Documentation
event.get
描述
integer/array event.get(object parameters)
该方法允许根据给定的参数检索事件。
如果某些事件尚未被看门狗(housekeeper)移除, 此方法可能会返回已删除实体的事件。
此方法适用于任何类型的用户。调用该方法的权限可以在用户角色设置中撤销。更多信息请参见 User roles。
参数
(object) 定义期望输出的参数.
该方法支持以下参数.
| 参数 | 数据类型 | 描述 |
|---|---|---|
| eventids | ID/array | 仅返回具有指定ID的事件. |
| groupids | ID/array | 仅返回由objects创建且属于指定主机组的事件. |
| hostids | ID/array | 仅返回由objects创建且属于指定主机的事件. |
| objectids | ID/array | 仅返回由指定objects创建的事件. |
| source | integer | 仅返回具有指定类型的事件. 参考事件获取支持的事件类型列表. 默认值: 0 - 触发器事件. |
| object | integer | 仅返回由指定类型的objects创建的事件. 参考事件获取支持的object类型列表. 默认值: 0 - 触发器. |
| acknowledged | boolean | 若设为true则仅返回已确认的事件. |
| action | integer | 仅返回已执行指定event update actions操作的事件. 对于多个操作, 可使用任意可接受位图值的和作为位掩码(例如34表示acknowledge和抑制事件). |
| action_userids | ID/array | 仅返回由指定ID用户执行了事件update操作的事件. |
| suppressed | boolean | true - 仅返回被抑制的事件;false - 返回正常状态的事件. |
| symptom | boolean | true - 仅返回症状事件;false - 仅返回原因事件. |
| severities | integer/array | 仅返回具有指定事件严重性的事件. 仅当object为触发器时适用. |
| trigger_severities | integer/array | 仅返回具有指定触发器严重性的事件. 仅当object为触发器时适用. |
| evaltype | integer | 标签evaluation method. 可能值: 0 - (默认) 与/或; 2 - 或. |
| tags | array | 仅返回具有指定标签的事件. 格式: [{"tag": "<tag>", "value": "<value>", "operator": "<operator>"}, ...].空array返回所有事件. 可能的operator值: 0 - (默认) 包含; 1 - 等于; 2 - 不包含; 3 - 不等于; 4 - 存在; 5 - 不存在. |
| eventid_from | string | 仅返回ID大于或等于指定ID的事件. |
| eventid_till | string | 仅返回ID小于或等于指定ID的事件. |
| time_from | timestamp | 仅返回在指定时间之后或当时创建的事件. |
| time_till | timestamp | 仅返回在指定时间之前或当时创建的事件. |
| problem_time_from | timestamp | 仅返回在problem_time_from时处于问题状态的事件, 无论其当前状态如何. 仅当源为触发器事件且object为触发器时适用. 若指定了problem_time_till, 则此参数为必填. |
| problem_time_till | timestamp | 仅返回在problem_time_till时处于问题状态的事件, 无论其当前状态如何. 仅当源为触发器事件且object为触发器时适用. 若指定了problem_time_from, 则此参数为必填. |
| value | integer/array | 仅返回具有指定值的事件. |
| selectAcknowledges | query | 返回包含事件更新的acknowledges属性. 事件更新按时间倒序排列.事件updateobject具有以下属性: acknowledgeid - (ID)确认ID;userid - (ID)更新事件的用户ID;clock - (timestamp)事件更新时间;message - (string)消息文本;action - (integer)执行的update操作, 参见event.acknowledge;old_severity - (integer)此update操作前的事件严重性;new_severity - (integer)此update操作后的事件严重性;suppress_until - (timestamp)事件将被抑制的时间;taskid - (ID)若当前事件正在进行等级变更的任务ID;username - (string)更新事件的用户名;name - (string)更新事件的用户姓名;surname - (string)更新事件的用户姓氏.支持 count. |
| selectAlerts | query | 返回包含事件生成告警的alerts属性. 告警按时间倒序排列. |
| selectHosts | query | 返回包含创建事件的object的主机的hosts属性. 仅支持由触发器, 监控项或LLD规则生成的事件. |
| selectRelatedObject | query | 返回包含创建事件的object的relatedObject属性. 返回的object类型取决于事件类型. |
| selectSuppressionData | query | 返回包含活动维护和手动抑制列表的suppression_data属性:maintenanceid - (ID)维护ID;userid - (ID)抑制事件的用户ID;suppress_until - (integer)事件被抑制的时间. |
| selectTags | query | 返回包含事件标签的tags属性. |
| filter | object | 仅返回完全匹配指定过滤条件的结果. 接受一个object, 其中键为属性名, 值为单个值或要匹配的array值. 不支持 text类型的数据类型属性. |
| sortfield | string/array | 按指定属性排序结果. 可能值: eventid, objectid, clock.与 groupBy一起使用时的可能值: objectid.与 countOutput和groupBy一起使用时的可能值: objectid, rowscount. |
| groupBy | string/array | 按指定属性分组结果. 指定的属性将在结果中返回. 可能值: objectid. |
| countOutput | boolean | 这些参数在通用get方法参数中有描述. |
| editable | boolean | |
| excludeSearch | boolean | |
| limit | integer | |
| output | query | |
| preservekeys | boolean | |
| search | object | |
| searchByAny | boolean | |
| searchWildcardsEnabled | boolean | |
| sortorder | string/array | |
| startSearch | boolean | |
| select_acknowledges (deprecated) |
query | 此参数已弃用, 请改用selectAcknowledges.返回包含事件更新的 acknowledges属性.事件更新按时间倒序排列. 事件updateobject具有以下属性: acknowledgeid - (ID)确认ID;userid - (ID)更新事件的用户ID;clock - (timestamp)事件更新时间;message - (string)消息文本;action - (integer)执行的update操作, 参见event.acknowledge;old_severity - (integer)此update操作前的事件严重性;new_severity - (integer)此update操作后的事件严重性;suppress_until - (timestamp)事件将被抑制的时间;taskid - (ID)若当前事件正在进行等级变更的任务ID;username - (string)更新事件的用户名;name - (string)更新事件的用户姓名;surname - (string)更新事件的用户姓氏.支持 count. |
| select_alerts (deprecated) |
query | 此参数已弃用, 请改用selectAlerts.返回包含事件生成告警的 alerts属性.告警按时间倒序排列. |
返回值
(integer/array) 返回以下之一:
- objects 的 array;
- 如果使用了
countOutput参数但未使用groupBy参数,则返回检索到的 objects 的数量; - 如果使用了
groupBy参数,则返回带有聚合结果的 objects 的 array。
示例
检索触发器事件
从触发器 "22395" 获取最新的事件。
执行请求:
{
"jsonrpc": "2.0",
"method": "event.get",
"params": {
"output": "extend",
"selectAcknowledges": "extend",
"selectSuppressionData": "extend",
"selectTags": "extend",
"objectids": "22395",
"sortfield": ["clock", "eventid"],
"sortorder": "DESC"
},
"id": 1
}响应:
{
"jsonrpc": "2.0",
"result": [
{
"eventid": "20",
"source": "0",
"object": "0",
"objectid": "22395",
"clock": "1728658089",
"value": "0",
"acknowledged": "0",
"ns": "461809482",
"name": "Load average is too high (per CPU load over 1.5 for 5m)",
"severity": "0",
"r_eventid": "0",
"c_eventid": "0",
"correlationid": "0",
"userid": "0",
"cause_eventid": "0",
"acknowledges": [],
"opdata": "Load averages(1m 5m 15m): (1.6328 3.0522 2.2515), # of CPUs: 2",
"suppression_data": [],
"suppressed": "0",
"tags": [
{
"tag": "scope",
"value": "capacity"
},
{
"tag": "scope",
"value": "performance"
},
{
"tag": "component",
"value": "cpu"
},
{
"tag": "class",
"value": "os"
},
{
"tag": "target",
"value": "linux"
}
],
"urls": []
},
{
"eventid": "4",
"source": "0",
"object": "0",
"objectid": "22395",
"clock": "1728657737",
"value": "1",
"acknowledged": "1",
"ns": "460759366",
"name": "Load average is too high (per CPU load over 1.5 for 5m)",
"severity": "3",
"r_eventid": "20",
"c_eventid": "0",
"correlationid": "0",
"userid": "0",
"cause_eventid": "0",
"acknowledges": [
{
"acknowledgeid": "1",
"userid": "1",
"clock": "1728657938",
"message": "Testing environment. Please disregard this alert.",
"action": "38",
"old_severity": "0",
"new_severity": "0",
"suppress_until": "1728744338",
"taskid": "0",
"username": "Admin",
"name": "Zabbix",
"surname": "Administrator"
}
],
"opdata": "Load averages(1m 5m 15m): (1.6328 3.0522 2.2515), # of CPUs: 2",
"suppression_data": [
{
"maintenanceid": "0",
"suppress_until": "1728744338",
"userid": "1"
}
],
"suppressed": "1",
"tags": [
{
"tag": "scope",
"value": "capacity"
},
{
"tag": "scope",
"value": "performance"
},
{
"tag": "component",
"value": "cpu"
},
{
"tag": "class",
"value": "os"
},
{
"tag": "target",
"value": "linux"
}
],
"urls": []
}
],
"id": 1
}按时间段检索事件
检索2012年10月17至18之间创建的所有事件,并按逆时间顺序排列。
执行请求:
{
"jsonrpc": "2.0",
"method": "event.get",
"params": {
"output": "extend",
"time_from": "1350432000",
"time_till": "1350518400",
"sortfield": ["clock", "eventid"],
"sortorder": "DESC"
},
"id": 1
}响应:
{
"jsonrpc": "2.0",
"result": [
{
"eventid": "20617",
"source": "0",
"object": "0",
"objectid": "14282",
"clock": "1350477816",
"value": "1",
"acknowledged": "0",
"ns": "0",
"name": "Less than 25% free in the history cache",
"severity": "3",
"r_eventid": "0",
"c_eventid": "0",
"correlationid": "0",
"userid": "0",
"cause_eventid": "0",
"opdata": "",
"suppressed": "0",
"urls": []
},
{
"eventid": "20616",
"source": "0",
"object": "0",
"objectid": "14281",
"clock": "1350477814",
"value": "0",
"acknowledged": "0",
"ns": "0",
"name": "Zabbix trapper processes more than 75% busy",
"severity": "0",
"r_eventid": "0",
"c_eventid": "0",
"correlationid": "0",
"userid": "0",
"cause_eventid": "0",
"opdata": "",
"suppressed": "0",
"urls": []
},
{
"eventid": "20615",
"source": "0",
"object": "0",
"objectid": "14281",
"clock": "1350477541",
"value": "1",
"acknowledged": "0",
"ns": "0",
"name": "Zabbix trapper processes more than 75% busy",
"severity": "3",
"r_eventid": "20616",
"c_eventid": "0",
"correlationid": "0",
"userid": "0",
"cause_eventid": "0",
"opdata": "",
"suppressed": "0",
"urls": []
}
],
"id": 1
}检索指定用户确认的事件
通过用户ID检索已确认的事件,用户ID=10
执行请求:
{
"jsonrpc": "2.0",
"method": "event.get",
"params": {
"output": "extend",
"action": 2,
"action_userids": [10],
"selectAcknowledges": ["userid", "action"],
"sortfield": ["eventid"],
"sortorder": "DESC"
},
"id": 1
}响应:
{
"jsonrpc": "2.0",
"result": [
{
"eventid": "503",
"source": "0",
"object": "0",
"objectid": "23162",
"clock": "1747212236",
"value": "1",
"acknowledged": "1",
"ns": "413470863",
"name": "Number of installed packages has been changed",
"severity": "2",
"r_eventid": "0",
"c_eventid": "0",
"correlationid": "0",
"userid": "0",
"cause_eventid": "0",
"acknowledges": [
{
"userid": "10",
"action": "2"
}
],
"opdata": "",
"suppressed": "0",
"urls": []
}
],
"id": 1
}获取具有问题事件计数的Top触发器
检索具有严重级别为“Warning”、“Average”、“High”或“Disaster”的Top 5触发器,以及在指定时间段内发生的问题事件数量。
执行请求:
{
"jsonrpc": "2.0",
"method": "event.get",
"params": {
"countOutput": true,
"groupBy": "objectid",
"source": 0,
"object": 0,
"value": 1,
"time_from": 1672531200,
"time_till": 1677628800,
"trigger_severities": [2, 3, 4, 5],
"sortfield": ["rowscount"],
"sortorder": "DESC",
"limit": 5
},
"id": 1
}响应:
{
"jsonrpc": "2.0",
"result": [
{
"objectid": "232124",
"rowscount": "27"
},
{
"objectid": "29055",
"rowscount": "23"
},
{
"objectid": "253731",
"rowscount": "18"
},
{
"objectid": "254062",
"rowscount": "11"
},
{
"objectid": "23216",
"rowscount": "7"
}
],
"id": 1
}另请参阅
来源
CEvent::get() 在 ui/include/classes/api/services/CEvent.php 中。