Skip to main content

Using Alert APIs

The Virtana Platform UI provides various slicing and dicing capabilities for detailed analysis. Additionally, we expose APIs that can be integrated into user dashboards, allowing users to extract valuable information. By using various filter options in API calls, users can retrieve specific alert information and other critical data points. Alert data is aggregated from different alert systems, including OC, VW, and external systems, ensuring comprehensive monitoring and reporting.

The structure of the alerts service APIs can be divided into 4 parts:

  • Function name (function): This serves as a validation layer for the input request body. It enforces the API to accept only allowed parameters. Missing required parameters will be set to default values in the service. The name varies for different use cases, e.g., alert_screen_api, alert_screen_group_api, alert_queries_api, etc.

  • Parameters (params): This contains information about pagination attributes such as the number of rows, sorting columns, and order. It also helps with faceting information, such as facet fields, pivots, etc.

  • Filters (filters): This section filters out records based on the included attributes. It also helps filter records based on date range.

  • Exclude Fields (exclusiveFields): This section contains the attributes that need to be removed from the response. The records will be filtered by excluding attributes present in this section. It simply means the negation of those fields in the query.

More on function names:

  • alert_screen_group_api: This function is used for grouping alerts based on the parameters. It can be used to group records with certain conditions or when faceting or statistics capabilities are required.

  • alert_queries_api: This function is a wrapper on top of the alert_screen_group_api. It allows bulk request payloads of alert_screen_group_api. It is mostly used when there are multiple dashlets and different grouping and faceting are required in each dashlet.

Links

The queries follow the Apache Lucene query syntax: https://lucene.apache.org/core/2_9_4/queryparsersyntax.html

Fetch Alerts Based on Specific Criteria

Purpose:  This use case demonstrates how to fetch alerts based on specific criteria using the alert_screen_group_api function. The function allows for the retrieval of alert data with various filters and faceting options.

Endpoint:  /api/alert/fetch

Function:  alert_screen_group_api

Parameters:

  • fields: Specifies the fields and their respective values to be used for querying alerts.

  • params: Defines additional parameters for the query.

    • facet: Enables faceting to group and aggregate data based on specific fields

    • facet.query: Specifies the faceting queries for Mean Time To Resolution (MTTR) ranges.

Example

{
  "function": "alert_screen_group_api",
  "params": {
    "facet": true,
    "facet.query": [
      "mttr :[0 TO 3600000]",
      "mttr :[360xxxx TO 4320xxxx]",
      "mttr :[432xxxx TO 8640xxx]",
      "mttr :[864xxxx TO 604xxxx]"
    ],
    "rows": 0
  },
  "fields": {
    "display_level": "(Highest High Medium)",
    "status": "(Closed Resolved)",
    "updated_on": "[2024-05-27T00:00:00Z TO 2024-06-26T23:59:00Z]"// This 
 attribute follows Lucene Query syntax as mentioned in the above URL.
 }

}

Components:

  • Function (alert_screen_group_api): Specifies the API function to be called.

  • Params (params): Additional parameters for the API function.

  • Fields (fields): Defines the fields for filtering alerts.

Show alert counts grouped by Severity and using date filter and source/provider filter

Request Payload :
[
    {
        "function": "alert_screen_group_api",
        "params": {
            "facet": true,
            "facet.field": "severity",
            "facet.pivot": "severity"
        },
        "fields": {
            "document_type": "alert",
            "display_level": "(Highest High Medium)",
            "subtype": "(ML Rule)",
            "updated_on": "[NOW-7DAYS TO NOW]",
            "priority": "(Highest High Medium Low Unknown)",
            "severity": "(Critical Major Warning Minor Info Unknown)",
            "substatus": "(New ReFired AutoRCA AutoResolved Done Cancelled Closing)",
            "event_provider": "Others"
        },
        "exclusiveFields": []
    }
]
Response [
    {
        "error": false,
        "functionName": "alert_screen_group_api",
        "message": "",
        "numFound": 8,
        "response": {
            "response": {
                "numFound": 8,
                "start": 0,
                "numFoundExact": true,
                "docs": []
            },
            "responseHeader": {
             
            },
            "facet_counts": {
                "facet_queries": {},
                "facet_fields": {
                    "severity": {
                        "Critical": 7,
                        "Unknown": 1,
                        "Major": 0,
                        "Warning": 0
                    }
                },
                "facet_ranges": {},
                "facet_intervals": {},
                "facet_heatmaps": {},
                "facet_pivot": {
                    "severity": [
                        {
                            "field": "severity",
                            "value": "Critical",
                            "count": 7
                        },
                        {
                            "field": "severity",
                            "value": "Unknown",
                            "count": 1
                        }
                    ]
                }
            }
        }
    }
]

Show alert trends grouped by severity. The example shows a range gap of 1 day that can be extended to custom ranges as required.

[
    {
        "function": "alert_screen_group_api",
        "params": {
            "facet": true,
            "start": 0,
            "rows": 10,
            "facet.field": "severity",
            "facet.pivot": "{!range=r1}severity",
            "facet.range": "{!tag=r1}created_on",
            "facet.range.start": "2024-06-01T18:30:00Z",
            "facet.range.end": "2024-07-02T18:29:00Z",
            "facet.range.gap": "+1DAY",
            "facet.range.include": "outer",
            "sort": "updated_on DESC"
        },
        "fields": {
            "document_type": "alert",
            "updated_on": "[2024-06-01T18:30:00Z TO 2024-07-02T18:29:00Z]"
        },
        "exclusiveFields": []
    }
]
Response : 
[
    {
        "error": false,
        "functionName": "alert_screen_group_api",
        "message": "",
        "numFound": 349176,
        "response": {
            "response": {
                "numFound": 349176,
                "start": 0,
                "numFoundExact": true,
                "docs": []
            },
            "responseHeader": {
                "status": 0,
                "QTime": 20,
                "params": {
                    "facet.range": "{!tag=r1}created_on",
                    "facet.field": "severity",
                    "facet.range.gap": "+1DAY",
                    "facet.pivot": "{!range=r1}severity",
                    "indent": "on",
                    "facet.range.include": "outer",
                    "start": "0",
                    "sort": "updated_on DESC",
                    "rows": "0",
                    "version": "2",
                    "q": "type:Anomaly AND tenant_id:c1b1bee2-4171-4f9e-b778-0093ca6df6d2 AND updated_on:([2024-06-01T18:30:00Z TO 2024-07-02T18:29:00Z]) AND display_level:(High Medium) AND document_type:(alert)",
                    "facet": "true",
                    "wt": "javabin",
                    "facet.range.start": "2024-06-01T18:30:00Z",
                    "facet.range.end": "2024-07-02T18:29:00Z"
                }
            },
            "facet_counts": {
                "facet_queries": {},
                "facet_fields": {
                    "severity": {
                        "Critical": 349143,
                        "Warning": 30,
                        "Unknown": 2,
                        "Major": 1
                    }
                },
                "facet_ranges": {
                    "created_on": {
                        "counts": {
                            "2024-06-01T18:30:00Z": 78940,
                            "2024-06-02T18:30:00Z": 79383,
                            "2024-06-03T18:30:00Z": 1870,
                            "2024-06-04T18:30:00Z": 1724,
                            "2024-06-05T18:30:00Z": 2618,
                            "2024-06-06T18:30:00Z": 3456,
                            "2024-06-07T18:30:00Z": 2686,
                            "2024-06-08T18:30:00Z": 2516,
                            "2024-06-09T18:30:00Z": 2197,
                            "2024-06-10T18:30:00Z": 1562,
                            "2024-06-11T18:30:00Z": 3178,
                            "2024-06-12T18:30:00Z": 2211,
                            "2024-06-13T18:30:00Z": 1657,
                            "2024-06-14T18:30:00Z": 1985,
                            "2024-06-15T18:30:00Z": 2648,
                            "2024-06-16T18:30:00Z": 2535,
                            "2024-06-17T18:30:00Z": 2149,
                            "2024-06-18T18:30:00Z": 2476,
                            "2024-06-19T18:30:00Z": 1567,
                            "2024-06-20T18:30:00Z": 1511,
                            "2024-06-21T18:30:00Z": 1968,
                            "2024-06-22T18:30:00Z": 2437,
                            "2024-06-23T18:30:00Z": 2518,
                            "2024-06-24T18:30:00Z": 2358,
                            "2024-06-25T18:30:00Z": 2669,
                            "2024-06-26T18:30:00Z": 3387,
                            "2024-06-27T18:30:00Z": 1726,
                            "2024-06-28T18:30:00Z": 2289,
                            "2024-06-29T18:30:00Z": 936,
                            "2024-06-30T18:30:00Z": 307,
                            "2024-07-01T18:30:00Z": 171
                        },
                        "gap": "+1DAY",
                        "start": "Sat Jun 01 18:30:00 GMT 2024",
                        "end": "Tue Jul 02 18:30:00 GMT 2024"
                    }
                },
                "facet_intervals": {},
                "facet_heatmaps": {},
                "facet_pivot": {
                    "severity": [
                        {
                            "field": "severity",
                            "value": "Critical",
                            "count": 349143,
                            "ranges": {
                                "created_on": {
                                    "counts": {
                                        "2024-06-01T18:30:00Z": 78939,
                                        "2024-06-02T18:30:00Z": 79372,
                                        "2024-06-03T18:30:00Z": 1870,
                                        "2024-06-04T18:30:00Z": 1724,
                                        "2024-06-05T18:30:00Z": 2618,
                                        "2024-06-06T18:30:00Z": 3456,
                                        "2024-06-07T18:30:00Z": 2686,
                                        "2024-06-08T18:30:00Z": 2516,
                                        "2024-06-09T18:30:00Z": 2197,
                                        "2024-06-10T18:30:00Z": 1562,
                                        "2024-06-11T18:30:00Z": 3178,
                                        "2024-06-12T18:30:00Z": 2211,
                                        "2024-06-13T18:30:00Z": 1656,
                                        "2024-06-14T18:30:00Z": 1985,
                                        "2024-06-15T18:30:00Z": 2648,
                                        "2024-06-16T18:30:00Z": 2535,
                                        "2024-06-17T18:30:00Z": 2149,
                                        "2024-06-18T18:30:00Z": 2476,
                                        "2024-06-19T18:30:00Z": 1567,
                                        "2024-06-20T18:30:00Z": 1511,
                                        "2024-06-21T18:30:00Z": 1968,
                                        "2024-06-22T18:30:00Z": 2437,
                                        "2024-06-23T18:30:00Z": 2518,
                                        "2024-06-24T18:30:00Z": 2358,
                                        "2024-06-25T18:30:00Z": 2669,
                                        "2024-06-26T18:30:00Z": 3386,
                                        "2024-06-27T18:30:00Z": 1726,
                                        "2024-06-28T18:30:00Z": 2289,
                                        "2024-06-29T18:30:00Z": 936,
                                        "2024-06-30T18:30:00Z": 307,
                                        "2024-07-01T18:30:00Z": 171
                                    },
                                    "gap": "+1DAY",
                                    "start": "Sat Jun 01 18:30:00 GMT 2024",
                                    "end": "Tue Jul 02 18:30:00 GMT 2024"
                                }
                            }
                        }
                            }
                        }
                    ]
                }
            }
        }
    }
]

Use case : Group By Application Name and Severity

POST : {{DEV URL}}/api/alerts/fetch-alerts

Request Body : 
[
    {
        "function": "alert_screen_group_api",
        "params": {
            "facet": true,
            "facet.field": "application_name",
            "facet.pivot": "application_name,severity",
            "rows": 0
        },
        "fields": {
            "display_level": "(Highest High Medium)",
            "substatus": "(New ReFired AutoRCA AutoResolved Done Cancelled Closing)",
            "updated_on": "[2024-06-01T18:30:00Z TO 2024-07-02T18:29:00Z]"
        },
        "exclusiveFields": []
    }
]
Response :
[
    {
        "error": false,
        "functionName": "alert_screen_group_api",
        "message": "",
        "numFound": 349198,
        "response": {
            "response": {
                "numFound": 349198,
                "start": 0,
                "numFoundExact": true,
                "docs": []
            },
            "responseHeader": {
                "status": 0,
                "QTime": 146,
                "params": {
                    "q": "type:Anomaly AND tenant_id:c1b1bee2-4171-4f9e-b778-0093ca6df6d2 AND updated_on:([2024-06-01T18:30:00Z TO 2024-07-02T18:29:00Z]) AND substatus:((New ReFired AutoRCA AutoResolved Done Cancelled Closing)) AND display_level:((Highest High Medium))",
                    "facet.field": "application_name",
                    "facet.pivot": "application_name,severity",
                    "indent": "on",
                    "start": "0",
                    "sort": "updated_on desc,status asc,priority asc",
                    "rows": "0",
                    "facet": "true",
                    "wt": "javabin",
                    "version": "2"
                }
            },
            "facet_counts": {
                "facet_queries": {},
                "facet_fields": {
                    "application_name": {
                        "VmLabApp": 21024,
                        "RnDLabApp": 11583,
                        "New Application Created": 7596,
                        "MS Exchange App - SD 2751": 6361,
                        "HRMS_App": 5649,
                        "Application 2": 1426,
                        "Shiny New App": 1162,
                        "Application 1": 477,
                        "MS Exchange App": 5,
                        "Storage Optimizer App": 5,
                        "app-01": 5
                    }
                },
                "facet_ranges": {},
                "facet_intervals": {},
                "facet_heatmaps": {},
                "facet_pivot": {
                    "application_name,severity": [
                        {
                            "field": "application_name",
                            "value": "VmLabApp",
                            "count": 21024,
                            "pivot": [
                                {
                                    "field": "severity",
                                    "value": "Critical",
                                    "count": 21024
                                }
                            ]
                        },
                        {
                            "field": "application_name",
                            "value": "RnDLabApp",
                            "count": 11583,
                            "pivot": [
                                {
                                    "field": "severity",
                                    "value": "Critical",
                                    "count": 11583
                                }
                            ]
                        },
                        {
                            "field": "application_name",
                            "value": "New Application Created",
                            "count": 7596,
                            "pivot": [
                                {
                                    "field": "severity",
                                    "value": "Critical",
                                    "count": 7596
                                }
                            ]
                        },
                        {
                            "field": "application_name",
                            "value": "MS Exchange App - SD 2751",
                            "count": 6361,
                            "pivot": [
                                {
                                    "field": "severity",
                                    "value": "Critical",
                                    "count": 6361
                                }
                            ]
                        },
                        {
                            "field": "application_name",
                            "value": "HRMS_App",
                            "count": 5649,
                            "pivot": [
                                {
                                    "field": "severity",
                                    "value": "Critical",
                                    "count": 5649
                                }
                            ]
                        },
                        {
                            "field": "application_name",
                            "value": "Application 2",
                            "count": 1426,
                            "pivot": [
                                {
                                    "field": "severity",
                                    "value": "Critical",
                                    "count": 1426
                                }
                            ]
                        },
                        {
                            "field": "application_name",
                            "value": "Shiny New App",
                            "count": 1162,
                            "pivot": [
                                {
                                    "field": "severity",
                                    "value": "Critical",
                                    "count": 1162
                                }
                            ]
                        },
                        {
                            "field": "application_name",
                            "value": "Application 1",
                            "count": 477,
                            "pivot": [
                                {
                                    "field": "severity",
                                    "value": "Critical",
                                    "count": 477
                                }
                            ]
                        },
                        {
                            "field": "application_name",
                            "value": "MS Exchange App",
                            "count": 5,
                            "pivot": [
                                {
                                    "field": "severity",
                                    "value": "Critical",
                                    "count": 5
                                }
                            ]
                        },
                        {
                            "field": "application_name",
                            "value": "Storage Optimizer App",
                            "count": 5,
                            "pivot": [
                                {
                                    "field": "severity",
                                    "value": "Critical",
                                    "count": 5
                                }
                            ]
                        },
                        {
                            "field": "application_name",
                            "value": "app-01",
                            "count": 5,
                            "pivot": [
                                {
                                    "field": "severity",
                                    "value": "Critical",
                                    "count": 5
                                }
                            ]
                        }
                    ]
                }
            }
        }
    }
]

Usecase : Count Alerts By Source Type

Body : 
[
    {
        "function": "alert_screen_group_api",
        "params": {
            "facet": true,
            "facet.field": "event_provider",
            "facet.pivot": "event_provider",
            "rows": 0
        },
        "fields": {
            "display_level": "(Highest High Medium)",
            "updated_on": "[2024-06-01T18:30:00Z TO 2024-07-02T18:29:00Z]"
        },
        "exclusiveFields": []
    }
]
Response :
[
    {
        "error": false,
        "functionName": "alert_screen_group_api",
        "message": "",
        "numFound": 349209,
        "response": {
            "response": {
                "numFound": 349209,
                "start": 0,
                "numFoundExact": true,
                "docs": []
            },
            "responseHeader": {
                "status": 0,
                "QTime": 110,
                "params": {
                    "q": "type:Anomaly AND tenant_id:c1b1bee2-4171-4f9e-b778-0093ca6df6d2 AND updated_on:([2024-06-01T18:30:00Z TO 2024-07-02T18:29:00Z]) AND display_level:((Highest High Medium))",
                    "facet.field": "event_provider",
                    "facet.pivot": "event_provider",
                    "indent": "on",
                    "start": "0",
                    "sort": "updated_on desc,status asc,priority asc",
                    "rows": "0",
                    "facet": "true",
                    "wt": "javabin",
                    "version": "2"
                }
            },
            "facet_counts": {
                "facet_queries": {},
                "facet_fields": {
                    "event_provider": {
                        "VirtualWisdom": 280287,
                        "OpsCruise": 68862,
                        "Others": 60,
                        "k8s": 0
                    }
                },
                "facet_ranges": {},
                "facet_intervals": {},
                "facet_heatmaps": {},
                "facet_pivot": {
                    "event_provider": [
                        {
                            "field": "event_provider",
                            "value": "VirtualWisdom",
                            "count": 280287
                        },
                        {
                            "field": "event_provider",
                            "value": "OpsCruise",
                            "count": 68862
                        },
                        {
                            "field": "event_provider",
                            "value": "Others",
                            "count": 60
                        }
                    ]
                }
            }
        }
    }
]

Component

  • facet: true = Indicates that the response should include facet data.

  • facet.field: "severity" = Specifies the field used for faceting, which in this case is the alert severity.

  • facet.pivot: "severity" = Sets the field for pivot faceting, also based on severity.

Using the Search Entities API with the specified parameters, users can efficiently retrieve, sort, and navigate through a list of entities that meet specific criteria. This aids in managing and monitoring various types of entities within the infrastructure.