/events

Mount Point: /api/v16/events

GET

Allows you to query events in the system.

Parameters

name description type default
maxResults The maximum number of events to return. query 100
resultOffset Specified the offset of events to return. query 0
query The query to perform to find events in the system. It accepts querying the intersection of a list of constraints, joined together with semicolons (without spaces). For example:

alert==true
looks for alerts.
alert==true;attributes.host!=flaky.mysite.com
looks for alerts, but exclude those with the host attribute of "flaky.mysite.com".
category==log_event;attributes.log_level==ERROR
looks for error log events. Event attribute matching is case sensitive.
attributes.service==hbase1;content==hlog
looks for any events from the "hbase1" service that mention "hlog".
attributes.service==hbase1;content!=hlog
looks for any events from the "hbase1" service that do not mention "hlog".
A query must not contain only negative constraints (!=). It returns empty results because there is nothing to perform exclusion on.
attributes.role_type==NAMENODE;severity==critical important
looks for any important or critical events related to all NameNodes.
severity==critical;timeReceived=ge=2012-05-04T00:00;timeReceived=lt=2012-05-04T00:10
looks for critical events received between the given 10 minute range.
When polling for events, use timeReceived instead of timeOccurred because events arrive out of order.
You may query any fields present in the ApiEvent object. You can also query by event attribute values using the attributes.* syntax. Values for date time fields (e.g. timeOccurred, timeReceived) should be ISO8601 timestamps.

The other valid comparators are =lt=, =le=, =ge=, and =gt=. They stand for "<", "<=", ">=", ">" respectively. These comparators are only applicable for date time fields.

query

Response Body

element: eventQueryResult

The results of the query