ameevents Command

Description

The amevents command is used to query AME event information from the event KV-store collections. The command gives access to tenant data based on the user executing the command.

The command returns a _key field which contains the event_key.

Syntax

The required syntax is bold.

ameevents
[tenants=<tenant_list> | <wc>]
[status=<status_list> | <wc>]
[assignees=<assignee_list> | <wc>]
[tags=<tags-list> | <wc>]
[tags_mode=<AND | OR>]
[saved_searches=<JSON formatted <saved_searches_list> | <wc>]
[resolutions=<resolution_list> | <wc>]

Optional arguments

tenants
Syntax: tenants=<tenant_list> | <wc>
Description: A comma-separated and quoted list of tenants or a wildcard for all tenants. Example: tenants="default,sec,ops" Default: tenants=*

status
Syntax: status=<status_list> | <wc>
Description: A comma-separated and quoted list of statuses or a wildcard for all statuses. Note that all_open and all_donecan be also used. Example: status="new,in_progress" Default: status=*

assignees
Syntax: assignees=<assignee_list> | <wc>
Description: A comma-separated and quoted list of assignees or a wildcard for all assignees. Example: assignees="user1,user2,user3" Default: assignees=*

tags
Syntax: tags=<tag_list> | <wc>
Description: A comma-separated and quoted list of tags or a wildcard for all tags. Example: tags="tag1,tag2,tag3" Default: tags=*

tag_mode
Syntax: tag_mode=<AND> | <OR>
Description: The tag search mode. Example: tag_mode="AND" Default: tag_mode="OR"

saved_searches
Syntax: saved_searches=<saved_searches_list> | <wc>
Description: A JSON formatted list of saved_search names or a wildcard for all tags. Example: saved_searches="[\"saved_search1\",\"saved_search2\"]"
Default: saved_searches="*"

resolutions
Syntax: resolutions=<resolution_list> | <wc>
Description: A comma-separated and quoted list of resolutions or a wildcard for all resolutions. Example: resolutions="resolution1,\"resolution two\"" Default: resolutions=*

Examples

1. Get all open events in tenant default

   ```text
   | ameevents tenants="default" status="all_open"
   ```

2. Get all events for tenant default which are assigned to user1 or unassigned

   ```text
   | ameevents tenants="default" assignees="unassigned,user1"
   ```

3. Get all events for tenant default, which have both tag1 and tag2

   ```text
   | ameevents tenants="default" tags="tag1,tag2" tag_mode="AND"
   ```

4. Get all events for tenant default generated by alert saved_search1 or saved_search2

   ```text
   | ameevents tenants="default" saved_searches="[\"saved_search1\",\"saved_search2\"]"
   ```