getAlertDetails

A Graze API GET request that returns details, such as the description or severity, of an alert.

Request arguments

Endpoint getAlertDetails takes the following request arguments:

Name	Type	Required	Description
`auth_token`	String	Yes	A valid `auth_token` returned from the `authenticate` request. Alternatively, basic authenticate headers can be used in place of this parameter. See the authenticate endpoint for more information and usage examples.
`alert_id`	Number	Yes	Alert ID.

Response

Endpoint getAlertDetails returns the following response:

Type	Description
HTTP Code	HTTP status or error code indicating request success or failure. See HTTP status code definitions for more information.

Successful requests return a JSON object which contains alert details from the following:

Name	Type	Description
`active_sitn_list`	Number list	A list of Situation IDs of the active Situations to which this alert belongs.
`agent`	String	Agent name associated with this alert. *
`agent_location`	String	Agent location associated with this alert. *
`alert_id`	Number	Alert ID.
`class`	String	Class associated with this alert. *
`count`	Number	Number of times that this alert has occurred.
`custom_info`	JSON object	A JSON object containing the custom information.
`description`	String	Description associated with this alert. *
`entropy`	Number	Entropy value of the alert, the measure of probability that an alert will arrive in the system at any given time. This is a value between 0 (very certain) and 1 (very uncertain).
`external_id`	String	External ID associated with this alert. *
`first_event_time`	Number	Timestamp (in Unix epoch time) of the first occurrence of the alert.
`int_last_event_time`	Number	Internal Moogsoft Onprem timestamp (in Unix epoch time) of the last occurrence of this alert.
`last_event_time`	Number	Timestamp (in Unix epoch time) of the last occurrence of this alert.
`last_state_change`	Number	Timestamp (in Unix epoch time) of the last state change of this alert.
`manager`	String	Manager name associated with this alert. *
`owner`	Number	ID of the user that this alert is assigned to.
`severity`	Number	The severity of the alert as an integer: 0 = Clear 1 = Indeterminate 2 = Warning 3 = Minor 4 = Major 5 = Critical
`signature`	String	Unique alert identifier.
`significance`	Number	Significance of the alert as an integer: 0 = Collateral 1 = Related 2 = Impacting 3 = Causal
`source`	String	Source associated with this alert. *
`source_id`	String	Source ID associated with the alert. *
`state`	Number	Indicates the lifecycle state of the alert.
`type`	String	Type associated with this alert. *

* = These details are derived from the input event text field, via the LAMs.

Examples

The following examples demonstrate typical use of endpoint getAlertDetails:

Request example

Example cURL request to return the details for alert ID 3968:

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getAlertDetails" --data-urlencode "alert_id=3968"

Response example

Example response returning the details of alert ID 3968:

{
   "active_sitn_list":[1], 
   "agent":"TestBed",
   "agent_location":"localhost",
   "alert_id":3968,
   "class":"WebMon",
   "count":2,
   "custom_info":null,
   "description":"Web Server HTTPD is DOWN",
   "external_id":"12345",
   "first_event_time":1416307126,
   "int_last_event_time":1416307188,
   "last_event_time":1416307131,
   "last_state_change":1416307144,
   "manager":"WebMon",
   "owner":2, 
   "severity":0,
   "signature":"SIG:Web Server Down Trap:xldn1458pap:10",
   "significance":3,
   "source":"xldn1458pap",
   "source_id":"xldn1458pap",
   "state":9, 
   "type":"HTTPDDown"
}

In this section: