By default, the Events Feed displays events from the total environment. However, you can configure the feed to only show events within a particular scope of that environment. The scope can be configured by labels.
Labels refer to a set of meaningful key-value pairs (whitelist) that are defined by Sysdig Monitor. As a user, you can configure the whitelist. For example, if you are using Elastic Container Service (ECS) and have defined custom container labels, you can configure the whitelist to add the labels you need. Once done, all the infrastructure events related to containers will be enriched with these labels and display associated metadata.
For more information on scoping, refer to the Using Labels documentation.
Configure Event Scope
To configure the events feed scope:
Eventspage, click the Edit Events Scope.
Expand the drop-down menu.
Select the desired label, either by scrolling through the list, or by typing the name/partial name into the search bar, and selecting it.
Operatordrop-down menu, and select the relevant option.
Valuedrop-down menu, and select the relevant options.
Optional: Open the next level drop-down menu, and repeat steps 3-5.
Optional: Repeat step 6 for each additional layer of scope required.
Individual layers of the scope can be removed if necessary, by clicking the
Delete(x) icon beside the relevant layer.
Applybutton to save the new scope.
Filter Events by Scope
Events are by default filtered by scope in Dashboards and Explore to show the most relevant events associated with the selected scope. This capability enables you to quickly narrow down the potential problems in the area under purview. However, you can turn the filtering off and see Events from the complete scope. To do so in Explore:
From the Dashboard menu, select a dashboard of your choice.
Click the Options (ellipsis icon) and select Events Display.
The Events panel appears. you can do the following:
Determine whether to show events or not.
Filter events by
- Scope: Determine whether to show events by scope. Supported scopes are Team Scope and Dashboard Scope. Select an optionto see only the relevant events.
- Severity: The supported severity levels are all severity types, high severity, and both high and medium levels. See Severity and Status for more information.
- Types: The types of events supported are custom events and alerts. See Event Types for more information.
- Status: The supported statuses include triggered, resolved, acknowledged, and unacknowledged. See Severity and Status for more information.
Reset the Environment Scope
To reset the scope to the entire environment:
From the Events page, click the Edit Events Scope.
Click Clear All.
Click the Apply to save the changes.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.