ameevents Command

Description

The amevents command is used to query AME event information from the event KV-store collections. The command gives access to tenant data based on the user executing the command.

The command returns a _key field which contains the event_key.

Syntax

The required syntax is in bold.

ameevents [tenants=<tenant_list> | <wc>] [status=<status_list> | <wc>] [status_types=<status_types_list> | <wc>] [assignees=<assignee_list> | <wc>] [tags=<tags-list> | <wc>] [tags_mode=<AND | OR>] [saved_searches=<JSON formatted <saved_searches_list> | <wc>] [resolutions=<resolution_list> | <wc>] [sla_info=<bool>] [has_slas=<bool>] [has_sla_violations=<bool>] [has_sla_violation_within=<int>]

Optional Arguments

tenants Syntax: tenants=<tenant_list> | <wc> Description: A comma-separated and quoted list of tenants or a wildcard for all tenants. Example: tenants="default,sec,ops" Default: tenants=*

status Syntax: status=<status_list> | <wc> Description: A comma-separated and quoted list of statuses or a wildcard for all statuses. Note that all_open and all_donecan be also used. Example: status="new,in_progress" Default: status=*

status_types Syntax: status_types_list=<status_types_list> Description: A comma-separated and quoted list of status types. Example: status_type="new,in_progress,done" Default: status_types=*

assignees Syntax: assignees=<assignee_list> | <wc> Description: A comma-separated and quoted list of assignees or a wildcard for all assignees. Example: assignees="user1,user2,user3" Default: assignees=*

tags Syntax: tags=<tag_list> | <wc> Description: A comma-separated and quoted list of tags or a wildcard for all tags. Example: tags="tag1,tag2,tag3" Default: tags=*

tag_mode Syntax: tag_mode=<AND> | <OR> Description: The tag search mode. Example: tag_mode="AND" Default: tag_mode="OR"

saved_searches Syntax: saved_searches=<saved_searches_list> | <wc> Description: A JSON formatted list of saved_search names or a wildcard for all tags. Example: saved_searches="["saved_search1","saved_search2"]" Default: saved_searches="*"

resolutions Syntax: resolutions=<resolution_list> | <wc> Description: A comma-separated and quoted list of resolutions or a wildcard for all resolutions. Example: resolutions="resolution1,"resolution two"" Default: resolutions=*

sla_info Syntax: sla_info=<bool> Description: Boolean value to indicate whether to include SLA information in the results. Example: sla_info="true" Default: sla_info="false"

has_slas Syntax: has_slas=<bool> Description: Boolean value to indicate whether to include events that have SLAs. Example: has_slas="true" Default: None

has_sla_violations Syntax: has_sla_violations=<bool> Description: boolean value to indicate whether to include events that have SLA violations. Example: has_sla_violations="true" Default: None

has_sla_violations_within Syntax: has_sla_violations_within=<bool> Description: Integer value to indicate the number of seconds remaning until an SLA is violated. Example: has_sla_violations_within="300" Default: None

Examples

1. Get all open events in tenant default

   | ameevents tenants="default" status="all_open"

2. Get all events for tenant default which are assigned to user1 or unassigned

   | ameevents tenants="default" assignees="unassigned,user1"

3. Get all events for tenant default, which have both tag1 and tag2

   | ameevents tenants="default" tags="tag1,tag2" tag_mode="AND"

4. Get all events for tenant default generated by alert saved_search1 or saved_search2

   | ameevents tenants="default" saved_searches="[\"saved_search1\",\"saved_search2\"]"

5. Get all open events in tenant ops and display SLA information

   | ameevents tenants="default" sla_info="true"