documentation
documentation copied to clipboard
Graylog2
replace wrong API search for alerts on streams
Context
https://docs.graylog.org/en/4.0/pages/streams.html#checking-for-currently-active-alert-triggered-conditions
This is pre 3.1 and needs to be adjusted to the current state.
@jalogisch The new events system has no concept of active alerts anymore. We should replace the outdated documentation with something that tells users how to use the POST /api/events/search endpoint to fetch events and alerts.
The payload structure of the request looks like this:
{
"filter": {
"alerts": "only",
"event_definitions": []
},
"query": "",
"timerange": {
"type": "relative",
"range": 3600
},
"page": 1,
"per_page": 100,
"sort_by": "",
"sort_direction": "desc"
}
-
filter-
alerts- Configures if alerts should be included, excluded or if only alerts should be returned. (defaults toinclude)- Available values:
-
only: Result only includes alerts -
include: Result includes alerts and other events -
exclude: Result only includes non-alert events
-
- Available values:
-
event_definitions- Result only includes events from the given event definition IDs (defaults to an empty list to include events from all definitions)
-
-
query- ES search query to search for specific events (defaults to an empty string) -
timerange- The timerange for the request. If not included in the request it defaults to a relative range of 1 hour into the past.- Available types:
-
relative:
{"type": "relative", "range": 86400} -
keyword:
{"type": "keyword", "keyword": "last day"} -
absolute:
{"type": "absolute", "from": "2020-11-30T00:00:00.000Z", "to": "2020-12-01T00:00:00.000Z"}
-
relative:
- Available types:
-
page,per_page- Pagination information (defaults to 10 per page) -
sort_by- Event field to sort on (defaulttimestamp) -
sort_direction-ascordesc(defaultdesc)
A minimal query that uses all defaults looks like this:
curl -H Content-Type:application/json \
-H X-Requested-By:curl \
-X POST \
-d '{}' \
https://graylog.example.com/api/events/search
