/events

Mount Point: /api/v11/events

GET

Allows you to query events in the system.

Parameters

name	description	type	default
maxResults	The maximum number of events to return.	query	100
resultOffset	Specified the offset of events to return.	query	0
query	The query to perform to find events in the system. It accepts querying the intersection of a list of constraints, joined together with semicolons (without spaces). For example: alert==true looks for alerts. alert==true;attributes.host!=flaky.mysite.com looks for alerts, but exclude those with the host attribute of "flaky.mysite.com". category==log_event;attributes.log_level==ERROR looks for error log events. Event attribute matching is case sensitive. attributes.service==hbase1;content==hlog looks for any events from the "hbase1" service that mention "hlog". attributes.service==hbase1;content!=hlog looks for any events from the "hbase1" service that do not mention "hlog". A query must not contain only negative constraints (!=). It returns empty results because there is nothing to perform exclusion on. attributes.role_type==NAMENODE;severity==critical important looks for any important or critical events related to all NameNodes. severity==critical;timeReceived=ge=2012-05-04T00:00;timeReceived=lt=2012-05-04T00:10 looks for critical events received between the given 10 minute range. When polling for events, use timeReceived instead of timeOccurred because events arrive out of order. You may query any fields present in the ApiEvent object. You can also query by event attribute values using the attributes.* syntax. Values for date time fields (e.g. timeOccurred, timeReceived) should be ISO8601 timestamps. The other valid comparators are =lt=, =le=, =ge=, and =gt=. They stand for "<", "<=", ">=", ">" respectively. These comparators are only applicable for date time fields.	query

name

description

type

default

maxResults

The maximum number of events to return.

query

100

resultOffset

Specified the offset of events to return.

query

The query to perform to find events in the system. It accepts querying the intersection of a list of constraints, joined together with semicolons (without spaces). For example:

alert==true: looks for alerts.
alert==true;attributes.host!=flaky.mysite.com: looks for alerts, but exclude those with the host attribute of "flaky.mysite.com".
category==log_event;attributes.log_level==ERROR: looks for error log events. Event attribute matching is case sensitive.
attributes.service==hbase1;content==hlog: looks for any events from the "hbase1" service that mention "hlog".
attributes.service==hbase1;content!=hlog: looks for any events from the "hbase1" service that do not mention "hlog".
A query must not contain only negative constraints (!=). It returns empty results because there is nothing to perform exclusion on.
attributes.role_type==NAMENODE;severity==critical important: looks for any important or critical events related to all NameNodes.
severity==critical;timeReceived=ge=2012-05-04T00:00;timeReceived=lt=2012-05-04T00:10: looks for critical events received between the given 10 minute range.
When polling for events, use timeReceived instead of timeOccurred because events arrive out of order.

You may query any fields present in the ApiEvent object. You can also query by event attribute values using the attributes.* syntax. Values for date time fields (e.g. timeOccurred, timeReceived) should be ISO8601 timestamps.

The other valid comparators are =lt=, =le=, =ge=, and =gt=. They stand for "<", "<=", ">=", ">" respectively. These comparators are only applicable for date time fields.

query

Response Body

element:

eventQueryResult

The results of the query