2022 Zabbix中国峰会
2022 Zabbix中国峰会

event.get

Description

描述

integer/array event.get(object parameters) 整数/数组 event.get(object parameters)

The method allows to retrieve events according to the given parameters. 此方法用于根据给定参数来获取事件

Parameters

参数

(object) Parameters defining the desired output. (对象) 定义所需输出的参数.

The method supports the following parameters. 此方法支持以下参数:

Parameter Type Description
eventids string/array Return only events with the given IDs.
groupids string/array Return only events created by objects that belong to the given host groups.
hostids string/array Return only events created by objects that belong to the given hosts.
objectids string/array Return only events created by the given objects.
applicationids string/array Return only events created by objects that belong to the given applications. Applies only if object is trigger or item.
source integer Return only events with the given type.

Refer to the event object page for a list of supported event types.

Default: 0 - trigger events.
object integer Return only events created by objects of the given type.

Refer to the event object page for a list of supported object types.

Default: 0 - trigger.
acknowledged boolean If set to true return only acknowledged events.
severities integer/array Return only events with given event severities. Applies only if object is trigger.
evaltype integer Rules for tag searching.

Possible values:
0 - (default) And/Or;
2 - Or.
tags object Return only events with given tags. Exact match by tag and case-insensitive search by value and operator.
Format: [{"tag": "<tag>", "value": "<value>", "operator": "<operator>"}, ...].
An empty array returns all events.

Possible operator types:
0 - (default) Like;
1 - Equal.
eventid_from string Return only events with IDs greater or equal to the given ID.
eventid_till string Return only events with IDs less or equal to the given ID.
time_from timestamp Return only events that have been created after or at the given time.
time_till timestamp Return only events that have been created before or at the given time.
value integer/array Return only events with the given values.
selectHosts query Return hosts containing the object that created the event in the hosts property. Supported only for events generated by triggers, items or LLD rules.
selectRelatedObject query Return the object that created the event in the relatedObject property. The type of object returned depends on the event type.
select_alerts query Return alerts generated by the event in the alerts property. Alerts are sorted in reverse chronological order.
select_acknowledges query Return event's updates in the acknowledges property. Event updates are sorted in reverse chronological order.

The event update object has the following properties:
acknowledgeid - (string) acknowledgement's ID;
userid - (string) ID of the user that updated the event;
eventid - (string) ID of the updated event;
clock - (timestamp) time when the event was updated;
message - (string) text of the message;
action - (integer) update action that was performed see event.acknowledge;
old_severity - (integer) event severity before this update action;
new_severity - (integer) event severity after this update action;
alias - (string) alias of the user that updated the event;
name - (string) name of the user that updated the event;
surname - (string) surname of the user that updated the event.

Supports count.
selectTags query Return event tags in tags property.
sortfield string/array Sort the result by the given properties.

Possible values are: eventid, objectid and clock.
countOutput boolean These parameters being common for all get methods are described in detail in the reference commentary page.
editable boolean
excludeSearch boolean
filter object
limit integer
output query
preservekeys boolean
search object
searchByAny boolean
searchWildcardsEnabled boolean
sortorder string/array
startSearch boolean
参数 类 描述
eventids string/array 仅返回具有给定ID的事件.
groupids string/array 仅返回由属于给定主机组的对象创建的事件.
hostids string/array 仅返回由属于给定主机的对象创建的事件。.
objectids string/array 仅返回由给定对象创建的事件.
applicationids string/array 仅返回属于给定应用程序的对象创建的事件。仅当对象为触发器或监控项时才适用。
source integer 仅返回给定类型的事件.

有关支持的事件类型的列表,请参阅事件对象页面.

默认值: 0 - 触发器事件.
object integer 仅返回由给定类型的对象创建的事件.

有关支持的对象类型的列表,请参阅事件对象页面.

默认值: 0 - 触发器.
acknowledged boolean 如果设置为“true”,则只返回已被确认的事件.
severities integer/array 仅返回符合给定严重程度的事件。仅当对象为触发器时才适用.
evaltype integer 标签搜索的规则.

可能值:
0 - (默认) 与/或;
2 - 或.
tags object 仅返回具有给定标签的事件. 按标签进行完全匹配;按值搜索时,不区分大小写.
Format: [{"tag": "<tag>", "value": "<value>", "operator": "<operator>"}, ...].
一个空数组会返回所有事件.

可能的操作类型:
0 - (默认) 相似(like);
1 - 相等(equal).
eventid_from string 仅返回ID大于或等于给定ID的事件.
eventid_till string 仅返回ID小于或等于给定ID的事件.
time_from timestamp 仅返回在给定时间时或之后创建的事件.
time_till timestamp 仅返回在给定时间时或之前创建的事件.
value integer/array 仅返回具有给定值的事件.
selectHosts query 主机 属性下,返回包含创建该事件的对象的主机. 仅支持由触发器、监控项、低级别发现规则生成的事件.
selectRelatedObject query 相关对象(relatedObject) 属性下,返回创建该事件的对象. 返回的对象类型会依赖于该事件的类型.
select_alerts query 告警 属性下,返回由该事件生成的告警.告警是按反向时间顺序进行排序
select_acknowledges query 确认 属性下,返回事件的更新. 事件的更新是按反向时间顺序进行排序.

事件更新对象具有以下属性:
acknowledgeid - (string) 确认的ID;
userid - (string) 更新事件的用户的ID;
eventid - (string) 被更新事件的ID;
clock - (timestamp) 事件的更新时间;
message - (string) 消息文本;
action - (integer) 已执行的更新操作,参考event.acknowledge;
old_severity - (integer) event severity before this update action更新操作之前的事件的严重等级;
new_severity - (integer) 更新操作之后的事件的严重等级;
alias - (string) alias of the user that updated the event更新该事件的用户的别名;
name - (string) 更新该事件的用户的名称;
surname - (string) 更新该事件的用户的姓氏.

支持 计数(count).
selectTags query 标签 属性下,返回事件的标签.
sortfield string/array 根据给定属性,对结果进行排序.

可能值: eventid, objectid 以及 clock.
countOutput boolean 以下参数为get方法通常参数,在参考注释有详细说明.
editable boolean
excludeSearch boolean
filter object
limit integer
output query
preservekeys boolean
search object
searchByAny boolean
searchWildcardsEnabled boolean
sortorder string/array
startSearch boolean

Return values

返回值

(integer/array) Returns either:

  • an array of objects;
  • the count of retrieved objects, if the countOutput parameter has been used.

(整数/数组) 返回:

  • 一个数组对象;
  • 如果使用了 countOutput 参数,返回获取的对象的数量.

Examples

例子

Retrieving trigger events

获取触发器事件

Retrieve the latest events from trigger "13926." 从触发器"13926"中获取最新事件

Request: 请求:

{
           "jsonrpc": "2.0",
           "method": "event.get",
           "params": {
               "output": "extend",
               "select_acknowledges": "extend",
               "selectTags": "extend",
               "objectids": "13926",
               "sortfield": ["clock", "eventid"],
               "sortorder": "DESC"
           },
           "auth": "038e1d7b1735c6a5436ee9eae095879e",
           "id": 1
       }

Response: 响应:

{
           "jsonrpc": "2.0",
           "result": [
               {
                   "acknowledges": [
                       {
                           "acknowledgeid": "1",
                           "userid": "1",
                           "eventid": "9695",
                           "clock": "1350640590",
                           "message": "Problem resolved.\n\r----[BULK ACKNOWLEDGE]----",
                           "action": "6",
                           "old_severity": "0",
                           "new_severity": "0",
                           "alias": "Admin",
                           "name": "Zabbix",
                           "surname": "Administrator"
                       }
                   ],
                   "eventid": "9695",
                   "source": "0",
                   "object": "0",
                   "objectid": "13926",
                   "clock": "1347970410",
                   "value": "1",
                   "acknowledged": "1",
                   "ns": "413316245",
                   "name": "MySQL is down",
                   "severity": "5",
                   "r_eventid": "0",
                   "c_eventid": "0",
                   "correlationid": "0",
                   "userid": "0",
                   "tags": [
                       {
                           "tag": "service",
                           "value": "mysqld"
                       },
                       {
                           "tag": "error",
                           "value": ""
                       }
                   ]
               },
               {
                   "acknowledges": [],
                   "eventid": "9671",
                   "source": "0",
                   "object": "0",
                   "objectid": "13926",
                   "clock": "1347970347",
                   "value": "0",
                   "acknowledged": "0",
                   "ns": "0",
                   "name": "Unavailable by ICMP ping",
                   "severity": "4",
                   "r_eventid": "0",
                   "c_eventid": "0",
                   "correlationid": "0",
                   "userid": "0",
                   "tags": []
               }
           ],
           "id": 1
       }

Retrieving events by time period

按时间段获取事件

Retrieve all events that have been created between October 9 and 10, 2012, in reverse chronological order. 在2012-10-9至2012-10-10时间段内,以逆时间顺序获取所有已被创建的事件。

Request: 请求:

{
           "jsonrpc": "2.0",
           "method": "event.get",
           "params": {
               "output": "extend",
               "time_from": "1349797228",
               "time_till": "1350661228",
               "sortfield": ["clock", "eventid"],
               "sortorder": "desc"
           },
           "auth": "038e1d7b1735c6a5436ee9eae095879e",
           "id": 1
       }

Response: 响应:

{
           "jsonrpc": "2.0",
           "result": [
               {
                   "eventid": "20616",
                   "source": "0",
                   "object": "0",
                   "objectid": "14282",
                   "clock": "1350477814",
                   "value": "1",
                   "acknowledged": "0",
                   "ns": "0",
                   "name": "Less than 25% free in the history cache",
                   "severity": "3",
                   "r_eventid": "0",
                   "c_eventid": "0",
                   "correlationid": "0",
                   "userid": "0"
               },
               {
                   "eventid": "20617",
                   "source": "0",
                   "object": "0",
                   "objectid": "14283",
                   "clock": "1350477814",
                   "value": "0",
                   "acknowledged": "0",
                   "ns": "0",
                   "name": "Zabbix trapper processes more than 75% busy",
                   "severity": "3",
                   "r_eventid": "0",
                   "c_eventid": "0",
                   "correlationid": "0",
                   "userid": "0"
               },
               {
                   "eventid": "20618",
                   "source": "0",
                   "object": "0",
                   "objectid": "14284",
                   "clock": "1350477815",
                   "value": "1",
                   "acknowledged": "0",
                   "ns": "0",
                   "name": "High ICMP ping loss",
                   "severity": "3",
                   "r_eventid": "0",
                   "c_eventid": "0",
                   "correlationid": "0",
                   "userid": "0"
               }
           ],
           "id": 1
       }

See also

参考

Source

来源

CEvent::get() in frontends/php/include/classes/api/services/CEvent.php.