> ## Documentation Index > Fetch the complete documentation index at: https://docs.devhelm.io/llms.txt > Use this file to discover all available pages before exploring further. # Paged list of rule evaluations for a monitor > Filter by ruleType (e.g. consecutive_failures), region, onlyMatched=true to narrow to firing evaluations, and occurredAt window. ## OpenAPI ````yaml /openapi/monitoring-api.json get /api/v1/forensics/monitors/{id}/rule-evaluations openapi: 3.0.1 info: title: DevHelm API description: >- DevHelm monitoring and incident management API. Create and manage uptime monitors, incidents, alert channels, notification policies, and more. version: '1.0' contact: name: DevHelm url: https://devhelm.io email: support@devhelm.io servers: - url: https://api.devhelm.io description: Production security: - BearerAuth: [] tags: - name: Alert Channels description: Alert channel CRUD and connectivity testing - name: Alert Deliveries description: 'Delivery audit trail: inspect per-attempt details for alert deliveries' - name: API Auth description: Identity and quota info for API key authentication - name: API Keys description: Organization API key management - name: Audit Log description: Organization audit trail - name: Check Results description: Query raw check results, uptime statistics, and summary data - name: Dashboard description: Overview dashboard aggregates - name: Deploy Lock description: Mutex for CLI deploy operations - name: Environments description: Variable namespace management for monitors - name: Forensics description: >- Detection engine event-sourced history (policy snapshots, rule evaluations, state transitions) - name: Heartbeat description: Public ping endpoint for heartbeat monitors - name: Incident Policies description: Manage trigger, confirmation, and recovery rules for monitors - name: Incidents description: Incident management and lifecycle - name: Integrations description: Static catalog of supported alert channel integrations - name: Invites description: Organization invite management - name: Maintenance Windows description: Schedule alert-suppression windows for monitors - name: Members description: Organization member management - name: Monitor Alert Channels description: Manage alert channel mappings for a monitor - name: Monitor Assertions description: Manage assertions for a monitor - name: Monitor Auth description: Manage authentication configuration for a monitor - name: Monitors description: Monitor CRUD and lifecycle management - name: Notification Dispatches description: >- Dispatch debugging API: inspect which policies matched an incident and track delivery status - name: Notification Policies description: Org-level notification routing policies with JSONB match rules - name: Notifications description: In-app notification center - name: Organizations description: Organization management - name: Resource Groups description: Resource group CRUD and member management - name: Secrets description: Organization environment secret management - name: Service Subscriptions description: Manage which services an organization tracks - name: Status Data description: Public service status catalog, components, uptime, and incident history - name: Status Pages description: Status page management - name: Tags description: Org-scoped tag management for monitors - name: Vault description: Organization vault management (admin-only) - name: Webhooks description: Webhook endpoint management, event catalog, and delivery history - name: Workspaces description: Workspace management within an organization paths: /api/v1/forensics/monitors/{id}/rule-evaluations: get: tags: - Forensics summary: Paged list of rule evaluations for a monitor description: >- Filter by ruleType (e.g. consecutive_failures), region, onlyMatched=true to narrow to firing evaluations, and occurredAt window. operationId: listMonitorRuleEvaluations parameters: - name: id in: path required: true schema: type: string format: uuid - name: ruleType in: query required: false schema: type: string - name: region in: query required: false schema: type: string - name: onlyMatched in: query required: false schema: type: boolean - name: from in: query required: false schema: type: string format: date-time - name: to in: query required: false schema: type: string format: date-time - name: pageable in: query required: true schema: $ref: '#/components/schemas/Pageable' responses: '200': description: OK content: '*/*': schema: $ref: '#/components/schemas/TableValueResultRuleEvaluationDto' '400': description: Bad request — the payload failed validation content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized — missing or invalid credentials content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden — the actor lacks permission for this resource content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Not found — the requested resource does not exist content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '409': description: Conflict — the request collides with current resource state content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error — see the message field for details content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '502': description: Bad gateway — an upstream provider returned an error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '503': description: Service unavailable — try again shortly content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' components: schemas: Pageable: type: object properties: page: minimum: 0 type: integer format: int32 size: minimum: 1 type: integer format: int32 sort: type: array items: type: string required: - page - size - sort TableValueResultRuleEvaluationDto: required: - data - hasNext - hasPrev type: object properties: data: type: array items: $ref: '#/components/schemas/RuleEvaluationDto' hasNext: type: boolean hasPrev: type: boolean totalElements: type: integer format: int64 nullable: true totalPages: type: integer format: int32 nullable: true ErrorResponse: required: - code - message - status - timestamp type: object properties: status: type: integer description: HTTP status code (mirrors the response status line) format: int32 example: 404 code: type: string description: >- Coarse machine-readable error category (e.g. NOT_FOUND, RATE_LIMITED); stable per status example: NOT_FOUND message: type: string description: Human-readable error message; safe to surface to end users example: Monitor not found timestamp: type: integer description: Server time when the error was produced (epoch milliseconds) format: int64 example: 1737302400000 requestId: type: string description: >- Opaque per-request id; same value as the X-Request-Id response header. Use in support tickets. nullable: true example: 5b6f7a8c-1234-4d5e-9f0a-1b2c3d4e5f6a errors: type: array description: >- Structured per-field rejections; populated for validation errors, null otherwise nullable: true items: nullable: true allOf: - $ref: '#/components/schemas/ErrorEntry' description: Uniform error envelope returned for every non-2xx response example: status: 404 code: NOT_FOUND message: Monitor not found timestamp: 1737302400000 requestId: 5b6f7a8c-1234-4d5e-9f0a-1b2c3d4e5f6a RuleEvaluationDto: required: - checkId - engineVersion - evaluationDetails - id - inputResultIds - monitorId - occurredAt - policySnapshotHashHex - region - ruleScope - ruleType - ruleIndex - outputMatched type: object properties: id: type: string description: Forensic row UUID format: uuid occurredAt: type: string description: When the evaluation ran format: date-time monitorId: type: string description: Monitor that produced the input check result format: uuid region: minLength: 1 type: string description: Probe region of the input check result policySnapshotHashHex: minLength: 1 type: string description: Hex-encoded hash of the policy snapshot this rule came from ruleIndex: type: integer description: Index into the policy's triggerRules array (0-based) format: int32 ruleType: minLength: 1 type: string description: Rule type (e.g. consecutive_failures, failures_in_window) ruleScope: minLength: 1 type: string description: Rule scope (per_region | multi_region) inputResultIds: minItems: 1 type: array description: check_results IDs that were inputs to this evaluation (newest first) items: type: string description: >- check_results IDs that were inputs to this evaluation (newest first) format: uuid outputMatched: type: boolean description: Whether the rule fired on this evaluation evaluationDetails: type: object additionalProperties: type: object description: Structured details (e.g. failure counts, response-time aggregates) description: Structured details (e.g. failure counts, response-time aggregates) engineVersion: minLength: 1 type: string description: Detection engine version that ran this evaluation checkId: type: string description: >- Scheduler-minted check execution ID (V92) — the causal chain identifier format: uuid triggeringTransitionId: type: string description: >- If this evaluation caused a state transition, points to that transition's id format: uuid nullable: true description: All rule evaluations that ran for this check ErrorEntry: required: - code - message type: object properties: code: minLength: 1 type: string description: >- Stable machine-readable code; see ValidationErrorCode for the registry example: MONITOR_HEARTBEAT_GRACE_EXCEEDS_INTERVAL field: type: string description: >- JSON-pointer-like path to the offending field, or null for request-wide errors nullable: true example: config.gracePeriod message: minLength: 1 type: string description: Human-readable message; safe to surface to end users description: One structured validation rejection securitySchemes: BearerAuth: type: http description: API key (dh_live_...) or Auth0 JWT token scheme: bearer bearerFormat: JWT ````