Query the system for information about current and past alerts

Open in Claude
Sensor diagnostic information. Two lists will be returned, an __active__ list and a __log__ list. The __active__ list contains a list of currently active events. The number of events in the __active__ event list is unlimited. The __log__ list will contain all alert trigger and clear events. An alert-clear event has the same attributes and values as its corresponding trigger event, apart from the realtime and __cursor__ attributes which will have increased, since an alert-clear event will always be received after an alert-trigger event. The __log__ list has a length limit of 32 events in the form of a FIFO (First in First Out) queue. When the __log__ list length limit is reached and a new event is added, the oldest event is deleted. In addition to the __active__ and __log__ lists, `GET /api/v1/sensor/alerts` also returns a __next_cursor__ field. Every alert event has a __cursor__ attribute, which increments for every alert event logged. This can be used to track the alert activity that has been viewed and reduce message bandwidth. To do this, users are recommended to save the __next_cursor__ field when calling `GET /api/v1/sensor/alerts` and then to use that value as the __cursor__ argument on the next `GET /api/v1/sensor/alerts` call to fetch only new __log__ entries. __Additional Information:__ The __cursor__ will wrap at 2^32 entries. It is important to understand the behavior during the wrap case, since this may lead to some unexpected consequences: * If __cursor__ < (__next_cursor__ - 32) % 2^32 then some entries may be filtered. For instance if __cursor__ =0 and __next_cursor__ =0 no entries will be reported immediately after __cursor__ wrap, even though the log contains 32 entries, where submitting __cursor__ =4294967264 (next_cursor - 32) % 2^32 will return all logged values. * If __cursor__ > __next_cursor__ all 32 entries will be reported. The recommended approach to using the interface is to always base queries on the previous value of __next_cursor__

Query parameters

cursorintegerOptional

Filters the alerts to only those with cursor >= query-value

modeenumOptional
Specifies the query mode
Allowed values:

Response

Successful operation
loglist of objects
A log of all alerts that have occurred since the sensor was last initialized
next_cursorinteger>=0
Indicates the cursor value that will occur in the next alert to fire
activelist of objects

A filtered version of log that lists only those alerts that are currently active

Errors

400
Bad Request Error
500
Internal Server Error