By default, Events feed displays events from the entire environment. However, the feed can be configured to only show events from a particular scope within that environment. The scope of the event feeds can be configured by labels.
Labels refer to a set of meaningful key-value pair (whitelist) that is defined by Sysdig Monitor. As a user, you have the ability to configure the whitelist. For example, if you are using ECS and have custom container labels you have defined, you have the ability to configure the whitelist and add the labels you need. Once done, all the infrastructure events related to containers are enriched with these labels and the event scope will display associated metadata.
For more information on scoping, refer to the Using Labels documentation.
Configure Event Scope
To configure the events feed scope:
Eventspage, click the Edit Events Scope.
Expand the drop-down menu.
Select the desired label, either by scrolling through the list, or by typing the name/partial name into the search bar, and selecting it.
Operatordrop-down menu, and select the relevant option.
Valuedrop-down menu, and select the relevant options.
Optional: Open the next level drop-down menu, and repeat steps 3-5.
Optional: Repeat step 6 for each additional layer of scope required.
Individual layers of the scope can be removed if necessary, by clicking the
Delete(x) icon beside the relevant layer.
Applybutton to save the new scope.
Filter Events by Scope
Events are by default filtered by scope in Dashboards and Explore to show the most relevant events associated with the selected scope. This capability enables you to quickly narrow down the potential problems in the area under purview. However, you can turn the filtering off and see Events from the complete scope. To do so in Explore:
From the Dashboard menu, select a dashboard of your choice.
Click the Options (ellipsis icon) and select Events Display.
The Events panel appears. you can do the following:
Determine whether to show events or not.
Filter events by
- Scope: Determine whether to show events by scope. Supported scopes are Team Scope and Dashboard Scope. Select an optionto see only the relevant events.
- Severity: The supported severity levels are all severity types, high severity, and both high and medium levels. See Severity and Status for more information.
- Types: The types of events supported are custom events and alerts. See Event Types for more information.
- Status: The supported statuses include both status of the event as well as the resolution of the event. See Severity and Status for more information.
Reset the Environment Scope
To reset the scope to the entire environment:
From the Events page, click the Edit Events Scope.
Click Clear All.
Click the Apply to save the changes.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.