REST API for Unified Assurance Core

Get CAPE Nodes

get

/api/event/Nodes

Gets the CAPE nodes that match the specified parameters. If no parameters are specified, all CAPE nodes are returned.

Request

Query Parameters

The fields to filter the results by. You cannot filter by fields that contain a state.
This parameter's value uses the following JSON format:
{ "property": "property", "value": "propertyValue", "operator": "operator", "conjunction": "conjunction" }
If you use multiple JSON objects to combine filters, for example, to filter by several different device names, you cannot combine OR and AND conjunctions. The conjunction used for the last object applies to the entire list.

conjunction: string

Default Value: OR

Allowed Values: [ "AND", "OR" ]

The conjunction between filters.

Example: AND
operator: string

Default Value: LIKE

Allowed Values: [ "eq", "ne", "gte", "gt", "lte", "lt", "LIKE", "NOT LIKE", "re", "not re", "NOT IN" ]

The filter operation to use.

Example: eq
property(required): string

The name of the field to filter on.

Example: name
value(required): string

The value of the field to filter on.

Example: test

{
    "required":[
        "property",
        "value"
    ],
    "properties":{
        "property":{
            "description":"The name of the field to filter on.",
            "type":"string",
            "example":"name"
        },
        "value":{
            "description":"The value of the field to filter on.",
            "type":"string",
            "example":"test"
        },
        "operator":{
            "description":"The filter operation to use.",
            "type":"string",
            "default":"LIKE",
            "enum":[
                "eq",
                "ne",
                "gte",
                "gt",
                "lte",
                "lt",
                "LIKE",
                "NOT LIKE",
                "re",
                "not re",
                "NOT IN"
            ],
            "example":"eq"
        },
        "conjunction":{
            "description":"The conjunction between filters.",
            "type":"string",
            "default":"OR",
            "enum":[
                "AND",
                "OR"
            ],
            "example":"AND"
        }
    },
    "type":"object"
}

limit: integer(int32)
The number of records to limit results by. If you do not also set the start parameter, records start at 0.
Example:
```
100
```

sort: object

The field and direction to sort results by. You cannot sort by fields that contain a state.
This parameters value uses the following JSON format: { "property": "property", "direction": "direction" }

direction(required): string

Allowed Values: [ "ASC", "DESC" ]

The direction of the sort.

Example: ASC
property(required): string

The field to sort on.

Example: name

{
    "required":[
        "property",
        "direction"
    ],
    "properties":{
        "property":{
            "description":"The field to sort on.",
            "type":"string",
            "example":"name"
        },
        "direction":{
            "description":"The direction of the sort.",
            "type":"string",
            "enum":[
                "ASC",
                "DESC"
            ],
            "example":"ASC"
        }
    },
    "type":"object",
    "example":[
        {
            "property":"Name",
            "direction":"ASC"
        },
        {
            "property":"Value",
            "direction":"DESC"
        }
    ]
}

Example:

[
    {
        "property":"Name",
        "direction":"ASC"
    },
    {
        "property":"Value",
        "direction":"DESC"
    }
]

start: integer(int32)
The page of results to start from. This parameter is ignored if you do not also set the limit parameter.

Default Value: 0
Example:
```
1
```

There's no request body for this operation.

Response

Supported Media Types

application/json

200 Response

Successful operation

Root Schema : schema

Match All

Show Source

object SuccessfulGetOperation

The response body for a successful get operation.
object type

{
    "allOf":[
        {
            "$ref":"#/components/schemas/SuccessfulGetOperation"
        },
        {
            "type":"object",
            "properties":{
                "total":{
                    "description":"The total number of results regardless of paging.",
                    "type":"integer",
                    "example":"1"
                },
                "data":{
                    "description":"The list of CAPE nodes that match the specified parameters.",
                    "type":"array",
                    "items":{
                        "$ref":"#/components/schemas/eventNodesRead"
                    }
                }
            }
        }
    ]
}

Nested Schema : SuccessfulGetOperation

Type: object

The response body for a successful get operation.

Show Source

message: string

The response message.

Example: Loaded 1 entries
success: boolean

Whether the operation was a success (true) or a failure (false).

Example: true

{
    "description":"The response body for a successful get operation.",
    "properties":{
        "success":{
            "description":"Whether the operation was a success (<b>true</b>) or a failure (<b>false</b>).",
            "type":"boolean",
            "example":"true"
        },
        "message":{
            "description":"The response message.",
            "type":"string",
            "example":"Loaded 1 entries"
        }
    },
    "type":"object"
}

Nested Schema : type

Type: object

Show Source

data: array data

The list of CAPE nodes that match the specified parameters.
total: integer

The total number of results regardless of paging.

Example: 1

{
    "type":"object",
    "properties":{
        "total":{
            "description":"The total number of results regardless of paging.",
            "type":"integer",
            "example":"1"
        },
        "data":{
            "description":"The list of CAPE nodes that match the specified parameters.",
            "type":"array",
            "items":{
                "$ref":"#/components/schemas/eventNodesRead"
            }
        }
    }
}

Nested Schema : data

Type: array

The list of CAPE nodes that match the specified parameters.

Show Source

Array of: object eventNodesRead

{
    "description":"The list of CAPE nodes that match the specified parameters.",
    "type":"array",
    "items":{
        "$ref":"#/components/schemas/eventNodesRead"
    }
}

Nested Schema : eventNodesRead

Type: object

Show Source

NodeActionText: string

Content of CAPE Node Rule

Example: use JSON; my $EventDBH = DBConnect($Config, 'Event', {AutoCommit => 1}); my $CurrentTime = sprintf "%.3f", Time::HiRes::time; # Get Anomaly EventID and Details my $AnomalyEventID = $EventData->{EventID}; my $AnomalyDetails; eval { local $SIG{__DIE__}; $AnomalyDetails = decode_json($EventData->{Details}); }; if ($@) { $Log->Message("ERROR", "Failed to decode Details: $@"); } # Get ML job my $AnomalyJobID = $AnomalyDetails->{MLJobID}; # Get Filter | Node ='xyz' AND SubNode='eth0' my $AnomalyFilter = $AnomalyDetails->{EventFilter}; my $AnomalyDuration = $CurrentTime - $EventData->{FirstReported}; # Mark Anomaly Event to prevent duplicate processing my ($ErrorFlag, $Message) = UpdateEvent({ DBH => \$EventDBH, EventID => $AnomalyEventID, Values => { Action => 'EscalateByAnomaly', Actor => 'CAPE', Duration => $AnomalyDuration, LastChanged => $CurrentTime, RootCauseFlag => 1, Severity => 0 } }); $Log->Message("WARN", "-> EscalateByAnomaly -> Marked Anomaly Event [$AnomalyEventID] as Cleared"); $Log->Message("WARN", "-> EscalateByAnomaly -> Escalating filter [$AnomalyFilter]"); # Retrieve alarms in filter with timeframe my ($ErrorFlag1, $Message1, $EventRef) = FindEventID({ DBH => \$EventDBH, Filter => $AnomalyFilter }); my $EventList = join(',', @$EventRef); $Log->Message("WARN", "-> EscalateByAnomaly -> Escalating filter returns [$EventList]"); # Set Severity Setting my $SymptomNewSeverity = 5; my $i = 0; foreach my $SymptomEventID (@$EventRef) { $i++; # Get symptom my $SymptomEvent = GetEventHash({ DBH => \$EventDBH, EventID => $SymptomEventID, ShardID => 1 }); my $SymptomOrigSeverity = $SymptomEvent->{Severity}; my $SymptomDuration = $CurrentTime - $SymptomEvent->{FirstReported}; # Suppress Events my ($ErrorFlag, $Message) = UpdateEvent({ DBH => \$EventDBH, EventID => $SymptomEventID, Values => { Action => 'EscalateByAnomaly', Actor => 'CAPE', Duration => $SymptomDuration, LastChanged => $CurrentTime, OrigSeverity => $SymptomOrigSeverity, RootCauseID => $AnomalyEventID, Severity => $SymptomNewSeverity } }); # EventJournal for suppression my ($ErrorFlag, $Message) = AddJournal({ DBH => \$EventDBH, EventID => $SymptomEventID, TimeStamp => $CurrentTime, Username => 'api', Entry => 'Escalate Abnormal Activity via event [' . $AnomalyEventID . '] due to [' . $AnomalyJobID . ']' }); } $EventDBH->disconnect();
NodeAlias: string

CAPE Node Alias (optional) used for referencing another CAPE node

Example: oracle.doceng.json.BetterJsonNull@35599228
NodeAliasDisplay: string

UI-Only field that is either the NodeAlias if one exists or "[None]" if no alias is set

Example: [None]
NodeDescription: string

CAPE Node Description

Example: Take anomaly event by Machine Learning Policy and escalated Severity
NodeID: integer

Node ID specified for individual CRUD operations

Example: 1
NodeName: string

CAPE Node Name

Example: EscalateByAnomaly
NodeNextNodeID: integer

NodeID of the next node IF a node is set as the next to be executed.

Example: oracle.doceng.json.BetterJsonNull@1067bc4c
NodeNextNodeName: string

NodeName of the next node IF a node is set as the next to be executed

Example: oracle.doceng.json.BetterJsonNull@69f55ea
NodeStateVerify: string

CAPE Node "next node" test statement. If this evaluates to "true", the event will be passed to $NodeNextNode

Example:

{
    "type":"object",
    "properties":{
        "NodeID":{
            "description":"Node ID specified for individual CRUD operations",
            "type":"integer",
            "example":"1"
        },
        "NodeName":{
            "description":"CAPE Node Name",
            "type":"string",
            "example":"EscalateByAnomaly"
        },
        "NodeAlias":{
            "description":"CAPE Node Alias (optional) used for referencing another CAPE node",
            "type":"string",
            "example":null,
            "nullable":true
        },
        "NodeDescription":{
            "description":"CAPE Node Description",
            "type":"string",
            "example":"Take anomaly event by Machine Learning Policy and escalated Severity"
        },
        "NodeActionText":{
            "description":"Content of CAPE Node Rule",
            "type":"string",
            "example":"use JSON;\n\nmy $EventDBH = DBConnect($Config, 'Event', {AutoCommit => 1});\n\nmy $CurrentTime = sprintf \"%.3f\", Time::HiRes::time;\n\n# Get Anomaly EventID and Details\nmy $AnomalyEventID = $EventData->{EventID};\nmy $AnomalyDetails;\n\neval {\n\tlocal $SIG{__DIE__};\n\n\t$AnomalyDetails = decode_json($EventData->{Details});\n};\nif ($@) {\n  $Log->Message(\"ERROR\", \"Failed to decode Details: $@\");\n}\n\n# Get ML job\nmy $AnomalyJobID = $AnomalyDetails->{MLJobID};\n\n# Get Filter | Node ='xyz' AND SubNode='eth0'\nmy $AnomalyFilter = $AnomalyDetails->{EventFilter};\n\nmy $AnomalyDuration = $CurrentTime - $EventData->{FirstReported};\n\n# Mark Anomaly Event to prevent duplicate processing\nmy ($ErrorFlag, $Message) = UpdateEvent({\n\tDBH      => \\$EventDBH,\n\tEventID  => $AnomalyEventID,\n\tValues   => {\n\t\tAction        => 'EscalateByAnomaly',\n\t\tActor         => 'CAPE',\n\t\tDuration      => $AnomalyDuration,\n\t\tLastChanged   => $CurrentTime,\n\t\tRootCauseFlag => 1,\n\t\tSeverity      => 0\n\t}\n});\n\n$Log->Message(\"WARN\", \"-> EscalateByAnomaly -> Marked Anomaly Event [$AnomalyEventID] as Cleared\");\n\n$Log->Message(\"WARN\", \"-> EscalateByAnomaly -> Escalating filter [$AnomalyFilter]\");\n\n# Retrieve alarms in filter with timeframe\nmy ($ErrorFlag1, $Message1, $EventRef) = FindEventID({\n\tDBH    => \\$EventDBH,\n\tFilter => $AnomalyFilter\n});\n\nmy $EventList = join(',', @$EventRef);\n\n$Log->Message(\"WARN\", \"-> EscalateByAnomaly -> Escalating filter returns [$EventList]\");\n\n# Set Severity Setting\nmy $SymptomNewSeverity = 5;\n\nmy $i = 0;\nforeach my $SymptomEventID (@$EventRef) {\n\t$i++;\n\n\t# Get symptom\n\tmy $SymptomEvent = GetEventHash({\n\t\tDBH     => \\$EventDBH,\n\t\tEventID => $SymptomEventID,\n\t\tShardID => 1\n\t});\n\n\tmy $SymptomOrigSeverity = $SymptomEvent->{Severity};\n\tmy $SymptomDuration     = $CurrentTime - $SymptomEvent->{FirstReported};\n\n\t# Suppress Events\n\tmy ($ErrorFlag, $Message) = UpdateEvent({\n\t\tDBH      => \\$EventDBH,\n\t\tEventID  => $SymptomEventID,\n\t\tValues   => {\n\t\t\tAction       => 'EscalateByAnomaly',\n\t\t\tActor        => 'CAPE',\n\t\t\tDuration     => $SymptomDuration,\n\t\t\tLastChanged  => $CurrentTime,\n\t\t\tOrigSeverity => $SymptomOrigSeverity,\n\t\t\tRootCauseID  => $AnomalyEventID,\n\t\t\tSeverity     => $SymptomNewSeverity\n\t\t}\n\t});\n\n\t# EventJournal for suppression\n\tmy ($ErrorFlag, $Message) = AddJournal({\n\t\tDBH       => \\$EventDBH,\n\t\tEventID   => $SymptomEventID,\n\t\tTimeStamp => $CurrentTime,\n\t\tUsername  => 'api',\n\t\tEntry     => 'Escalate Abnormal Activity via event [' . $AnomalyEventID . '] due to [' . $AnomalyJobID . ']'\n\t});\n}\n\n$EventDBH->disconnect();"
        },
        "NodeStateVerify":{
            "description":"CAPE Node \"next node\" test statement.  If this evaluates to \"true\", the event will be passed to $NodeNextNode",
            "type":"string",
            "example":""
        },
        "NodeAliasDisplay":{
            "description":"UI-Only field that is either the NodeAlias if one exists or \"[None]\" if no alias is set",
            "type":"string",
            "example":"[None]"
        },
        "NodeNextNodeName":{
            "description":"NodeName of the next node IF a node is set as the next to be executed",
            "type":"string",
            "example":null,
            "nullable":true
        },
        "NodeNextNodeID":{
            "description":"NodeID of the next node IF a node is set as the next to be executed.",
            "type":"integer",
            "example":null,
            "nullable":true
        }
    }
}

Default Response

Failed operation

Root Schema : schema

Type: object

Show Source

errors: array errors

The list of errors reported. Validation errors will be keyed by record field.
message: string

The response message.

Example: Exception thrown
success: boolean

Whether the operation was a success (true) or a failure (false).

Example: false

{
    "properties":{
        "success":{
            "description":"Whether the operation was a success (<b>true</b>) or a failure (<b>false</b>).",
            "type":"boolean",
            "example":"false"
        },
        "message":{
            "description":"The response message.",
            "type":"string",
            "example":"Exception thrown"
        },
        "errors":{
            "description":"The list of errors reported. Validation errors will be keyed by record field.",
            "type":"array",
            "items":{
                "description":"An error.",
                "type":"object"
            }
        }
    },
    "type":"object"
}

Nested Schema : errors

Type: array

The list of errors reported. Validation errors will be keyed by record field.

Show Source

Array of: object items

An error.

{
    "description":"The list of errors reported. Validation errors will be keyed by record field.",
    "type":"array",
    "items":{
        "description":"An error.",
        "type":"object"
    }
}

Nested Schema : items

Type: object

An error.