Event Sources
Event sources indicate the origin of Sysdig Monitor Events. The sources are used to narrow down the set of events to be considered in Event Alerts.
Different source values are applicable to different Event Types.
Alert Event Sources
Since Alert Events are generated from user-configured alerts, these events are not populated with a source field.
Infrastructure Event Sources
Infrastructure events have different source values based on their origin:
dockerfor Docker eventscontainerdfor ContainerD eventskubernetesfor Kubernetes events
Custom Event Sources
Custom events ingested through the Events API are automatically attached a value of api as their source. You can customise this value by specifying it in the ingestion payload, in two different ways:
As a
sourcefield in the JSONeventobjectFor example, the following call will ingest an event with a customised source equal to
jenkins:#!/bin/bash SDC_ACCESS_TOKEN='626abc7-YOUR-TOKEN-HERE-3a3ghj432' ENDPOINT='app.sysdigcloud.com' curl -X POST -s https://${ENDPOINT}/api/v2/events \ -H 'Content-Type: application/json; charset=UTF-8' \ -H 'Accept: application/json, text/javascript, */*; q=0.01' -H "Authorization: Bearer ${SDC_ACCESS_TOKEN}" \ --data-binary ' {"event": {"name": "Jenkins - start wordpress deploy", "description": "deploy", "severity": "MEDIUM", "source": "jenkins", "scope": "host.hostName = \"ip-10-1-1-1\" and build = \"89\""}} ' sleep 5As a tag with key
sourcein thetagssection of theeventobjectFor example, the following call will ingest an event with a customised source equal to
jenkins:#!/bin/bash SDC_ACCESS_TOKEN='626abc7-YOUR-TOKEN-HERE-3a3ghj432' ENDPOINT='app.sysdigcloud.com' curl -X POST -s https://${ENDPOINT}/api/v2/events \ -H 'Content-Type: application/json; charset=UTF-8' \ -H 'Accept: application/json, text/javascript, */*; q=0.01' -H "Authorization: Bearer ${SDC_ACCESS_TOKEN}" \ --data-binary ' {"event": {"name": "Jenkins - start wordpress deploy", "description": "deploy", "severity": "MEDIUM", "tags": {"source" : "jenkins"}, "scope": "host.hostName = \"ip-10-1-1-1\" and build = \"89\""}}' sleep 5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.