全部產品
Search
文件中心

ActionTrail:Insights事件結構定義

更新時間:Jun 30, 2024

本文為您介紹Insights事件的關鍵字段和樣本。

關鍵字段

名稱

描述

eventVersion

Insights事件格式的版本,目前的版本為1。

eventType

產生的事件類型。取值:ActionTrailInsight(Insights事件)。

eventCategory

事件分類。取值:Insight(Insights事件)。

eventId

事件ID。

eventTime

事件產生時間(UTC格式)。

acsRegion

事件歸屬地區。

recipientAccountId

接收事件的阿里雲帳號ID。

sharedEventId

Insights事件的關聯事件ID。

insightDetails

Insights事件的具體資訊。

更多資訊,請參見InsightDetails包含的欄位

表 1. InsightDetails包含的欄位

名稱

描述

state

Insights事件狀態。

insightType

Insights事件類型。取值:

  • IpInsight:可能發生顯著變化的IP呼叫事件。

  • ApiCallRateInsight:API調用率發生顯著變化的事件。

  • ApiErrorRateInsight:API錯誤率發生顯著變化的事件。

  • AkInsight:AccessKey調用率發生顯著變化的事件。

  • PolicyChangeInsight:許可權變更事件。

  • PasswordChangeInsight:密碼變更事件。

  • TrailConcealmentInsight:隱匿行蹤事件。

insightObject

Insights事件分析對象。取值如下:

  • insightTypeIpInsight時,取值為IP地址。

  • insightTypeApiCallRateInsight時,取值為雲產品名稱或事件名稱。

  • insightTypeApiErrorRateInsight時,取值為雲產品名稱、事件名稱或錯誤碼。

  • insightTypeAkInsight時,取值為AccessKey ID。

  • insightTypePolicyChangeInsightPasswordChangeInsightTrailConcealmentInsight時,取值為雲產品名稱。

insightContext

Insights相關資訊。

更多資訊,請參見insightContext包含的欄位

表 2. insightContext包含的欄位

名稱

描述

attributions

多維度彙總分析。

更多資訊,請參見attributions包含的欄位

statistics

統計分析。

更多資訊,請參見statistics包含的欄位

表 3. attributions包含的欄位

名稱

描述

attribution

多維度彙總分析。不同事件類型包含資訊如下:

  • IpInsight事件包含userAgent、principalId、apiRelated和errorCode等資訊。

  • ApiCallRateInsight事件包含userAgent、principalId和errorCode等資訊。

  • ApiErrorRateInsight事件包含userAgent和principalId等資訊。

  • AkInsight事件包含userAgent、apiRelated、ipRelated和errorCode等資訊。

  • PolicyChangeInsight事件、PasswordChangeInsight事件和TrailConcealmentInsight事件包含userAgent、principalId、apiRelated、ipRelated和errorCode等資訊。

insight

Insights事件實際測量資料。

baseline

Insights事件基準測量資料。

表 4. statistics包含的欄位

名稱

描述

insight

Insights事件實際測量資料。

insightDuration

Insights事件的期間。

單位:分鐘。

baseline

Insights事件基準測量資料。

baselineDuration

Baseline期間。

單位:分鐘。

insightCount

Insights期間內涉及的管控事件數目。

樣本

  • IpInsight

    {
          "eventId": "493C2E32-F83B-4267-8050-314C8E77094A",
          "eventCategory": "Insight",
          "sharedEventId": "5A72E7C7-95A8-4213-9AA1-6138492977A3",
          "eventVersion": "1",
          "eventTime": "2023-07-24T03:27:00Z",
          "insightDetails": {
            "insightContext": {
              "attributions": [
                {
                  "insight": [
                    {
                      "average": 2,
                      "value": "JavaSDK Revision:9760a99 Version:0.43.3 JavaVersion:1.8.0_212 CLT(0.43.2 : 9226976); Linux(169.254.224.20/cn-hangzhou-99x4c3iojty1by1bb6x3if2****)"
                    }
                  ],
                  "attribute": "userAgent"
                },
                {
                  "insight": [
                    {
                      "average": 2,
                      "value": "28413042062885****"
                    }
                  ],
                  "attribute": "principalId"
                },
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "MaxCompute/JobChange"
                    },
                    {
                      "average": 1,
                      "value": "MaxCompute/InsertJob"
                    }
                  ],
                  "attribute": "apiRelated"
                },
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "ODPS-0130071"
                    },
                    {
                      "average": 1,
                      "value": "null"
                    }
                  ],
                  "attribute": "errorCode"
                }
              ],
              "statistics": {
                "insight": {
                  "average": 2,
                  "predict": 0
                },
                "insightDuration": 1,
                "baseline": {
                  "threshold": 0.6
                },
                "insightCount": 2
              }
            },
            "sourceIpAddress": "22.17.XX.XX",
            "state": "Start",
            "insightType": "IpInsight"
          },
          "acsRegion": "cn-hangzhou",
          "eventType": "ActionTrailInsight"
        }
  • ApiCallRateInsight

    {
          "eventId": "2AA62459-79F4-4AA4-B729-F6C90369E91F",
          "eventCategory": "Insight",
          "sharedEventId": "5A3499B4-5446-40B3-87BF-7D1603CA4ED0",
          "eventVersion": "1",
          "eventTime": "2023-07-25T00:31:00Z",
          "insightDetails": {
            "insightContext": {
              "attributions": [
                {
                  "insight": [
                    {
                      "average": 364,
                      "value": "JavaSDK Revision:046519a Version:0.40.14 JavaVersion:1.8.0_212 DATAX"
                    }
                  ],
                  "attribute": "userAgent",
                  "baseline": [
                    {
                      "average": 526.2147,
                      "value": "JavaSDK Revision:046519a Version:0.40.14 JavaVersion:1.8.0_212 DATAX"
                    },
                    {
                      "average": 125.13071,
                      "value": "JavaSDK Revision:dc3569f Version:0.40.4 JavaVersion:1.8.0_212 DATAX"
                    },
                    {
                      "average": 0.13817,
                      "value": "JavaSDK Revision:046519a Version:0.40.14 JavaVersion:1.8.0_112 DATAX"
                    },
                    {
                      "average": 0.03728,
                      "value": "JavaSDK Revision:dc3569f Version:0.40.4 JavaVersion:1.8.0_112 DATAX"
                    },
                    {
                      "average": 0.04539,
                      "value": "others"
                    }
                  ]
                },
                {
                  "insight": [
                    {
                      "average": 364,
                      "value": "21781321968501****"
                    }
                  ],
                  "attribute": "principalId",
                  "baseline": [
                    {
                      "average": 651.50726,
                      "value": "21781321968501****"
                    },
                    {
                      "average": 0.04539,
                      "value": "29645888701658****"
                    },
                    {
                      "average": 0.01359,
                      "value": "116214297662****"
                    }
                  ]
                },
                {
                  "insight": [
                    {
                      "average": 364,
                      "value": "null"
                    }
                  ],
                  "attribute": "errorCode",
                  "baseline": [
                    {
                      "average": 651.5663,
                      "value": "null"
                    }
                  ]
                }
              ],
              "statistics": {
                "baselineDuration": 6036,
                "insight": {
                  "average": 364
                },
                "insightDuration": 1,
                "baseline": {
                  "average": 8.35901
                }
              }
            },
            "state": "Start",
            "insightType": "ApiCallRateInsight",
            "insightObject": "MaxCompute/UploadTable"
          },
          "acsRegion": "cn-shanghai",
          "eventType": "ActionTrailInsight"
        }
  • ApiErrorRateInsight

    {
          "eventId": "D8A2E554-6030-4759-AC86-39D9A6657141",
          "eventCategory": "Insight",
          "sharedEventId": "1D5E87F8-74BD-4602-A46F-15D121A40076",
          "eventVersion": "1",
          "eventTime": "2023-07-24T05:55:00Z",
          "insightDetails": {
            "insightContext": {
              "attributions": [
                {
                  "insight": [
                    {
                      "average": 10,
                      "value": "pre-actiontrail.console.aliyun.com"
                    }
                  ],
                  "attribute": "userAgent",
                  "baseline": [
                    {
                      "average": 0.00128,
                      "value": "actiontrail.console.aliyun.com"
                    },
                    {
                      "average": 0.00035,
                      "value": "pre-actiontrail.console.aliyun.com"
                    }
                  ]
                },
                {
                  "insight": [
                    {
                      "average": 10,
                      "value": "29228928693846****"
                    }
                  ],
                  "attribute": "principalId",
                  "baseline": [
                    {
                      "average": 0.00055,
                      "value": "29228928693846****"
                    },
                    {
                      "average": 0.00036,
                      "value": "22849585603625****"
                    },
                    {
                      "average": 0.00029,
                      "value": "20760722332912****"
                    },
                    {
                      "average": 0.00024,
                      "value": "28162628619075****"
                    },
                    {
                      "average": 0.00018,
                      "value": "others"
                    }
                  ]
                }
              ],
              "statistics": {
                "baselineDuration": 82210,
                "insight": {
                  "average": 10
                },
                "insightDuration": 1,
                "baseline": {
                  "average": 0.00081
                }
              }
            },
            "state": "Start",
            "insightType": "ApiErrorRateInsight",
            "insightObject": "Actiontrail/GetTrailStatus/TrailNotFoundException"
          },
          "acsRegion": "cn-shanghai",
          "eventType": "ActionTrailInsight"
        }
  • AkInsight

    {
          "eventId": "36DD0E98-00C4-42F5-9FE9-6E4EDCD69C0B",
          "eventCategory": "Insight",
          "sharedEventId": "7E31028F-9C6F-4BDF-83C7-68A70930CEBD",
          "eventVersion": "1",
          "eventTime": "2023-07-24T20:06:00Z",
          "insightDetails": {
            "insightContext": {
              "attributions": [
                {
                  "insight": [
                    {
                      "average": 194,
                      "value": "Tunnel C++ SDK, ee4d58de889e126667fdc13608058f3487596b72."
                    }
                  ],
                  "attribute": "userAgent",
                  "baseline": [
                    {
                      "average": 0.44587,
                      "value": "Tunnel C++ SDK, ee4d58de889e126667fdc13608058f3487596b72."
                    }
                  ]
                },
                {
                  "insight": [
                    {
                      "average": 194,
                      "value": "MaxCompute/DownloadTable"
                    }
                  ],
                  "attribute": "apiRelated",
                  "baseline": [
                    {
                      "average": 0.44587,
                      "value": "MaxCompute/DownloadTable"
                    }
                  ]
                },
                {
                  "insight": [
                    {
                      "average": 194,
                      "value": "null"
                    }
                  ],
                  "attribute": "errorCode",
                  "baseline": [
                    {
                      "average": 0.44587,
                      "value": "null"
                    }
                  ]
                },
                {
                  "insight": [
                    {
                      "average": 194,
                      "value": "Internal"
                    }
                  ],
                  "attribute": "ipRelated",
                  "baseline": [
                    {
                      "average": 0.44587,
                      "value": "Internal"
                    }
                  ]
                }
              ],
              "statistics": {
                "baselineDuration": 9976,
                "insight": {
                  "average": 194
                },
                "insightDuration": 1,
                "baseline": {
                  "average": 0.2066
                }
              }
            },
            "state": "Start",
            "insightType": "AkInsight",
            "insightObject": "LTAI4FyADTcgMMZa61mE****"
          },
          "acsRegion": "cn-shanghai",
          "eventType": "ActionTrailInsight"
        }
  • PasswordChangeInsight、PolicyChangeInsight和TrailConcealmentInsight

    {
          "eventId": "B0DB3701-3438-41D4-9AA5-CABE8F20AEE0",
          "eventCategory": "Insight",
          "sharedEventId": "1003F2A8-B4B4-4AFC-8F3C-07FD45886F47",
          "eventVersion": "1",
          "eventTime": "2023-07-24T05:55:00Z",
          "insightDetails": {
            "insightContext": {
              "attributions": [
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "pre-actiontrail.console.aliyun.com"
                    }
                  ],
                  "attribute": "Actiontrail/DeleteTrail/userAgent"
                },
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "null"
                    }
                  ],
                  "attribute": "Actiontrail/DeleteTrail/accessKeyId"
                },
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "29228928693846****"
                    }
                  ],
                  "attribute": "Actiontrail/DeleteTrail/principalId"
                },
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "null"
                    }
                  ],
                  "attribute": "Actiontrail/DeleteTrail/errorCode"
                },
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "Internal"
                    }
                  ],
                  "attribute": "Actiontrail/DeleteTrail/ipRelated"
                }
              ]
            },
            "state": "Start",
            "insightType": "TrailConcealmentInsight",
            "insightObject": "Actiontrail"
          },
          "acsRegion": "cn-shanghai",
          "eventType": "ActionTrailInsight"
        }