integer/array event.get(object parameters)
该方法允许根据给定参数检索事件。
如果这些事件尚未被管家进程移除, 该方法可能返回已删除实体的事件。
该方法可供任何类型的用户使用。调用该方法的权限 可以在用户角色设置中撤销。更多信息请参阅User roles。
(object)
定义期望输出的参数.
该方法支持以下参数.
参数 | 数据类型 | 描述 |
---|---|---|
eventids | string/array | 仅返回具有指定ID的事件. |
groupids | string/array | 仅返回由objects创建的属于指定主机组的事件. |
hostids | string/array | 仅返回由objects创建的属于指定主机的事件. |
objectids | string/array | 仅返回由指定objects创建的事件. |
source | integer | 仅返回具有指定类型的事件. 参考事件获取支持的事件类型列表. 默认值: 0 - 触发器事件. |
object | integer | 仅返回由指定类型的objects创建的事件. 参考事件获取支持的object类型列表. 默认值: 0 - 触发器. |
acknowledged | boolean | 如果设置为true 则仅返回已确认的事件. |
suppressed | boolean | true - 仅返回被抑制的事件;false - 返回正常状态的事件. |
severities | integer/array | 仅返回具有指定事件严重性的事件. 仅当object为触发器时适用. |
evaltype | integer | 标签搜索规则. 可能值: 0 - (默认) 与/或; 2 - 或. |
tags | array of objects | 仅返回具有指定标签的事件. 标签精确匹配, 值和操作符不区分大小写. 格式: [{"tag": "<tag>", "value": "<value>", "operator": "<operator>"}, ...] .空array返回所有事件. 可能的操作符类型: 0 - (默认) 类似; 1 - 等于; 2 - 不类似; 3 - 不等于; 4 - 存在; 5 - 不存在. |
eventid_from | string | 仅返回ID大于或等于指定ID的事件. |
eventid_till | string | 仅返回ID小于或等于指定ID的事件. |
time_from | timestamp | 仅返回在指定时间之后或等于该时间创建的事件. |
time_till | timestamp | 仅返回在指定时间之前或等于该时间创建的事件. |
problem_time_from | timestamp | 仅返回从problem_time_from 开始处于问题状态的事件. 仅当事件源为触发器事件且object为触发器时适用. 如果指定了problem_time_till 则为必填项. |
problem_time_till | timestamp | 仅返回在problem_time_till 之前处于问题状态的事件. 仅当事件源为触发器事件且object为触发器时适用. 如果指定了problem_time_from 则为必填项. |
value | integer/array | 仅返回具有指定值的事件. |
selectHosts | query | 返回一个hosts属性, 其中主机包含创建事件的object. 仅支持由触发器、监控项或LLD规则生成的事件. |
selectRelatedObject | query | 返回一个relatedObject 属性, 其中包含创建事件的object. 返回的object类型取决于事件类型. |
select_alerts | query | 返回一个alerts属性, 其中包含事件生成的告警. 告警按时间倒序排列. |
select_acknowledges | query | 返回一个acknowledges 属性, 其中包含事件更新. 事件更新按时间倒序排列.事件update object具有以下属性: acknowledgeid - (string) 确认ID;userid - (string) 更新事件的用户ID;eventid - (string) 被更新事件的ID;clock - (timestamp) 事件更新时间;message - (string) 消息文本;action - (integer) update操作, 参见event.acknowledge;old_severity - (integer) 此update操作前的事件严重性;new_severity - (integer) 此update操作后的事件严重性;username - (string) 更新事件的用户名;name - (string) 更新事件的用户姓名;surname - (string) 更新事件的用户姓氏.支持 count . |
selectTags | query | 返回一个事件标签属性, 其中包含事件标签. |
selectSuppressionData | query | 返回一个suppression_data 属性, 其中包含维护列表:maintenanceid - (string) 维护ID;suppress_until - (integer) 事件被抑制的时间. |
sortfield | string/array | 按指定属性排序结果. 可能值为: eventid , objectid 和clock . |
countOutput | boolean | 这些参数在通用get方法参数中有描述. |
editable | boolean | |
excludeSearch | boolean | |
filter | object | |
limit | integer | |
output | query | |
preservekeys | boolean | |
search | object | |
searchByAny | boolean | |
searchWildcardsEnabled | boolean | |
sortorder | string/array | |
startSearch | boolean |
(integer/array)
返回以下两种情况之一:
countOutput
参数时)从触发器"13926"获取最新事件。
请求:
{
"jsonrpc": "2.0",
"method": "event.get",
"params": {
"output": "extend",
"select_acknowledges": "extend",
"selectTags": "extend",
"selectSuppressionData": "extend",
"objectids": "13926",
"sortfield": ["clock", "eventid"],
"sortorder": "DESC"
},
"auth": "038e1d7b1735c6a5436ee9eae095879e",
"id": 1
}
响应:
{
"jsonrpc": "2.0",
"result": [
{
"eventid": "9695",
"source": "0",
"object": "0",
"objectid": "13926",
"clock": "1347970410",
"value": "1",
"acknowledged": "1",
"ns": "413316245",
"name": "MySQL is down",
"severity": "5",
"r_eventid": "0",
"c_eventid": "0",
"correlationid": "0",
"userid": "0",
"opdata": "",
"acknowledges": [
{
"acknowledgeid": "1",
"userid": "1",
"eventid": "9695",
"clock": "1350640590",
"message": "Problem resolved.\n\r----[BULK ACKNOWLEDGE]----",
"action": "6",
"old_severity": "0",
"new_severity": "0",
"username": "Admin",
"name": "Zabbix",
"surname": "Administrator"
}
],
"suppression_data": [
{
"maintenanceid": "15",
"suppress_until": "1472511600"
}
],
"suppressed": "1",
"tags": [
{
"tag": "service",
"value": "mysqld"
},
{
"tag": "error",
"value": ""
}
]
},
{
"eventid": "9671",
"source": "0",
"object": "0",
"objectid": "13926",
"clock": "1347970347",
"value": "0",
"acknowledged": "0",
"ns": "0",
"name": "Unavailable by ICMP ping",
"severity": "0",
"r_eventid": "0",
"c_eventid": "0",
"correlationid": "0",
"userid": "0",
"opdata": "",
"acknowledges": [],
"suppression_data": [],
"suppressed": "0",
"tags": []
}
],
"id": 1
}
获取2012年10月9日至19日期间创建的所有事件,按时间倒序排列。
请求:
{
"jsonrpc": "2.0",
"method": "event.get",
"params": {
"output": "extend",
"time_from": "1349797228",
"time_till": "1350661228",
"sortfield": ["clock", "eventid"],
"sortorder": "desc"
},
"auth": "038e1d7b1735c6a5436ee9eae095879e",
"id": 1
}
响应:
{
"jsonrpc": "2.0",
"result": [
{
"eventid": "20618",
"source": "0",
"object": "0",
"objectid": "14284",
"clock": "1350477819",
"value": "1",
"acknowledged": "0",
"ns": "0",
"name": "Less than 25% free in the history cache",
"severity": "3",
"r_eventid": "0",
"c_eventid": "0",
"correlationid": "0",
"userid": "0",
"opdata": "",
"suppressed": "0"
},
{
"eventid": "20617",
"source": "0",
"object": "0",
"objectid": "14283",
"clock": "1350477817",
"value": "0",
"acknowledged": "0",
"ns": "0",
"name": "Zabbix trapper processes more than 75% busy",
"severity": "0",
"r_eventid": "0",
"c_eventid": "0",
"correlationid": "0",
"userid": "0",
"opdata": "",
"suppressed": "0"
},
{
"eventid": "20616",
"source": "0",
"object": "0",
"objectid": "14282",
"clock": "1350477815",
"value": "1",
"acknowledged": "0",
"ns": "0",
"name": "High ICMP ping loss",
"severity": "3",
"r_eventid": "0",
"c_eventid": "0",
"correlationid": "0",
"userid": "0",
"opdata": "",
"suppressed": "0"
}
],
"id": 1
}
CEvent::get() 位于 ui/include/classes/api/services/CEvent.php 文件中。