query |
100 |
resultOffset |
Specified the offset of events to return.
|
query |
0 |
query |
The query to perform to find events in the system. It accepts
querying the intersection of a list of constraints,
joined together with semicolons (without spaces). For example:
- alert==true
- looks for alerts.
- alert==true;attributes.host!=flaky.mysite.com
- looks for alerts, but exclude those with the host attribute of
"flaky.mysite.com".
- category==log_event;attributes.log_level==ERROR
- looks for error log events. Event attribute matching is
case sensitive.
- attributes.service==hbase1;content==hlog
- looks for any events from the "hbase1" service that
mention "hlog".
- attributes.service==hbase1;content!=hlog
- looks for any events from the "hbase1" service that
do not mention "hlog".
A query must not contain only negative
constraints (!=). It returns empty results because
there is nothing to perform exclusion on.
- attributes.role_type==NAMENODE;severity==critical important
- looks for any important or critical events related to
all NameNodes.
- severity==critical;timeReceived=ge=2012-05-04T00:00;timeReceived=lt=2012-05-04T00:10
- looks for critical events received between the given 10 minute
range.
When polling for events, use timeReceived
instead of timeOccurred because events arrive
out of order.
You may query any fields present in the ApiEvent object. You can
also query by event attribute values using the attributes.*
syntax. Values for date time fields (e.g. timeOccurred,
timeReceived) should be ISO8601 timestamps.
The other valid comparators are =lt=, =le=,
=ge=, and =gt=. They stand for "<", "<=",
">=", ">" respectively. These comparators are only applicable
for date time fields.
|
query |
|
Response Body
The results of the query