How do API consumers read the events feed?

The events REST endpoint enables 3rd party integrations to use the Dynatrace API to read the feed of uncorrelated events within a monitored environment. As the number of uncorrelated events in an environment can be huge, this REST endpoint is limited to a maximum of 500 single events per request. This means that API consumers must use filters to further focus their queries, either on specific monitored entities or to requests that occurred during a specific time frame.

The following HTTP GET request returns all uncorrelated events within the last 24 hours that were raised within your environment:

https://{id}.live.dynatrace.com/api/v1/events/

The following request parameters can be used to filter requests to the events endpoint:

  • from, to: Specifies a time frame for the query (default is the last hour).
  • eventType: Filter the event feed based on a specific event type (for example, UNEXPECTED_LOW_LOAD).
  • entityId: Only receive events for a given monitored entity, such as a host, process, or service (for example, PROCESS_GROUP_INSTANCE-E76B166F6C96412E)

Result

The query result returns a JSON object that contains an array of single events. Each event contains at least the following meta information elements, along with event-specific properties:

  • eventId: Unique environment identifier for a specific event.
  • startTime: Timestamp when the event was detected.
  • endTime: Timestamp when the event was closed.
  • entityId: Unique identifier of the monitored entity where the event was detected (host, process, service, etc).
  • entityName: Display name of the monitored entity.
  • severityLevel: Denotes the severity level of an event. Severity levels are AVAILABILITY, ERROR, PERFORMANCE, RESOURCE_CONTENTION, and CUSTOM.
  • impactLevel: Denotes the impact level of the event. Impact levels are APPLICATION, SERVICE, and INFRASTRUCTURE.
  • eventType: Specifies the event type.
  • eventStatus: Specifies the event state (either OPEN or CLOSED).
  • tags: Collects all the tags associated with the monitored entity that raises the event.
  • source: Defines the source of the raised event. Event sources include builtin, plugin, or custom defined event sources sent via the API.

The following example shows the result of a successful call to an environment's events feed:

{
  events: [
    {
      eventId: -5106087015642687000,
      startTime: 1496246212169,
      endTime: 1496299458208,
      entityId: "HOST-81C88DBE606D52A6",
      entityName: "Host 123",
      severityLevel: "AVAILABILITY",
      impactLevel: "INFRASTRUCTURE",
      eventType: "CONNECTION_LOST",
      eventStatus: "CLOSED",
      tags: null,
      source: "builtin"
    },
    {
      eventId: -4535328852363587600,
      startTime: 1496233967546,
      endTime: 1496277679352,
      entityId: "SYNTHETIC_TEST-000000000000A62A",
      entityName: null,
      severityLevel: "AVAILABILITY",
      impactLevel: "APPLICATION",
      eventType: "WEB_CHECK_GLOBAL_OUTAGE",
      eventStatus: "CLOSED",
      tags: null,
      affectedSyntheticLocations: [
        "LoadTest"
      ],
      source: "builtin"
    },
    {
      eventId: 6715160743034178000,
      startTime: 1496248080000,
      endTime: 1496255160000,
      entityId: "APPLICATION-C93B8002996906CD",
      entityName: "easytravel dynatrace-dev",
      severityLevel: "AVAILABILITY",
      impactLevel: "APPLICATION",
      eventType: "UNEXPECTED_LOW_LOAD",
      eventStatus: "CLOSED",
      tags: [
        {
          context: "CONTEXTLESS",
          key: "portal"
        }
      ],
      userAction: "All",
      browser: "All",
      source: "builtin",
      affectedUserActionsPerMinute: 0,
      operatingSystem: "All",
      geolocation: "All"
    },
    ...
  ]
}