Argus Metric REST MCP Tools¶

These tools let the LLM retrieve live Argus metric aggregation results from the Argus metrics API.

They currently support ProcessingEventsPerFilter metrics, which describe event filter processing activity across Argus detection pipelines.

General Notes¶

Use these tools when you want the LLM to calculate live metric aggregations from Argus APIs.
The LLM should first use the Metric Search Translator MCP tools to shape and validate the aggregation request.
ProcessingEventsPerFilter metrics cover annotation filters, analysis filters, and match filters.
At least one statistics.values item is required for a meaningful aggregation.
Metric aggregation responses are source-of-truth results. The LLM should explain returned metric values only, without inventing missing buckets, customers, timestamps, units, or key translations.

Tool: `executeProcessingEventsPerFilterMetricAggregation`¶

Purpose

Execute an aggregation for ProcessingEventsPerFilter metric records. The result contains aggregated metric values for the selected filters, groupings, and time buckets.

Arguments

Field	Description	Type	Default	Required
`request`	ProcessingEventsPerFilter metric aggregation definition prepared and validated from the user's request.	`object`	None	Yes

`request` Fields¶

Field	Description	Type	Default	Required
`filter`	Filters that select which metric records are included before aggregation.	`object`	Empty filter with default time range	No
`statistics`	Aggregation configuration for selected metric values, grouping, and time bucketing. Must include at least one `values` item.	`object`	Empty statistics request	Yes
`translateKey`	Whether descriptor key values should be translated for display where translation is available.	`boolean`	`true`	No

`request.filter` Fields¶

Field	Description	Type	Default	Required
`customer`	Include metric records for any of the specified customers, using customer ID or short name.	`array<string>`	None	No
`timeFilter`	Time range based on when metric records were submitted to the central Argus metric service.	`object`	`{ "startTime": "startOfDay", "endTime": "now" }`	No
`keyFilter`	Filters for ProcessingEventsPerFilter descriptor keys, such as filter ID, filter type, host, component instance, or pipeline stage.	`object`	None	No

`request.filter.timeFilter` Fields¶

Field	Description	Type	Default	Required
`startTime`	Start of the metric submission time range. Accepts epoch millis as string, ISO-8601 UTC, or relative expressions such as `startOfDay - 1 day`.	`string`	`startOfDay`	No
`endTime`	End of the metric submission time range. Accepts epoch millis as string, ISO-8601 UTC, or relative expressions such as `now`.	`string`	`now`	No

`request.filter.keyFilter` Fields¶

Field	Description	Type	Default	Required
`filterID`	Include metrics for any of the specified event filter IDs.	`array<number>`	None	No
`filterType`	Include metrics for selected event filter types. Allowed values: `AnnotationFilter`, `AnalysisFilter`, `MatchFilter`.	`array<string>`	None	No
`componentHost`	Include metrics from any of the specified detection pipeline host names.	`array<string>`	None	No
`componentInstanceID`	Include metrics from any of the specified detection pipeline component instance IDs.	`array<number>`	None	No
`stage`	Include metrics from any of the specified detection pipeline stages.	`array<string>`	None	No

`request.statistics` Fields¶

Field	Description	Type	Default	Required
`timeBucket`	Time bucketing configuration based on metric submission time. Use this for requests such as per hour, per day, or one bucket for the whole range.	`object`	`{ "resolution": 0, "resolutionUnit": "hours" }`	No
`groupBy`	Descriptor keys used to group the aggregation result. List order controls the grouping hierarchy.	`array<object>`	Empty list	No
`includeOthersForGroupBy`	Whether data excluded by group-by limits should be collected into an `Others` bucket. Applies only when `groupBy` is used.	`boolean`	`true`	No
`values`	Metric values to aggregate. At least one item is required.	`array<object>`	Empty list	Yes

`request.statistics.timeBucket` Fields¶

Field	Description	Type	Default	Required
`resolution`	Bucket size as a number using `resolutionUnit`. Use `0` to aggregate the full requested time range into one bucket. Values above `10000` are capped at `10000`.	`number`	`0`	No
`resolutionUnit`	Unit for `resolution`. Allowed values: `milliseconds`, `seconds`, `minutes`, `hours`, `days`.	`string`	`hours`	No

`request.statistics.groupBy[]` Fields¶

Field	Description	Type	Default	Required
`key`	Descriptor key used to group the aggregation result. Allowed values: `customer`, `filterID`, `filterType`, `componentHost`, `componentInstanceID`, `stage`.	`string`	None	Yes
`limit`	Maximum number of top buckets returned for this group-by key. Accepted range: `1` to `10000`; values above `10000` are capped at `10000`.	`number`	`10`	No

`request.statistics.values[]` Fields¶

Field	Description	Type	Default	Required
`name`	Metric value to aggregate. Allowed values: `matchTimeMS`, `triggerCount`, `triggerTimeMS`.	`string`	None	Yes
`aggregationFunction`	Aggregation function to apply. Allowed values: `sum`, `avg`, `min`, `max`, `wavg`, `sumOfSquares`.	`string`	`sum`	No
`weightByValue`	Metric value to use as the weight when `aggregationFunction` is `wavg`. Allowed values: `matchTimeMS`, `triggerCount`, `triggerTimeMS`.	`string`	None	Required for `wavg`

Metric Values¶

Value	Meaning
`matchTimeMS`	Time spent in milliseconds by filter logic while filtering events from the realtime stream.
`triggerCount`	Number of events matched by the filter.
`triggerTimeMS`	Time spent in milliseconds by trigger logic on events matched by the filter.

Response Notes¶

The response contains aggregated metric records.

Each item in data is one aggregate result, optionally grouped by customer, descriptor keys, and time bucket.

Important response fields:

customer: customer associated with the aggregate, if present.
keys: grouping key values for the aggregate. Each key can contain name, raw value, and optional translation.
metricTimestamp: timestamp for the aggregate bucket when time bucketing was requested.
values: aggregated metric values, with metric name, numeric value, and optional unit.
metricDescriptorID: descriptor identifier. It is not a user-facing metric value.

Usage Notes

The LLM should use generateProcessingEventsPerFilterMetricAggregationQuery before executing the aggregation so metric values, grouping, time bucketing, and enum values are validated.
Use sum for totals, avg for arithmetic averages, min and max for extremes, and wavg only when the user asks for or needs a weighted average.
When wavg is used, weightByValue must identify the metric value that supplies the weight.
For time bucketing, choose a resolution that produces at most 10000 buckets over the selected time range.
Use translation for display when available, but preserve raw key values when exact identifiers matter.
Do not combine or infer aggregate records that are not present in the response.

Argus Metric REST MCP Tools¶

General Notes¶

Tool: executeProcessingEventsPerFilterMetricAggregation¶

request Fields¶

request.filter Fields¶

request.filter.timeFilter Fields¶

request.filter.keyFilter Fields¶

request.statistics Fields¶

request.statistics.timeBucket Fields¶

request.statistics.groupBy[] Fields¶

request.statistics.values[] Fields¶