event.get

描述

integer/array event.get(object parameters)

该方法允许根据给定参数检索事件.

如果这些事件尚未被管家进程移除 该方法可能返回已删除实体的事件.

该方法对所有类型用户可用. 调用该方法的权限 可在用户角色设置中撤销. 更多信息请参阅User roles.

参数

(object) 定义期望输出的参数.

该方法支持以下参数.

参数 数据类型 描述
eventids ID/array 仅返回具有指定ID的事件.
groupids ID/array 仅返回由objects创建且属于指定主机组的事件.
hostids ID/array 仅返回由objects创建且属于指定主机的事件.
objectids ID/array 仅返回由指定objects创建的事件.
source integer 仅返回具有指定类型的事件.

参考事件获取支持的事件类型列表.

默认值: 0 - 触发器事件.
object integer 仅返回由指定类型的objects创建的事件.

参考事件获取支持的object类型列表.

默认值: 0 - 触发器.
acknowledged boolean 如果设置为true则仅返回已确认的事件.
action integer 仅返回对指定event update actions执行过操作的事件. 对于多个操作,使用任何可接受的位图值的和作为位掩码(例如34表示acknowledge和抑制事件).
action_userids ID/array 仅返回由执行事件update操作的指定用户ID创建的事件.
suppressed boolean true - 仅返回被抑制的事件;
false - 返回正常状态的事件.
symptom boolean true - 仅返回症状事件;
false - 仅返回原因事件.
severities integer/array 仅返回具有指定事件严重性的事件. 仅当object为触发器时适用.
trigger_severities integer/array 仅返回具有指定触发器严重性的事件. 仅当object为触发器时适用.
evaltype integer 标签搜索规则.

可能值:
0 - (默认) 与/或;
2 - 或.
tags array 仅返回具有指定标签的事件. 标签精确匹配,值和操作符不区分大小写.
格式: [{"tag": "<tag>", "value": "<value>", "operator": "<operator>"}, ...].
空array返回所有事件.

可能的操作符类型:
0 - (默认) 相似;
1 - 等于;
2 - 不相似;
3 - 不等于;
4 - 存在;
5 - 不存在.
eventid_from string 仅返回ID大于或等于指定ID的事件.
eventid_till string 仅返回ID小于或等于指定ID的事件.
time_from timestamp 仅返回在指定时间之后或等于指定时间创建的事件.
time_till timestamp 仅返回在指定时间之前或等于指定时间创建的事件.
problem_time_from timestamp 仅返回从problem_time_from开始处于问题状态的事件. 仅当事件源为触发器事件且object为触发器时适用. 如果指定了problem_time_till则为必填项.
problem_time_till timestamp 仅返回在problem_time_till之前处于问题状态的事件. 仅当事件源为触发器事件且object为触发器时适用. 如果指定了problem_time_from则为必填项.
value integer/array 仅返回具有指定值的事件.
selectAcknowledges query 返回包含事件更新的acknowledges属性. 事件更新按时间倒序排列.

事件updateobject具有以下属性:
acknowledgeid - (ID)确认ID;
userid - (ID)更新事件的用户ID;
clock - (timestamp)事件更新时间;
message - (string)消息文本;
action - (integer)执行的update操作,参见event.acknowledge;
old_severity - (integer)执行此update操作前的事件严重性;
new_severity - (integer)执行此update操作后的事件严重性;
suppress_until - (timestamp)事件将被抑制的时间;
taskid - (ID)如果当前事件正在进行等级变更的任务ID;
username - (string)更新事件的用户名;
name - (string)更新事件的用户名称;
surname - (string)更新事件的用户姓氏.

支持count.
selectAlerts query 返回包含事件生成的告警的alerts属性. 告警按时间倒序排列.
selectHosts query 返回包含创建事件的object的主机的hosts属性. 仅支持由触发器、监控项或LLD规则生成的事件.
selectRelatedObject query 返回包含创建事件的object的relatedObject属性. 返回的object类型取决于事件类型.
selectSuppressionData query 返回包含活动维护和手动抑制列表的suppression_data属性:
maintenanceid - (ID)维护ID;
userid - (ID)抑制事件的用户ID;
suppress_until - (integer)事件将被抑制的时间.
selectTags query 返回包含事件标签的tags属性.
filter object 仅返回与给定过滤器完全匹配的结果.

接受一个object,其中键是属性名,值是要匹配的单个值或array值.

不支持text数据类型的属性.
sortfield string/array 按给定属性排序结果.

可能值: eventid, objectid, clock.

groupBy一起使用时可能值: objectid.

countOutputgroupBy一起使用时可能值: objectid, rowscount.
groupBy string/array 按给定属性分组结果. 指定的属性将在结果中返回.

可能值: objectid.
countOutput boolean 这些参数在通用get方法参数中有描述.
editable boolean
excludeSearch boolean
limit integer
output query
preservekeys boolean
search object
searchByAny boolean
searchWildcardsEnabled boolean
sortorder string/array
startSearch boolean

返回值

(integer/array) 返回以下结果之一:

  • 一个包含objects的array;
  • 检索到的objects数量,当使用了countOutput参数但未使用groupBy参数时;
  • 包含聚合结果的objects的array,当使用了groupBy参数时。

示例

检索触发器事件

从触发器"22395"获取最新事件.

执行请求:

{  "jsonrpc": "2.0",  "method": "event.get",  "params": {  "output": "extend",  "selectAcknowledges": "extend",  "selectSuppressionData": "extend",  "selectTags": "extend",  "objectids": "22395",  "sortfield": ["clock", "eventid"],  "sortorder": "DESC"  },  "id": 1 }

响应:

{  "jsonrpc": "2.0",  "result": [  {  "eventid": "20",  "source": "0",  "object": "0",  "objectid": "22395",  "clock": "1728658089",  "value": "0",  "acknowledged": "0",  "ns": "461809482",  "name": "Load average is too high (per CPU load over 1.5 for 5m)",  "severity": "0",  "r_eventid": "0",  "c_eventid": "0",  "correlationid": "0",  "userid": "0",  "cause_eventid": "0",  "acknowledges": [],  "opdata": "Load averages(1m 5m 15m): (1.6328 3.0522 2.2515), # of CPUs: 2",  "suppression_data": [],  "suppressed": "0",  "tags": [  {  "tag": "scope",  "value": "capacity"  },  {  "tag": "scope",  "value": "performance"  },  {  "tag": "component",  "value": "cpu"  },  {  "tag": "class",  "value": "os"  },  {  "tag": "target",  "value": "linux"  }  ],  "urls": []  },  {  "eventid": "4",  "source": "0",  "object": "0",  "objectid": "22395",  "clock": "1728657737",  "value": "1",  "acknowledged": "1",  "ns": "460759366",  "name": "Load average is too high (per CPU load over 1.5 for 5m)",  "severity": "3",  "r_eventid": "20",  "c_eventid": "0",  "correlationid": "0",  "userid": "0",  "cause_eventid": "0",  "acknowledges": [  {  "acknowledgeid": "1",  "userid": "1",  "clock": "1728657938",  "message": "Testing environment. Please disregard this alert.",  "action": "38",  "old_severity": "0",  "new_severity": "0",  "suppress_until": "1728744338",  "taskid": "0",  "username": "Admin",  "name": "Zabbix",  "surname": "Administrator"  }  ],  "opdata": "Load averages(1m 5m 15m): (1.6328 3.0522 2.2515), # of CPUs: 2",  "suppression_data": [  {  "maintenanceid": "0",  "suppress_until": "1728744338",  "userid": "1"  }  ],  "suppressed": "1",  "tags": [  {  "tag": "scope",  "value": "capacity"  },  {  "tag": "scope",  "value": "performance"  },  {  "tag": "component",  "value": "cpu"  },  {  "tag": "class",  "value": "os"  },  {  "tag": "target",  "value": "linux"  }  ],  "urls": []  }  ],  "id": 1 }

按时间段检索事件

获取2012年10月17日至18日期间创建的所有事件,按时间倒序排列。

执行请求:

{  "jsonrpc": "2.0",  "method": "event.get",  "params": {  "output": "extend",  "time_from": "1350432000",  "time_till": "1350518400",  "sortfield": ["clock", "eventid"],  "sortorder": "DESC"  },  "id": 1 }

响应:

{  "jsonrpc": "2.0",  "result": [  {  "eventid": "20617",  "source": "0",  "object": "0",  "objectid": "14282",  "clock": "1350477816",  "value": "1",  "acknowledged": "0",  "ns": "0",  "name": "Less than 25% free in the history cache",  "severity": "3",  "r_eventid": "0",  "c_eventid": "0",  "correlationid": "0",  "userid": "0",  "cause_eventid": "0",  "opdata": "",  "suppressed": "0",  "urls": []  },  {  "eventid": "20616",  "source": "0",  "object": "0",  "objectid": "14281",  "clock": "1350477814",  "value": "0",  "acknowledged": "0",  "ns": "0",  "name": "Zabbix trapper processes more than 75% busy",  "severity": "0",  "r_eventid": "0",  "c_eventid": "0",  "correlationid": "0",  "userid": "0",  "cause_eventid": "0",  "opdata": "",  "suppressed": "0",  "urls": []  },  {  "eventid": "20615",  "source": "0",  "object": "0",  "objectid": "14281",  "clock": "1350477541",  "value": "1",  "acknowledged": "0",  "ns": "0",  "name": "Zabbix trapper processes more than 75% busy",  "severity": "3",  "r_eventid": "20616",  "c_eventid": "0",  "correlationid": "0",  "userid": "0",  "cause_eventid": "0",  "opdata": "",  "suppressed": "0",  "urls": []  }  ],  "id": 1 }

检索指定用户确认的事件

获取由ID=10的用户确认的事件

执行请求:

{  "jsonrpc": "2.0",  "method": "event.get",  "params": {  "output": "extend",  "action": 2,  "action_userids": [10],  "selectAcknowledges": ["userid", "action"],  "sortfield": ["eventid"],  "sortorder": "DESC"  },  "id": 1 }

响应:

{  "jsonrpc": "2.0",  "result": [  {  "eventid": "503",  "source": "0",  "object": "0",  "objectid": "23162",  "clock": "1747212236",  "value": "1",  "acknowledged": "1",  "ns": "413470863",  "name": "Number of installed packages has been changed",  "severity": "2",  "r_eventid": "0",  "c_eventid": "0",  "correlationid": "0",  "userid": "0",  "cause_eventid": "0",  "acknowledges": [  {  "userid": "10",  "action": "2"  }  ],  "opdata": "",  "suppressed": "0",  "urls": []  }  ],  "id": 1 }

获取具有问题事件计数的Top触发器

获取严重等级为"Warning"、"Average"、"High"或"Disaster"的前5个Top触发器,以及指定时间段内的问题事件数量。

执行请求:

{  "jsonrpc": "2.0",  "method": "event.get",  "params": {  "countOutput": true,  "groupBy": "objectid",  "source": 0,  "object": 0,  "value": 1,  "time_from": 1672531200,  "time_till": 1677628800,  "trigger_severities": [2, 3, 4, 5],  "sortfield": ["rowscount"],  "sortorder": "DESC",  "limit": 5  },  "id": 1 }

响应:

{  "jsonrpc": "2.0",  "result": [  {  "objectid": "232124",  "rowscount": "27"  },  {  "objectid": "29055",  "rowscount": "23"  },  {  "objectid": "253731",  "rowscount": "18"  },  {  "objectid": "254062",  "rowscount": "11"  },  {  "objectid": "23216",  "rowscount": "7"  }  ],  "id": 1 }

另请参阅

来源

CEvent::get() 位于 ui/include/classes/api/services/CEvent.php 文件中.