Versions Compared

Old Version 21

changes.mady.by.user Otis Gospodnetić

Saved on

compared with

New Version 22

changes.mady.by.user Paweł Róg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Events are also exposed via a REST API that let's you post, retrieve, and search your events.  This REST API matches the Elasticsearch API, so you can use any Elasticsearch tool or client to post, get, and search events.

 


NOTE: 

  • To be able to use send Events to SPM, you need a Sematext account. If you don't already have it, you can create it here, it's free, no credit card needed. After you have Sematext account, create an SPM App to which Events will be sent.
  • If you have already created some SPM Apps under your account in the past, you can send Events to any of them.
  • If you just registered, you can create SPM Apps by following the steps after Sematext account registration, or by clicking directly here.

...


Event Fields

An event has the following set of fields, most of which are optional:

Field NameField TypeRequiredNotes
timestampdatenoRepresents time when event happened (if not specified, current time will be assumed). The format is dateOptionalTime e.g.: 2014-02-17T21:37:04+0100 or 2014-02-17T14:15:01.534471+02:00 or ...
messagestringyesShort description of event, e.g. "Elasticsearch node03 on host somehost06 restarted". This is a default search field in SPM UI, so it is good to keep it concise, but search-friendly.
namestringnoEvent name, can be used as a short label for event, e.g. "Elasticsearch restart".
tagsstring arraynoMultivalued field. Each tag should be specified as a separate array element (e.g., "tags":[ "elasticsearch", "restart", "emergency fix"])
prioritystringnoYou can use any values that make sense to you, like "high", "very high" or 7. Note that sorting on this field will sort in lexicographical order.
creatorstringnoPerson, application, or component that created an event. E.g., "John Smith", "Elasticsearch", "Some Batch Job"
datastringnoAdditional event data. It can be anything you may find useful to have along inside of event object. E.g., it could be stacktrace in case of "app_error" event,  base64 encoded content of file generated during "user_registered" event, etc.

...


Adding Events

To post an event to your event stream use the following base endpoint:

Code Block
http://event-receiver.sematext.com/APPLICATION_TOKEN/EVENT_TYPEevent

A single application token must be specified in the URL. Thus, to send multiple events associated with multiple applications, separate call to the API will need to be made for each application.  The EVENT_TYPE can have any value  You can add event type as a field in json message (e.g, alertapp_restartserver_restartreboot, deployment...), but we suggest using a smaller number of distinct event types (1-10) to keep things manageable.

...

http://event-receiver.sematext.com/1111111-2222-3333-4444-555555555555/server_restart/event

with POST content in JSON format like this:

Code Block
{
  "timestamp" : "2014-02-17T15:29:04+0100",
  "message": "Application MyApp on MyHost04 restarted",
  "type" : "server_restart"
}

...


To post the above event with curl use: 
 Code Block
curl -XPOST "http://event-receiver.sematext.com/1111111-2222-3333-4444-555555555555/server_restart/event" -d '
{
  "timestamp" : "2014-02-17T15:29:04+0100",
  "message" : "Application MyApp on MyHost04 restarted",
  "type" : "server_restart"
}
'
...

Example 2
Same SPM Solr application, but we want to post deployment event with more event properties populated. In this case the HTTP endpoint would be:
http://event-receiver.sematext.com/1111111-2222-3333-4444-555555555555/deploymentevent
with HTTP POST content:
 Code Block
{
  "timestamp" : "2014-02-17T15:58:04+0100",
  "message": "Solr 4.6.1 version deployed on prodhost06",
  "name" : "Solr 4.6.1 deployment",
  "tags" : ["solr", "4.6.1", "deployment", "upgrade"],
  "priority" : "High",
  "creator" : "John Smith",
  "type" : "deployment"
}
...

or, again with curl:
 Code Block
curl -XPOST "http://event-receiver.sematext.com/1111111-2222-3333-4444-555555555555/deployment/event" -d '
{
  "timestamp" : "2014-02-17T15:58:04+0100",
  "message" : "Solr 4.6.1 version deployed on prodhost06",
  "name" : "Solr 4.6.1 deployment",
  "tags" : ["solr", "4.6.1", "deployment", "upgrade"],
  "priority" : "High", "creator" : "John Smith",
  "type" : "deployment"
}
'
...

Searching Events in SPM
SPM user interface lets you to show events and metrics from a specific time period. Additionally, the event chart has a search box where you can further narrow down events to only those that match the input query.
 

The query syntax is specified by Elasticsearch's query string query, as described here.
You can search on any event field you included in the event when posting it. 

Searching Events Programmatically
...
 Code Block
http://event-receiver.sematext.com/APPLICATION_TOKEN
...

Alternatively, you can also use the same endpoint which was used when adding events, where event type is specified, in which case the matching events will be limited to the type specified in the URI:
 Code Block
http://event-receiver.sematext.com/APPLICATION_TOKEN/EVENT_TYPE
...
event

The simplest way to run a query is using URI search, like this:
$ curl -XGET "http://event-receiver.sematext.com/1111111-2222-3333-4444-555555555555/_search?q=creator:john" 

More query options are available when using request body search, e.g.:
 Code Block
curl -XGET "http://event-receiver.sematext.com/1111111-2222-3333-4444-555555555555/_search" -d '
  "query" : {
    "query_string" : {
      "query" : "MyHost04",
      "default_field" : "message"
    }
  } 
'
...

This example shows how to use one of the simpler query types - query_string. To see which other query types are available, please check Elasticsearch docs. 

Posting Events via HTTPS
You can use HTTPS instead of HTTP for all calls, in which case the endpoint becomes:
 Code Block
https://event-receiver.sematext.com/APPLICATION_TOKEN
...

Note: when using curl, you may experience "SSL certificate problem" errors. The reason is that curl doesn't bundle any CA certs any more, for more info see this. Regardless of curl errors, HTTPS communication should be functional.