API - getNetworkEvents inconstancy between eventTypes

Kind of a big deal
Kind of a big deal

API - getNetworkEvents inconstancy between eventTypes

Hi ,


I'm currently testing the endpoint getNetworkEvents  and I found that there is some disparity between the dashboard and the API.


vrrp : 


Dashboard shows 3 events : All VRRP , Virtual router collision and VRRP transition



API returns 3 events : 


{"category":"VRRP","type":"vrrp","description":"VRRP transition"} <-- Wrong description ?
{"category":"VRRP","type":"vrrp_vrid_collision","description":"Virtual router collision"}
{"category":"VRRP","type":"vrrp_state_change","description":"VRRP transition"}

 Other than the description of 'vrrp' should probably be renamed from VRRP transition to 'All vrrp' , we have the same thing from the dashboard. 



BGP : 

Dashboard shows 4 events : 

All BGP , BGP received notification , BGP sent notification , BGP session established , BGP session no longer established



API returns : 

{"category":"BGP","type":"bgp_received_notification","description":"BGP received notification"}
{"category":"BGP","type":"bgp_sent_notification","description":"BGP sent notification"}
{"category":"BGP","type":"bgp_session_established","description":"BGP session established"}
{"category":"BGP","type":"bgp_session_unestablished","description":"BGP session no longer established"}

This time we are missing  'All BGP' 

So the only event to have the dashboard equivalent to 'All [event_name]' is vrrp. No idea why. 


Also , If I query https://api.meraki.com/api/v1/networks/[net_id]/events/eventTypes on a combined network versus a standalone appliance network ( in concentrator mode ) I do get very different results. 


eg : I'm missing half of DHCP event types. (?)


Bonus : There is some weird event types : 

{"category":"Route tracking","type":"network_test","description":"Network test"}
{"category":"Events dropped","type":"events_dropped2","description":"Events dropped"}





2 Replies 2
Head in the Cloud

Maybe the Dashboard 'All BGP' is a calculated value from the sum of other BGP events?


In general I've found getNetworkEvents one of the fiddliest calls, the complete set of event data structures isn't documented, so they need discovering manually and can be inconsistent, some things I've found over time...


At least one event 'cf_block' can use a different element name for no apparent reason - 'category' or' categories', in both cases there is only one category value and there's no other difference apparent between the two versions of the event.


If you are using the Meraki Python library and there are no events, making the call with...




 ...can result in the library call looping indefinitely (this has been reported, the API call itself wasn't following the paging rules and the Python library loop avoidance code is buggy), last time I checked the problem still occurred, I gave up and just patch the library to fix it as the issue has not been corrected.


There is an element called 'message', the possible messages aren't documented, but it seems a non-null value means there is an error, the only message I've seen so far is...


"message": "No matching events found between Dec 27 19:13 and Jan 27 19:13."


...which I turned up when investigating the looping problem.


Kind of a big deal
Kind of a big deal

This can sometimes occur due to differences in how data is processed or presented.


For the VRRP events, it appears that the API is returning the same events as the dashboard, but with a different description for the ‘vrrp’ event. This could be due to a difference in naming conventions between the dashboard and the API. VRRP, or Virtual Router Redundancy Protocol, has various parameters and events associated with it.


For the BGP events, it seems like the ‘All BGP’ event is missing from the API. BGP, or Border Gateway Protocol, is a complex protocol with many possible events. It’s possible that the ‘All BGP’ event is an aggregate event on the dashboard that doesn’t have a direct equivalent in the API.

As for the different results when querying a combined network versus a standalone appliance network, this could be due to differences in the network configurations or the types of events that are relevant for each network type.


The missing DHCP event types could be due to a variety of factors, such as network configuration, client settings, or even issues with the DHCP service itself.

The “weird” event types you mentioned, such as ‘network_test’ under ‘Route tracking’ and ‘events_dropped’ under ‘Events dropped’, could be specific to the system or network you’re working with. They might represent specific events or states that aren’t commonly encountered.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.