How to get further details from getAlert?
Hi
I want to extract my information according to this interface
example_notification_data = {
'host': "10.10.10.86",
'host_name': "Debian-App",
'incident_created': "2016-10-10T02:27:47+07:00",
'component_type': "server",
'component_status': 0,
}
host is an local IP address
host_name is string hostname
incident_created is timestamp with timezone format is ISO8601
component_type is "server" or "vm" base on the component type. It is OK to hardcode by "server" because NOC has to investigate in detail
component_status is always 0. Because my customer would like to see the critical case and first developer from that endpoint refuses me to change his format. He claims "I had 3 times changed which is enough". Therefore I have to leave this key in json payload for historical purpose.
Here is my Python script and
import json import pprint from urllib import parse, request from config import (USER, PASSWORD, COMPANY) def rpc(action, params): """ Make a call to the LogicMonitor RPC library and return the response Reference: https://www.logicmonitor.com/support/rpc-api-developers-guide/overview/using-logicmonitors-rpc-api/ """ print("Calling action: {action}".format(action=action)) print("Parameters: {params}".format(params=params)) param_str = parse.urlencode(params) creds = parse.urlencode({"c": COMPANY, "u": USER, "p": PASSWORD}) if param_str: param_str = param_str + "&" param_str = param_str + creds try: url = "https://{0}.logicmonitor.com/santaba/rpc/{1}?{2}" f = request.urlopen(url.format(COMPANY, action, param_str)) return f.read() except IOError as ioe: print(ioe) def main(): pp = pprint.PrettyPrinter(indent=4) response = rpc("getAlerts", {"level": "critical"}) tmp_text = response.decode("utf-8") instance = json.loads(tmp_text) msg = instance.get('data').get('alerts') pp.pprint(msg) if __name__ == "__main__": main()
Here is my response
[ { '_id_': 'LMD8983',
'ackComment': 'OK',
'acked': True,
'ackedBy': 'wisut.j@cloudhm.co.th',
'ackedOn': 1475652110,
'ackedOnLocal': '2016-10-05 14:21:50 ICT',
'active': True,
'alertEscalationChainName': 'default',
'alertRecipients': '',
'alertRuleId': 3,
'alertRuleName': 'Critical',
'clearValue': '',
'dataPoint': 'idleInterval',
'dataSource': 'HostStatus',
'dataSourceDisplayName': 'Host Status',
'dataSourceId': 128,
'dataSourceInstance': 'HostStatus',
'dataSourceInstanceDescription': '',
'dataSourceInstanceId': 4911958,
'dataSourceType': 'DS',
'displayName': 'Host Status',
'duration': '52h 31m',
'endOn': 0,
'endOnLocal': '',
'escalationChainId': 1,
'escalationSubChainId': 0,
'host': 'VC-TCCT',
'hostDataSourceId': 393,
'hostGroups': [ { 'alertEnable': True,
'appliesTo': '',
'createdOn': 0,
'description': 'root folder',
'fullPath': '',
'groupType': 0,
'id': 1,
'name': 'cloudhm',
'parentId': 0}],
'hostId': 8,
'id': 74,
'inSDT': True,
'level': 'critical',
'nextRecipient': 0,
'sdt': [ { 'admin': 'wisut.j@cloudhm.co.th',
'category': {'name': 'HostSDT'},
'comment': '',
'duration': 0,
'endDateTime': { 'day': 31,
'hour': 12,
'minute': 30,
'month': 10,
'weekDay': 2,
'year': 2016},
'endHour': 0,
'endMinute': 0,
'hostId': 8,
'hour': 0,
'id': 1,
'isEffective': True,
'minute': 0,
'monthDay': 0,
'sdtType': 1,
'startDateTime': { 'day': 5,
'hour': 13,
'minute': 43,
'month': 10,
'weekDay': 4,
'year': 2016},
'type': 'onetime',
'weekDay': 1}],
'startOn': 1475644129,
'startOnLocal': '2016-10-05 12:08:49 ICT',
'thresholds': '> 300 300 300',
'type': 'alert',
'uniqueId': 'LMD74',
'value': '189439.44'},
{ '_id_': 'LMD8979',
'ackComment': 'OK',
'acked': True,
'ackedBy': 'wisut.j@cloudhm.co.th',
'ackedOn': 1475652110,
'ackedOnLocal': '2016-10-05 14:21:50 ICT',
'active': True,
'alertEscalationChainName': 'default',
'alertRecipients': '',
'alertRuleId': 3,
'alertRuleName': 'Critical',
'clearValue': '',
'dataPoint': 'PingLossPercent',
'dataSource': 'Ping',
'dataSourceDisplayName': 'Ping',
'dataSourceId': 31,
'dataSourceInstance': 'Ping',
'dataSourceInstanceDescription': '',
'dataSourceInstanceId': 4911957,
'dataSourceType': 'DS',
'displayName': 'Ping',
'duration': '52h 36m',
'endOn': 0,
'endOnLocal': '',
'escalationChainId': 1,
'escalationSubChainId': 0,
'host': 'VC-TCCT',
'hostDataSourceId': 388,
'hostGroups': [ { 'alertEnable': True,
'appliesTo': '',
'createdOn': 0,
'description': 'root folder',
'fullPath': '',
'groupType': 0,
'id': 1,
'name': 'cloudhm',
'parentId': 0}],
'hostId': 8,
'id': 69,
'inSDT': True,
'level': 'critical',
'nextRecipient': 0,
'sdt': [ { 'admin': 'wisut.j@cloudhm.co.th',
'category': {'name': 'HostSDT'},
'comment': '',
'duration': 0,
'endDateTime': { 'day': 31,
'hour': 12,
'minute': 30,
'month': 10,
'weekDay': 2,
'year': 2016},
'endHour': 0,
'endMinute': 0,
'hostId': 8,
'hour': 0,
'id': 1,
'isEffective': True,
'minute': 0,
'monthDay': 0,
'sdtType': 1,
'startDateTime': { 'day': 5,
'hour': 13,
'minute': 43,
'month': 10,
'weekDay': 4,
'year': 2016},
'type': 'onetime',
'weekDay': 1}],
'startOn': 1475643859,
'startOnLocal': '2016-10-05 12:04:19 ICT',
'thresholds': '> 20 70 90',
'type': 'alert',
'uniqueId': 'LMD69',
'value': '100.00'}]
Question:
How to get the value of host, host_name, incident_created, component_type, component_status. Since I have not found any relation between result and the details?
I have read https://www.logicmonitor.com/support/rpc-api-developers-guide/manage-devices/get-devices/
But I do not know how to link it each other
FYI:
1. I can not put 'host' to my 'host_name' because it is the same and endpoint API will confuse
Best regards
Sarit
Hi Sarit,
For the incident_created, you should be able to use the startOn and startOnLocal fields from the getAlerts response. The best way to get more information (e.g. IP) about the devices in alert is to grab the hostId & host display name from the response of getAlerts and plug that into either the getHost RPC API or a GET request to the devices resource for our REST API.
For example, if getAlerts returns:
[ { '_id_': 'LMD8983', 'ackComment': 'OK', 'acked': True, 'ackedBy': 'wisut.j@cloudhm.co.th', 'ackedOn': 1475652110, 'ackedOnLocal': '2016-10-05 14:21:50 ICT', 'active': True, 'alertEscalationChainName': 'default', 'alertRecipients': '', 'alertRuleId': 3, 'alertRuleName': 'Critical', 'clearValue': '', 'dataPoint': 'idleInterval', 'dataSource': 'HostStatus', 'dataSourceDisplayName': 'Host Status', 'dataSourceId': 128, 'dataSourceInstance': 'HostStatus', 'dataSourceInstanceDescription': '', 'dataSourceInstanceId': 4911958, 'dataSourceType': 'DS', 'displayName': 'Host Status', 'duration': '52h 31m', 'endOn': 0, 'endOnLocal': '', 'escalationChainId': 1, 'escalationSubChainId': 0, 'host': 'VC-TCCT', 'hostDataSourceId': 393, 'hostGroups': [ { 'alertEnable': True, 'appliesTo': '', 'createdOn': 0, 'description': 'root folder', 'fullPath': '', 'groupType': 0, 'id': 1, 'name': 'cloudhm', 'parentId': 0}], 'hostId': 8, 'id': 74, 'inSDT': True, 'level': 'critical', 'nextRecipient': 0, 'sdt': [ { 'admin': 'wisut.j@cloudhm.co.th', 'category': {'name': 'HostSDT'}, 'comment': '', 'duration': 0, 'endDateTime': { 'day': 31, 'hour': 12, 'minute': 30, 'month': 10, 'weekDay': 2, 'year': 2016}, 'endHour': 0, 'endMinute': 0, 'hostId': 8, 'hour': 0, 'id': 1, 'isEffective': True, 'minute': 0, 'monthDay': 0, 'sdtType': 1, 'startDateTime': { 'day': 5, 'hour': 13, 'minute': 43, 'month': 10, 'weekDay': 4, 'year': 2016}, 'type': 'onetime', 'weekDay': 1}], 'startOn': 1475644129, 'startOnLocal': '2016-10-05 12:08:49 ICT', 'thresholds': '> 300 300 300', 'type': 'alert', 'uniqueId': 'LMD74', 'value': '189439.44'}]Then you can either make a getHost RPC request using host display name= VC-TCCT, or a GET /device/devices/<id> REST request using hostId =8. The response will look like this:
{ "status" : 200, "errmsg" : "OK", "data" : { "id" : 253, "name" : "10.36.11.240", "displayName" : "ProdServer24", "deviceType" : 0, "relatedDeviceId" : -1, "currentCollectorId" : 90, "preferredCollectorId" : 90, "preferredCollectorGroupId" : 1, "preferredCollectorGroupName" : "@default", "description" : "a server in the LA datacenter", "createdOn" : 1458754984, "updatedOn" : 1470715583, "disableAlerting" : false, "autoPropsAssignedOn" : 1476095588, "autoPropsUpdatedOn" : 1476095708, "scanConfigId" : 0, "link" : "", "enableNetflow" : false, "netflowCollectorId" : 0, "netflowCollectorGroupId" : 0, "netflowCollectorGroupName" : null, "lastDataTime" : 0, "lastRawdataTime" : 0, "hostGroupIds" : "2", "sdtStatus" : "none-none-none", "userPermission" : "write", "hostStatus" : "dead", "alertStatus" : "unconfirmed-critical-none", "alertStatusPriority" : 1, "awsState" : 1, "alertDisableStatus" : "none-none-none", "alertingDisabledOn" : null, "collectorDescription" : "ip-172-31-37-162.us-west-2.compute.internal", "netflowCollectorDescription" : null, "customProperties" : [ { "name" : "system.categories", "value" : "" } ], "upTimeInSeconds" : 0, "deletedTimeInMs" : 0, "toDeleteTimeInMs" : 0, "hasDisabledSubResource" : false, "manualDiscoveryFlags" : { "winprocess" : false, "linuxprocess" : false, "winservice" : false }, "ancestorHasDisabledLogicModule" : false } }Which includes device display name & device IP/DNS. Re the component_type & component_status values, it sounds like you're going to hardcode those, but if you have this information set as custom properties for the devices in your account, you can get that additional information with https://www.logicmonitor.com/support/rpc-api-developers-guide/manage-devices/get-device-properties/ (the REST version of which will be published in the next release or two).
Thanks,
Sarah
