[Index]
A rule defining an alert.
Model ref.: data/AlertingRule
The full URL would include the host-proxy name: https://[host-proxy].
Variables are enclosed in square brackets.
{
"$schema": "http://json-schema.org/draft-03/schema",
"type": "object",
"properties": {
"policy": {
"title": "Policy",
"description": "The alerting policy this rule belongs to.",
"type": "string",
"format": "uri",
"required": true,
"target": "/api/data/AlertingPolicy/choices/?field=name&format=json&hierarchy=[hierarchy]&auth_token=[authtoken],
"target_attr": "name",
"target_model_type": "data/AlertingPolicy",
"choices": []
},
"name": {
"title": "Rule Name",
"description": "Name of the alerting rule. This must be unique per policy.",
"type": "string",
"maxLength": 255,
"required": true
},
"description": {
"title": "Description",
"description": "Provide a brief description of this Alerting Rule.",
"type": "string",
"maxLength": 8192
},
"rule_type": {
"title": "Rule Type",
"type": "string",
"choices": [
{
"value": "Simple",
"title": "Simple"
},
{
"value": "Compound",
"title": "Compound"
}
]
},
"alarm_id": {
"title": "Alarm Id",
"type": "integer"
},
"coorelation_type": {
"title": "Coorelation Type",
"type": "string",
"choices": [
{
"value": "Simple",
"title": "Simple"
},
{
"value": "Complex",
"title": "Complex"
}
]
},
"enabled": {
"title": "Enabled",
"type": "boolean"
},
"inherit": {
"title": "Inherit Output",
"description": "If you want filter data included?",
"type": "boolean"
},
"halt_processing_on_match": {
"title": "Halt Processing",
"description": "Halt processing in this policy group on match?",
"type": "boolean"
},
"window": {
"title": "Window",
"type": "integer",
"choices": [
{
"value": 30,
"title": "30 seconds"
},
{
"value": 60,
"title": "1 minute"
},
{
"value": 300,
"title": "5 minutes"
},
{
"value": 600,
"title": "10 minutes"
},
{
"value": 1800,
"title": "30 minutes"
},
{
"value": 3600,
"title": "1 hour"
},
{
"value": 7200,
"title": "2 hours"
},
{
"value": 14400,
"title": "4 hours"
},
{
"value": 28800,
"title": "8 hours"
},
{
"value": 43200,
"title": "12 hours"
},
{
"value": 86400,
"title": "24 hours"
}
]
},
"severity": {
"title": "Severity",
"type": "string",
"choices": [
{
"value": "Informational",
"title": "Informational"
},
{
"value": "Minor",
"title": "Minor"
},
{
"value": "Major",
"title": "Major"
},
{
"value": "Critical",
"title": "Critical"
}
]
},
"threshold": {
"title": "Threshold",
"type": "integer"
},
"search_filter": {
"title": "Search Filter",
"type": "string"
},
"rule_definitions": {
"title": "Definitions",
"description": "Definitions.",
"type": "array",
"items": {
"type": "object",
"properties": {
"description": {
"title": "Name",
"type": "string"
},
"location": {
"title": "Location",
"type": "string",
"required": true,
"choices": [
{
"value": "header",
"title": "Header"
},
{
"value": "raw_log",
"title": "Raw log"
}
]
},
"pattern_type": {
"title": "Pattern Type",
"type": "string",
"required": true,
"choices": [
{
"value": "match",
"title": "Match"
},
{
"value": "match_extract",
"title": "Match/Extract"
}
]
},
"pattern": {
"title": "Pattern",
"description": "Header name or regular expression for raw logs.",
"type": "string"
},
"function": {
"title": "Function",
"type": "string",
"choices": [
{
"value": "Greater Than",
"title": "Greater Than"
},
{
"value": "Less Than",
"title": "Less Than"
},
{
"value": "Same",
"title": "Same"
}
]
},
"function_value": {
"title": "Function Value",
"type": "integer"
},
"token": {
"title": "Token",
"description": "used for alert message output order",
"type": "integer"
}
}
}
},
"enrichment": {
"title": "Enrichment",
"description": "Enrich the alert with table details or additional verbage.",
"type": "array",
"items": {
"type": "object",
"properties": {
"location": {
"title": "Location",
"type": "string",
"required": true,
"choices": [
{
"value": "lookup in table",
"title": "table"
},
{
"value": "custom string",
"title": "custom"
}
]
},
"item": {
"title": "Item",
"type": "string"
},
"token": {
"title": "Token",
"description": "used for alert message output order",
"type": "integer"
}
}
}
},
"response_procedure": {
"title": "Response Procedure",
"description": "The response procedure for this alert rule.",
"type": "string",
"format": "uri",
"required": true,
"target": "/api/data/AlertingResponseProcedure/choices/?field=name&format=json&hierarchy=[hierarchy]&auth_token=[authtoken],
"target_attr": "name",
"target_model_type": "data/AlertingResponseProcedure",
"choices": []
},
"grafana_rule": {
"title": "Grafana Rule",
"description": "The grafana rule for this for this alert rule. TODO reference new model.",
"type": "string"
}
},
"schema_version": "0.2"
}
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| Get the GUI Add form. | GET | /api/data/AlertingRule/add/ |
|
The GUI Add form of data/AlertingRule as JSON |
The API call to the /add/ URL can only be made from a hierarchy that allows the model type to be added. The actions in the response shows the url for the POST API call to create an instance.
| Task | Call | URL | Parameters | Payload |
|---|---|---|---|---|
| Create | POST | /api/data/AlertingRule | hierarchy=[hierarchy] |
|
tool/Transaction/[trans pkid]to inspect the created resource and its instance pkid.
| Task | Call | URL | Parameters | Payload |
|---|---|---|---|---|
| Bulk delete [pkid1],[pkid2]... | DELETE | /api/data/AlertingRule/ | hierarchy=[hierarchy] | {"hrefs":["/api/data/AlertingRule/[pkid1]", "/api/data/AlertingRule/[pkid2]", ...]} |
GET http://[host-proxy]/api/data/AlertingRule/?hierarchy=[hierarchy]&format=json
| Task | Call | URL | Parameters | Payload |
|---|---|---|---|---|
| Get a selected [export_format] of the schema and instances [pkid1], [pkid2],... of data/AlertingRule; optionally with tag_version at [version] and Configuration Template as [configtemplate]. | POST | /api/data/AlertingRule/export/ |
|
{ "hrefs":["/api/data/AlertingRule/[pkid1]", "/api/data/AlertingRule/[pkid2]",...]}} |
For export_format=json, the response is a time stamped zip file of data in JSON as in the system database. Item properties such as strings that are empty or Boolean values that are not set, are not included. The filename in the response is of the format as the example:
Content-Disposition: attachment; filename=export_2013-05-17_14:20:19.186444.json.zip
Content-Language:en
Content-Type:application/x-zip
For export_format=raw_xlsx, the response is a MS Excel spreadsheet with columns corresponding to the JSON format export and a response filename format:
Content-Disposition: attachment; filename=<resource_type>_<resource_name>_exportedsheet_CCYY-MM-DD_HH-MM-SS.xlsx
Content-Language:en
Content-Type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
For export_format=xlsx, the response is a MS Excel spreadsheet, arranged by any Field Display Policies that apply. The columns correspond with those of a Bulk Load Template export sheet. The response filename format is:
Content-Disposition: attachment; filename=<resource_type>_<resource_name>_exportedsheet_formatted_CCYY-MM-DD_HH-MM-SS.xlsx
Content-Language:en
Content-Type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
The XLSX format can be used to bulk load instances of data/AlertingRule and the JSON format can be used to import instances of data/AlertingRule.
GET http://[host-proxy]/api/data/AlertingRule/?hierarchy=[hierarchy]
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| Get a compressed format of the Bulk Load spreadsheet template for data/AlertingRule | POST | /api/data/AlertingRule/export_bulkload_template/ |
|
The response is an attachment of the format: filetype_bulkloadsheet.xlsx.gz |
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| Configuration Template | GET | /api/data/AlertingRule/configuration_template/ | hierarchy=[hierarchy] |
|
POST http://[host-proxy]/api/data/ConfigurationTemplate/?hierarchy=[hierarchy]
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| Field Display Policy | GET | /api/data/AlertingRule/field_display_policy/ | hierarchy=[hierarchy] |
|
POST http://[host-proxy]/api/data/FieldDisplayPolicy/?hierarchy=[hierarchy]
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| List | GET | /api/data/AlertingRule/ |
|
The data/AlertingRule schema and all instances as JSON. |
(The list will return 0 to 3 data/AlertingRule instances)
{
"pagination": {
"skip": 0,
"limit": 3,
"maximum_limit": 2000,
"total": 0,
"total_limit": null,
"order_by": "policy",
"direction": "asc",
"current": "/api/data/AlertingRule/?skip=0&limit=3&order_by=policy&direction=asc&traversal=down"
},
"operations": [
"field_display_policy",
"update",
"help",
"remove",
"add",
"export",
"list",
"configuration_template",
"get",
"bulk_update_form",
"migration",
"transform",
"export_bulkload_template"
],
"meta": {
"model_type": "data/AlertingRule",
"summary_attrs": [
{
"name": "policy",
"title": "Policy"
},
{
"name": "name",
"title": "Rule Name"
},
{
"name": "description",
"title": "Description"
},
{
"name": "enabled",
"title": "Enabled"
},
{
"name": "hierarchy_friendly_name",
"title": "Located At",
"allow_filtering": true
}
],
"tagged_versions": [],
"tags": [],
"title": "? - ?",
"business_key": {
"unique": [
"policy",
"name"
],
"hierarchy": true
},
"api_version": "21.2",
"cached": true,
"references": {
"children": [],
"parent": [
{
"href": "/api/data/HierarchyNode/6t0ggef2c0deab00hb595101",
"pkid": "6t0ggef2c0deab00hb595101"
}
],
"device": [
{
"href": "",
"pkid": ""
}
],
"foreign_key": []
},
"model_specific_actions": [
"get",
"list",
"add",
"clone",
"update",
"remove",
"export",
"export_bulkload_template",
"configuration_template",
"field_display_policy",
"help"
],
"schema_version": "0.2",
"actions": [
{
"add": {
"method": "GET",
"class": "add",
"href": "/api/data/AlertingRule/add/?hierarchy=[hierarchy]",
"support_async": false,
"title": "Add"
}
},
{
"remove": {
"method": "DELETE",
"class": "delete",
"href": "/api/data/AlertingRule/?hierarchy=[hierarchy]",
"support_async": true,
"title": "Delete"
}
},
{
"export": {
"method": "POST",
"class": "export",
"href": "/api/data/AlertingRule/export/?hierarchy=[hierarchy]",
"support_async": false,
"title": "Export",
"view": "/api/view/ExportData/add/?auth_token=[authtoken],
"submit": "payload"
}
},
{
"export_bulkload_template": {
"method": "POST",
"class": "bulkload_template",
"href": "/api/data/AlertingRule/export_bulkload_template/?hierarchy=[hierarchy]",
"support_async": false,
"title": "Export Bulk Load Template"
}
},
{
"configuration_template": {
"method": "GET",
"class": "config",
"href": "/api/data/AlertingRule/configuration_template/?hierarchy=[hierarchy]",
"support_async": false,
"title": "Configuration Template"
}
},
{
"field_display_policy": {
"method": "GET",
"class": "display_policy",
"href": "/api/data/AlertingRule/field_display_policy/?hierarchy=[hierarchy]",
"support_async": false,
"title": "Field Display Policy"
}
},
{
"list": {
"method": "GET",
"class": "list",
"href": "/api/data/AlertingRule/?hierarchy=[hierarchy]",
"support_async": false,
"title": "List"
}
},
{
"help": {
"method": "GET",
"class": "help",
"href": "/api/data/AlertingRule/help?hierarchy=[hierarchy]",
"support_async": false,
"title": "Help"
}
}
]
},
"resources": []
}
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| Get the on-line Help for data/AlertingRule. | GET | /api/data/AlertingRule/help | hierarchy=[hierarchy] | On-line help of Model ref.: data/AlertingRule as HTML |
| Task | Call | URL | Parameters | Payload |
|---|---|---|---|---|
| Modify | PUT | /api/data/AlertingRule/[pkid] | hierarchy=[hierarchy] | (For payload specification) |
For Bulk modification, refer to the Bulk Modify section.
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| Delete | DELETE | /api/data/AlertingRule/[pkid] | hierarchy=[hierarchy] |
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| Clone instance with [pkid]. The schema rules are applied. | GET | /api/data/AlertingRule/[pkid]/clone/?schema=&schema_rules=true |
|
A JSON payload with:
|
GET http://[host-proxy]/api/data/AlertingRule/?hierarchy=[hierarchy]&format=json
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| Get a selected [export_format] of the schema and a single instance with [pkid] of data/AlertingRule; optionally with tag_version at [version] and Configuration Template as [configtemplate]. | GET | /api/data/AlertingRule/[pkid]/export |
|
The response is an attachment. Refer to the list below. |
For export_format=raw_xlsx, the response is a "raw" MS Excel spreadsheet with columns corresponding to the JSON format export and a response format:
Content-Disposition: attachment; filename=<resource_type>_<resource_name>_exportedsheet_CCYY-MM-DD_HH-MM-SS.xlsx
Content-Language:en
Content-Type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
For export_format=xlsx, the response is a MS Excel spreadsheet, formatted to show all columns and a response format:
Content-Disposition: attachment; filename=<resource_type>_<resource_name>_exportedsheet_formatted_CCYY-MM-DD_HH-MM-SS.xlsx
Content-Language:en
Content-Type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
For export_format=json, the response is a time stamped zip file of data in JSON and a response format:
Content-Disposition: attachment; filename=export_2013-05-17_14:20:19.186444.json.zip
Content-Language:en
Content-Type:application/x-zip
The XLSX format can be used to bulk load instances of data/AlertingRule and the JSON format can be used to import instances of data/AlertingRule.
For Bulk Export, refer to the Bulk Export section.
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| Get | GET | /api/data/AlertingRule/[pkid] | hierarchy=[hierarchy] | The data/AlertingRule instance with [pkid]. |
| Task | Call | URL | Parameters | Response |
|---|---|---|---|---|
| Help | GET | /api/data/AlertingRule/[pkid]/help | hierarchy=[hierarchy] | The on-line Help for data/AlertingRule. |