...
Event Property | Description | Example |
eventid | A globally unique Event ID | |
| Unix time of the event (seconds since 1970). | 1385076573 |
| The event time in human readable format | 2013-11-11T13:39:41 |
| The name of the node in question. Normally the same as the NMIS node name. | |
| The DNS hostname or IP address of the node in question, as extracted from the input data. | |
| Name of the event | Node Down, Node Up |
| What element of the node the event refers to. Optional. | FastEthernet1, Neighbor 1.2.4.5 |
| Is the state good or bad, up or down. | up/down, open/closed, etc |
| Name of the stateful object. Optional, but always present if | Node, Interface, OSPF Neighbor |
| Other event details | |
| Where did the event originate? | cisco_syslog, trap, NMIS, (remote) API |
| Has the event been marked for escalation? | 0 or 1 |
priority | opEvents priority level, see opEvents priority levels vs. NMIS and Syslog levels | 0 to 10 |
| Has the event been acknowledged? | 0 or 1 |
| Is this event a flap? | 0 or 1 |
action_required | Should the GUI show the event as open? | 0 or 1 |
...
In addition to those a number of properties are optional and created only under certain conditions:
Event Property | Description | Example |
---|---|---|
interface_description | The ifAlias (or Description) of the interface in question
| |
authority | The server name of the system that originated the event; Optional, only relevant for remotely/API-generated events. | |
location | The URI for this event at the originating server. Optional, only relevant for remotely/API-generated events. | |
duplicateof | list of Event IDs that this one is a duplicate of | |
nodes | lists nodes that caused this synthetic event | |
eventids | list of Event IDs that were involved in causing this synthetic event | |
| Unix time, until then the event is held back from processing for actions and policies | 1385079231 |
action_checked | Has the event been processed wrt. actions and policies? | 0 or 1 |
<scriptname>.output | If an event triggered a script action that is set to save, then the script output is stored in this property. | |
synthetic | whether this event was created by a correlation policy action, or because a watchdog expired | 0 or 1 |
watchdog | whether this is a watchdog expiration event | 0 or 1 |
escalation_age | If the event is or was subject to escalation, then this property indicates the event's most recent escalation threshold. Note that this property is not cleared when the event is acknowledged and escalation terminates. | 60, 900 etc. |
escalation_policy | If the event is or was subject to escalation, then this property lists the event's most recently active escalation policy name. Like the previous property, this one persists after escalation terminates. | |
notes | a list of originator- and time-tagged comments for this event (optional, supported in opEvents 2.0 and newer) | |
tag_ <anything> | These enrichment tags are controlled by your action policy, and have no special meaning - with the exception of tag_kb_topic , which controls linking to online sources (in opEvents 2.0.2 and up) |
...