Unresolved Incident Query¶

Before querying, please refer to the field descriptions of df_monitor_checker_event_ref, df_fault_id, df_status, and df_fault_status in the Incident Related Field Descriptions.

1. Query Entry¶

2. Query Statements¶

Method 1: Having Query (Applicable to Doris Engine) Directly Obtain Results¶

Query Structure¶

{
    "queries": [
        {
            "qtype": "dql",
            "query": {
                "disableMultipleField": False,
                "q": "E::`monitor`:(`__docid`, `df_title`,`df_monitor_checker_event_ref`, `df_fault_id`, `df_status`, `df_fault_status`,`df_fault_start_time`, `df_event_id`) { df_monitor_checker_event_ref = exists() } by `df_monitor_checker_event_ref` having df_fault_status = 'fault' sorder by create_time desc",
                "timeRange": [
                    1724320359294,
                    1724323959294
                ],
                "align_time": True,
                // Specify that sampling is disabled for this query
                "disable_sampling": True,
                // Specify the number of groups to obtain, i.e., 100 unresolved incidents
                "slimit": 100,
                "tz": "Asia/Shanghai"
            },
        }
    ]
}

Method 2: Non-Having Query (Non-Doris Engine) Requires Filtering¶

Query Structure

{
    "queries": [
        {
            "qtype": "dql",
            "query": {
                "disableMultipleField": False,
                "q": "E::`monitor`:(`__docid`, `df_title`,`df_monitor_checker_event_ref`, `df_fault_id`, `df_status`, `df_fault_status`,`df_fault_start_time`, `df_event_id`, `create_time`) { df_monitor_checker_event_ref = exists() } by `df_monitor_checker_event_ref` sorder by create_time desc",
                "timeRange": [
                    1724320359294,
                    1724323959294
                ],
                "align_time": True,
                # Specify that sampling is disabled for this query
                "disable_sampling": True,
                # Specify to obtain 1000 trigger objects
                "slimit": 1000,
                "tz": "Asia/Shanghai"
            },
        }
    ]
}

Filter the DQL Query Results

Filter the df_fault_status status in the query results to filter out incidents with df_fault_status=fault. These data are now the list of unresolved incidents.

Sort the Data in Descending Order Based on the time Field to Obtain the Final List of Unresolved Incidents

3. How to Confirm the Storage Engine Type of the Current Workspace Incidents¶

Obtain Workspace Storage Information via API
OpenAPI 「Get Current Workspace Information」
ExternalAPI 「【Workspace】Get Details」

The datastore in the API response stores the storage engine types of all basic data in the current workspace (excluding external indexes). If the value of keyevent in datastore is doris, it indicates that the incident data is stored in the doris storage engine.

The API returns the following results
{
    "code": 200,
    "content": {
        "id": 1,
        "uuid": "wksp_xxxxx",
        "name": "【Doris】Workspace Name",
        "versionType": "pay",
        // ......
        "datastore": {
            "backup_log": "doris",
            "custom_object": "doris",
            "keyevent": "doris", // Check the value corresponding to keyevent here. If it is doris, it indicates the storage engine type is doris
            "logging": "doris",
            "metric": "guancedb",
            "network": "doris",
            "object": "doris",
            "object_history": "doris",
            "profiling": "doris",
            "rum": "doris",
            "security": "doris",
            "tracing": "doris"
        },
        // ......
    },
    "errorCode": "",
    "message": "",
    "success": true,
    "traceId": "2956247345653191101"
}