ameevents Command
Description
The amevents command is used to query AME event information from the event
KV-store collections. The command gives access to tenant data based on the user executing the command.
The command returns a _key field which contains the event_key.
Syntax
The required syntax is bold.
ameevents
[tenants=<tenant_list> | <wc>]
[status=<status_list> | <wc>]
[status_types=<status_types_list> | <wc>]
[assignees=<assignee_list> | <wc>]
[tags=<tags-list> | <wc>]
[tags_mode=<AND | OR>]
[saved_searches=<JSON formatted <saved_searches_list> | <wc>]
[resolutions=<resolution_list> | <wc>]
[sla_info=<bool>]
[has_slas=<bool>]
[has_sla_violations=<bool>]
[has_sla_violation_within=<int>]
Optional arguments
tenants
Syntax: tenants=<tenant_list> | <wc>
Description: A comma-separated and quoted list of tenants or a wildcard
for all tenants. Example: tenants="default,sec,ops"
Default: tenants=*
status
Syntax: status=<status_list> | <wc>
Description: A comma-separated and quoted list of statuses or a wildcard
for all statuses. Note that all_open and all_donecan be also used.
Example: status="new,in_progress"
Default: status=*
status_types
Syntax: status_types_list=<status_types_list>
Description: A comma-separated and quoted list of status types.
Example: status_type="new,in_progress,done"
Default: status_types=*
assignees
Syntax: assignees=<assignee_list> | <wc>
Description: A comma-separated and quoted list of assignees or a wildcard
for all assignees. Example: assignees="user1,user2,user3"
Default: assignees=*
tags
Syntax: tags=<tag_list> | <wc>
Description: A comma-separated and quoted list of tags or a wildcard for
all tags. Example: tags="tag1,tag2,tag3"
Default: tags=*
tag_mode
Syntax: tag_mode=<AND> | <OR>
Description: The tag search mode. Example: tag_mode="AND"
Default: tag_mode="OR"
saved_searches
Syntax: saved_searches=<saved_searches_list> | <wc>
Description: A JSON formatted list of saved_search names or a
wildcard for all tags.
Example: saved_searches="[\"saved_search1\",\"saved_search2\"]"
Default: saved_searches="*"
resolutions
Syntax: resolutions=<resolution_list> | <wc>
Description: A comma-separated and quoted list of resolutions
or a wildcard for all resolutions.
Example: resolutions="resolution1,\"resolution two\""
Default: resolutions=*
sla_info
Syntax: sla_info=<bool>
Description: Boolean value to indicate whether to include SLA information in the results. Example: sla_info="true"
Default: sla_info="false"
has_slas
Syntax: has_slas=<bool>
Description: Boolean value to indicate whether to include events that have SLAs. Example: has_slas="true"
Default: None
has_sla_violations
Syntax: has_sla_violations=<bool>
Description: boolean value to indicate whether to include events that have SLA violations. Example: has_sla_violations="true"
Default: None
has_sla_violations_within
Syntax: has_sla_violations_within=<bool>
Description: Integer value to indicate the number of seconds remaning until an SLA is violated. Example: has_sla_violations_within="300"
Default: None
Examples
Get all open events in tenant default
```text
| ameevents tenants="default" status="all_open"
```Get all events for tenant default which are assigned to user1 or unassigned
```text
| ameevents tenants="default" assignees="unassigned,user1"
```Get all events for tenant default, which have both tag1 and tag2
```text
| ameevents tenants="default" tags="tag1,tag2" tag_mode="AND"
```Get all events for tenant default generated by alert saved_search1 or saved_search2
```text
| ameevents tenants="default" saved_searches="[\"saved_search1\",\"saved_search2\"]"
```Get all open events in tenant ops and display SLA information
```text
| ameevents tenants="default" sla_info="true"
```