Solved

Filter alerts via API from Prism Central

  • 10 June 2020
  • 6 replies
  • 4193 views

Anyone have any insights to share about using the filter option in the /alerts/list API method in Prism Central? Here is that method in the documentation:

https://www.nutanix.dev/reference/prism_central/v3/api/alerts/postalertslist/

It looks like there isn’t much information available about the filter option. I have found a (very) little bit of information online about FIQL, but I have no idea what field names are available for alerts in Prism Central.

icon

Best answer by AnishWalia20 11 June 2020, 12:50

Hi @Keith K v3 APIs filter follows FIQL syntax. example to filter out a VM with name and cluster UUID in /vms/list API can be done using:

 "filter": "vm_name==MYSQL.*;cluster=in=<cluster uuid>", 

 

 

Here is a post where there is an example on how to use Filter syntax for /vms/list API .

https://next.nutanix.com/api-31/filter-alerts-via-api-from-prism-central-37704

 

For alerts too, it works the same as above. We don’t have any documentation as such. Below is an example of how to use this :
 

{
"entity_type": "alert",
"query_name": "eb:data-1591856320500",
"grouping_attribute": "",
"group_count": 3,
"group_offset": 0,
"group_attributes": [],
"group_member_count": 40,
"group_member_offset": 0,
"group_member_sort_attribute": "_created_timestamp_usecs_",
"group_member_sort_order": "DESCENDING",
"group_member_attributes": [{
"attribute": "title"
}, {
"attribute": "source_entity_name"
}, {
"attribute": "primary_impact_type"
}, {
"attribute": "severity"
}, {
"attribute": "status"
}, {
"attribute": "_created_timestamp_usecs_"
}, {
"attribute": "last_occurred_timestamp_usecs"
}, {
"attribute": "cluster"
}, {
"attribute": "default_message"
}, {
"attribute": "param_name_list"
}, {
"attribute": "param_value_list"
}, {
"attribute": "auto_resolved"
}, {
"attribute": "acknowledged"
}, {
"attribute": "acknowledging_user"
}, {
"attribute": "acknowledged_timestamp_usecs"
}, {
"attribute": "resolved"
}, {
"attribute": "resolving_user"
}, {
"attribute": "resolved_timestamp_usecs"
}, {
"attribute": "source_entity_uuid"
}, {
"attribute": "source_entity_type"
}, {
"attribute": "impact_type"
}],
"filter_criteria": "(severity==critical,severity==warning);primary_impact_type==Availability;resolved==false"
}
Request URL:https://<PC_IP>:9440/api/nutanix/v3/groups
Request Method: POST

 

Filters have known issue with v3 APIs, they say it is not supported but few things work.

 

View original

This topic has been closed for comments

6 replies

Userlevel 6
Badge +5

Hi @Keith K v3 APIs filter follows FIQL syntax. example to filter out a VM with name and cluster UUID in /vms/list API can be done using:

 "filter": "vm_name==MYSQL.*;cluster=in=<cluster uuid>", 

 

 

Here is a post where there is an example on how to use Filter syntax for /vms/list API .

https://next.nutanix.com/api-31/filter-alerts-via-api-from-prism-central-37704

 

For alerts too, it works the same as above. We don’t have any documentation as such. Below is an example of how to use this :
 

{
"entity_type": "alert",
"query_name": "eb:data-1591856320500",
"grouping_attribute": "",
"group_count": 3,
"group_offset": 0,
"group_attributes": [],
"group_member_count": 40,
"group_member_offset": 0,
"group_member_sort_attribute": "_created_timestamp_usecs_",
"group_member_sort_order": "DESCENDING",
"group_member_attributes": [{
"attribute": "title"
}, {
"attribute": "source_entity_name"
}, {
"attribute": "primary_impact_type"
}, {
"attribute": "severity"
}, {
"attribute": "status"
}, {
"attribute": "_created_timestamp_usecs_"
}, {
"attribute": "last_occurred_timestamp_usecs"
}, {
"attribute": "cluster"
}, {
"attribute": "default_message"
}, {
"attribute": "param_name_list"
}, {
"attribute": "param_value_list"
}, {
"attribute": "auto_resolved"
}, {
"attribute": "acknowledged"
}, {
"attribute": "acknowledging_user"
}, {
"attribute": "acknowledged_timestamp_usecs"
}, {
"attribute": "resolved"
}, {
"attribute": "resolving_user"
}, {
"attribute": "resolved_timestamp_usecs"
}, {
"attribute": "source_entity_uuid"
}, {
"attribute": "source_entity_type"
}, {
"attribute": "impact_type"
}],
"filter_criteria": "(severity==critical,severity==warning);primary_impact_type==Availability;resolved==false"
}
Request URL:https://<PC_IP>:9440/api/nutanix/v3/groups
Request Method: POST

 

Filters have known issue with v3 APIs, they say it is not supported but few things work.

 

Thanks, @AnishWalia20! The resolved status is one of the details on which I need to filter, so this gets me part of the way there. The other is the resolved date/time. You don’t happen to know how to refer to that one in a filter, do you?

Userlevel 6
Badge +5

Hey @Keith K . That’s great that you can partly get the alert details. So I suppose the resolved date/time cannot be filtered as there are no such attributes to filter from.

Also did you try the above ?

Let me know if you require any other clarifications.

 

I only tried the filter (resolved==false) part because I was specifically interested in filtering which alerts came back. I should try listing the attributes as well, as that could be quite useful.

Should the attribute names for the filter be the same as those you listed? If so, maybe I should see if I can use resolved_timestamp_usecs. I’ll at least test it a little bit and see what happens.

Thanks again, @AnishWalia20!

Userlevel 6
Badge +5

Hey @Keith K , exactly that could be useful too.

Yes, the attribute names for the filter should be the same as I listed on the reply above. Yes, you can try using “resolved_timestamp_usecs”. Surely, you can just try to play around with the attributes a little and experiment.

Glad to help @Keith K :smile:

Let me know if you need anything else.

Userlevel 6
Badge +5

Hey @Keith K did you try using this attribute “resolved_timestamp_usecs” and got any result ?