Policy API
Apache Eagle Provide RESTful APIs for create/update/query/delete policy for alert
- Policy Definition API
- Stream Definition API
Policy Definition API
Create/Update Policy Example
| URL | http://host:port/eagle-service/rest/entities?serviceName=AlertDefinitionService | ||
| METHOD | POST | ||
| HEADERS | “Content-Type:application/json” | ||
| “Authorization:Basic encodedusrpwd” (encodedusrpwd is base64 encoded string for “user:password”) | |||
| DATA | [{ | ||
| “tags”: { | |||
| “site”: “sandbox”, | |||
| “dataSource”: “hdfsAuditLog”, | |||
| “policyId”: “testPolicy”, | |||
| “alertExecutorId”: “hdfsAuditLogAlertExecutor”, | |||
| “policyType”: “siddhiCEPEngine” | |||
| }, | |||
| “desc”: “test alert policy”, | |||
| “policyDef”: “{"type":"siddhiCEPEngine","expression":"from hdfsAuditLogEventStream[src ==’/tmp/private’] select * insert into outputStream;"}”, | |||
| “notificationDef”: “[{ | |||
| “sender”:”noreply-eagle@company.com”, | |||
| “recipients”:”user@company.com”, | |||
| “subject”:”test alert policy”, | |||
| “flavor”:”email”, | |||
| “id”:”email_1” | |||
| }]”, | |||
| “enabled”: true | |||
| }] |
Field Specification
| Tags | All Tags form the key for alert policy | ||
| 1) site: Which site is the policy for? e.g. sandbox | |||
| 2) dataSource: From which dataSource the policy consume from; e.g. hdfsAuditLog | |||
| 3) policyId | |||
| 4) alertExecutorId: Within which executor will the policy be executed e.g. hdfsAuditLog | |||
| 5) policyType: Which engine should the policy be executed with e.g. siddhiCEPEngine | |||
| policyDef | Definition for the policy, tell | ||
| 1) which engine the policy should be executed with | |||
| 2) The policy expression to be evaluated | |||
| notificationDef | Currently we only support email notification for alert, below are fields of alert definition | ||
| 1) sender: Email Sender | |||
| 2) recipients: Email Receipent | |||
| 3) subject: Email Subject | |||
| 4) flavor: way of notification, currently only supprot “email” | |||
| 5) id: notification id | |||
| enabled | If the alert is enabled, true/false | ||
| desc | Description of the policy |
Response Body
{
“meta”: {
“elapsedms”: 11,
“totalResults”: 1
},
“success”: true,
“obj”: [
“YEktKX_____62aP_6x97yoSv3B0ANd9Hby–xyCZKe1hk6BkS9hcZXeJk1Je-7-Mrq0lGQ”
],
“type”: “java.lang.String”
}
Get Policy Example
| URL | http://host:port/eagle-service/rest/list?query=AlertDefinitionService[@dataSource=”hdfsAuditLog” AND @site=”sandbox”]{*}&pageSize=100 | ||
| METHOD | GET | ||
| HEADERS | “Content-Type:application/json” | ||
| “Authorization:Basic encodedusrpwd” (encodedusrpwd is base64 encoded string for “user:password”) |
Response Body
{
prefix: “alertdef”,
tags: {
site: “sandbox”,
dataSource: “hdfsAuditLog”,
policyId: “testPolicy”,
alertExecutorId: “hdfsAuditLogAlertExecutor”,
policyType: “siddhiCEPEngine”
},
encodedRowkey: “YEktKX_____62aP_6x97yoSv3B0ANd9Hby–xyCZKe1hk6BkS9hcZXeJk1Je-7-Mrq0lGQ”,
desc: “nope alert for test”,
policyDef: “{“type”:”siddhiCEPEngine”,”expression”:”from hdfsAuditLogEventStream[src==’/tmp/private’] select * into outputStream;”}”,
notificationDef: “[{“sender”:”noreplay-eagle@company.com”,”recipients”:”user@company.com”,”subject”:”testPolicy”,”flavor”:”email”,”id”:”email_1”}]”,
enabled: true
}
Delete Policy Example
Delete policy by encodedRowkey
| URL | http://host:port/eagle-service/rest/entities/delete?serviceName=AlertDefinitionService&byId=true | ||
| METHOD | POST | ||
| HEADERS | “Content-Type:application/json” | ||
| “Authorization:Basic encodedusrpwd” (encodedusrpwd is base64 encoded string for “user:password”) | |||
| DATA | [ | ||
| “YEktKX_____62aP_6x97yoSv3B0ANd9Hby–xyCZKe1hk6BkS9hcZXeJk1Je-7-Mrq0lGQ” | |||
| ] |
Delete Request Response Body
The folloing is the response body of a sucessfully delete request
{
“meta”: {
“elapsedms”: 5,
“totalResults”: 1
},
“success”: true,
“obj”: [
“YEktKX_____62aP_6x97yoSv3B0ANd9Hby–xyCZKe1hk6BkS9hcZXeJk1Je-7-Mrq0lGQ”
],
“type”: “java.lang.String”
}
Stream Definition API
In the policy defintion, if the policyType is “siddhiCEPEngine” we need specify from which stream the query is against , like “from hdfsAuditLogEventStream”
So we need further define the stream schema along with the policy
The response body of stream schema api is similar to policy api, we don’t duplicate it in stream definition api
Create/Update Stream Shceme Example
| URL | http://host:port/eagle-service/rest/entities?serviceName=AlertStreamSchemaService | ||
| METHOD | POST | ||
| HEADERS | “Content-Type:application/json” | ||
| “Authorization:Basic encodedusrpwd” (encodedusrpwd is base64 encoded string for “user:password”) | |||
| DATA | [{ | ||
| “tags”: { | |||
| “dataSource”: “hiveQueryLog”, | |||
| “attrName”: “user”, | |||
| “streamName”: “hiveAccessLogStream” | |||
| }, | |||
| “attrType”: “string”, | |||
| “attrDescription”: “process user” | |||
| }] |
Field Specification
| Tags | All Tags form the key for alert policy | ||
| 1) dataSource: From which dataSource the policy consume from, e.g. “hdfsAuditLog” | |||
| 2) attrName: Attribute’s name, e.g. “user” | |||
| 3) streamName: Stream’s name, e.g. “hiveAccessLogStream” | |||
| attrType | Attribute’s type, e.g. string, boolean, int, long | ||
| attrDescription | Description for the attribute |
Get Stream Shceme Example
| URL | http://host:port/eagle-service/rest/list?query=AlertStreamSchemaService[@dataSource=”hdfsAuditLog” AND @streamName=”hiveAccessLogStream”]{*}&pageSize=100 | ||
| METHOD | GET | ||
| HEADERS | “Content-Type:application/json” | ||
| “Authorization:Basic encodedusrpwd” (encodedusrpwd is base64 encoded string for “user:password”) |
Delete Stream Shceme Example
Delete stream shceme by encodedRowkey
| URL | http://host:port/eagle-service/rest/entities/delete?serviceName=AlertStreamSchemaService&byId=true | ||
| METHOD | POST | ||
| HEADERS | “Content-Type:application/json” | ||
| “Authorization:Basic encodedusrpwd” (encodedusrpwd is base64 encoded string for “user:password”) | |||
| DATA | [ “YEktKX_____62aP_6x97yoSv3B0ANd9Hby–xyCZKe1hk6BkS9hcZXeJk1Je-7-Mrq0lGQ” ] |
