Viewing and Filtering Events

The Events page lets you display events and alerts that have occurred within a time range you select anywhere in your clusters. From the Events page you can filter for events for services or role instances, hosts, users, commands, and much more. You can also search against the content information returned by the event.

To view events, select Diagnose > Events.

Events List

Event entries are ordered (within the time range you've selected) with the most recent at the top. If the event generated an alert, that is indicated by a red alert icon () in the entry.

Click the arrow at the right side of the event entry () to display details of the entry.

To view the log entry for the event, do one of the following.
  • Click the View link.
  • Click the arrow at the right side of the event entry () to display details of the entry, then click the URL link.

Filtering Events

You filter events by selecting a time range and adding filters.

You can use the Time Range Selector or a time range link () to set the time range for your search. (See Selecting a Time Range for details). Note that the time it takes to perform a search will typically increase for a longer time range, as the number of events to be searched will be larger.

Adding Filters

  • Click the icon that displays next to a property when you hover in one of the event entries. A filter containing the property and its value is added to the list of filters at the left and Cloudera Manager redisplays all events that match the filter.
  • Click the Add Filter to the left of the log. A filter control is added to the list of filters.
    1. Choose an audit event property in the property drop-down list. You can search by properties such as Username, Service, Command, or Role. The actual properties may vary depending on the service or role you are looking at.
    2. If the property allows it, choose an operator in the operator drop-down list.
    3. Type an audit property value in the value text field. Note that for some properties, where the list of values is finite and known, you can start typing and then select from a list of potential matches. For some properties you can include multiple values in the value field. For example, you can create a filter like "SERVICE = HBASE1, HDFS1". Multiple values for a single filter property are combined using OR (that is, SERVICE = HBASE1 OR HDFS1).
    4. Click Add Another to add additional filter components. A filter containing the property and its value is added to the list of filters at the left. Multiple filters are combined using AND – for example, SERVICE = HBASE1 AND USERNAME = admin)
    5. Click Search. The log displays all events that match the filter criteria.

Removing a Filter

  1. Click the at the right of the filter. The filter is removed and the audit log redisplays all events that match the remaining filters.

Modifying a Filter

  1. Click the filter. The filter expands into separate property, operator, and value fields.
  2. Modify the value of one or more fields.
  3. Click Search. A filter containing the property, operation, and value is added to the list of filters at the left and the audit log redisplays all events that match the modified set of filters.