|
dedupid |
events will deduplicate based on the value of this field. by default: device, component, eventClass, eventKey, severity |
|
device |
name of device |
|
component |
name of component (like eth0, httpd, etc) |
|
eclass |
eventClass (if not specified maybe added by rule process if this fails will be /Unknown) |
|
eventKey |
If a component needs further deduplication specification this field maybe used |
|
summary |
message text truncated at 150 characters |
|
message |
full message text |
|
severity |
number from 0 to 5 |
|
eventState |
state of event 0 = new, 1 = acknowledged, 2 = suppressed |
|
eventClassKey |
key by which rules processing begins. Often equal to component. |
|
eventGroup |
logical group of event source (syslog, ping, nteventlog etc) |
|
stateChange |
last time event changed automatically updated |
|
firstTime |
unix timestamp when event is received. |
|
lastTime |
last time an event was received |
|
count |
number of times an event has repeated |
|
prodState |
prodState of the device context |
|
suppid |
id of event that suppressed this event |
|
manager |
fqdn of the collector from which this event came |
|
agent |
collector name from which event came (zensyslog, zentrap, etc) |
|
DeviceClass |
device class from device context |
|
Location |
device location from device context |
|
Systems |
device systems from device context separated by | |
|
DeviceGroups |
device systems from device context separated by | |
|
ipAddress |
IP from which event came |
|
facility |
syslog facility of this is syslog event |
|
priority |
syslog priority of this is syslog event |
|
ntevid |
nt event id if this is nt eventlog event. |
Zenoss News