0

I've just started using Sensu, I know we have an Events API, where we can retrieve events. Since I'm used to Splunk, I used to run search queries to retrieve events. I'm trying to do the same here, Say I got the event below, how will I use Sensu Events API retrieve all the events that has "SN": "1234"? Can I ? if so how?

Thanks, Snabel

{
"id": "2829f9a5-ae0c-4698-b14e-c742cf575802",
"client": {
  "name": "test",
  "address": "x.x.x.x",
  "subscriptions": [
    "test"
  ],
  "version": "x",
  "timestamp": 1454840570
},
"check": {
  "name": "test me",
  "output": "...",
  "status": 1,
  "description": "---LOCAL---",
  "severity": "Informational",
  **"SN": "1234",**
  "executed": 1454840575,
  "issued": 1454840575,
  "history": [
    "1"
  ],
  "total_state_change": 0
},
"occurrences": 1,
"action": "create",
"timestamp": 1454840575
}
Mi-Creativity
  • 9,554
  • 10
  • 38
  • 47
snabel
  • 343
  • 1
  • 2
  • 15
  • What is "SN"? I didn't find it in the API documentation https://sensuapp.org/docs/latest/api-events – Enrique Arriaga Feb 16 '16 at 00:30
  • It's a parameter i added to the alert output. I've a client forwarding alerts to Sensu, i added this parameter in the client before forwarding it to Server. – snabel Feb 16 '16 at 09:21
  • If that is the case, I am not sure modyfing the event and using the API is the correct approach. Have you considered using Handlers? https://sensuapp.org/docs/latest/handlers they are great because they receive the output from the event and you can easily put logic there to process or store the info about the event – Enrique Arriaga Feb 17 '16 at 03:42

0 Answers0