Skip to content

Detailed API Method Documentation

Forwarding Arguments

args is used in forwarding to script: script call example::

{
  "forward_to": "script",
  "script": "verify-host-key.pl",
  "args": {
    "params": [ "--long", "remote.host.name" ]
  }
}

Event Field Names

Some of these can be prefixed with "-" to reverse the order. Sort parameters are given as follows: 'sort':['first_occurrence','-counter']

name description
first_occurrence timestamp of first occurrence as seconds from epoch (including microseconds)
last_occurrence timestamp of last occurrence as seconds from epoch (including microseconds)
counter number of occurrences of the same message in current deduplication window
message event message
host event host
program event program process name
cisco_mnemonic event Cisco mnemonic, if known
severity numeric severity according to syslog protocol (0-7)
facility numeric facility according to syslog protocol (0-23)
status status as a number (0 - unknown, 1 - actionable, 2 - non-actionable)
ut_AAAAA user tag "AAAAA"

cron Setting

Should contains hash with crontab-compatible specification, with multiple entries meaning the item will run multiple times.

minute 

A string representing a crontab pattern. This may get pretty
advanced, like minute=’*/15’ (for every quarter) or
minute=‘1,13,30-45,50-59/2’.

hour 

A string representing a crontab pattern. This may get pretty
advanced, like hour=’*/3’ (for every three hours) or hour=‘0,8-17/2’
(at midnight, and every two hours during office hours).

day_of_week 

A string representing a crontab pattern. This may get pretty
advanced, like day_of_week=’mon-fri’ (for weekdays only).
(Beware that day_of_week=’*/2’ does not literally mean ‘every two
days’, but ‘every day that is divisible by two’!)

day_of_month 

A string representing a crontab pattern. This may get pretty
advanced, such as day_of_month=‘2-30/3’ (for every even numbered
day) or day_of_month=‘1-7,15-21’ (for the first and third weeks
of the month).

month_of_year 

A string representing a crontab pattern. This may get pretty
advanced, such as month_of_year=’*/3’ (for the first month of every
quarter) or month_of_year=‘2-12/2’ (for every even numbered month).

Omitted fields are treated as '*'

The setting should look as follows: 

            'cron': {
                "minute": "12",
                "hour": "12",
                "month_of_year": "1",
                "day_of_month": "1",
            }