Ad Widget

**joseh** · 26-03-2015, 18:06

Hi!

I ran into this problem today.
In my case, I would like to find out if a recovery event exists before executing an action.

I am still playing with it but it shows promise, here's what I did:

I queried the API through event.get and passed three parameters on three objects.
1. time_from I set it to the original event's 'clock' value so that I will get only events after the PROBLEM event.
2. filter I set to objectid with value of the triggerid which we get from the original PROBLEM event.
3. (optional) limit can be set to 2 so that you get only the event proceeding the problem.

for me it returns something like the following:

Code:

[
    {
        "eventid": "557504",
        "source": "0",
        "object": "0",
        "objectid": "15195",
        "clock": "1427381057",
        "value": "1",
        "acknowledged": "0",
        "ns": "132219537"
    },
{
        "eventid": "557506",
        "source": "0",
        "object": "0",
        "objectid": "15195",
        "clock": "1427381117",
        "value": "0",
        "acknowledged": "0",
        "ns": "569004342"
    }
]

So, in this case, (I'm using PHP api) my original event will be $event[0] and my recovery event will be $event[1].
Now, I believe this will work because a trigger can only go into PROBLEM state _from_ an OK state. Cannot go from PROBLEM to PROBLEM.

Someone please correct me if I'm wrong.
I am still experimenting with this and would like to do it right myself.

I hope this helps to some extent.
For finding the original event from a recovery event I assume you can use the same method but instead make the api call using time_till instead of time_from. I have not tested it.

edit: It appears that triggerids are unique per host even if from a template. I believe this method should be reliable.
edit2: Use FILTER instead of SEARCH. I had some false positives show.

**uKaNU** · 30-03-2015, 04:08

Hi joseh,

Thanks for that. Appreciate it. I had a look inside the database and your method seems to reliable. I can get the triggerid from the alerts via events.

I'm not sure if the PHP API has this implemented. I'm using C# and using our own API.
But if you also set object = 0 and source = 0 then we can be sure it will only return events from a trigger.

I suggest further filter by hostid(s) and in your case, sorting by eventid in the sortfield. That should make sure your array $event contains the events in the right order instead of relying on the default order which might change in the future.

**joseh** · 30-03-2015, 16:57

Originally posted by uKaNU

Hi joseh,

Thanks for that. Appreciate it. I had a look inside the database and your method seems to reliable. I can get the triggerid from the alerts via events.

I'm not sure if the PHP API has this implemented. I'm using C# and using our own API.
But if you also set object = 0 and source = 0 then we can be sure it will only return events from a trigger.

I suggest further filter by hostid(s) and in your case, sorting by eventid in the sortfield. That should make sure your array $event contains the events in the right order instead of relying on the default order which might change in the future.

uKaNU,

I am glad it was of help to you.

I also appreciate your advice and will look into implementing that as it is a good idea to future-proof this.

Thank you.

Ad Widget

API: How to find recovery eventid from original eventid and vice versa

API: How to find recovery eventid from original eventid and vice versa

Comment

Comment

Comment