Event History
Home > Select Project > Alert > Event History
Event History allows you to efficiently search, view, and analyze detailed information about various events that occur in the system. Using Elasticsearch DSL queries, you can accurately and quickly find events that match your criteria.
Main Screen
Clicking the event title in the search results navigates to a screen where you can analyze the details of the time zone in which the event occurred. This allows you to comprehensively understand the circumstances before and after the event.
Column Settings
You can show or hide desired columns. To configure columns:
-
Click the
Column Settings button at the top right of the Event History screen. -
Select the columns to show or hide.
-
You can change the order of the columns in the visible items.
-
You can search for specific columns in the Column Name Search field.
Column Description Event Name Title of the event Message Message or snapshot of the event Event Status Current status of the event Agent Name Name (Oname) of the agent where the event occurred
- Blank if not related to a specific agentAgent Group Type (OkindName) of the agent where the event occurred
- Blank if not related to a specific agentAgent Node Server (OnodeName) of the agent where the event occurred
- Blank if not related to a specific agentEvent Time Time the event occurred Resolved Time Time the event was resolved
Displayed as-if unresolved -
-
After configuring, click Confirm to apply the settings.
Download CSV
You can download the data as a CSV file.
Show Only Ongoing Events
Adds a filter to show only events with ON status in the current query. The query is:
Status: ON and Stateful: true
Event Search
- Accurate Search: Specify exact criteria to find relevant events
- Complex Conditions: Search multiple fields simultaneously
- Flexible Patterns: Supports wildcard and partial matching
- Fast Performance: High-speed search using indexed data
Searchable Fields
Search is case-insensitive.
-
Field Tag: Indicates event types supporting the field
-
Field Type: Data type of the field
: Number
: String
: Boolean
: Date
Event Info Fields
| Field | Type | Description | Example |
|---|---|---|---|
| Title | String | Event title | "Database Connection Error" |
| OffTitle | String | Recovery title | "RECOVERED: Database Connection Error" |
| Message | String | Event message | "Connection timeout occurred" |
| OffMessage | String | Recovery message | "RECOVERED: Connection timeout occurred" |
| Level | String | Current event level | Critical, Warning, Info |
| OriginLevel | String | Original event level | Critical, Warning, Info |
| Status | String | Event status | ON, OFF, CANCEL, ACKNOWLEDGE, MAINTENANCE, DISABLED |
| ActCount | Number | Action count | 2 |
| MetricName | String | Metric name | "memory" |
| MetricValue | String | Metric value | "85.5" |
| OffValue | String | Recovery value | "72.8" |
| MetricThreshold | String | Threshold | "80" |
| alertType | String | Event type | "BASIC", "METRICS", "TRANSACTION" |
| alertId | String | Rule ID | "zf3uojer0fv4v7" |
Type-Specific Fields
| Field | Type | Event Type | Description | Example |
|---|---|---|---|---|
| eventRule | String | Basic, Metrics | Rule that triggered event | "memory ≥ 80" |
| field | String | Realtime Log | Log key | "content" |
| keyword | String | Realtime Log | Search keyword | "Error" |
| logCategory | String | Realtime Log | Log category | "AppLog" |
| logContent | String | Realtime Log | Log content | "...log text..." |
Target Fields
| Field | Type | Description | Example |
|---|---|---|---|
| Oid | Number | Agent ID | -98765432 |
| Oname | String | Agent name | "web-server-01" |
| Okind | Number | Agent type ID | 867318026 |
| OkindName | String | Agent type name | "web-server" |
| Onode | Number | Node ID | 334634079 |
| OnodeName | String | Node name | "production-node-1" |
Unique Event Fields
| Field | Type | Description | Example |
|---|---|---|---|
| Id | Number | Event ID | 5768121 |
| UUID | String | Event UUID | "550e8400-e29b-41d4-a716" |
State/Flag Fields
| Field | Type | Description | Example |
|---|---|---|---|
| Stateful | Boolean | Stateful event | true, false |
| Disabled | Boolean | Is disabled | true, false |
| Escalation | Boolean | Escalated | true, false |
| SystemEvent | Boolean | System-generated | true, false |
Query Examples
For more on syntax, see WhaTap log search query syntax
1. Keyword Search
- Events that contain the string "Database Connection"
title: "Database Connection"
2. Multi-value Search
Retrieves events that include at least one of the specified options.
- Events where the title includes either "Database" or "Connection"
title: Database Connection
- Events where the current level is either Info or Warning
level: info warning
3. Pattern Search
You can search using wildcards.
- Find events that occurred on specific agents by name pattern
oname: web-*-prod
- Find events where the title ends with 'Connection'
title: *Connection
4. Complex Conditions
You can combine multiple conditions to perform a precise search.
- Events with level Critical and title containing Database
level: critical and title: Database
- Warning or Critical events from a specific agent
oname: web-server-01 and level: Warning Critical
5. OR Conditions
You can search for events that satisfy any of the given conditions.
- Find events where the title or message contains a specific keyword
title: Connection or message: Connection
6. NOT Conditions
You can exclude certain conditions from the search.
- Find all events except those with Info level
not level: info