alert

Creates a Sonar event using the input record.

Syntax

alert

Description

This command is available only on the control node and can only be used by the cluster administrator. Basically, you can use it by setting up the alert command in a stream query that receives the event to be transmitted to the control node after real-time rule detection from each data node.

If a duplicate event is received, it may be removed due to the event deduplication setting of the real-time scenario. In addition, a ticket may be created or merged into an existing ticket depending on the real-time scenario settings. You can retrieve the created event in the event menu.

The input record must meet the following specifications:

FieldRequiredTypeDescription
_loggerYes32-bit integerLogger ID identifier
_ruleYes32-bit integerReal-time scenario ID identifier
_timeNoDate/TimeTime at which the original event occurred. If there is no value or the type does not match, it is treated as the time at which the input is made.
emp_keyNoStringEmployee number
emp_nameNoStringEmployee name
host_ipNoIP AddressHost IP address
src_ipNoIP AddressSource IP address
src_countryNoStringSource ISO country code
src_portNo32-bit integerSource port number
dst_ipNoIP AddressDestination IP address
dst_countryNoStringDestination ISO country code
dst_portNo32-bit integerDestination port number
protocolNoStringProtocol
actionNoStringResponse method