Forum Discussion

tiras's avatar
9 years ago
Solved

How to get further details from getAlert?

Hi I want to extract my information according to this interface example_notification_data = {
 'host': "10.10.10.86",
 'host_name': "Debian-App",
 'incident_created': "2016-1...
  • Sarah_Terry's avatar
    9 years ago

    Hi Sarit,

    For the incident_created, you should be able to use the startOn and startOnLocal fields from the getAlerts response.  The best way to get more information (e.g. IP) about the devices in alert is to grab the hostId & host display name from the response of getAlerts and plug that into either the getHost RPC API or a GET request to the devices resource for our REST API.

    For example, if getAlerts returns:

     
    [   {   '_id_': 'LMD8983',
            'ackComment': 'OK',
            'acked': True,
            'ackedBy': 'wisut.j@cloudhm.co.th',
            'ackedOn': 1475652110,
            'ackedOnLocal': '2016-10-05 14:21:50 ICT',
            'active': True,
            'alertEscalationChainName': 'default',
            'alertRecipients': '',
            'alertRuleId': 3,
            'alertRuleName': 'Critical',
            'clearValue': '',
            'dataPoint': 'idleInterval',
            'dataSource': 'HostStatus',
            'dataSourceDisplayName': 'Host Status',
            'dataSourceId': 128,
            'dataSourceInstance': 'HostStatus',
            'dataSourceInstanceDescription': '',
            'dataSourceInstanceId': 4911958,
            'dataSourceType': 'DS',
            'displayName': 'Host Status',
            'duration': '52h 31m',
            'endOn': 0,
            'endOnLocal': '',
            'escalationChainId': 1,
            'escalationSubChainId': 0,
            'host': 'VC-TCCT',
            'hostDataSourceId': 393,
            'hostGroups': [   {   'alertEnable': True,
                                  'appliesTo': '',
                                  'createdOn': 0,
                                  'description': 'root folder',
                                  'fullPath': '',
                                  'groupType': 0,
                                  'id': 1,
                                  'name': 'cloudhm',
                                  'parentId': 0}],
            'hostId': 8,
            'id': 74,
            'inSDT': True,
            'level': 'critical',
            'nextRecipient': 0,
            'sdt': [   {   'admin': 'wisut.j@cloudhm.co.th',
                           'category': {'name': 'HostSDT'},
                           'comment': '',
                           'duration': 0,
                           'endDateTime': {   'day': 31,
                                              'hour': 12,
                                              'minute': 30,
                                              'month': 10,
                                              'weekDay': 2,
                                              'year': 2016},
                           'endHour': 0,
                           'endMinute': 0,
                           'hostId': 8,
                           'hour': 0,
                           'id': 1,
                           'isEffective': True,
                           'minute': 0,
                           'monthDay': 0,
                           'sdtType': 1,
                           'startDateTime': {   'day': 5,
                                                'hour': 13,
                                                'minute': 43,
                                                'month': 10,
                                                'weekDay': 4,
                                                'year': 2016},
                           'type': 'onetime',
                           'weekDay': 1}],
            'startOn': 1475644129,
            'startOnLocal': '2016-10-05 12:08:49 ICT',
            'thresholds': '> 300 300 300',
            'type': 'alert',
            'uniqueId': 'LMD74',
            'value': '189439.44'}]

     

    Then you can either make a getHost RPC request using host display name= VC-TCCT, or a GET /device/devices/<id> REST request using hostId =8.  The response will look like this:

    {
    
      "status" : 200,
      "errmsg" : "OK",
      "data" : {
        "id" : 253,
        "name" : "10.36.11.240",
        "displayName" : "ProdServer24",
        "deviceType" : 0,
        "relatedDeviceId" : -1,
        "currentCollectorId" : 90,
        "preferredCollectorId" : 90,
        "preferredCollectorGroupId" : 1,
        "preferredCollectorGroupName" : "@default",
        "description" : "a server in the LA datacenter",
        "createdOn" : 1458754984,
        "updatedOn" : 1470715583,
        "disableAlerting" : false,
        "autoPropsAssignedOn" : 1476095588,
        "autoPropsUpdatedOn" : 1476095708,
        "scanConfigId" : 0,
        "link" : "",
        "enableNetflow" : false,
        "netflowCollectorId" : 0,
        "netflowCollectorGroupId" : 0,
        "netflowCollectorGroupName" : null,
        "lastDataTime" : 0,
        "lastRawdataTime" : 0,
        "hostGroupIds" : "2",
        "sdtStatus" : "none-none-none",
        "userPermission" : "write",
        "hostStatus" : "dead",
        "alertStatus" : "unconfirmed-critical-none",
        "alertStatusPriority" : 1,
        "awsState" : 1,
        "alertDisableStatus" : "none-none-none",
        "alertingDisabledOn" : null,
        "collectorDescription" : "ip-172-31-37-162.us-west-2.compute.internal",
        "netflowCollectorDescription" : null,
        "customProperties" : [ {
          "name" : "system.categories",
          "value" : ""
        } ],
        "upTimeInSeconds" : 0,
        "deletedTimeInMs" : 0,
        "toDeleteTimeInMs" : 0,
        "hasDisabledSubResource" : false,
        "manualDiscoveryFlags" : {
          "winprocess" : false,
          "linuxprocess" : false,
          "winservice" : false
        },
        "ancestorHasDisabledLogicModule" : false
      }
    }

    Which includes device display name & device IP/DNS.  Re the component_type & component_status values, it sounds like you're going to hardcode those, but if you have this information set as custom properties for the devices in your account, you can get that additional information with https://www.logicmonitor.com/support/rpc-api-developers-guide/manage-devices/get-device-properties/ (the REST version of which will be published in the next release or two). 

    Thanks,

    Sarah