Searching events
POST /api/v1/events
Access: administrator, analyst, and operator.
Request body
Format: JSON
Request
Name | Data type | Mandatory | Description | Value example |
period | Period | Yes | Search period |
|
sql | string | Yes | SQL query | SELECT * FROM events WHERE Type = 3 ORDER BY Timestamp DESC LIMIT 1000 SELECT sum(BytesOut) as TotalBytesSent, SourceAddress FROM events WHERE DeviceVendor = 'netflow' GROUP BY SourceAddress LIMIT 1000 SELECT count(Timestamp) as TotalEvents FROM events LIMIT 1 |
ClusterID | string | No, if the cluster is the only one | Storage cluster ID. You can find it by requesting a list of services with kind = storage. The cluster ID will be in the resourceID field. | 00000000-0000-0000-0000-000000000000 |
rawTimestamps | bool | No | Display timestamps in their current format—Milliseconds since EPOCH. False by default. | true or false |
emptyFields | bool | No | Display empty fields for normalized events. False by default. | true or false |
Period
Name | Data type | Mandatory | Description | Value example |
from | string | Yes | Lower bound of the period in RFC3339 format. Timestamp >= <from> | 2021-09-06T00:00:00Z (UTC) 2021-09-06T00:00:00.000Z (UTC, including milliseconds) 2021-09-06T00:00:00Z+00:00 (MSK) |
to | string | Yes | Upper bound of the period in RFC3339 format. Timestamp <= <to> | 2021-09-06T00:00:00Z (UTC) 2021-09-06T00:00:00.000Z (UTC, including milliseconds) 2021-09-06T00:00:00Z+00:00 (MSK) |
Response
HTTP code: 200
Format: JSON
Result of executing the SQL query
Possible errors
HTTP code | Description | message field value | details field value |
---|---|---|---|
400 | The lower bounds of the range is not specified | period.from required |
|
400 | The lower bounds of the range is in an unsupported format | cannot parse period.from | variable |
400 | The lower bounds of the range is equal to zero | period.from cannot be 0 |
|
400 | The upper bounds of the range is not specified | period.to required |
|
400 | The upper bounds of the range is in an unsupported format | cannot parse period.to | variable |
400 | The upper bounds of the range is equal to zero | period.to cannot be 0 |
|
400 | The lower bounds of the range is greater than the upper bounds | period.from cannot be greater than period.to |
|
400 | Invalid SQL query | invalid sql | variable |
400 | An invalid table appears in the SQL query | the only valid table is `events` |
|
400 | The SQL query lacks a LIMIT | sql: LIMIT required |
|
400 | The LIMIT in the SQL query exceeds the maximum (1000) | sql: maximum LIMIT is 1000 |
|
404 | Storage cluster not found | cluster not found |
|
406 | The clusterID parameter was not specified, and many clusters were registered in KUMA | multiple clusters found, please provide clusterID |
|
500 | No available cluster nodes | no nodes available |
|
50x | Any other internal errors | event search failed | variable |