Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Event commands

Event flags include:

  • ack
  • critical AKIPS automatically adds a critical event flag to entities which match crit_event
  • suppress
  • warning AKIPS automatically adds a warning event flag to entities which match warn_event
  • above
  • below

add

Use the add command to add an entity before creating an event.

You can use only the critical event flag with add.

Use the following syntax:

add event {time} {parent name} {child name} {attribute name} [{event flags}] = {value}

Examples

Add ifOperStatus down and up events:

add event 0 swt250 Se0/1 IF-MIB.ifOperStatus = down
add event 0 swt250 Se0/1 IF-MIB.ifOperStatus = up

Add ping-down and SNMP-down events:

add event 0 swt250 ping4 PING.icmpState = down
add event 0 swt250 ping6 PING.icmpState = down
add event 0 swt250 sys snmp.snmpState = down

Create a site-specific admin state for a device which may be set by another system:

add enum swt250 sys admin_state
add event 0 swt250 sys admin_state = maintenance
add event 0 swt250 sys admin_state = online

clear

Use the clear command to clear a flag from an event.

Use the following syntax:

clear event {time} {parent name} {child name} {attribute name} = {event flags}

Example

Clear the critical flag on a ping-down event:

clear event 1435822220 swt250 ping4 ping.icmpState = critical

delete

Use the delete command to delete an event.

Use the following syntax:

delete event {time} {parent name} {child name} {attribute name}

Example

Delete a down event:

delete event 1435822225 swt250 ping4 PING.icmpState

mdelete

Use the mdelete command to delete all events for an attribute within a specific time range.

You can test your selection first with mget.

Use the following syntax:

mdelete event time {time filter} [{parent regex} [{child regex} [{attribute regex}]]] [profile {profile name}] [any|all|not group {group name} ...]

Example

Delete all IF-MIB.ifOperStatus events for devices in a group for yesterday:

mdelete event time yesterday * * IF-MIB.ifOperStatus any group Edge-Switches

mget

Use the mget command to retrieve events records in chronological order. The child description will display only if you include one in its configuration.

Use the following syntax:

mget event {all,critical,enum,threshold,uptime} time {time filter}
  [{parent regex} {child regex} {attribute regex}]
  [descr {descr regex}] [value {value regex}] [profile {profile name}]
  [any|all|not group {group name} ...]

Enumerated events

Use the following syntax:

{epoch} {parent} {child} {attribute} enum {flags} {value} [{child description}]

Uptime events

Use the following syntax:

{epoch} {parent} {child} {attribute} uptime {flags} {last uptime in seconds} [{child description}]

Threshold events

Use the following syntax:

{epoch} {parent} {child} {attribute} threshold {flags} {rule exceeded} [{child description}]

Examples

Retrieve all ping-outage events for a router for the past hour:

mget event enum time last1h Columbus-ro /ping/ *

1435894798 Columbus-ro ping4 PING.icmpState enum none down 10.4.1.22
1435894799 Columbus-ro ping6 PING.icmpState enum none down fd00:10:4:1::22
1435895128 Columbus-ro ping4 PING.icmpState enum none up 10.4.1.22
1435895129 Columbus-ro ping6 PING.icmpState enum none up fd00:10:4:1::22

Retrieve all ifOperStatus events for the past day:

mget event enum time last1d * * IF-MIB.ifOperStatus

1435846269 NewYork-ro Se2/2 IF-MIB.ifOperStatus enum none down Link to San Francisco
1435846509 NewYork-ro Se2/2 IF-MIB.ifOperStatus enum none up Link to San Francisco
1435848305 Chicago-ro Se1/4 IF-MIB.ifOperStatus enum none down Link to Dallas
1435848365 Chicago-ro Se1/4 IF-MIB.ifOperStatus enum none up Link to Dallas

Retrieve all sysUpTime resets:

mget event uptime time last1d

1435846486 Toronto-ro sys SNMPv2-MIB.sysUpTime uptime none 19044
1435848309 Columbus-ro sys SNMPv2-MIB.sysUpTime uptime none 7863
1435849250 Detroit-ro sys SNMPv2-MIB.sysUpTime uptime none 10363
1435849830 Cleveland-ro sys SNMPv2-MIB.sysUpTime uptime none 25704

Retrieve all threshold events for the past hour:

mget event threshold time last1h

1436104800 cisco-74-1-19 cpu.2 CISCO-PROCESS-MIB.cpm CPUTotal 1minRev threshold critical,above last5m,avg,60
1436104800 Chicago-ro ping4 PING.icmpRtt threshold critical,below last30m,avg,40000
1436104800 cisco-74-1-38 cpu.26 CISCO-PROCESS-MIB.cpm CPUTotal 1minRev threshold critical,above last5m,avg,60
1436105101 SanFrancisco-ro ping4 PING.icmpRtt threshold critical,above last30m,avg,40000
1436105101 cisco-74-1-17 cpu.4 CISCO-PROCESS-MIB.cpm CPUTotal 1minRev threshold critical,below last5m,avg,60
1436105101 cisco-74-1-29 cpu.2 CISCO-PROCESS-MIB.cpm CPUTotal1min threshold critical,above last5m,avg,60
1436105101 cisco-74-1-30 cpu.2 CISCO-PROCESS-MIB.cpm CPUTotal1min threshold critical,above last5m,avg,60
1436105101 NewYork-ro ping6 PING.icmpRtt threshold critical,above last30m,avg,40000
1436105101 NewYork-ro ping4 PING.icmpRtt threshold critical,above last30m,avg,40000
1436105101 Chicago-ro ping4 PING.icmpRtt threshold critical,above last30m,avg,40000

set

Use the set command to set event flags. Use the following syntax:

set event {time} {parent name} {child name} {attribute name} = {event flags}

Example

Set a critical flag on an existing ping-down event:

set event 1435822220 swt250 ping4 ping.icmpState = critical

tget

Use the tget command to return time-series values for a number of events per interval.

Use the following syntax:

tget event {all,critical,enum,threshold,uptime}
  {interval secs} time {time filter}
  [{parent regex} [{child regex} [{attribute regex}]]]
  [profile {profile name}] [any|all|not group {group name} ...]

Example

Retrieve time-series values for all ping events for yesterday in 24 one-hour intervals:

tget event all 3600 time yesterday * /ping/

506,426,460,458,440,760,315,301,232,421,332,288,196,299,380,381,495,448,497,570,386,430,362,530