Getting System Events

    +
    System events that occur on the cluster can be retrieved.

    HTTP method and URIs

    GET /events
    
    GET /eventsStreaming

    Description

    The events URI returns previously logged system events. The eventsStreaming URI returns previously logged system events as an array; and then streams all further system events as they occur.

    Either the Full or the Cluster Admin role is required.

    Curl Syntax

    curl -v -X GET -u [username]:[password]
      http://<ip-address-or-domain-name>:8091/events?sinceTime=<time-value>&limit=<limit-value>
    
    curl -v -X GET -u [username]:[password]
      http://<ip-address-or-domain-name>:8091/eventsStreaming

    The sinceTime path-parameter specifies the time (inclusive) from which previously logged events are to be returned. The associated time-value must be specified in ISO 8601 UTC format — which is YYYY-MM-DDThh:mm:ssZ. If this path-parameter is not used, events starting from the oldest are returned. Note that events are stored in a log file by the Cluster Manager, and are replicated to each individual node. Delays in replication may result in some events being omitted from the results returned from the node specified in the call. Note also that the maximum size of each event log is 10K: logs are rotated (in memory and on disk) when this limit is reached: events not in the current log cannot be returned.

    The limit path-parameter specifies the maximum number of events to be returned. The default limit-value is 250. If a sinceTime is specified, the events returned are, starting from the sinceTime, the earliest events that have been logged. If no sinceTime is specified, the events returned are the most recent events to have been logged. If limit-value is specified as -1, no limit is imposed; and all events logged since the specified sinceTime — or, if no sinceTime has been specified, from and including the oldest logged event — are therefore returned.

    Responses

    Success gives the response code 200 OK. A malformed URI returns 404 Object Not Found. Failure to authenticate gives 401 Unauthorized.

    Examples

    The following examples show how to use the calls.

    Return Previously Logged Events

    The following call returns events logged since 10:36 am on January 4th, 2022 — specifying a maximum of two. The events returned are the first two events to have occurred since the specified sinceTime. The output is piped to the jq program, to facilitate readability.

    curl -X GET 'http://localhost:8091/events?sinceTime=2022-01-04T10:36:00Z&limit=2' -u Administrator:password | jq

    If successful, the call returns output such as the following:

    {
      "events": [
        {
          "timestamp": "2022-01-05T11:30:48.265Z",
          "uuid": "11a03d9d-cc1c-c402-37ec-4e48abdd69b9",
          "event_id": 10243,
          "component": "views",
          "description": "view engine settings changed",
          "severity": "info",
          "extra_attributes": {
            "section": "security",
            "key": "audit",
            "old_value": "undefined",
            "new_value": "[{audit_enabled,false},{disabled_users,[]},{enabled_events,[]}]"
          },
          "node": "cb.local",
          "otp_node": "ns_1@cb.local"
        },
        {
          "timestamp": "2022-01-05T11:30:48.279Z",
          "uuid": "a24057ac-b4a8-8b82-d1b0-0a380be41344",
          "event_id": 10243,
          "component": "views",
          "description": "view engine settings changed",
          "severity": "info",
          "extra_attributes": {
            "section": "httpd",
            "key": "extra_headers",
            "old_value": "undefined",
            "new_value": "[{\"X-Content-Type-Options\",\"nosniff\"},\n {\"X-Frame-Options\",\"DENY\"},\n {\"X-Permitted-Cross-Domain-Policies\",\"none\"},\n {\"X-XSS-Protection\",\"1; mode=block\"}]"
          },
          "node": "cb.local",
          "otp_node": "ns_1@cb.local"
        }
      ]
    }

    Note that if no sinceTime is specified, but a limit is specified, the number of events returned is that specified by the limit-value; these being the most recent events to have occurred. For example, the following call returns the most recent two events:

    curl -X GET 'http://localhost:8091/events?limit=2' -u Administrator:password | jq

    If the call is successful, the output resembles the following:

    {
      "events": [
        {
          "timestamp": "2022-01-10T11:59:22.837Z",
          "event_id": 8199,
          "component": "data",
          "description": "Bucket online",
          "severity": "info",
          "node": "10.144.220.102",
          "otp_node": "ns_1@10.144.220.102",
          "uuid": "83bd3f33-be2c-4dd9-9ba0-845dcb01f92c",
          "extra_attributes": {
            "bucket": "testBucket",
            "bucket_uuid": "2607e0748dd2a6e38e9513d22bc8d3dd",
            "warmup_time": 4
          }
        },
        {
          "timestamp": "2022-01-10T11:59:23.324Z",
          "event_id": 8199,
          "component": "data",
          "description": "Bucket online",
          "severity": "info",
          "node": "10.144.220.102",
          "otp_node": "ns_1@10.144.220.102",
          "uuid": "a4cdb37e-036b-402a-84a5-4228f8b0df61",
          "extra_attributes": {
            "bucket": "travel-sample",
            "bucket_uuid": "85b2ae22ecf13a76febc8fd55fc54c83",
            "warmup_time": 5
          }
        }
      ]
    }

    Return a Stream of Ongoing Events

    The following call returns all previously logged system events that are held in the event log; then, it starts a stream of system events, which are displayed on the console as they occur on the cluster:

    curl -v -X GET localhost:8091/eventsStreaming -u Administrator:password

    If successful, the call initially returns an array of previously logged system events:

    [{"timestamp":"2021-11-30T09:35:58.536Z","uuid":"0cc06643-4aa9-c8e1-7488-9cee65eadcbd","event_id":10243,"component":"views","description":"view engine settings changed","severity":"info","extra_attributes":{"section":"security","key":"audit","old_value":"undefined","new_value":"[{audit_enabled,false},{disabled_users,[]},{enabled_events,[]}]"}, . . .
    
                                                          . . . "node":"10.144.220.101"}]

    Subsequently, events are displayed on the console as they occur. For example, triggering a rebalance results in the following information displayed to the console:

    [{"timestamp":"2022-01-04T12:54:47.072Z","event_id":2,"component":"ns_server","description":"Rebalance initiated","severity":"info","node":"10.144.220.101","uuid":"828b9993-ed40-4196-b779-3f2aa4440b7e","extra_attributes":{"operation_id":"87ded2912711c9452db360197c15bc80","nodes_info":{"active_nodes":["ns_1@10.144.220.101","ns_1@10.144.220.102"],"keep_nodes":["ns_1@10.144.220.101","ns_1@10.144.220.102"],"eject_nodes":[],"delta_nodes":[],"failed_nodes":[]}}},{"timestamp":"2022-01-04T12:54:48.521Z","event_id":3,"component":"ns_server","description":"Rebalance completed","severity":"info","node":"10.144.220.101","uuid":"7b3d6236-71b8-431b-8ac6-39c443e9a628","extra_attributes":{"operation_id":"87ded2912711c9452db360197c15bc80","nodes_info":{"active_nodes":["ns_1@10.144.220.101","ns_1@10.144.220.102"],"keep_nodes":["ns_1@10.144.220.101","ns_1@10.144.220.102"],"eject_nodes":[],"delta_nodes":[],"failed_nodes":[]},"time_taken":1440,"completion_message":"Rebalance completed successfully."}}]

    See Also

    For an overview of system events, see System Events. For a complete list of system events, see the System Event Reference.