Table of Index Mapping

The following table describes the mapping of simple Horizon events to the Raw Events Index. Note that fields that begin with an underscore (_) are internal to Elasticsearch.

Event Index Fields Description

Event Field

Example Event JSON

Type

Description

_index

"_index": "opennms-raw-events-2017.03"

string

The Elasticsearch index to store the document.

_type

"_type": "eventdata"

string

Either alarmdata or eventdata.

_id

"_id": "1110"

string

The event or alarm ID, if present.

_score

"_score": 1

long

Internal Elasticsearch ranking of the search result.

_source

"_source": {…​}

string

The content of the document to store.

@timestamp

"@timestamp": "2017-03-02T15:20:56.861Z"

date

Time from event.getTime().

dom

"dom": "2"

long

Day of month from @timestamp.

dow

"dow": "5"

long

Day of week from @timestamp.

hour

"hour": "15"

long

Hour of day from @timestamp.

eventdescr

"eventdescr": "<p>Alarm <ahref="/opennms/alarm/detail.htm?id=30">30</a> Cleared<p>"

string

Event description.

eventseverity

"eventseverity": "3"

long

Event severity.

eventseverity_text

"eventseverity_text": "Normal"

string

Text representation of severity value.

eventsource

"eventsource": "AlarmChangeNotifier"

string

OpenNMS event source.

eventuei

"eventuei": "uei.opennms.org/plugin/AlarmChangeNotificationEvent/AlarmCleared"

string

OpenNMS unique event identifier (UEI) of the event.

id

"id": "1110"

string

Event ID.

interface

"interface": "127.0.0.1"

string

Interface of the event.

ipaddr

"ipaddr": "127.0.0.1"

string

IP address of the event.

logmsg

"logmsg": "<p>Alarm <a href="/opennms/alarm/detail.htm?id=30">30</a> Cleared<p>"

string

Log message of the event.

logmsgdest

"logmsgdest": "logndisplay"

string

Log destination of the event.

asset-category

"asset-category": "Power"

string

All asset_ entries correspond to fields in the asset table of the node referenced in the event. These fields are present only if populated in the asset table.

asset-building

"asset-building": "55"

string

asset-room

"asset-room": "F201"

string

asset-floor

"asset-floor": "Gnd"

string

asset-rack

"asset-rack": "2101"

string

categories

"categories": ""

string

categories corresponds to the node tags table. This is a comma-separated list of categories associated with this node ID. This field is indexed, so separate values can be searched.

foreignid

"foreignid": "1488375237814"

string

Foreign ID of the node associated with the event.

foreignsource

"foreignsource": "LocalTest"

string

Foreign source of the node associated with event.

nodeid

"nodeid": "88"

string

Node ID of the node associated with the alarm or event.

nodelabel

"nodelabel": "localhost"

string

Node label of the node associated with the alarm or event.

nodesyslocation

"nodesyslocation": "Unknown (edit /etc/snmp/snmpd.conf)"

string

SNMP syslocation of the node associated with the alarm or event.

nodesysname

"nodesysname": "localhost.localdomain"

string

SNMP sysname of the node associated with the alarm or event.

qosalarmstate

"qosalarmstate": null

string