Manualshelf

HP-UX Event ManagerAdministrator's Guide

ManualsBrandsHP ManualsSoftwareHP Event Monitoring Service Software
51525354555657585960
Using Event Manager
Introduction to Event Filters
Chapter 2 57
The before and since keywords use similar specifier strings. However,
you cannot use wildcard characters and there is no day of the week
indicator. For example, the following command discovers events that
were posted after 3:00p.m. on July 6, 2002:
# evmget -A -f '[since 2002:7:6:15:0:0]' | more
The age keyword provides a more convenient and intuitive way to select
events according to their timestamps. As a system administrator, you
may be interested in recent events that indicate a system problem. You
can combine the event filter's priority and age keywords to find such
events. For example, the following command sequence shows all events
with a priority of error (400) or higher, that occurred either yesterday or
today (the age of the event is less than two days):
# evmget -A -f '[pri >= 400] and [age < 2d]' | more
In the previous example, 2d specifies events that are less than 2 days old.
You can specify an age in seconds (s), minutes (m), hours (h), days (d), or
weeks (w). For information about how each specifier is used in calculating
an event's age, see EvmFilter(5).
You can use a more complex filter to return events that occurred within a
more specific period. The following example finds error events that
occurred more than three days ago, but less than six days:
# evmget -A -f '[pri >= 400] and ([age < 6d] and [age > 3d])' |
more
For detailed information on selecting events according to their
timestamps, and the full filter syntax, see EvmFilter ().
Using the Event-Id to Select Events for Detailed Display
Using the evmshow -d command option to display events can result in a
large amount of output and you may want to limit the number of
displayed events. Events that are posted through Event Manager contain
a sequential identifier known as the event-id. You can use the
event-id to select a specific event or a range of events for detailed
display.
The event-id is not guaranteed to be unique within any particular set
of events, because the daemon's counter is set to zero each time it is
restarted. To ensure that an event is unique, you must also use the
timestamp when selecting events as shown in the following example:
# evmget -A -f '[age < 1d]' -t "@timestamp @event_id @@" | more