Skip to main content

POST /api/v1/customAlerts/rules

Use this method to create a custom alert rule for raising custom analytics alerts.

Note
This REST API requires Lenovo XClarity Orchestrator v1.3 or later.

Authentication

Authentication with username and password is required.

Resource URI

POST https://{management_server_IP>/api/v1/customAlerts/rules

Query parameters

None

Request body

Table 1. Event-based alert rules.
AttributesRequired / OptionalTypeDescription
alertDescriptionOptionalStringAdditional information to clarify the reason for the alert
alertMsgRequiredStringMessage string for the alert
alertUserActionOptionalStringUser actions that can be taken to recover from the alert
eventCodeRequiredStringEvent code that uniquely identifies the alert and event

When an alert is raised based on a custom alert rule, an event is also raised. The same event code is used for both the active alert and the event using the format FQXXOCAxxxxc, where xxxx is the unique identifier and c is the severity.

criteriaRequiredObjectCriteria for raising an alert
 countRequiredIntegerNumber of times that the event must occur in the specified interval before an alert is raised
 eventIDRequiredStringID of the event that triggers an alert

To obtain a list of event IDs, see Event and alert messages.

 intervalRequiredIntegerPeriod of time, in minutes, in which the event occurs before an alert is raised
 modeRequiredStringIndicates whether the rule applies to a device or device group. This can be one of the following values.
  • device. Raises an alert when the event occurs on any device. The device name is included in this alert.
  • group. Raises an alert when the event occurs on a device in any device group. The group name is included in the alert.
descriptionOptionalStringRule description
nameRequiredStringRule name
severityKeyRequiredStringAlert severity key. This can be one of the following values.
  • Warning. User can decide if action is needed.
  • Critical. Action is needed immediately, and the scope is broad (perhaps an imminent outage to a critical resource will result).
statusKeyRequiredStringRule status key. This can be one of the following values.
  • enabled (default)
  • disabled
typeKeyRequiredStringRule type key. For event-based alert rules, this is always event.
The following example creates an event-based rule that raises an alert when server management fails 5 times in a 24-hour period.
{
"alertDescription": "",
"alertMsg": "",
"alertUserAction": "",
"eventCode": "FQXXOCA0001J",
"criteria": {
"count": 5,
"eventID": "FQXHMDI0107G",
"interval": 1440,
"mode": "device"
},
"description": "Server management fails 5 times in a 24-hour period",
"enabled": true,
"name": "Server managment failures",
"severityKey": "Warning",
"statusKey": "enabled",
"typeKey": "event"
}
Table 2. Metric-based alert rules.
AttributesRequired / OptionalTypeDescription
alertDescriptionOptionalStringAdditional information to clarify the reason for the alert
alertMsgRequiredStringMessage string for the alert
alertUserActionOptionalStringUser actions that can be taken to recover from the alert
eventCodeRequiredStringFour-digit number that uniquely identifies the alert and event

When an alert is raised based on a custom alert rule, an event is also raised. The same event code is used for both the active alert and the event using the format FQXXOCAxxxxc, where xxxx is the four-digit unique identifier and c is the severity.

criteriaRequiredObjectCriteria for raising an alert
 operatorRequiredStringComparison operator to use when comparing the value of metric against the specified threshold. This can be one of the following values.
  • gt. Greater than
  • gte. Greater than or equal to
  • lte. Less than or equal to
  • lt. Less than
 countRequired when mode is countInteger(Count mode only) Minimum amount of time, in seconds, that the limit is breached before an alert is raised
 intervalRequired when mode is average or countInteger(Average and count modes only) Period of time, in seconds, in which the measurement is evaluated
 thresholdRequiredIntegerThreshold to be met for raising an alert
 metricRequiredStringMetric for which the value is to be evaluated

To obtain a list of metrics, use GET /customAlerts/metrics.

 modeRequiredStringCriteria mode. This can be one of the following values.
  • average. Raises an alert when the average value of the metric breaches the threshold (based on the comparator) during a specific interval.

    For example, you can create a rule to raise an alert when the average CPU Temperature (metric) during a 24-hour period (interval) is greater than (operator) 40 degrees C (threshold).

  • count. Raises an alert when the metric breaches the threshold (based on the comparator) a certain number of times during a specific interval.

    For example, you can create a rule to raise an alert when the CPU Temperature (metric) is greater than (operator) 40 degrees C (threshold) for 5 times (count) in a 24-hour period (interval).

  • simple. Raises an alert when the metric breaches the threshold (based on the comparator).

    For example, you can create a rule to raise an alert when the CPU Temperature (metric) is greater than (operator) 40 degrees C (threshold).

descriptionOptionalStringRule description
nameRequiredStringRule name
severityKeyRequiredStringSeverity key. This can be one of the following values.
  • Warning. User can decide if action is needed.
  • Critical. Action is needed immediately, and the scope is broad (perhaps an imminent outage to a critical resource will result).
statusKeyRequiredStringRule status key. This can be one of the following values.
  • enabled (default)
  • disabled
typeKeyRequiredStringRule type key. For metric-based alert rules, this is always metric.
The following example creates a metric-based rule that raises the CPU Temperature of any device exceeds 40 degrees C for 5 times within a 24-hour period.
{
"alertDescription": "",
"alertMsg": "",
"alertUserAction": "",
"id": "046b6c7fс0b8ac43b9db35dd6489e6daee91",
"eventCode": "FQXXOCA0002J",
"criteria": {
"operator": "gt",
"count": 5,
"interval": 1440,
"threshold": 5,
"metric": "CPUTemp",
"mode": "count"
},
"description": "CPU Temperature greater than 40 C for 5 times in 24-hours",
"name": "High CPU temperatures",
"severityKey": " Warning ",
"statusKey": " enabled ",
"typeKey": "metric"
}

Response codes

CodeDescriptionComments
200OKThe request completed successfully.
400Bad RequestA query parameter or request attribute is missing or not valid, or the operation is not supported. A descriptive error message is returned in the response body.

Response header

The URL of the custom analytics alert is returned in the Location field.

Response body

AttributesTypeDescription
{message_attributes}variesStatus messages (see Status messages)