Bringing together the Apache Cassandra experts from the community and DataStax.

Want to learn? Have a question? Want to share your expertise? You are in the right place!

Not sure where to begin? Getting Started

 

question

aravinth_chakravarthyr_173918 avatar image
aravinth_chakravarthyr_173918 asked Erick Ramirez commented

Why is the source IP and user missing from OpsCenter alerts?

Hi,

I am using an API call from my opscenter to get information about the events through the following API,

$ curl -vvv -H 'opscenter-session: sessionid' http:// opscenterip :8888/clustername/events?count=1 | python -m json.tool

My ouput is :

{
    "action": 37,
    "api_source_ip": null,
    "event_source": "OpsCenter",
    "level": 5,
    "level_str": "ALERT",
    "message": "The best practice rule 'Secondary indexes cardinality' has failed.",
    "source_node": null,
    "success": null,
    "target_node": null,
    "time": "1587285000138000",
    "user": null
}

Why i am unable to get my API source ip and user?

Can you please help

opscenter
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered Erick Ramirez commented

@aravinth_chakravarthyr_173918 Some fields are only available for certain events. Not all events have all alert fields available. This is because they do not necessarily apply to the event.

In the example you provided, Best Practice alerts are typically cluster-wide so they do not have a source IP associated with them. Another way of saying it is that an operator cannot trigger a Best Practice alerts via an API call -- they come from OpsCenter.

Similarly, an event will only include the user if the event has an associated user. For example, a node being restarted via OpsCenter will have the user (role) that initiated the restart. Best Practice alerts are generated by OpsCenter, not a user (role). Cheers!

2 comments Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

aravinth_chakravarthyr_173918 avatar image aravinth_chakravarthyr_173918 ·

could you just clarify me about the user more? Is that a user of opscenter who is restarting the node ( For example we have enabled LDAPthen the user who initiates Restart will be displayed here ) or the user in the node ( example :JMX ) .

I just initiated it from the opscenter and the user returned null in the API call.

0 Likes 0 ·
Erick Ramirez avatar image Erick Ramirez ♦♦ aravinth_chakravarthyr_173918 ·

@aravinth_chakravarthyr_173918 It's the OpsCenter user (not node or Cassandra user) that initiated the action. For more information on the definition of alert fields, see Configuring alerts for events. If it isn't working as expected on your cluster, I'd recommend logging a ticket with DataStax Support so one of our engineers can investigate for you because it's difficult to do that in a Q&A forum.

As a friendly note, I've converted your post to a comment since it is not an "answer". Cheers!

0 Likes 0 ·