You can use the audit log feature to query and analyze the logs of operations performed on tables and indexes in a Tablestore instance.
Background information
Simple Log Service (SLS) is a cloud-native monitoring and analysis platform that allows you to process a large amount of data such as logs, metrics, and traces in real time with low costs. For more information, see What is Simple Log Service?
The audit log feature of Tablestore integrates the features of Simple Log Service such as log query and analysis, chart, and LogReduce. The audit log feature allows you to record operations that may modify the resources in a Tablestore instance, such as creating a table, a time series table, and an index. The audit log feature can be used in scenarios such as security audits, compliance audits, and troubleshooting.
If you want to audit operations that are performed on a Tablestore instance, you can use ActionTrail to query the audit results. For more information, see What is ActionTrail? and Audit events of Tablestore.
Usage notes
The Tablestore console periodically checks whether secondary indexes are supported. Therefore, audit logs may include error messages that are reported if index names are invalid when you call the CreateIndex operation and the HTTP status code 400 is returned. You can ignore such error messages. Sample error message:
API: CreateIndex AccessKeyID: TMP.3Kg4WjY7BqkMbJNwSMgzk47************************ HttpStatus: 400 InstanceName: exampleinstance InvokerUid: 13************** RequestID: 00060883-c926-0eff-24f1-********* SourceIP: 10.10.XX.XX TableName: $$ Time: 1698211968716557 UserAgent: ots-java-sdk 5.16.0The audit log feature is applicable to the Wide Column and TimeSeries models.
Procedure
Enable the audit log feature. For more information, see Enable the audit log feature.
Query and analyze logs.
Create an alert monitoring rule for logs based on your business requirements. This way, you can monitor audit logs and receive alert notifications if the logs meet specified conditions. For more information, see Create an alert monitoring rule for logs.
Log fields
The following table describes the operation log fields that are supported by Tablestore.
The log fields include the following reserved fields of Simple Log Service:
__source__: the log source. The value of this field is fixed to log_service, which indicates that the log source is Simple Log Service.__topic__: the log topic, which indicates the name of the Logstore that stores Tablestore logs. The value of this field is fixed to table_store_audit_log.
Field | Example | Description |
API | CreateTable | The name of the API operation. |
AccessKeyID | LTAI******************** | The AccessKey ID of your Alibaba Cloud account or a Resource Access Management (RAM) user. |
HttpStatus | 200 | The HTTP status code. |
IndexName | exampleindex | The name of the index on which the operation is performed. |
InstanceName | exampleinstance | The name of the Tablestore instance. |
InvokerUid | 13************** | The ID of the Alibaba Cloud account that is used to call the operation. |
RequestID | 000607f9-2465-7617-a0cb-************ | The request ID, which uniquely identifies a request. |
SourceIP | 10.10.10.10 | The source IP address of the request. |
TableName | exampletable | The name of the table on which the operation is performed. |
Time | 1697616499144229 | The timestamp of the operation. Unit: microsecond. |
UserAgent | ots-java-sdk 5.16.1 | The version of the SDK that is installed on the client. |
Billing
If you use the audit log feature, the system creates a Logstore in Simple Log Service to store logs and uses Simple Log Service to query and analyze logs. You are charged for storage and consumed resources of Simple Log Service. For more information, see Billing overview.