Filter alerts via API from Prism Central | Nutanix Community
Skip to main content
Solved

Filter alerts via API from Prism Central


Anyone have any insights to share about using the filter option in the /alerts/list API method in Prism Central? Here is that method in the documentation:

https://www.nutanix.dev/reference/prism_central/v3/api/alerts/postalertslist/

It looks like there isn’t much information available about the filter option. I have found a (very) little bit of information online about FIQL, but I have no idea what field names are available for alerts in Prism Central.

Best answer by AnishWalia20

Hi @Keith K v3 APIs filter follows FIQL syntax. example to filter out a VM with name and cluster UUID in /vms/list API can be done using:

 "filter": "vm_name==MYSQL.*;cluster=in=<cluster uuid>", 

 

 

Here is a post where there is an example on how to use Filter syntax for /vms/list API .

https://next.nutanix.com/api-31/filter-alerts-via-api-from-prism-central-37704

 

For alerts too, it works the same as above. We don’t have any documentation as such. Below is an example of how to use this :
 

{
	"entity_type": "alert",
	"query_name": "eb:data-1591856320500",
	"grouping_attribute": "",
	"group_count": 3,
	"group_offset": 0,
	"group_attributes": [],
	"group_member_count": 40,
	"group_member_offset": 0,
	"group_member_sort_attribute": "_created_timestamp_usecs_",
	"group_member_sort_order": "DESCENDING",
	"group_member_attributes": [{
		"attribute": "title"
	}, {
		"attribute": "source_entity_name"
	}, {
		"attribute": "primary_impact_type"
	}, {
		"attribute": "severity"
	}, {
		"attribute": "status"
	}, {
		"attribute": "_created_timestamp_usecs_"
	}, {
		"attribute": "last_occurred_timestamp_usecs"
	}, {
		"attribute": "cluster"
	}, {
		"attribute": "default_message"
	}, {
		"attribute": "param_name_list"
	}, {
		"attribute": "param_value_list"
	}, {
		"attribute": "auto_resolved"
	}, {
		"attribute": "acknowledged"
	}, {
		"attribute": "acknowledging_user"
	}, {
		"attribute": "acknowledged_timestamp_usecs"
	}, {
		"attribute": "resolved"
	}, {
		"attribute": "resolving_user"
	}, {
		"attribute": "resolved_timestamp_usecs"
	}, {
		"attribute": "source_entity_uuid"
	}, {
		"attribute": "source_entity_type"
	}, {
		"attribute": "impact_type"
	}],
	"filter_criteria": "(severity==critical,severity==warning);primary_impact_type==Availability;resolved==false"
}
Request URL:https://<PC_IP>:9440/api/nutanix/v3/groups
Request Method: POST

 

Filters have known issue with v3 APIs, they say it is not supported but few things work.

 

View original
Did this topic help you find an answer to your question?
This topic has been closed for comments

6 replies

AnishWalia20
Nutanix Employee
Forum|alt.badge.img+5
  • Nutanix Employee
  • 201 replies
  • Answer
  • June 11, 2020

Hi @Keith K v3 APIs filter follows FIQL syntax. example to filter out a VM with name and cluster UUID in /vms/list API can be done using:

 "filter": "vm_name==MYSQL.*;cluster=in=<cluster uuid>", 

 

 

Here is a post where there is an example on how to use Filter syntax for /vms/list API .

https://next.nutanix.com/api-31/filter-alerts-via-api-from-prism-central-37704

 

For alerts too, it works the same as above. We don’t have any documentation as such. Below is an example of how to use this :
 

{
	"entity_type": "alert",
	"query_name": "eb:data-1591856320500",
	"grouping_attribute": "",
	"group_count": 3,
	"group_offset": 0,
	"group_attributes": [],
	"group_member_count": 40,
	"group_member_offset": 0,
	"group_member_sort_attribute": "_created_timestamp_usecs_",
	"group_member_sort_order": "DESCENDING",
	"group_member_attributes": [{
		"attribute": "title"
	}, {
		"attribute": "source_entity_name"
	}, {
		"attribute": "primary_impact_type"
	}, {
		"attribute": "severity"
	}, {
		"attribute": "status"
	}, {
		"attribute": "_created_timestamp_usecs_"
	}, {
		"attribute": "last_occurred_timestamp_usecs"
	}, {
		"attribute": "cluster"
	}, {
		"attribute": "default_message"
	}, {
		"attribute": "param_name_list"
	}, {
		"attribute": "param_value_list"
	}, {
		"attribute": "auto_resolved"
	}, {
		"attribute": "acknowledged"
	}, {
		"attribute": "acknowledging_user"
	}, {
		"attribute": "acknowledged_timestamp_usecs"
	}, {
		"attribute": "resolved"
	}, {
		"attribute": "resolving_user"
	}, {
		"attribute": "resolved_timestamp_usecs"
	}, {
		"attribute": "source_entity_uuid"
	}, {
		"attribute": "source_entity_type"
	}, {
		"attribute": "impact_type"
	}],
	"filter_criteria": "(severity==critical,severity==warning);primary_impact_type==Availability;resolved==false"
}
Request URL:https://<PC_IP>:9440/api/nutanix/v3/groups
Request Method: POST

 

Filters have known issue with v3 APIs, they say it is not supported but few things work.

 


  • Author
  • Voyager
  • 2 replies
  • June 11, 2020

Thanks, @AnishWalia20! The resolved status is one of the details on which I need to filter, so this gets me part of the way there. The other is the resolved date/time. You don’t happen to know how to refer to that one in a filter, do you?


AnishWalia20
Nutanix Employee
Forum|alt.badge.img+5
  • Nutanix Employee
  • 201 replies
  • June 23, 2020

Hey @Keith K . That’s great that you can partly get the alert details. So I suppose the resolved date/time cannot be filtered as there are no such attributes to filter from.

Also did you try the above ?

Let me know if you require any other clarifications.

 


  • Author
  • Voyager
  • 2 replies
  • June 23, 2020

I only tried the filter (resolved==false) part because I was specifically interested in filtering which alerts came back. I should try listing the attributes as well, as that could be quite useful.

Should the attribute names for the filter be the same as those you listed? If so, maybe I should see if I can use resolved_timestamp_usecs. I’ll at least test it a little bit and see what happens.

Thanks again, @AnishWalia20!


AnishWalia20
Nutanix Employee
Forum|alt.badge.img+5
  • Nutanix Employee
  • 201 replies
  • June 23, 2020

Hey @Keith K , exactly that could be useful too.

Yes, the attribute names for the filter should be the same as I listed on the reply above. Yes, you can try using “resolved_timestamp_usecs”. Surely, you can just try to play around with the attributes a little and experiment.

Glad to help @Keith K :smile:

Let me know if you need anything else.


AnishWalia20
Nutanix Employee
Forum|alt.badge.img+5
  • Nutanix Employee
  • 201 replies
  • June 25, 2020

Hey @Keith K did you try using this attribute “resolved_timestamp_usecs” and got any result ?