Events filtering

Johautt

Good Morning.

We are trying to capture the following events through the mango REST API through its 'events-rest-controller' interface:

We have done tests with the endpoint '/v1/events', with which we have been able to capture the events.

We have also been able to capture executing several types of filters for this endpoint.

This, for example, is a query to the endpoint to filter by 'acknowledged':

This one is for filtering by 'active':

And this last is to filter by 'alarmLevel':

But when we try to filter by 'message', it does not show us any results, even though the filter has the same coincidence with the three events:

We tried to consult the endpoint '/v1/events/module-defined-query' but we do not understand it, and we have always had errors in the way we fill the body.

What we want to know is:

1. How to filter events by message.

2. How the endpoint '/v1/events/module-defined-query' works. We have already consulted the endpoint '/v1/events/explain-module-defined-queries', but we still do not understand it.

3. We also are trying with '/v1/events/query'. If you can supply us information about this endpoint, it would be helpful.

Beforehand thank you very much.

Jared Wiltshire

@johautt said in Events filtering:

But when we try to filter by 'message', it does not show us any results, even though the filter has the same coincidence with the three events:

The reason for this is that the message is not stored in the SQL database as a plain string, it is stored as a translatable key with arguments. Try running SELECT * FROM EVENTS ORDER BY ACTIVETS DESC LIMIT 10; from the SQL console to see what I mean. You can filter on it but your query will have to match the format in the DB, try using the RQL like operator. e.g. /rest/v1/events?message=like=event.detector.lowLimitPeriod*&sort(-activeTimestamp)&limit(10,0)

@johautt said in Events filtering:

How the endpoint '/v1/events/module-defined-query' works.

Honestly I'm not sure myself. I don't think it is what you what. @terrypacker might be able to help.

@johautt said in Events filtering:

We also are trying with '/v1/events/query'.

This is the same as RQL query endpoint but it is a POST endpoint that takes a JSON query object in the body instead of query parameters in the URL.

Johautt

Ok @Jared-Wiltshire, thank you very much!!! Now we know how to send the 'message' filter in the endpoint '/v1/events'. In fact, the SQL console answer in the field 'MESSAGE' was 'common.default|fallaPCI|'.

But we also want to implement the POST endpoint '/v1/events/query'. We are using this body (in this case to see which events are active):

{
  "arguments": [
    {"active": true}
  ],
  "argumentsSize": 1,
  "name": "string",
  "nameValid": true,
  "rootNode": true
}

But it returns a status 500 (Server Error) with this body:

{
    "cause": "RQLToSQLParseException: Unsupported operation: string",
    "mangoStatusCode": -1,
    "mangoStatusName": null,
    "localizedMessage": "Internal Server Error"
}

Can you give us an example of how to use this endpoint?

Jared Wiltshire

I believe the body will be something simply like

{
  "name": "eq",
  "arguments": ["common.default|fallaPCI|"]
}

You can do more complex queries like

{
  "name":"or",
  "arguments":[
    {
      "name":"eq",
      "arguments":[
        "common.default|fallaPCI|"
      ]
    },
    {
      "name":"like",
      "arguments":[
        "common.default*"
      ]
    }
  ]
}

Johautt

We tried with both bodies you provided, but returns a 500 error with this body:

{
    "cause": "IndexOutOfBoundsException: Index: 1, Size: 1",
    "mangoStatusCode": -1,
    "mangoStatusName": null,
    "localizedMessage": "Internal Server Error"
}

Johautt

Ok, we found the right way to send the body:

{
  "name":"and",
  "arguments":[
    {
      "name":"eq",
      "arguments":[
        "active",true
      ]
    },
    {
      "name":"like",
      "arguments":[
        "message","*fallaPCI*"
      ]
    }
  ]
}

Doing the body this way, responds a 200 (ok) with the body:

{
    "items": [
        {
            "eventType": {
                "dataSourceId": 652,
                "dataPointId": 13948,
                "pointEventDetectorId": 194,
                "duplicateHandling": 2,
                "eventType": "DATA_POINT",
                "eventSubtype": null,
                "referenceId1": 13948,
                "referenceId2": 194,
                "systemMessage": false,
                "rateLimited": false,
                "publisherId": -1
            },
            "message": "fallaPCI",
            "id": 105235,
            "active": true,
            "status": "",
            "alarmLevel": "CRITICAL",
            "activeTimestamp": 1552682510905,
            "acknowledged": false,
            "comments": null,
            "acknowledgedTimestamp": 0,
            "acknowledgedByUserId": 0,
            "acknowledgedByUsername": null,
            "acknowledgedMessage": null,
            "returnToNormalTimestamp": 0
        }
    ],
    "total": 1
}

We solved all of the doubts. Thank you very much!!!

Jared Wiltshire

Sorry yes I forgot to add the column name to the arguments. Glad you sorted it out.