event¶
event count¶
Usage
usage: symp event count
[-h] [-f {adaptive_table,json,shell,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--noindent]
[--prefix PREFIX] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--event-type [EVENT_TYPE [EVENT_TYPE ...]]]
[--entity-type [ENTITY_TYPE [ENTITY_TYPE ...]]]
[--entity-id [ENTITY_ID [ENTITY_ID ...]]]
[--severity [SEVERITY [SEVERITY ...]]]
[--start-timestamp START_TIMESTAMP]
[--end-timestamp END_TIMESTAMP] [--limit LIMIT]
[--offset OFFSET]
[--project-id [PROJECT_ID [PROJECT_ID ...]]]
[--hostname [HOSTNAME [HOSTNAME ...]]]
[--request-id [REQUEST_ID [REQUEST_ID ...]]]
[--user-id [USER_ID [USER_ID ...]]]
[--group-by GROUP_BY]
Description
Get count of events filtered by given params and group by specific field - default: severity. If param value is None or [] it will not be used for filtering.
Returns
Returns dict: Dictionary of counts of events matching the provided filters
Optional
optional arguments:
-h, --help show this help message and exit
--event-type [EVENT_TYPE [EVENT_TYPE ...]]
Filter by (default: None)
--entity-type [ENTITY_TYPE [ENTITY_TYPE ...]]
Filter by (default: None)
--entity-id [ENTITY_ID [ENTITY_ID ...]]
Filter by (default: None)
--severity [SEVERITY [SEVERITY ...]]
Filter by (default: None)
--start-timestamp START_TIMESTAMP
Start of query period (milliseconds since epoch), by default - 1 hour back
--end-timestamp END_TIMESTAMP
End of query period (milliseconds since epoch), by default - now
--limit LIMIT Limit amount of events (default: 50)
--offset OFFSET Offset to paginate the results (default: None)
--project-id [PROJECT_ID [PROJECT_ID ...]]
If the user is system admin, the project ID will be used to filter events if it is not
None, else, the project_id will be overriden with the users project ID
--hostname [HOSTNAME [HOSTNAME ...]]
Filter by (default: None)
--request-id [REQUEST_ID [REQUEST_ID ...]]
Filter by (default: None)
--user-id [USER_ID [USER_ID ...]]
Filter by (default: None)
--group-by GROUP_BY Count and group by specific field (default: severity)
event definition create¶
Usage
usage: symp event definition create
[-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--noindent] [--prefix PREFIX]
[-m [NAME=VALUE [NAME=VALUE ...]]]
[--project-id PROJECT_ID]
[--filter-duration FILTER_DURATION]
[--filter-fields [FILTER_FIELDS [FILTER_FIELDS ...]]]
event_type entity_type severity
display_name description_templates
Description
Register new event type.
Mandatory
positional arguments:
event_type The auxiliary event name
entity_type The event is reported for entity (i.e. vm|node|user, etc)
severity The severity of the event
display_name Will be displayed to user
description_templates
A map from the event sub-type to the description template for this subtype.
the template will be complemented with the values for the particular event entry. If only a single event
subtype exists, you can use a 'default' as a key for its description template
Optional
optional arguments:
-h, --help show this help message and exit
--project-id PROJECT_ID
Project id to create the event_type in (admin only)
--filter-duration FILTER_DURATION
Duration in seconds to check for duplicate events before submission.
Only one event with the same values (according to the filter_fields) will be submitted to the queue in
a filter_duration second interval
--filter-fields [FILTER_FIELDS [FILTER_FIELDS ...]]
A list of fields to decide on duplicated event.
In case than an auxiliary field is required (from the description_template) prefix with "auxiliary:".
for example: using "project_id", "auxiliary:origin_ip" will cause two events to be treated as duplicated
if their event_type, project_id, and origin_ip (in the auxiliary parameters) are identical
event definition get¶
Usage
usage: symp event definition get
[-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--noindent] [--prefix PREFIX]
[-m [NAME=VALUE [NAME=VALUE ...]]]
event_type
Description
Get the details of the requested event.
Returns
Returns dict: The requested event details
Mandatory
positional arguments:
event_type Requested event type
Optional
optional arguments:
-h, --help show this help message and exit
event definition list¶
Usage
usage: symp event definition list
[-f {adaptive_table,csv,json,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--noindent]
[--quote {all,minimal,none,nonnumeric}]
[-m [NAME=VALUE [NAME=VALUE ...]]]
[--entity-type ENTITY_TYPE]
[--severity SEVERITY]
Description
Get a list event definitions.
Returns
Returns list: List of event definitions
Optional
optional arguments:
-h, --help show this help message and exit
--entity-type ENTITY_TYPE
Filter by entity_type, if the param equals None, don't filter (default: None)
--severity SEVERITY The severity of the event
event definition update¶
Usage
usage: symp event definition update
[-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--noindent] [--prefix PREFIX]
[-m [NAME=VALUE [NAME=VALUE ...]]]
[--severity SEVERITY]
[--description-templates DESCRIPTION_TEMPLATES]
[--filter-duration FILTER_DURATION]
[--filter-fields [FILTER_FIELDS [FILTER_FIELDS ...]]]
event_type
Description
Register new event type.
Mandatory
positional arguments:
event_type The event id
Optional
optional arguments:
-h, --help show this help message and exit
--severity SEVERITY The severity of the event
--description-templates DESCRIPTION_TEMPLATES
A map from the event sub-type to the description template for this subtype.
the template will be complemented with the values for the particular event entry. If only a single event
subtype exists, you can use a 'default' as a key for its description template
--filter-duration FILTER_DURATION
Duration in seconds to check for duplicate events before submission.
Only one event with the same values (according to the filter_fields) will be submitted to the queue in
a filter_duration second interval
--filter-fields [FILTER_FIELDS [FILTER_FIELDS ...]]
A list of fields to decide on duplicated event.
In case than an auxiliary field is required (from the description_template) prefix with "auxiliary:".
for example: using "project_id", "auxiliary:origin_ip" will cause two events to be treated as duplicated
if their event_type, project_id, and origin_ip (in the auxiliary parameters) are identical
event query¶
Usage
usage: symp event query
[-h] [-f {adaptive_table,csv,json,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--noindent]
[--quote {all,minimal,none,nonnumeric}]
[-m [NAME=VALUE [NAME=VALUE ...]]]
[--event-type [EVENT_TYPE [EVENT_TYPE ...]]]
[--entity-type [ENTITY_TYPE [ENTITY_TYPE ...]]]
[--entity-id [ENTITY_ID [ENTITY_ID ...]]]
[--severity [SEVERITY [SEVERITY ...]]]
[--start-timestamp START_TIMESTAMP]
[--end-timestamp END_TIMESTAMP] [--limit LIMIT]
[--offset OFFSET]
[--project-id [PROJECT_ID [PROJECT_ID ...]]]
[--hostname [HOSTNAME [HOSTNAME ...]]]
[--request-id [REQUEST_ID [REQUEST_ID ...]]]
[--user-id [USER_ID [USER_ID ...]]]
Description
Get system events filtered by given params. If param value is None or [] it will not be used for filtering.
Returns
Returns list: List of events matching the provided filters, ordered by time stamp, most recent event first
Optional
optional arguments:
-h, --help show this help message and exit
--event-type [EVENT_TYPE [EVENT_TYPE ...]]
Filter by (default: None)
--entity-type [ENTITY_TYPE [ENTITY_TYPE ...]]
Filter by (default: None)
--entity-id [ENTITY_ID [ENTITY_ID ...]]
Filter by (default: None)
--severity [SEVERITY [SEVERITY ...]]
Filter by (default: None)
--start-timestamp START_TIMESTAMP
Start of query period (milliseconds since epoch), by default - 1 hour back
--end-timestamp END_TIMESTAMP
End of query period (milliseconds since epoch), by default - now
--limit LIMIT Limit amount of events (default: 50)
--offset OFFSET Offset to paginate the results (default: None)
--project-id [PROJECT_ID [PROJECT_ID ...]]
If the user is system admin, the project ID will be used to filter events if it is not
None, else, the project_id will be overriden with the users project ID
--hostname [HOSTNAME [HOSTNAME ...]]
Filter by (default: None)
--request-id [REQUEST_ID [REQUEST_ID ...]]
Filter by (default: None)
--user-id [USER_ID [USER_ID ...]]
Filter by (default: None)