event_check()

Return the number of events in the PATROL Event Manager (PEM) repository that match the specified criteria.

Syntax

event_check(start-time,stop-time,status,type,node,origin,
pattern,IDrange,class,severity)

Parameters

Parameter

Definition

start-time

time endpoint that specifies the oldest event timestamp that is valid for the event check*Valid Values*

  • " " indicating January 1, 1970 at 00:00:00
  • PSL backward compatible: MMddhhmm [ yy ]
  • RFC-822: day date month year hh:mm:ss
  • Unix: day month date hh:mm:ss year
  • PSL date(): day month date hh:mm:ss year

The variables have the following values::
day—Sun Mon Tue Wed Thu Fri Sat
MM—01 to 12
month—Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
dd or date—01 to 31
hh—00 to 23
mm and ss—00 to 59
year—1902 to 2037
[yy]—00 to 99 (19yy is assumed)
In the PSL compatibility format the current year is used when yy is omitted.

stop-time

time endpoint that specifies the most recent event time stamp that is valid for the event check

*Valid Values*

  • " " indicating January 1, 1970 at 00:00:00
  • PSL backward compatible: MMddhhmm [ yy ]
  • RFC-822: day date month year hh:mm:ss
  • Unix: day month date hh:mm:ss year
  • PSL date(): day month date hh:mm:ss year

The variables have the following values:
day—Sun Mon Tue Wed Thu Fri Sat
MM—01 to 12
month—Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
dd or date—01 to 31
hh—00 to 23
mm and ss—00 to 59
year—1902 to 2037
[yy]—00 to 99 (19yy is assumed)
In the PSL compatibility format the current year is used when yy is omitted.

status

event status that is valid for the event check
Valid Values
O OPEN
A ACKNOWLEDGED
C CLOSED
E ESCALATED
D DELETED
Examples
■ "O,A,C,D" matches all statuses except ESCALATED
■ "O,A,C,E,D" or " " matches all statuses
■ "O,C" matches only statuses OPEN and CLOSED

type

event type that is valid for the event check*Valid Values* 
I INFORMATION 
S STATE_CHANGE 
E ERROR 
W WARNING 
A ALARM 
R RESPONSE

*Examples*

  • "S,E,W,A,R" matches all event types except INFORMATION
  • "I,S,E,W,A,R" or " " matches all event types
  • "W,A" matches only event types WARNING and ALARM
node

computer system name that is valid for the event check

*Valid Values*

  • " " indicating all computer systems listed in the PEM repository
  • a character string indicating a specific computer system name
origin

application instance or class that is valid for the event check
Valid Values
■ " " for all application classes
■ a character string indicating a specific application instance or class

pattern

character string within the event description field that is valid for the event check

*Valid Values*

  • " " indicating any characters
  • a character string specifying a specific text pattern
IDrange

string that defines the range of PATROL event IDs that are valid for the event
query
Valid Values
x event ID x
x/y event IDs between and including x and y
-/y event IDs less than and including y
x/- event IDs greater than and including x
-/- all events
where x and y are integers such that
0 ≤ x ≤ y ≤ 2,147,483,647

class

event class that is valid for the event check
Valid Values
■ " " indicating all event classes
■ a character string specifying a specific event class

severity

lowest event severity that is valid for the event archival
Valid Values
■ a value between 1 and 5 with 5 being the most severe
■ " " indicating that all event severities

When the two digit year, yy, is specified with the PSL compatible time format for the start-time and stop-time parameters, the function assumes the year is 19 yy. You should either omit the year when using this format, or use a different date format if you need to specify the year.

Description

The event_check() function returns an integer indicating the number of events found in the PATROL Agent PATROL Event Manager repository that matched the search criteria or a 0 indicating no matching events were found.

Example

The following is an example of the event_check() function:

print(
"the number of events matching the filter : " .
event_check( # the filter definition follows:
"", # events after January 1, 1970
"", # any stop time
"O", # only OPEN status
"A,W", # only ALARM or WARNING types
"", # any computer system name
"SYBASE", # only events originating from SYBASE
"", # match any description text
"120/-", # only events whose IDs are >= 120
"", # any event class
"2", # event severity 2 or greater
)
. "\n"
);
Was this page helpful? Yes No Submitting... Thank you

Comments