system sentries

Retrieves status information for all sentries registered with the Logpresso server.

Command properties

Property	Description
Command type	Driver query
Required permission	Cluster administrator
License usage	Not counted
Parallel execution	Not supported
Distributed execution	Not supported

Syntax

system sentries

Output fields

Field	Type	Description
guid	string	Unique identifier of the sentry
host_name	string	Name of the host where the sentry is installed
remote_ip	string	Remote IP address of the sentry. Null if disconnected.
is_connected	boolean	Current connection status. `true` if connected
pkg_ver	string	Sentry package name and version (e.g., `logpresso-sentry-1.0.0`)
description	string	Sentry description
cpu_usage	double	CPU usage (%). Null if disconnected.
mem_usage	double	Physical memory usage (%). Null if disconnected.
disk_usage	double	Usage of the most-used disk (%). Null if disconnected.
nic_rx_usage	double	Receive bandwidth usage of the most-used network interface (%). Null if disconnected.
nic_tx_usage	double	Transmit bandwidth usage of the most-used network interface (%). Null if disconnected.
user_dir	string	Working directory path of the sentry process
cpu_kernel	double	Kernel-mode CPU usage (%). Null if disconnected.
cpu_user	double	User-mode CPU usage (%). Null if disconnected.
phy_used	long	Used physical memory size (bytes). Null if disconnected.
phy_free	long	Free physical memory size (bytes). Null if disconnected.
phy_total	long	Total physical memory size (bytes). Null if disconnected.
swap_used	long	Used swap memory size (bytes). Null if disconnected.
swap_free	long	Free swap memory size (bytes). Null if disconnected.
swap_total	long	Total swap memory size (bytes). Null if disconnected.
last_connect_at	timestamp	Most recent connection time
os	string	Operating system name
os_ver	string	Operating system version
arch	string	CPU architecture (e.g., `amd64`, `aarch64`)
jvm_name	string	JVM name
jvm_version	string	JVM version
ip_addrs	array	List of IP addresses assigned to the sentry (includes IPv4 and IPv6)
disks	array	List of disk usage information. Each item is a map type.
nics	array	List of network interface speed information. Each item is a map type.

Error codes

Parsing errors

Error code	Message	Description
95020	no-read-permission	The user does not have cluster administrator permission

Runtime errors

N/A

Description

The system sentries command retrieves status information for all sentries registered with the Logpresso server. A sentry is an agent installed on a remote host that collects logs.

For connected sentries, real-time CPU, memory, disk, and network interface usage rates and system information (operating system, JVM version, etc.) are available. For disconnected sentries, performance metric fields are null.

The cpu_usage, mem_usage, disk_usage, nic_rx_usage, and nic_tx_usage fields are percentage values rounded to two decimal places.

Cluster administrator permission is required. Running this command without administrator permission causes a parsing error.

Examples

Retrieve all sentry status
```
system sentries
```
Retrieves status information for all registered sentries.
Retrieve disconnected sentries
```
system sentries
| search is_connected == false
```
Filters and retrieves only sentries that are currently disconnected.

Retrieve sentries with high CPU usage

system sentries
| search is_connected == true and cpu_usage >= 80
| fields guid, host_name, remote_ip, cpu_usage, mem_usage

Retrieves connected sentries with CPU usage at or above 80%.

Retrieve memory usage per sentry

system sentries
| search is_connected == true
| eval mem_used_gb = round(phy_used / 1073741824, 2)
| eval mem_total_gb = round(phy_total / 1073741824, 2)
| fields host_name, mem_usage, mem_used_gb, mem_total_gb
| sort -mem_usage

Converts physical memory usage for connected sentries to GB and sorts by usage rate.