Create and manage resources with sensuctl

Use the sensuctl command line tool to create and manage resources within Sensu. Sensuctl works by calling Sensu’s underlying API to create, read, update, and delete resources, events, and entities.

Create resources

The sensuctl create command allows you to create or update resources by reading from STDIN or a file.

The create command accepts Sensu resource definitions in yaml or wrapped-json formats, which wrap the contents of the resource in spec and identify the resource type and api_version. Review the list of supported resource types for sensuctl create. Read the reference docs for information about creating resource definitions.

Resources that you create with sensuctl create will include the following label in the metadata:

sensu.io/managed_by: sensuctl
{
  "sensu.io/managed_by": "sensuctl"
}

You can create more than one resource at a time with sensuctl create. If you use YAML, separate the resource definitions by a line with three hyphens: ---. If you use wrapped JSON, separate the resources without a comma.

NOTE: You can also use the sensuctl <RESORUCE_TYPE> create command to create resources with sensuctl. Read Use the create subcommand for more information and an example.

Create resources from STDIN

The following example demonstrates how to use the EOF function with sensuctl create to create two resources by reading from STDIN: a marketing-site check and a slack handler.

cat << EOF | sensuctl create
---
type: CheckConfig
api_version: core/v2
metadata:
  name: marketing-site
spec:
  command: http-check -u https://sensu.io
  subscriptions:
  - demo
  interval: 15
  handlers:
  - slack
---
type: Handler
api_version: core/v2
metadata:
  name: slack
spec:
  command: sensu-slack-handler --channel '#monitoring'
  env_vars:
  - SLACK_WEBHOOK_URL=https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
  type: pipe
EOF
cat << EOF | sensuctl create
{
  "type": "CheckConfig",
  "api_version": "core/v2",
  "metadata" : {
    "name": "marketing-site"
    },
  "spec": {
    "command": "http-check -u https://sensu.io",
    "subscriptions": ["demo"],
    "interval": 15,
    "handlers": ["slack"]
  }
}
{
  "type": "Handler",
  "api_version": "core/v2",
  "metadata": {
    "name": "slack"
  },
  "spec": {
    "command": "sensu-slack-handler --channel '#monitoring'",
    "env_vars": [
      "SLACK_WEBHOOK_URL=https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"
    ],
    "type": "pipe"
  }
}
EOF

Create resources from a file

The following example demonstrates how to use the --file flag with sensuctl create to create a marketing-site check and a slack handler.

First, copy these resource definitions and save them in a file named my-resources.yml or my-resources.json:

---
type: CheckConfig
api_version: core/v2
metadata:
  name: marketing-site
spec:
  command: http-check -u https://sensu.io
  subscriptions:
  - demo
  interval: 15
  handlers:
  - slack
---
type: Handler
api_version: core/v2
metadata:
  name: slack
spec:
  command: sensu-slack-handler --channel '#monitoring'
  env_vars:
  - SLACK_WEBHOOK_URL=https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
  type: pipe
{
  "type": "CheckConfig",
  "api_version": "core/v2",
  "metadata" : {
    "name": "marketing-site"
    },
  "spec": {
    "command": "http-check -u https://sensu.io",
    "subscriptions": ["demo"],
    "interval": 15,
    "handlers": ["slack"]
  }
}
{
  "type": "Handler",
  "api_version": "core/v2",
  "metadata": {
    "name": "slack"
  },
  "spec": {
    "command": "sensu-slack-handler --channel '#monitoring'",
    "env_vars": [
      "SLACK_WEBHOOK_URL=https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"
    ],
    "type": "pipe"
  }
}

Run the following command to create the resources from my-resources.yml or my-resources.json:

sensuctl create --file my-resources.yml
sensuctl create --file my-resources.json

Or:

cat my-resources.yml | sensuctl create
cat my-resources.json | sensuctl create

sensuctl create flags

Run sensuctl create -h to view a usage example with command-specific and global flags:

Create or replace resources from file or URL (path, file://, http[s]://), or STDIN otherwise.

Usage:  sensuctl create [-r] [[-f URL] ... ] [flags]

Flags:
  -f, --file strings   Files, directories, or URLs to create resources from
  -h, --help           help for create
  -r, --recursive      Follow subdirectories

Global Flags:
      --api-key string             API key to use for authentication
      --api-url string             host URL of Sensu installation
      --cache-dir string           path to directory containing cache & temporary files (default "/home/vagrant/.cache/sensu/sensuctl")
      --config-dir string          path to directory containing configuration files (default "/home/vagrant/.config/sensu/sensuctl")
      --insecure-skip-tls-verify   skip TLS certificate verification (not recommended!)
      --namespace string           namespace in which we perform actions (default "default")
      --timeout duration           timeout when communicating with sensu backend (default 15s)
      --trusted-ca-file string     TLS CA certificate bundle in PEM format

sensuctl create resource types

Use sensuctl create with any of the following resource types:

sensuctl create types
ad AdhocRequest Asset CheckConfig
ClusterRole ClusterRoleBinding Entity Env
EtcdReplicators Event EventFilter GlobalConfig
Handler HookConfig ldap Mutator
Namespace oidc PostgresConfig Role
RoleBinding Secret Silenced SumoLogicMetricsHandler
TCPStreamHandler TessenConfig User VaultProvider

Create resources across namespaces

If you omit the namespace attribute from resource definitions, you can use the senusctl create --namespace flag to specify the namespace for a group of resources at the time of creation. This allows you to replicate resources across namespaces without manual editing.

To learn more about namespaces, read the namespaces reference. The RBAC reference includes a list of namespaced resource types.

The sensuctl create command applies namespaces to resources in the following order, from highest precedence to lowest:

  1. Namespace specified within resource definitions: You can specify a resource’s namespace within individual resource definitions using the namespace attribute. Namespaces specified in resource definitions take precedence over all other methods.
  2. --namespace flag: If resource definitions do not specify a namespace, Sensu applies the namespace provided by the sensuctl create --namespace flag.
  3. Current sensuctl namespace configuration: If you do not specify an embedded namespace attribute or use the --namespace flag, Sensu applies the namespace configured in the current sensuctl session. Read Manage sensuctl to view your current session config and set the session namespace.

For example, this handler does not include a namespace attribute:

---
type: Handler
api_version: core/v2
metadata:
  name: pagerduty
spec:
  command: sensu-pagerduty-handler
  env_vars:
  - PAGERDUTY_TOKEN=SECRET
  type: pipe
{
  "type": "Handler",
  "api_version": "core/v2",
  "metadata": {
    "name": "pagerduty"
  },
  "spec": {
    "command": "sensu-pagerduty-handler",
    "env_vars": [
      "PAGERDUTY_TOKEN=SECRET"
    ],
    "type": "pipe"
  }
}

If you save this resource definition in a file named pagerduty.yml or pagerduty.json, you can create the pagerduty handler in any namespace with specific sensuctl commands.

To create the handler in the default namespace:

sensuctl create --file pagerduty.yml --namespace default
sensuctl create --file pagerduty.json --namespace default

To create the pagerduty handler in the production namespace:

sensuctl create --file pagerduty.yml --namespace production
sensuctl create --file pagerduty.json --namespace production

To create the pagerduty handler in the current session namespace:

sensuctl create --file pagerduty.yml
sensuctl create --file pagerduty.json

Delete resources

The sensuctl delete command allows you to delete resources by reading from STDIN or a file.

You can use sensuctl delete with the same resource types as sensuctl create.

The delete command accepts Sensu resource definitions in wrapped-json and yaml formats. To be deleted successfully, the name and namespace of a resource provided to the delete command must match the name and namespace of an existing resource.

Delete resources with STDIN

To delete the marketing-site check from the current namespace with STDIN, run:

cat << EOF | sensuctl delete
---
type: CheckConfig
api_version: core/v2
metadata:
  name: marketing-site
spec:
  command: http-check -u https://sensu.io
  subscriptions:
  - demo
  interval: 15
  handlers:
  - slack
EOF
cat << EOF | sensuctl delete
{
  "type": "CheckConfig",
  "api_version": "core/v2",
  "metadata" : {
    "name": "marketing-site"
    },
  "spec": {
    "command": "http-check -u https://sensu.io",
    "subscriptions": ["demo"],
    "interval": 15,
    "handlers": ["slack"]
  }
}
EOF

Delete resources using a file

To delete all resources listed in a specific file from Sensu (in this example, a file named my-resources.yml or my-resources.json):

sensuctl delete --file my-resources.yml
sensuctl delete --file my-resources.json

Or:

cat my-resources.yml | sensuctl delete
cat my-resources.json | sensuctl delete

sensuctl delete flags

Run sensuctl delete -h to view a usage example with command-specific and global flags:

Delete resources from file or STDIN

Usage:  sensuctl delete [-f FILE] [flags]

Flags:
  -f, --file string   File to delete resources from
  -h, --help          help for delete

Global Flags:
      --api-key string             API key to use for authentication
      --api-url string             host URL of Sensu installation
      --cache-dir string           path to directory containing cache & temporary files (default "/home/vagrant/.cache/sensu/sensuctl")
      --config-dir string          path to directory containing configuration files (default "/home/vagrant/.config/sensu/sensuctl")
      --insecure-skip-tls-verify   skip TLS certificate verification (not recommended!)
      --namespace string           namespace in which we perform actions (default "default")
      --timeout duration           timeout when communicating with sensu backend (default 15s)
      --trusted-ca-file string     TLS CA certificate bundle in PEM format

Delete resources across namespaces

To use the senusctl delete --namespace flag to specify the namespace for a group of resources at the time of deletion, omit the namespace attribute from resource definitions. This allows you to remove resources across namespaces without manual editing.

For example, suppose you added the pagerduty handler from Create resources across namespaces in every namespace. To delete the pagerduty handler from only the production namespace using STDIN, run:

cat << EOF | sensuctl delete --namespace production
---
type: Handler
api_version: core/v2
metadata:
  name: pagerduty
spec:
  command: sensu-pagerduty-handler
  env_vars:
  - PAGERDUTY_TOKEN=SECRET
  type: pipe
EOF
cat << EOF | sensuctl delete --namespace production
{
  "type": "Handler",
  "api_version": "core/v2",
  "metadata": {
    "name": "pagerduty"
  },
  "spec": {
    "command": "sensu-pagerduty-handler",
    "env_vars": [
      "PAGERDUTY_TOKEN=SECRET"
    ],
    "type": "pipe"
  }
}
EOF

You can also use the sensuctl delete command with a file that includes the pagerduty handler definition (in these examples, the file name is pagerduty.yml or pagerduty.json).

Delete the pagerduty handler from the default namespace with this command:

sensuctl delete --file pagerduty.yml --namespace default
sensuctl delete --file pagerduty.json --namespace default

To delete the pagerduty handler from the production namespace:

sensuctl delete --file pagerduty.yml --namespace production
sensuctl delete --file pagerduty.json --namespace production

To delete the pagerduty handler in the current session namespace:

sensuctl delete --file pagerduty.yml
sensuctl delete --file pagerduty.json

Update resources

Sensuctl allows you to update resource definitions with a text editor. To use sensuctl edit, specify the resource type and resource name.

NOTE: You cannot use sensuctl to update agent-managed entities. Requests to update agent-managed entities via sensuctl will fail and return an error.

For example, to edit a handler named slack with sensuctl edit:

sensuctl edit handler slack

NOTE: You cannot use sensuctl to update agent-managed entities. Requests to update agent-managed entities via sensuctl will fail and return an error.

sensuctl edit flags

Run sensuctl edit -h to view a usage example with command-specific and global flags:

Edit resources interactively

Usage:  sensuctl edit [RESOURCE TYPE] [KEY]... [flags]

Flags:
  -b, --blank           edit a blank resource, and create it on save
      --format string   format of data returned ("json"|"wrapped-json"|"tabular"|"yaml") (default "tabular")
  -h, --help            help for edit

Global Flags:
      --api-key string             API key to use for authentication
      --api-url string             host URL of Sensu installation
      --cache-dir string           path to directory containing cache & temporary files (default "/home/vagrant/.cache/sensu/sensuctl")
      --config-dir string          path to directory containing configuration files (default "/home/vagrant/.config/sensu/sensuctl")
      --insecure-skip-tls-verify   skip TLS certificate verification (not recommended!)
      --namespace string           namespace in which we perform actions (default "default")
      --timeout duration           timeout when communicating with sensu backend (default 15s)
      --trusted-ca-file string     TLS CA certificate bundle in PEM format

sensuctl edit resource types

Use the sensuctl edit command with any of the following resource types:

sensuctl edit types
asset auth check cluster
cluster-role cluster-role-binding entity event
filter handler hook mutator
namespace pipeline role role-binding
silenced user

Manage resources

Sensuctl provides the commands listed below for managing individual Sensu resources. Combine the resource command with a subcommand to complete operations like listing all checks or deleting a specific silence.

Subcommands

Sensuctl provides a set of operation subcommands for each resource type.

To view the supported subcommands for a resource type, run the resource command followed by the help flag, -h. For example, to view the subcommands for sensuctl check, run:

sensuctl check -h

The response includes a usage example, the supported command-specific and global flags, and a list of supported subcommands.

Many resource types include a standard set of list, info, and delete operation subcommands:

delete                     delete resource given resource name
info                       show detailed resource information given resource name
list                       list resources

NOTE: The delete, info, and list subcommands are not supported for all resource types. Run sensuctl <RESOURCE_TYPE> -h to confirm which subcommands are supported for a specific resource type. You can also configure shell completion for sensuctl to view available variables for sensuctl commands.

Use the commands with their flags and subcommands to get more information about your resources. For example, to list all monitoring checks:

sensuctl check list

To list checks from all namespaces:

sensuctl check list --all-namespaces

To write all checks to my-resources.yml in yaml format or to my-resources.json in wrapped-json format:

sensuctl check list --format yaml > my-resources.yml
sensuctl check list --format wrapped-json > my-resources.json

To view the definition for a check named check-cpu:

sensuctl check info check-cpu --format yaml
sensuctl check info check-cpu --format wrapped-json

To delete the definition for a check named check-cpu:

sensuctl check delete check-cpu

In addition to the delete, info, and list operations, many commands support flags and subcommands that allow you to take special action based on the resource type. The sections below describe some of the resource-specific operations.

Run sensuctl <RESOURCE_TYPE> -h to retrieve a complete list of the supported flags and subcommands for a specific resource command. You can also configure shell completion for sensuctl to view available variables for sensuctl commands.

Use the create subcommand

Many resource types include a create subcommand that you can use to create resources using flags. Run sensuctl <RESOURCE_TYPE> create -h to get a list of the supported flags for the resource type.

For example, run this command to create a check, using flags to specify the check’s command, interval, subscriptions, and runtime assets:

sensuctl check create check_cpu \
--command 'check-cpu-usage -w 75 -c 90' \
--interval 60 \
--subscriptions system \
--runtime-assets sensu/check-cpu-usage

The command creates a check with the following definition:

type: CheckConfig
api_version: core/v2
metadata:
  created_by: admin
  name: check_cpu
  namespace: default
spec:
  check_hooks: null
  command: check-cpu-usage -w 75 -c 90
  env_vars: null
  handlers: []
  high_flap_threshold: 0
  interval: 60
  low_flap_threshold: 0
  output_metric_format: ""
  output_metric_handlers: null
  pipelines: []
  proxy_entity_name: ""
  publish: true
  round_robin: false
  runtime_assets:
  - sensu/check-cpu-usage
  secrets: null
  stdin: false
  subdue: null
  subscriptions:
  - system
  timeout: 0
  ttl: 0
{
  "type": "CheckConfig",
  "api_version": "core/v2",
  "metadata": {
    "created_by": "admin",
    "name": "check_cpu",
    "namespace": "default"
  },
  "spec": {
    "check_hooks": null,
    "command": "check-cpu-usage -w 75 -c 90",
    "env_vars": null,
    "handlers": [],
    "high_flap_threshold": 0,
    "interval": 60,
    "low_flap_threshold": 0,
    "output_metric_format": "",
    "output_metric_handlers": null,
    "pipelines": [],
    "proxy_entity_name": "",
    "publish": true,
    "round_robin": false,
    "runtime_assets": [
      "sensu/check-cpu-usage"
    ],
    "secrets": null,
    "stdin": false,
    "subdue": null,
    "subscriptions": [
      "system"
    ],
    "timeout": 0,
    "ttl": 0
  }
}

NOTE: Resources created with the sensuctl <RESOURCE_TYPE> create subcommand do not include the label sensu.io/managed_by: sensuctl.

Handle large datasets

When using sensuctl to retrieve large datasets with the list command, add the --chunk-size flag to prevent query timeouts and improve performance. The --chunk-size flag allows you to specify how many events Sensu should retrieve with each query. Sensu will make a series of queries to retrieve all resources instead of a single query.

For example, the following command returns the same output as sensuctl event list but makes multiple API queries, each for the number of resources specified with --chunk-size, instead of one query for the complete dataset:

sensuctl event list --chunk-size 500

Execute a check on demand

The sensuctl check execute command executes the specified check on demand:

sensuctl check execute <CHECK_NAME>

For example, the following command executes the check-cpu check with an attached message:

sensuctl check execute check-cpu --reason "giving a sensuctl demo"

You can also use the --subscriptions flag to override the subscriptions in the check definition:

sensuctl check execute check-cpu --subscriptions demo,webserver

Manage a Sensu cluster

The sensuctl cluster command lets you manage a Sensu cluster with the following subcommands:

health         get sensu health status
id             show sensu cluster id
member-add     add cluster member to an existing cluster, with comma-separated peer addresses
member-list    list cluster members
member-remove  remove cluster member by ID
member-update  update cluster member by ID with comma-separated peer addresses

To view cluster members:

sensuctl cluster member-list

To review the health of your Sensu cluster:

sensuctl cluster health

Manually resolve events

Use sensuctl event resolve to manually resolve events:

sensuctl event resolve <ENTITY_NAME> <CHECK_NAME>

For example, the following command manually resolves an event created by the entity webserver1 and the check check-http:

sensuctl event resolve webserver1 check-http

Use the sensuctl namespace command

The sensuctl namespace commands have a few special characteristics that you should be aware of.

sensuctl namespace create

Namespace names can contain alphanumeric characters and hyphens and must begin and end with an alphanumeric character.

senscutl namespace list

In the packaged Sensu Go distribution, sensuctl namespace list lists only the namespaces for which the current user has access.

sensuctl namespace delete

Namespaces must be empty before you can delete them. If the response to sensuctl namespace delete is Error: resource is invalid: namespace is not empty, the namespace may still contain events or other resources.

To remove all resources and events so that you can delete a namespace, run this command (replace <NAMESPACE_NAME> with the namespace you want to empty):

sensuctl dump entities,events,assets,checks,filters,handlers,secrets/v1.Secret --namespace <NAMESPACE_NAME> | sensuctl delete

Prune resources

COMMERCIAL FEATURE: Access sensuctl pruning in the packaged Sensu Go distribution. For more information, read Get started with commercial features.

The sensuctl prune subcommand allows you to delete resources that do not appear in a given set of Sensu objects (called a “configuration”) from a from a file, URL, or stdin. For example, you can use sensuctl create to to apply a new configuration, then use sensuctl prune to prune unneeded resources, resources that were created by a specific user or that include a specific label selector, and more.

NOTE: sensuctl prune is an alpha feature and may include breaking changes.

sensuctl prune can only delete resources that have the label sensu.io/managed_by: sensuctl, which Sensu automatically adds to resources created with the sensuctl create command. This means you can only use sensuctl prune to delete resources that were created with sensuctl create.

The pruning operation always follows the role-based access control (RBAC) permissions of the current user. For example, to prune resources in the dev namespace, the current user who sends the prune command must have delete access to the dev namespace.

Supported resource types

To retrieve the supported sensuctl prune resource types, run:

sensuctl describe-type all

The response will list all supported sensuctl prune resource types:

         Fully Qualified Name               Short Name           API Version               Type             Namespaced  
────────────────────────────────────── ───────────────────── ─────────────────── ───────────────────────── ─────────────
  authentication/v2.Provider                                  authentication/v2   Provider                  false
  licensing/v2.LicenseFile                                    licensing/v2        LicenseFile               false
  store/v1.PostgresConfig                                     store/v1            PostgresConfig            false
  federation/v1.EtcdReplicator                                federation/v1       EtcdReplicator            false
  federation/v1.Cluster                                       federation/v1       Cluster                   false
  secrets/v1.Secret                                           secrets/v1          Secret                    true
  secrets/v1.Provider                                         secrets/v1          Provider                  false
  searches/v1.Search                                          searches/v1         Search                    true
  web/v1.GlobalConfig                                         web/v1              GlobalConfig              false
  bsm/v1.RuleTemplate                                         bsm/v1              RuleTemplate              true
  bsm/v1.ServiceComponent                                     bsm/v1              ServiceComponent          true
  pipeline/v1.SumoLogicMetricsHandler                         pipeline/v1         SumoLogicMetricsHandler   true
  pipeline/v1.TCPStreamHandler                                pipeline/v1         TCPStreamHandler          true
  core/v2.Namespace                     namespaces            core/v2             Namespace                 false
  core/v2.ClusterRole                   clusterroles          core/v2             ClusterRole               false
  core/v2.ClusterRoleBinding            clusterrolebindings   core/v2             ClusterRoleBinding        false
  core/v2.User                          users                 core/v2             User                      false
  core/v2.APIKey                        apikeys               core/v2             APIKey                    false
  core/v2.TessenConfig                  tessen                core/v2             TessenConfig              false
  core/v2.Asset                         assets                core/v2             Asset                     true
  core/v2.CheckConfig                   checks                core/v2             CheckConfig               true
  core/v2.Entity                        entities              core/v2             Entity                    true
  core/v2.Event                         events                core/v2             Event                     true
  core/v2.EventFilter                   filters               core/v2             EventFilter               true
  core/v2.Handler                       handlers              core/v2             Handler                   true
  core/v2.HookConfig                    hooks                 core/v2             HookConfig                true
  core/v2.Mutator                       mutators              core/v2             Mutator                   true
  core/v2.Pipeline                      pipelines             core/v2             Pipeline                  true
  core/v2.Role                          roles                 core/v2             Role                      true
  core/v2.RoleBinding                   rolebindings          core/v2             RoleBinding               true
  core/v2.Silenced                      silenced              core/v2             Silenced                  true

NOTE: Short names are only supported for core/v2 resources.

sensuctl prune flags

Run sensuctl prune -h to view command-specific and global flags. The following table describes the command-specific flags.

Flag Function and important notes
-a or --all-users Prunes resources created by all users. Mutually exclusive with the --users flag. Defaults to false.
-c or --cluster-wide Prunes any cluster-wide (non-namespaced) resources that are not defined in the configuration. Defaults to false.
-d or --dry-run Prints the resources that will be pruned but does not actually delete them. Defaults to false.
-f or --file Files, URLs, or directories to prune resources from. Strings.
-h or --help Help for the prune command.
--label-selector Prunes only resources that match the specified labels (comma-separated strings). Labels are a commercial feature.
-o or --omit Resources that should be excluded from being pruned.
-r or --recursive Prune command will follow subdirectories.
-u or --users Prunes only resources that were created by the specified users (comma-separated strings). Defaults to the currently configured sensuctl user.

sensuctl prune usage

sensuctl prune <RESOURCE_TYPE>,<RESOURCE_TYPE>... -f <FILE_OR_URL> [-r] ... ] --namespace <NAMESPACE> <FLAGS>

In this example sensuctl prune command:

  • Replace <RESOURCE_TYPE> with the fully qualified name or short name of the resource you want to prune. You must specify at least one resource type or the all qualifier (to prune all resource types).
  • Replace <FILE_OR_URL> with the name of the file or the URL that contains the set of Sensu objects you want to keep (the configuration).
  • Replace <NAMESPACE> with the namespace where you want to apply pruning. If you omit the namespace qualifier, the command defaults to the current configured namespace.
  • Replace <FLAGS> with the other flags you want to use, if any.

Use a comma separator to prune more than one resource in a single command. For example, to prune checks and dynamic runtime assets from the file checks.yaml or checks.json for the dev namespace and the admin and ops users:

sensuctl prune core/v2.CheckConfig,core/v2.Asset --file checks.yaml --namespace dev --users admin,ops
sensuctl prune core/v2.CheckConfig,core/v2.Asset --file checks.json --namespace dev --users admin,ops

sensuctl prune supports pruning resources by their fully qualified names or short names:

Fully qualified names:

sensuctl prune core/v2.CheckConfig,core/v2.Entity

Short names:

sensuctl prune checks,entities

Use the all qualifier to prune all supported resources:

sensuctl prune all

Use the --omit flag to identify resources you want to exclude from being pruned:

sensuctl prune all --omit core/v2.Role,core/v2.RoleBinding,core/v2.ClusterRole,core/v2.ClusterRoleBinding

Time formats

Sensuctl supports multiple formats for resource attributes that require a time. To specify an exact point in time (for example, when setting a silence), use full dates with times.

Although supported formats depend on the resource type, sensuctl generally supports the following formats for dates with time:

  • RFC 3339 with numeric zone offset: 2018-05-10T07:04:00-08:00 or 2018-05-10T15:04:00Z
  • RFC 3339 with space delimiters and numeric zone offset: 2018-05-10 07:04:00 -08:00
  • Sensu alpha legacy format with canonical zone ID: May 10 2018 7:04AM America/Vancouver

Use the --help (-h) flag for specific sensuctl commands and resources to learn which time format to use.

Supported canonical time zone IDs are defined in the tz database.

WARNING: Windows does not support canonical zone IDs (for example, America/Vancouver).