Why is the source IP and user missing from OpsCenter alerts?

Question

question

aravinth_chakravarthyr_173918 asked Apr 19, '20 Erick Ramirez commented Apr 20, '20

Why is the source IP and user missing from OpsCenter alerts?

Hi,

I am using an API call from my opscenter to get information about the events through the following API,

$ curl -vvv -H 'opscenter-session: sessionid' http:// opscenterip :8888/clustername/events?count=1 | python -m json.tool

My ouput is :

{
    "action": 37,
    "api_source_ip": null,
    "event_source": "OpsCenter",
    "level": 5,
    "level_str": "ALERT",
    "message": "The best practice rule 'Secondary indexes cardinality' has failed.",
    "source_node": null,
    "success": null,
    "target_node": null,
    "time": "1587285000138000",
    "user": null
}

Why i am unable to get my API source ip and user?

Can you please help

opscenter

10 |1000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

DataStax Enterprise is powered by the best distribution of Apache Cassandra ™

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Privacy Policy Terms of Use

Answer 1 · 2020-04-19T09:07:30Z

Erick Ramirez answered Apr 19, '20 Erick Ramirez commented Apr 20, '20

@aravinth_chakravarthyr_173918 Some fields are only available for certain events. Not all events have all alert fields available. This is because they do not necessarily apply to the event.

In the example you provided, Best Practice alerts are typically cluster-wide so they do not have a source IP associated with them. Another way of saying it is that an operator cannot trigger a Best Practice alerts via an API call -- they come from OpsCenter.

Similarly, an event will only include the user if the event has an associated user. For example, a node being restarted via OpsCenter will have the user (role) that initiated the restart. Best Practice alerts are generated by OpsCenter, not a user (role). Cheers!

2 Share

10 |1000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

aravinth_chakravarthyr_173918 commented · Apr 19, 2020 at 03:32 PM

could you just clarify me about the user more? Is that a user of opscenter who is restarting the node ( For example we have enabled LDAPthen the user who initiates Restart will be displayed here ) or the user in the node ( example :JMX ) .

I just initiated it from the opscenter and the user returned null in the API call.

0 ·

Erick Ramirez ♦♦ aravinth_chakravarthyr_173918 commented · Apr 20, 2020 at 01:22 AM

@aravinth_chakravarthyr_173918 It's the OpsCenter user (not node or Cassandra user) that initiated the action. For more information on the definition of alert fields, see Configuring alerts for events. If it isn't working as expected on your cluster, I'd recommend logging a ticket with DataStax Support so one of our engineers can investigate for you because it's difficult to do that in a Q&A forum.

As a friendly note, I've converted your post to a comment since it is not an "answer". Cheers!

0 ·

question