list_eventsources
Lists all EventSources to discover log monitoring configurations and audit event collection across Windows, Linux, and network resources.
Instructions
List all EventSources in LogicMonitor (LM) monitoring.
Returns: Array of EventSources with: id, name, displayName, description, appliesTo logic, event collection method.
What are EventSources: Collect and process event data (logs, Windows events, syslog, traps). Different from DataSources (metrics) and ConfigSources (configs). Used for log monitoring and event correlation.
When to use:
Find EventSource for log monitoring
Discover what events are being collected
Get EventSource IDs for operations
Audit event monitoring coverage
Event types collected:
Windows Event Logs: Application, Security, System logs
Syslog: Linux/Unix system logs, network resource/device logs
SNMP Traps: Network resource/device alerts and notifications
Application logs: Custom app logs, web server logs
Cloud events: CloudWatch logs, Azure events
Common EventSources:
Windows_Application_EventLog: Windows application events
Windows_Security_EventLog: Security/audit logs
Linux_Syslog: Linux system logs via syslog
SNMP_Traps: Network resource/device SNMP traps
VMware_Events: vCenter events
Use cases:
Monitor Windows failed login attempts
Alert on ERROR/CRITICAL in application logs
Collect network resource/device syslog for troubleshooting
Track security events for compliance
Important: A negative "total" value in the response indicates incomplete results. Use pagination (size/offset parameters) or set autoPaginate: true to retrieve all items.
Related tools: "get_eventsource" (details), "list_device_eventsources" (events for device).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| size | No | Number of results per page (default: 50, max: 1000). | |
| offset | No | Starting offset for pagination (default: 0). Use this to skip a specific number of results. | |
| autoPaginate | No | Automatically fetch all pages (default: false). When true, fetches all results across multiple pages. When false, returns only the requested page. Use false for large result sets to avoid long response times. | |
| filter | No | Filter expression using LogicMonitor query syntax. Examples: name:*prod*, displayName~*server*, id>100, hostStatus:normal. Available operators: : (equals), ~ (includes), !: (not equals), !~ (not includes), >: (greater than or equals), <: (less than or equals), > (greater than), < (less than). Multiple conditions: Use comma (,) for AND, use || for OR. Do NOT use &&. | |
| fields | No | Comma-separated list of fields to include in response. Examples: "id,displayName,hostStatus" or use "*" for all fields. Omit this parameter to receive a curated set of commonly used fields. |