Sysdig Platform CLI - Events V1
This section explains concepts and notations in the set of the Monitor Event commands provided.
Usage
The Event section contains the following subcommands:
$ sdc-cli event_v1 --help
Usage: sdc-cli event_v1 [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
add Add an event
del Delete events
get Get an event
list List all events
List all the events
You can list the events from Sysdig Monitor using the CLI, applying multiple filters:
sdc-cli event_v1 list --help
Usage: sdc-cli event_v1 list [OPTIONS]
Options:
--duration TEXT Duration to display the events from. (ex: 30M, 1H, 3D, 2W)
--start TEXT Start of the time range.
--end TEXT End of the time range.
--name TEXT Filter events by name.
--help Show this message and exit.
For example, if you want to list all the events in the latest hour, you can execute:
$ sdc-cli event_v1 list --duration 1H
id severity name date source
856254059911544832 MEDIUM Container Killed 1970-01-19 12:37:55.225000 docker
856254018673254402 MEDIUM Container died 1970-01-19 12:37:55.217000 containerd
856254018673254401 MEDIUM Container Killed 1970-01-19 12:37:55.217000 docker
856254018673254400 MEDIUM Container Killed 1970-01-19 12:37:55.212000 docker
856253982199422976 MEDIUM Sock-shop - New cartdb version deployed 1970-01-19 12:37:55.211000 NONE
856251501419659266 MEDIUM Container died 1970-01-19 12:37:54.614000 containerd
856251501419659265 MEDIUM Container Killed 1970-01-19 12:37:54.614000 docker
856251501419659264 MEDIUM Container Killed 1970-01-19 12:37:54.612000 docker
856251459602448384 MEDIUM Container Killed 1970-01-19 12:37:54.609000 docker
856251452325298176 MEDIUM Sock-shop - New cartdb version deployed 1970-01-19 12:37:54.608000 NONE
Get info from an event
You can retrieve more information from an event with:
$ sdc-cli event_v1 get 856254059911544832
name: Container Killed
id: 856254059911544832
severityLabel: MEDIUM
description: Event: kill; Image: mongo@sha256:e167bb4fa9f4d8d54bef2fc6acab4f94b90393d2fbdde7c92e2f00268928df47; ID: c93d66d9c3bf137f8fd1c22ffdcd8a6067d88df74bdaeb67b95ab31c252d9c74; name: k8s_carts-db_sock-shop-carts-db-c676cc765-xdsqn_sock-shop_e6a10224-d909-4be4-9931-ba089d57ebaf_0; signal: 15
filter: host.mac = '42:01:0a:30:00:0e' and container.id = 'c93d66d9c3bf'
date: 1970-01-19 12:37:55.225000
source: docker
Add a new event
The sdc-cli is capable of adding custom events to Monitor:
$ sdc-cli event_v1 add --help
Usage: sdc-cli event_v1 add [OPTIONS] NAME
NAME: the name of the new event.
Options:
--description TEXT a longer description offering detailed information about
the event.
--severity INTEGER syslog style from 0 (high) to 7 (low).
--filter TEXT metadata, in Sysdig Monitor format, of nodes to
associate with the event, e.g. ``host.hostName =
'ip-10-1-1-1' and container.name = 'foo'``.
--tag TEXT A key=value that can be used to tag the event. Can be
used for filtering/segmenting purposes in Sysdig
Monitor.
--help Show this message and exit.
For example, if we want to create an event in our CI/CD pipeline that we are deploying a new version of the application, we can execute:
$ sdc-cli event_v1 add --description 'New App deployed to prod: v1.3.2' --severity 7 'New release'
name: New release
id: 856263804630188032
severityLabel: NONE
description: New App deployed to prod: v1.3.2
date: 1970-01-19 12:37:57.553000
$ sdc-cli event_v1 list --duration 10M
id severity name date source
856263804630188032 NONE New release 1970-01-19 12:37:57.553000 NONE