ONTAP 9.13.1 commands

event filter show

Display the list of existing event filters.

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The event filter show command displays all the event filters which are configured. An event filter is used to select the events of interest and is made up of one or more rules, each of which contains the following three fields:

*

  • name - event (message) name.

  • severity - event severity.

  • snmp-trap-type - event SNMP trap type.

     These fields are evaluated for a match using a logical "AND" operation: name AND severity AND SNMP trap type. Within a field, the specified values are evaluated with an implicit logical "OR" operation. So, if `-snmp-trap-type```_Standard, Built-in_`` is specified, then the event must match ``_Standard_`` OR ``_Built-in_`` . The wildcard matches all values for the field.
    * Type - include or exclude. When an event matches an include rule, it will be included into the filter, whereas it will be excluded from the filter if it matches an exclude rule.

Rules are checked in the order they are listed for a filter, until a match is found. There is an implicit rule at the end that matches every event to be excluded. For more information, see event filter rule command.

There are three system-defined event filters provided for your use:

  • default-trap-events - This filter matches all ALERT and EMERGENCY events. It also matches all Standard, Built-in SNMP trap type events.

  • important-events - This filter matches all ALERT and EMERGENCY events.

  • no-info-debug-events - This filter matches all non-INFO and non-DEBUG messages (EMERGENCY, ALERT, ERROR and NOTICE).

The system-defined event filters cannot be modified or deleted.

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-filter-name <text>] - Filter Name

Selects the event filters that match this parameter value.

[-position <integer>] - Rule Position

Selects the event filters that match this parameter value.

[-type {include|exclude}] - Rule Type

Selects the event filters that match this parameter value. The rule types are as follows:

  • include - Events matching this rule are included in the specified filter.

  • exclude - Events matching this rule are excluded in the specified filter.

[-message-name <text>] - Message Name

Selects the event filters that match this parameter value.

[-severity <text>,…​] - Severity

Selects the events that match this parameter value. Severity levels:

  • EMERGENCY - Disruption.

  • ALERT - Single point of failure.

  • ERROR - Degradation.

  • NOTICE - Information.

  • INFORMATIONAL - Information.

  • DEBUG - Debug information.

  • * - Includes all severities.

[-snmp-trap-type <text>,…​] - SNMP Trap Type

Selects the event filters that match this parameter value. The SNMP trap types are as follows:

  • Standard - Traps defined in RFCs.

  • Built-in - Enterprise traps specific to events.

  • Severity-based - Traps specific to events that do not belong to the above two types.

  • * - Includes all SNMP trap types.

[-parameter-criteria [key>=<value],…​] - Parameter Criteria

Selects the event filters that match this parameter-criteria value.

[-system-defined {true|false}] - System-Defined Filter

Selects the event filters that match this parameter value.

[-access-control-role <text>] - Access Control Role

Selects the event filters that match this parameter value.

Examples

The following example displays the event filters:

cluster1::> event filter show
Filter      Rule Rule                                    SNMP Trap
Name        Posn Type     Message Name     Severity      Type      Parameters
----------- ---- -------- ---------------- ------------- --------- -----------
default-trap-events
            1    include  *                EMERGENCY, ALERT
                                                         *         *=*
            2    include  callhome.*       ERROR         *         *=*
            3    include  *                *             Standard, Built-in
                                                                   *=*
            4    exclude  *                *             *         *=*
important-events
            1    include  *                EMERGENCY, ALERT
                                                         *         *=*
            2    include  callhome.*       ERROR         *         *=*
            3    exclude  *                *             *         *=*
no-info-debug-events
            1    include  *                EMERGENCY, ALERT, ERROR, NOTICE
                                                         *         *=*
            2    exclude  *                *             *         *=*
9 entries were displayed.

The following example displays the event filters queried on the SNMP trap type value "Standard":

cluster1::> event filter show -snmp-trap-type Standard
Filter      Rule Rule                                    SNMP Trap
Name        Posn Type     Message Name     Severity      Type      Parameters
----------- ---- -------- ---------------- ------------- --------- -----------
default-trap-events
            3    include  *                *             Standard, Built-in
                                                                   *=*

The following example displays the event filters with one or more rules that have no condition on the SNMP trap type. Note that the wildcard character has to be specified in double-quotes. Without double-quotes, output would be the same as not querying on the field.

cluster1::> event filter show -snmp-trap-type "*"
Filter      Rule Rule                                    SNMP Trap
Name        Posn Type     Message Name     Severity      Type      Parameters
----------- ---- -------- ---------------- ------------- --------- -----------
default-trap-events
            1    include  *                EMERGENCY, ALERT
                                                         *         *=*
            2    include  callhome.*       ERROR         *         *=*
            4    exclude  *                *             *         *=*
important-events
            1    include  *                EMERGENCY, ALERT
                                                         *         *=*
            2    include  callhome.*       ERROR         *         *=*
            3    exclude  *                *             *         *=*
no-info-debug-events
            1    include  *                EMERGENCY, ALERT, ERROR, NOTICE
                                                         *         *=*
            2    exclude  *                *             *         *=*
8 entries were displayed.
Top of Page