Events
Read-only log of system events generated by fault detection. Events are emitted by ingest (scanner heartbeat timeouts), dispatcher (stuck scan reconciliation), and the manager health evaluator (infrastructure checks). Events are immutable and retained for 90 days by default.
Fields & Columns
| Name | Description |
|---|---|
| Time | When the event was recorded |
| Source | Which service emitted the event: ingest, dispatcher, or manager |
| Type | Event type following naming convention: _down/_up (e.g., scanner_down, db_up), _failed (e.g., backup_failed), _high/_normal (e.g., db_connections_high), _expiring/_renewed (e.g., tls_expiring), _stuck (e.g., scan_stuck) |
| Severity | Event severity: critical, high, warning, or info |
| Entity | What the event is about — entity_type:entity_id |
| Summary | Human-readable description of the event |
Gotchas
- Events are read-only — they cannot be modified or deleted through the API.
- Events older than 90 days are automatically purged. Adjust retention by setting the SYSTEM_EVENTS_RETENTION_DAYS environment variable in your Docker Compose configuration.
- Events are only emitted on state transitions, not on every health check poll.
- Recovery events (e.g., scanner_up) have severity "info" and auto-resolve matching alarms.
API Calls (1)
| Method | Path | Description |
|---|---|---|
| GET | /api/health/alerting/events | List system events with optional filters (eventType, severity, entityType) |
Related Pages
- Alarms — Alarms are created from events by the alarm evaluator
- Alarm Rules — Rules define which event types trigger alarms