Event Sources
Event sources indicate the origin of Sysdig Monitor Events. The sources are used to narrow down the set of events to be considered in Event Alerts.
Different source values are applicable to different Event Types.
Alert Event Sources
Since Alert Events are generated from user-configured alerts, these events are not populated with a source field.
Infrastructure Event Sources
Infrastructure events have different source values based on their origin:
docker
for Docker eventscontainerd
for ContainerD eventskubernetes
for Kubernetes events
Custom Event Sources
Custom events ingested through the Events API are automatically attached a value of api
as their source. You can customise this value by specifying it in the ingestion payload, in two different ways:
As a
source
field in the JSONevent
objectFor example, the following call will ingest an event with a customised source equal to
jenkins
:#!/bin/bash SDC_ACCESS_TOKEN='626abc7-YOUR-TOKEN-HERE-3a3ghj432' ENDPOINT='app.sysdigcloud.com' curl -X POST -s https://${ENDPOINT}/api/v2/events \ -H 'Content-Type: application/json; charset=UTF-8' \ -H 'Accept: application/json, text/javascript, */*; q=0.01' -H "Authorization: Bearer ${SDC_ACCESS_TOKEN}" \ --data-binary ' {"event": {"name": "Jenkins - start wordpress deploy", "description": "deploy", "severity": "MEDIUM", "source": "jenkins", "scope": "host.hostName = \"ip-10-1-1-1\" and build = \"89\""}} ' sleep 5
As a tag with key
source
in thetags
section of theevent
objectFor example, the following call will ingest an event with a customised source equal to
jenkins
:#!/bin/bash SDC_ACCESS_TOKEN='626abc7-YOUR-TOKEN-HERE-3a3ghj432' ENDPOINT='app.sysdigcloud.com' curl -X POST -s https://${ENDPOINT}/api/v2/events \ -H 'Content-Type: application/json; charset=UTF-8' \ -H 'Accept: application/json, text/javascript, */*; q=0.01' -H "Authorization: Bearer ${SDC_ACCESS_TOKEN}" \ --data-binary ' {"event": {"name": "Jenkins - start wordpress deploy", "description": "deploy", "severity": "MEDIUM", "tags": {"source" : "jenkins"}, "scope": "host.hostName = \"ip-10-1-1-1\" and build = \"89\""}}' sleep 5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.