Sysdig Documentation

Filtering and Searching Events

Filter Events

The events feed can be filtered in multiple ways, to drill-down into the environment's history and refine the events displayed. The feed can be filtered by severity, type, and/or status. Examples of each are shown below.

The example below shows only high and medium severity events:

373817411.png

The example below shows only Kubernetes events:

373817415.png

The example below shows only events that are Unacknowledged:

Note

The Acknowledged label is a purely visual marker, and does not reflect the current state (triggered/resolved) of the event. By default, all events are Unacknowledged.

373817419.png

The example below shows medium severity Alert events that remain Triggered, but have been acknowledged:

373817423.png

Search for an Event

The event feeds can be searched by using the search icon in the top bar:

373817427.png