forked from proofpoint/event-collector
/
README.txt
114 lines (90 loc) · 2.58 KB
/
README.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
Event collector
WARNING:
The collector buffers data locally for up to collector.max-buffer-time,
which defaults to one minute. Currently, the collector does not upload
this locally buffered data after a restart, nor does it save the event
name or partition for the files (the filename is simply a UUID). This
means that the buffered data is effectively lost when the server is
stopped. This will be fixed in a future release.
API
===
Event Resource
--------------
/v2/event
- POST (store events)
Store a list of events into the system
Examples:
curl -X POST -H'Content-type:application/json' $SERVER:$PORT/v2/event -d'
[
{
"type": "Test",
"uuid": "DCD36293-3072-4AFD-B6E3-A9EB9CE1F219",
"host": "test.local",
"timestamp": "2011-03-30T16:10:16.000Z",
"data": {
"foo": "bar",
"hello": "world"
}
}
]'
Spool Stats Resource
--------------------
/v1/spool/stats
- GET (retrieve stats)
- DELETE (clear stats)
Read or clear the spool stats.
* Counts the number of events of each type spooled to disk for S3 upload. Dropped count will
always be 0.
Examples:
curl $SERVER:$PORT/v1/spool/stats?pretty
{
"ScoreRequest":{
"transferred":4,
"lost":0
},
"PrsMessage":{
"transferred":2,
"lost":0
},
"HttpRequest":{
"transferred":15,
"lost":0
}
}
curl -X DELETE $SERVER:$PORT/v1/spool/stats?pretty
Event Tap Stats Resource
------------------------
/v1/tap/stats
- GET (retrieve stats)
- DELETE (clear stats)
Read or clear the event tap stats.
* Queue stats count the number of events queued into the batch processor. Transferred count is the
number of events enqueued. Lost count is the number of events dropped from the queue because of
overflow. Note that, any dropped event has also been included in the transferred count.
* Flow stats count the number of events delivered to the labelled flow, or dropped due to delivery
failure. Flows are identified by event type, flow ID and target URI.
Examples:
curl $SERVER:$PORT/v1/tap/stats?pretty
{
"queue":{
"ScoreRequest":{
"transferred":4,
"lost":0
},
"PrsMessage":{
"transferred":2,
"lost":0
},
"HttpRequest":{
"transferred":12,
"lost":0
}
},
"flows":{
"[ScoreRequest, 011fbdb3-ab97-46f8-a9cf-f45b2f2f801c, http://10.93.2.83:9000/v1/event]":{
"transferred":0,
"lost":4
}
}
}
curl -X DELETE $SERVER:$PORT/v1/tap/stats?pretty