CheckMK API filter query

P-Franke · April 25, 2024, 6:50am

I am working on a script to automate some of my internal needs. I’m calling the CheckMK API to get some info out of it.
I got this query from someone here, to filter services that are in crit or warn states:

data = {
‘query’: json.dumps({“op”: “=”, “left”: “state”, “right”: “1”}),
‘columns’: ‘host_name’,
‘columns’: ‘description’
}

It’s doing as intended, showing me all warn-state services in this case.

Though this includes all services in scheduled downtime it seems. Would it be possible to extend this query to ignore all services in scheduled downtime?

Thanks for the help.

P-Franke · April 25, 2024, 6:59am

Also, would it be possible to get all crit and warn state services in a single filter query? Right now I’m calling the API twice, once with “right”:“1” and once with “right”:“2”.
If I could narrow that down to one API call that would be great

r.sander · April 25, 2024, 8:08am

You can use operators like “and” and “or” to combine multiple expressions. The services table also has a column that shows if the service is in scheduled downtime.

P-Franke · April 25, 2024, 8:24am

Could you please give me an example on how the syntax for that is supposed to be? I’m not sure how to implement your suggestion in the query.

P-Franke · April 25, 2024, 11:06am

I tried both of these so far, but they didn’t work:

data = {
        'query': json.dumps({
            "and": [
                {"or": [
                    {"op": "=", "left": "state", "right": "2"},
                    {"op": "=", "left": "state", "right": "1"}
                ]},
                {"not in downtime": ""}
            ]
        }),
        'columns': ['host_name', 'description']
    }

data = {
        'query': json.dumps({
            "op": "or",
            "query1": {"op": "=", "left": "state", "right": "2"},
            "query2": {"op": "=", "left": "state", "right": "1"},
            "query3": {"op": "not in downtime"}
        }),
        'columns': 'host_name',
        'columns': 'description'
    }

I’m not sure where I made a mistake. Does anyone maybe know?

r.sander · April 25, 2024, 11:11am

The field is not called “not in downtime”, but “scheduled_downtime_depth” and has to be 0 for no current active downtimes.

So instead of {"not in downtime": ""} write {"op": "=", "left": "scheduled_downtime_depth", "right": "0"} and then your first example should work.

P-Franke · April 25, 2024, 11:29am

I tried this:

data = {
        'query': json.dumps({
            "and": [
                {"or": [
                    {"op": "=", "left": "state", "right": "2"},
                    {"op": "=", "left": "state", "right": "1"}
                ]},
                {"op": "=", "left": "scheduled_downtime_depth", "right": "0"}
            ]
        }),
        'columns': ['host_name', 'description']
    }

But sadly it didnt work. I’m getting this error message:
‘detail’: ‘KeyError: op. Crash report generated. Please submit.’

It seems to not be able to handle the op key, but it was already in my other API calls so I’m not sure how to resolve this.