Event History and Monitoring

Home > Select Project > Alert > Event History

Event History allows you to view events that have occurred in the project and analyze their detailed information. It supports Elasticsearch DSL queries, enabling you to find events that match specific conditions quickly and accurately.

Viewing Event History

Click the event title in the search results to move to a screen where you can analyze detailed data for the time period when the event occurred. This allows you to comprehensively understand the situation before and after the event.

Go to Alert > Event History.
In the Event History screen, use Time Selection to set the period for viewing event records.
Enter a query in the filter input field and click the [ Magnifying Glass ] button.
- If no query is entered, all events are displayed.

Column Settings

You can choose which columns to display or hide.

In the Event History screen, click the [ Column Settings ] button at the top left.

In the Column Settings window, select the columns you want to show or hide.

You can change the column order in Displayed Items.
You can search for specific columns using the Column Name Search field.

Column Item	Description
Event Name	The title of the event
Message	The event message or snapshot information
Event Status	The current status of the event
Agent Name	The name (Oname) of the agent where the event occurred - Displayed as blank if the event is not associated with a specific agent
Agent Group	The agent type (OkindName) where the event occurred - Displayed as blank if the event is not associated with a specific agent
Agent Node	The server (OnodeName) of the agent where the event occurred - Displayed as blank if the event is not associated with a specific agent
Event Occurred Time	The time when the event occurred
Event Resolved Time	The time when the event was resolved - Displayed as `-` for events without a resolved state

After completing the settings, click the [ Confirm ] button to apply the column configuration.

CSV Download

You can download the query results as a CSV file.

Go to Alert > Event History and click the [ CSV ] button.
The list of events that match the current filter conditions is saved as a CSV file.

View Only Events in Progress

You can view only events that are currently in progress.

Go to Alert > Event History and click the [ View Only Events in Progress ] button.
The following condition is automatically added to the filter query and applied to the search.
```
Stateful: true and Status : "ON"
```

Event Search

Precise Search: Specify exact conditions to retrieve only the events you need
Composite Conditions: Search across multiple fields at once to handle complex conditions in a single query
Flexible Patterns: Supports various search methods such as wildcards and partial matches
High Performance: Fast searches powered by indexed data

Searchable Fields

Field names and values are not case sensitive.

Field Name Tag: Event types that support the field
Field Type: The data type of the field
- : Number
- : String
- : Boolean
- : Date

Event Information Fields

Field Name	Type	Description	Example Value
Title	String	Event title	"Database Connection Error"
OffTitle	String	Event recovery title	"RECOVERED: Database Connection Error"
Message	String	Event message	"Connection timeout occurred"
OffMessage	String	Event recovery message	"RECOVERED: Connection timeout occurred"
Level	String	Current event level	`Critical`, `Warning`, `Info`
OriginLevel	String	Original event level	`Critical`, `Warning`, `Info`
Status	String	Event status	`ON`, `OFF`, `CANCEL`, `ACKNOWLEDGE`, `MAINTENANCE`, `DISABLED`
ActCount	Number	Number of occurrences	2
MetricName	String	Metric name	"memory"
MetricValue	String	Metric value	"85.5"
OffValue	String	Recovery value	"72.8"
MetricThreshold	String	Threshold value	"80"
alertType	String	Event type	"BASIC", "METRICS", "TRANSACTION", etc.
alertId	String	Unique identifier of the event rule	"zf3uojer0fv4v7"

Type-specific Supported Fields

Note

These fields are supported only for specific event types. If the event type does not match, the value may be empty.

Field Name	Type	Event Type	Description	Example Value
eventRule	String	Basic, Metrics	Event trigger rule	"memory ≥ 80"
field	String	Real-time Log	Log search key	"content"
keyword	String	Real-time Log	Log search value	"Error"
logCategory	String	Real-time Log	Log category	"AppLog"
logContent	String	Real-time Log	Log content	"00:00000:00009:2025/04/06 23:03:52.55 server Error: 1601, Severity: 17, State: 3\n00:00000:00009:2025/04/06 23:03:52.55 server There are not enough 'user connections' available to start a new process."

Target Fields

Field Name	Type	Description	Example Value
Oid	Number	Agent unique identifier	-98765432
Oname	String	Agent name	"web-server-01"
Okind	Number	Agent type unique identifier	867318026
OkindName	String	Agent type name	"web-server"
Onode	Number	Agent node unique identifier	334634079
OnodeName	String	Agent node name	"production-node-1"

Unique Event Fields

Field Name	Type	Description	Example Value
Id	Number	Unique identifier of the event	5768121
UUID	String	Unique event identifier	"550e8400-e29b-41d4-a716"

State / Flag Fields

Field Name	Type	Description	Example Value
Stateful	Boolean	Whether the event is state based	true, false
Disabled	Boolean	Whether the event is disabled	true, false
Escalation	Boolean	Whether escalation is applied	true, false
SystemEvent	Boolean	Whether it is a system event	true, false

Query Syntax by Search Type

Note

For the basic search syntax, refer to the WhaTap log search query syntax documentation.

1. Keyword Search

Events that contain the string "Database Connection"
title: "Database Connection"

2. Multiple Value Search

Retrieves events that include any one of the specified values.

title: Database Connection

Events whose current event level is Info or Warning
level: info warning

3. Pattern Search

You can search using patterns with wildcards.

Find events that occurred on specific agents using a name pattern
oname: web-*-prod 

タイトルが Connection で終わるイベントを検索
title: *Connection

4. Complex Condition Search

You can combine multiple conditions to perform precise searches.

Events with a Critical level and a title containing Database
level: critical and title: Database

Warning or Critical events from a specific agent
oname: web-server-01 and level: Warning Critical

5. OR Condition Search

Retrieves events that satisfy at least one of the specified conditions.

Events where the title or message contains a specific keyword
title: Connection or message: Connection

6. Exclusion Conditions

You can exclude specific conditions from the search.

All events except those with an Info level
not level: info

Viewing Event History​

Column Settings​

CSV Download​

View Only Events in Progress​

Event Search​

Searchable Fields​

Event Information Fields​

Type-specific Supported Fields​

Target Fields​

Unique Event Fields​

State / Flag Fields​

Query Syntax by Search Type​

1. Keyword Search​

2. Multiple Value Search​

3. Pattern Search​

4. Complex Condition Search​

5. OR Condition Search​

6. Exclusion Conditions​