Sysdig Platform CLI - Events
This section explains concepts and notations in the set of the Monitor Event commands provided.
Usage
The Event section contains the following subcommands:
$ sdc-cli event --help
Usage: sdc-cli event [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
add Add an event
del Delete events
get Get an event
list List all events
List all the events
You can list the events from Sysdig Monitor using the CLI, applying multiple filters:
sdc-cli event list --help
Usage: sdc-cli event list [OPTIONS]
Options:
--duration TEXT Duration to display the events from. (ex: 30M, 1H, 3D, 2W)
--limit INTEGER Max number of events to print. Default: 100
--name TEXT Filter events by name.
--help Show this message and exit.
For example, if you want to list all the events in the latest hour, you can execute:
$ sdc-cli event list --duration 1H
id severity name date source
876586469534343168 LOW [Kubernetes] Downtime Alert 2020-11-16 10:32:00 alert
876586469312045056 LOW [Kubernetes] Downtime Alert 2020-11-16 10:32:00 alert
876582005456773120 MEDIUM Container died 2020-11-16 10:16:20 containerd
876580011820384256 LOW Infra Connectivity 2020-11-16 10:08:23 kubernetes
876579950222647296 MEDIUM Container died 2020-11-16 10:08:17 containerd
876578232336392192 LOW Infra Connectivity 2020-11-16 10:01:29 kubernetes
876577980128739328 MEDIUM Container Killed 2020-11-16 10:00:23 docker
876577895722565632 MEDIUM Container Killed 2020-11-16 10:00:08 docker
876577882334539776 MEDIUM Sock-shop - New cartdb version deployed 2020-11-16 10:00:07.178000 custom
876577476371857408 MEDIUM Container died 2020-11-16 09:58:21 containerd
876575421280321536 MEDIUM Container Killed 2020-11-16 09:50:16 docker
876575420987260928 MEDIUM Container Killed 2020-11-16 09:50:14 docker
876575385888964608 MEDIUM Sock-shop - New cartdb version deployed 2020-11-16 09:50:11.979000 custom
876573366583607296 MEDIUM Container died 2020-11-16 09:42:00 containerd
Get info from an event
You can retrieve more information from an event with:
$ sdc-cli event get 876582005456773120
name: Container died
id: 876582005456773120
description: namespace: moby; ID: b29b5bd30759; Name: k8s_register_sock-shop-loadgenerator-86d66b6f84-mpchg_sock-shop_689a82f3-7f17-4e6a-935b-246f21e8a1e4_1; ExitCode = 1
date: 2020-11-16 10:16:20
Add a new event
The sdc-cli is capable of adding custom events to Monitor:
$ sdc-cli event add --help
Usage: sdc-cli event add [OPTIONS] NAME
NAME: the name of the new event.
Options:
--description TEXT a longer description offering detailed information about
the event.
--severity INTEGER syslog style from 0 (high) to 3 (low).
--filter TEXT metadata, in Sysdig Monitor format, of nodes to
associate with the event, e.g. ``host.hostName =
'ip-10-1-1-1' and container.name = 'foo'``.
--tag TEXT A key=value that can be used to tag the event. Can be
used for filtering/segmenting purposes in Sysdig
Monitor.
--help Show this message and exit.
For example, if we want to create an event in our CI/CD pipeline that we are deploying a new version of the application, we can execute:
$ sdc-cli event add --description 'New App deployed to prod: v1.3.2' --severity 0 'New release'
name: New release
id: 876590365585694720
description: New App deployed to prod: v1.3.2
date: 2020-11-16 10:49:43.417000
$ sdc-cli event list --duration 1M
id severity name date source
876590365585694720 HIGH New release 2020-11-16 10:49:43.417000 custom