Query the system for information about current and past alerts
Query parameters
Filters the alerts to only those with cursor >= query-value
Response
A filtered version of log that lists only those alerts that are currently active
Filters the alerts to only those with cursor >= query-value
A filtered version of log that lists only those alerts that are currently active
Sensor diagnostic information.
Two lists will be returned, an active list and a log list. The active list contains a list of currently active events. The number of events in the active event list is unlimited.
The log list will contain all alert trigger and clear events. An alert-clear event has the same attributes and values as its corresponding trigger event, apart from the realtime and cursor attributes which will have increased, since an alert-clear event will always be received after an alert-trigger event. The log list has a length limit of 32 events in the form of a FIFO (First in First Out) queue. When the log list length limit is reached and a new event is added, the oldest event is deleted.
In addition to the active and log lists, GET /api/v1/sensor/alerts also returns a next_cursor field. Every alert event has a cursor attribute, which increments for every alert event logged. This can be used to track the alert activity that has been viewed and reduce message bandwidth. To do this, users are recommended to save the next_cursor field when calling GET /api/v1/sensor/alerts and then to use that value as the cursor argument on the next GET /api/v1/sensor/alerts call to fetch only new log entries.
Additional Information:
The cursor will wrap at 2^32 entries. It is important to understand the behavior during the wrap case, since this may lead to some unexpected consequences:
If cursor < (next_cursor - 32) % 2^32 then some entries may be filtered. For instance if cursor =0 and next_cursor =0 no entries will be reported immediately after cursor wrap, even though the log contains 32 entries, where submitting cursor =4294967264 (next_cursor - 32) % 2^32 will return all logged values.
If cursor > next_cursor all 32 entries will be reported. The recommended approach to using the interface is to always base queries on the previous value of next_cursor