Managing events with REST APIs - Documentation for BMC Helix Operations Management 21.3

You can use this API for event search and aggregation.

The Elastic Search API DSL query language is used search events. For more information about the query language, see Open link .

Raw document query

Search events for a specific date range in the raw document format.

Request URL

Example request URL

Request Header

Content-Type: application/json
Authorization: Bearer <JWT_token>

For instructions on obtaining the JWT token, see Access and authentication for the REST API. Open link .

Request body

{"size":500,"query":{"bool":{"filter":[{"range":{"creation_time":{"gte":1603860684000,"lte":1603864284000,"format":"epoch_millis"}}},{"query_string":{"analyze_wildcard":true,"query":"status:OPEN"}}]}},"sort":{"creation_time":{"order":"desc","unmapped_type":"boolean"}},"script_fields":{}}

Successful response

Status code 200 OK

{ "took": 19, "status": 200, "responses": [ { "took": 18, "timed_out": false, "_shards": { "total": 10, "successful": 10, "skipped": 7, "failed": 0 }, "hits": { "total": { "value": 80, "relation": "eq" }, "max_score": null, "hits": [ { "_score": null, "_source": { "msg": "9cd6e9f9c33fc4a", "creation_time": 1603862648418, "_tenant_id": "1846876061", "severity_ordinal": 60, "sub_category": "OTHER", "modelname": "", "source_identifier": "9cd6e9f9c33fc4a.clm-pun-t8x5kf.bmc.com@3181.1603862648418.9726262116", "_tenant_name": "", "_errors": "[]", "incident_id": "", "_operations": "[]", "incident_company": "", "_ci_id": "", "source_port": 3181, "source_address": "10.10.10.10", "alias": [ "BMC_ComputerSystem:clm-pun-t8x5kf.bmc.com"...
...	"status": "OPEN", "al_extremeness": 0, "al_parameter_threshold": "", "al_baseline_hourly_low": "", "al_thresh_above_ordinal": 20, "al_thresh_above": null, "al_pts_exceeded": 0, "incident_item": "", "al_event_score": 0.0, "object": "clm-pun-t8x5kf.bmc.com", "al_end_time": 1603862534075, "al_predict_to_occur_time": 1603862534075, "al_agent_port": "", "al_thresh_id": "4449542027", "incident_operational_category1": "", "cross_launch_uri": "", "al_avg_value": "", "incident_operational_category2": "", "object_class": "", "al_is_predicted_ordinal": 10, "al_is_predicted": null, "al_agent_name": "", "al_parameter_name": "zPTZ9GkwwB", "incident_operational_category3": "", "al_baseline_weekly_low": "", "al_thresh_duration": 1, "al_agent_os": "", "al_baseline_daily_high": "", "al_baseline_weekly_high": "", "al_prediction_severity": "CRITICAL", "incident_type": "", "al_parameter_unit": "MB", "al_last_time": "0", "al_alarm_id": "4718821724", "al_baseline_hourly_high": "", "al_thresh_type": "Custom", "object_id": "", "al_pts_total": 0, "al_highest_severity_ordinal": 40, "al_highest_severity": "WARNING", "al_old_severity_ordinal": 40, "al_old_severity": "WARNING", "al_parameter_value": "79", "al_baseline_daily_low": "", "incident_category": "", "al_device_ipaddress": "", "al_baseline_type_ordinal": 10, "al_baseline_type": "HOURLY" }, "sort": [ 1603862534075 ] } ] }, "status": 200 } ]
}

In this response, the event search query is: status:OPEN

All events with the status OPEN event are searched and the response is in the raw document format.

Aggregation query

Perform event search and aggregation on a specific time range.

Request URL

Example request URL

Request body

{"size":0,"query":{"bool":{"filter":[{"range":{"creation_time":{"gte":1603860684000,"lte":1603864284000,"format":"epoch_millis"}}},{"query_string":{"analyze_wildcard":true,"query":"status:OPEN"}}]}},"aggs":{"2":{"date_histogram":{"interval":"15m","field":"creation_time","min_doc_count":0,"extended_bounds":{"min":1603860684000,"max":1603864284000},"format":"epoch_millis"},"aggs":{}}}}

Successful response

Status code 200 OK

{ "took": 5, "status": 200, "responses": [ { "took": 4, "timed_out": false, "_shards": { "total": 10, "successful": 10, "skipped": 0, "failed": 0 }, "hits": { "total": { "value": 80, "relation": "eq" }, "max_score": null, "hits": [] }, "aggregations": { "date_histogram#2": { "buckets": [ { "key_as_string": "1603860300000", "key": 1603860300000, "doc_count": 0 }, { "key_as_string": "1603861200000", "key": 1603861200000, "doc_count": 0 }, { "key_as_string": "1603862100000", "key": 1603862100000, "doc_count": 80 }, { "key_as_string": "1603863000000", "key": 1603863000000, "doc_count": 0 }, { "key_as_string": "1603863900000", "key": 1603863900000, "doc_count": 0 } ] } }, "status": 200 } ]
}

In this response, the event search query is: status:OPEN

All events with the status OPEN event are searched and the response is in the aggregate format.

Group By query

Perform event search and aggregation on a specific time range.

Request URL

Example request URL

Request body

{"size":0,"query":{"bool":{"filter":[{"range":{"creation_time":{"gte":1603860684000,"lte":1603864284000,"format":"epoch_millis"}}},{"query_string":{"analyze_wildcard":true,"query":"*"}}]}},"aggs":{"3":{"terms":{"field":"severity","size":10,"order":{"_key":"desc"},"min_doc_count":1},"aggs":{"2":{"date_histogram":{"interval":"5m","field":"creation_time","min_doc_count":0,"extended_bounds":{"min":1603860684000,"max":1603864284000},"format":"epoch_millis"},"aggs":{}}}}}}

Successful response

Status code 200 OK

{ "took": 9, "status": 200, "responses": [ { "took": 8, "timed_out": false, "_shards": { "total": 10, "successful": 10, "skipped": 0, "failed": 0 }, "hits": { "total": { "value": 190, "relation": "eq" }, "max_score": null, "hits": [] }, "aggregations": { "sterms#3": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 0, "buckets": [ { "key": "WARNING", "doc_count": 65, "date_histogram#2": { "buckets": [ { "key_as_string": "1603860600000", "key": 1603860600000, "doc_count": 0 }, { "key_as_string": "1603860900000", "key": 1603860900000, "doc_count": 0 }, { "key_as_string": "1603861200000", "key": 1603861200000, "doc_count": 0 }, { "key_as_string": "1603861500000", "key": 1603861500000, "doc_count": 0 }, { "key_as_string": "1603861800000", "key": 1603861800000, "doc_count": 0 }, { "key_as_string": "1603862100000", "key": 1603862100000, "doc_count": 0 }, { "key_as_string": "1603862400000", "key": 1603862400000, "doc_count": 16 }, { "key_as_string": "1603862700000", "key": 1603862700000, "doc_count": 49 }, { "key_as_string": "1603863000000", "key": 1603863000000, "doc_count": 0 }, { "key_as_string": "1603863300000", "key": 1603863300000, "doc_count": 0 }, { "key_as_string": "1603863600000", "key": 1603863600000, "doc_count": 0 }, { "key_as_string": "1603863900000", "key": 1603863900000, "doc_count": 0 }, { "key_as_string": "1603864200000", "key": 1603864200000, "doc_count": 0 } ] } }, { "key": "MINOR", "doc_count": 25, "date_histogram#2": { "buckets": [ { "key_as_string": "1603860600000", "key": 1603860600000, "doc_count": 0 }, { "key_as_string": "1603860900000", "key": 1603860900000, "doc_count": 0 }, { "key_as_string": "1603861200000", "key": 1603861200000, "doc_count": 0 }, { "key_as_string": "1603861500000", "key": 1603861500000, "doc_count": 0 }, { "key_as_string": "1603861800000", "key": 1603861800000, "doc_count": 0 }, { "key_as_string": "1603862100000", "key": 1603862100000, "doc_count": 0 }, { "key_as_string": "1603862400000", "key": 1603862400000, "doc_count": 25 }, { "key_as_string": "1603862700000", "key": 1603862700000, "doc_count": 0 }, { "key_as_string": "1603863000000", "key": 1603863000000, "doc_count": 0 }, { "key_as_string": "1603863300000", "key": 1603863300000, "doc_count": 0 }, { "key_as_string": "1603863600000", "key": 1603863600000, "doc_count": 0 }, { "key_as_string": "1603863900000", "key": 1603863900000, "doc_count": 0 }, { "key_as_string": "1603864200000", "key": 1603864200000, "doc_count": 0 } ] } }, { "key": "MAJOR", "doc_count": 65, "date_histogram#2": { "buckets": [ { "key_as_string": "1603860600000", "key": 1603860600000, "doc_count": 0 }, { "key_as_string": "1603860900000", "key": 1603860900000, "doc_count": 0 }, { "key_as_string": "1603861200000", "key": 1603861200000, "doc_count": 0 }, { "key_as_string": "1603861500000", "key": 1603861500000, "doc_count": 0 }, { "key_as_string": "1603861800000", "key": 1603861800000, "doc_count": 0 }, { "key_as_string": "1603862100000", "key": 1603862100000, "doc_count": 0 }, { "key_as_string": "1603862400000", "key": 1603862400000, "doc_count": 65 }, { "key_as_string": "1603862700000", "key": 1603862700000, "doc_count": 0 }, { "key_as_string": "1603863000000", "key": 1603863000000, "doc_count": 0 }, { "key_as_string": "1603863300000", "key": 1603863300000, "doc_count": 0 }, { "key_as_string": "1603863600000", "key": 1603863600000, "doc_count": 0 }, { "key_as_string": "1603863900000", "key": 1603863900000, "doc_count": 0 }, { "key_as_string": "1603864200000", "key": 1603864200000, "doc_count": 0 } ] } }, { "key": "CRITICAL", "doc_count": 35, "date_histogram#2": { "buckets": [ { "key_as_string": "1603860600000", "key": 1603860600000, "doc_count": 0 }, { "key_as_string": "1603860900000", "key": 1603860900000, "doc_count": 0 }, { "key_as_string": "1603861200000", "key": 1603861200000, "doc_count": 0 }, { "key_as_string": "1603861500000", "key": 1603861500000, "doc_count": 0 }, { "key_as_string": "1603861800000", "key": 1603861800000, "doc_count": 0 }, { "key_as_string": "1603862100000", "key": 1603862100000, "doc_count": 0 }, { "key_as_string": "1603862400000", "key": 1603862400000, "doc_count": 35 }, { "key_as_string": "1603862700000", "key": 1603862700000, "doc_count": 0 }, { "key_as_string": "1603863000000", "key": 1603863000000, "doc_count": 0 }, { "key_as_string": "1603863300000", "key": 1603863300000, "doc_count": 0 }, { "key_as_string": "1603863600000", "key": 1603863600000, "doc_count": 0 }, { "key_as_string": "1603863900000", "key": 1603863900000, "doc_count": 0 }, { "key_as_string": "1603864200000", "key": 1603864200000, "doc_count": 0 } ] } } ] } }, "status": 200 } ]
}

In this response, the event search query is * and the terms field is severity.

All events are searched and the response is in the group format with severity.

Terms query

Perform event search and aggregation on source_hostname.

Request URL

Example request URL

Request body

{"size":0,"query":{"bool":{"filter":[{"range":{"creation_time":{"gte":1603860684000,"lte":1603864284000,"format":"epoch_millis"}}},{"query_string":{"analyze_wildcard":true,"query":"*"}}]}},"aggs":{"2":{"terms":{"field":"source_hostname.keyword","size":10,"order":{"_key":"desc"},"min_doc_count":1},"aggs":{}}}}

Successful response

Status code 200 OK

{ "took": 5, "status": 200, "responses": [ { "took": 4, "timed_out": false, "_shards": { "total": 10, "successful": 10, "skipped": 0, "failed": 0 }, "hits": { "total": { "value": 190, "relation": "eq" }, "max_score": null, "hits": [] }, "aggregations": { "sterms#2": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 0, "buckets": [ { "key": "clm-pun-t8x5kf.bmc.com", "doc_count": 175 }, { "key": "clm-pun-52612", "doc_count": 5 }, { "key": "clm-pun-526", "doc_count": 5 }, { "key": "clm-pun-458", "doc_count": 5 } ] } }, "status": 200 } ]
}

In this response, the event search query is * and the terms field is source_hostname.keyword.

All events are searched and the response is in the group format with source_hostname.keyword.

Raw document query

Aggregation query

Group By query

Terms query

Related Journals

Is Tyler Perry Gay? - GistFest

Negative Reception Surrounds One Piece Netflix Live-Action Ahead Of Launch

Do Mia And Sebastian End Up Together?

The immune-boosting benefits of Fire Cider