Query Insights events - ActionTrail - Alibaba Cloud Documentation Center

The Insights feature uses mathematical models to intelligently analyze management events that are generated within your Alibaba Cloud account to help you identify unusual activities. After the Insights feature is enabled, ActionTrail analyzes management events, identifies unusual activities that are associated with API call rates, API error rates, IP addresses, and AccessKey pair call rates, and generates Insights events. This topic describes how to query Insights events in the ActionTrail console. You can view management risks in the cloud and implement remedial measures at the earliest opportunity. In this topic, a single-account trail is created, and Insights events generated for unusual activities that are associated with API call rates are queried.

Prerequisites

A single-account trail that meets the following conditions is created:

The trail delivers events from all regions.
The trail delivers all types of events.

For more information, see Create a single-account trail.

Note

If no unusual activities are found in your Alibaba Cloud account, no Insights events are generated.

Step 1: Enable the Insights feature

Log on to the ActionTrail console.
In the left-side navigation pane, click Insights.
On the Insights page, click Enable Insights.
Note
After the Insights feature is enabled, ActionTrail generates the first Insights event after at least 24 hours.

Step 2: Query Insights events

In the left-side navigation pane, click Insights.
In the top navigation bar, select the region of the Insights events that you want to query.
On the Insights page, set the Event Type parameter to ApiCallRateInsight and click the icon.
Note
You can specify a single search condition such as IP Address or Event Type to query Insights events.
Find the Insights event that you want to query and click View Event Details in the Actions column.
In the Insights Events section on the right, click an Insights event record.
- On the Insights Events tab, you can view Basic Information and Multi-dimensional Aggregation Analysis of the Insights event record.
- On the Related Events tab, you can view all the related events and their details.
- On the Insights Event Records tab, you can view the Insights event record in the JSON format.
  Note
  For more information about the fields in an Insights event, see Insights event structure.

References

You can use the advanced event query feature to query Insights events. For more information, see Perform custom event queries.

You can query and analyze Insights events in the Simple Log Service or Object Storage Service (OSS) console. For more information, see Query events in the Simple Log Service or OSS console.
If you want to obtain the details of an Insights event from events that are delivered to Simple Log Service, you can use query statements and perform in-depth analysis. For more information, see Use Simple Log Service to analyze events.