All Products
Search
Document Center

ActionTrail:Insights event structure

Last Updated:Aug 22, 2023

This topic describes the key fields in an Insights event and provides an example of an Insights event.

Key fields

Field

Description

eventVersion

The version of the Insights event format. The current version is 1.

eventType

The type of the event. The value is ActionTrailInsight, which indicates an Insights event.

eventCategory

The category of the event. The value is Insight, which indicates an Insights event.

eventId

The ID of the event.

eventTime

The time when the event was generated. The time is displayed in UTC.

acsRegion

The region to which the event belongs.

recipientAccountId

The ID of the Alibaba Cloud account that receives the event.

sharedEventId

The ID of the event that is associated with the Insights event.

insightDetails

The details of the Insights event.

For more information, see Fields in InsightDetails.

Table 1. Fields in InsightDetails

Field

Description

state

The status of the Insights event.

insightType

The type of the Insights event. Valid values:

  • IpInsight: Insights event on IP address

  • ApiCallRateInsight: Insights event on API call rate

  • ApiErrorRateInsight: Insights event on API error rate

  • AkInsight: Insights event on AccessKey pair call rate

  • PolicyChangeInsight: Insights event on permission change

  • PasswordChangeInsight: Insights event on password change

  • TrailConcealmentInsight: Insights event on trail concealment

insightObject

The analysis object of the Insights event.

  • If the value of insightType is IpInsight, the value of this field is an IP address.

  • If the value of insightType is ApiCallRateInsight, the value of this field is a cloud service name or event name.

  • If the value of insightType is ApiErrorRateInsight, the value of this field is a cloud service name, event name, or error code.

  • If the value of AkInsight is AkInsight, the value of this field is an AccessKey ID.

  • If the value of insightType is PolicyChangeInsight, PasswordChangeInsight, or TrailConcealmentInsight, the value of this field is a cloud service name.

insightContext

The additional information about the Insights event.

For more information, see Fields in insightContext.

Table 2. Fields in insightContext

Field

Description

attributions

The multi-dimensional aggregation analysis.

For more information, see Fields in attributions.

statistics

The statistical analysis.

For more information, see Fields in statistics.

Table 3. Fields in attributions

Field

Description

attribution

The multi-dimensional aggregation analysis. Different types of events include different fields.

  • Fields that are included in an IpInsight Insights event: userAgent, principalId, apiRelated, and errorCode

  • Fields that are included in an ApiCallRateInsight Insights event: userAgent, principalId, and errorCode

  • Fields that are included in an ApiErrorRateInsight Insights event: userAgent and principalId

  • Fields that are included in an AkInsight Insights event: userAgent, apiRelated, ipRelated, and errorCode

  • Fields that are included in a PolicyChangeInsight Insights event, a PasswordChangeInsight Insights event, or a TrailConcealmentInsight Insights event: userAgent, principalId, apiRelated, ipRelated, and errorCode

insight

The actual data of the Insights event.

baseline

The baseline based on which the Insights event is generated.

Table 4. Fields in statistics

Field

Description

insight

The actual data of the Insights event.

insightDuration

The duration of the Insights event.

Unit: minutes.

baseline

The baseline based on which the Insights event is generated.

baselineDuration

The duration for the baseline.

Unit: minutes.

insightCount

The number of management events that are generated within the duration of the Insights event.

Examples

  • IpInsight

    {
          "eventId": "493C2E32-F83B-4267-8050-314C8E77094A",
          "eventCategory": "Insight",
          "sharedEventId": "5A72E7C7-95A8-4213-9AA1-6138492977A3",
          "eventVersion": "1",
          "eventTime": "2023-07-24T03:27:00Z",
          "insightDetails": {
            "insightContext": {
              "attributions": [
                {
                  "insight": [
                    {
                      "average": 2,
                      "value": "JavaSDK Revision:9760a99 Version:0.43.3 JavaVersion:1.8.0_212 CLT(0.43.2 : 9226976); Linux(169.254.224.20/cn-hangzhou-99x4c3iojty1by1bb6x3if2****)"
                    }
                  ],
                  "attribute": "userAgent"
                },
                {
                  "insight": [
                    {
                      "average": 2,
                      "value": "28413042062885****"
                    }
                  ],
                  "attribute": "principalId"
                },
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "MaxCompute/JobChange"
                    },
                    {
                      "average": 1,
                      "value": "MaxCompute/InsertJob"
                    }
                  ],
                  "attribute": "apiRelated"
                },
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "ODPS-0130071"
                    },
                    {
                      "average": 1,
                      "value": "null"
                    }
                  ],
                  "attribute": "errorCode"
                }
              ],
              "statistics": {
                "insight": {
                  "average": 2,
                  "predict": 0
                },
                "insightDuration": 1,
                "baseline": {
                  "threshold": 0.6
                },
                "insightCount": 2
              }
            },
            "sourceIpAddress": "22.17.XX.XX",
            "state": "Start",
            "insightType": "IpInsight"
          },
          "acsRegion": "cn-hangzhou",
          "eventType": "ActionTrailInsight"
        }
  • ApiCallRateInsight

    {
          "eventId": "2AA62459-79F4-4AA4-B729-F6C90369E91F",
          "eventCategory": "Insight",
          "sharedEventId": "5A3499B4-5446-40B3-87BF-7D1603CA4ED0",
          "eventVersion": "1",
          "eventTime": "2023-07-25T00:31:00Z",
          "insightDetails": {
            "insightContext": {
              "attributions": [
                {
                  "insight": [
                    {
                      "average": 364,
                      "value": "JavaSDK Revision:046519a Version:0.40.14 JavaVersion:1.8.0_212 DATAX"
                    }
                  ],
                  "attribute": "userAgent",
                  "baseline": [
                    {
                      "average": 526.2147,
                      "value": "JavaSDK Revision:046519a Version:0.40.14 JavaVersion:1.8.0_212 DATAX"
                    },
                    {
                      "average": 125.13071,
                      "value": "JavaSDK Revision:dc3569f Version:0.40.4 JavaVersion:1.8.0_212 DATAX"
                    },
                    {
                      "average": 0.13817,
                      "value": "JavaSDK Revision:046519a Version:0.40.14 JavaVersion:1.8.0_112 DATAX"
                    },
                    {
                      "average": 0.03728,
                      "value": "JavaSDK Revision:dc3569f Version:0.40.4 JavaVersion:1.8.0_112 DATAX"
                    },
                    {
                      "average": 0.04539,
                      "value": "others"
                    }
                  ]
                },
                {
                  "insight": [
                    {
                      "average": 364,
                      "value": "21781321968501****"
                    }
                  ],
                  "attribute": "principalId",
                  "baseline": [
                    {
                      "average": 651.50726,
                      "value": "21781321968501****"
                    },
                    {
                      "average": 0.04539,
                      "value": "29645888701658****"
                    },
                    {
                      "average": 0.01359,
                      "value": "116214297662****"
                    }
                  ]
                },
                {
                  "insight": [
                    {
                      "average": 364,
                      "value": "null"
                    }
                  ],
                  "attribute": "errorCode",
                  "baseline": [
                    {
                      "average": 651.5663,
                      "value": "null"
                    }
                  ]
                }
              ],
              "statistics": {
                "baselineDuration": 6036,
                "insight": {
                  "average": 364
                },
                "insightDuration": 1,
                "baseline": {
                  "average": 8.35901
                }
              }
            },
            "state": "Start",
            "insightType": "ApiCallRateInsight",
            "insightObject": "MaxCompute/UploadTable"
          },
          "acsRegion": "cn-shanghai",
          "eventType": "ActionTrailInsight"
        }
  • ApiErrorRateInsight

    {
          "eventId": "D8A2E554-6030-4759-AC86-39D9A6657141",
          "eventCategory": "Insight",
          "sharedEventId": "1D5E87F8-74BD-4602-A46F-15D121A40076",
          "eventVersion": "1",
          "eventTime": "2023-07-24T05:55:00Z",
          "insightDetails": {
            "insightContext": {
              "attributions": [
                {
                  "insight": [
                    {
                      "average": 10,
                      "value": "pre-actiontrail.console.aliyun.com"
                    }
                  ],
                  "attribute": "userAgent",
                  "baseline": [
                    {
                      "average": 0.00128,
                      "value": "actiontrail.console.aliyun.com"
                    },
                    {
                      "average": 0.00035,
                      "value": "pre-actiontrail.console.aliyun.com"
                    }
                  ]
                },
                {
                  "insight": [
                    {
                      "average": 10,
                      "value": "29228928693846****"
                    }
                  ],
                  "attribute": "principalId",
                  "baseline": [
                    {
                      "average": 0.00055,
                      "value": "29228928693846****"
                    },
                    {
                      "average": 0.00036,
                      "value": "22849585603625****"
                    },
                    {
                      "average": 0.00029,
                      "value": "20760722332912****"
                    },
                    {
                      "average": 0.00024,
                      "value": "28162628619075****"
                    },
                    {
                      "average": 0.00018,
                      "value": "others"
                    }
                  ]
                }
              ],
              "statistics": {
                "baselineDuration": 82210,
                "insight": {
                  "average": 10
                },
                "insightDuration": 1,
                "baseline": {
                  "average": 0.00081
                }
              }
            },
            "state": "Start",
            "insightType": "ApiErrorRateInsight",
            "insightObject": "Actiontrail/GetTrailStatus/TrailNotFoundException"
          },
          "acsRegion": "cn-shanghai",
          "eventType": "ActionTrailInsight"
        }
  • AkInsight

    {
          "eventId": "36DD0E98-00C4-42F5-9FE9-6E4EDCD69C0B",
          "eventCategory": "Insight",
          "sharedEventId": "7E31028F-9C6F-4BDF-83C7-68A70930CEBD",
          "eventVersion": "1",
          "eventTime": "2023-07-24T20:06:00Z",
          "insightDetails": {
            "insightContext": {
              "attributions": [
                {
                  "insight": [
                    {
                      "average": 194,
                      "value": "Tunnel C++ SDK, ee4d58de889e126667fdc13608058f3487596b72."
                    }
                  ],
                  "attribute": "userAgent",
                  "baseline": [
                    {
                      "average": 0.44587,
                      "value": "Tunnel C++ SDK, ee4d58de889e126667fdc13608058f3487596b72."
                    }
                  ]
                },
                {
                  "insight": [
                    {
                      "average": 194,
                      "value": "MaxCompute/DownloadTable"
                    }
                  ],
                  "attribute": "apiRelated",
                  "baseline": [
                    {
                      "average": 0.44587,
                      "value": "MaxCompute/DownloadTable"
                    }
                  ]
                },
                {
                  "insight": [
                    {
                      "average": 194,
                      "value": "null"
                    }
                  ],
                  "attribute": "errorCode",
                  "baseline": [
                    {
                      "average": 0.44587,
                      "value": "null"
                    }
                  ]
                },
                {
                  "insight": [
                    {
                      "average": 194,
                      "value": "Internal"
                    }
                  ],
                  "attribute": "ipRelated",
                  "baseline": [
                    {
                      "average": 0.44587,
                      "value": "Internal"
                    }
                  ]
                }
              ],
              "statistics": {
                "baselineDuration": 9976,
                "insight": {
                  "average": 194
                },
                "insightDuration": 1,
                "baseline": {
                  "average": 0.2066
                }
              }
            },
            "state": "Start",
            "insightType": "AkInsight",
            "insightObject": "LTAI4FyADTcgMMZa61mE****"
          },
          "acsRegion": "cn-shanghai",
          "eventType": "ActionTrailInsight"
        }
  • PasswordChangeInsight, PolicyChangeInsight, and TrailConcealmentInsight

    {
          "eventId": "B0DB3701-3438-41D4-9AA5-CABE8F20AEE0",
          "eventCategory": "Insight",
          "sharedEventId": "1003F2A8-B4B4-4AFC-8F3C-07FD45886F47",
          "eventVersion": "1",
          "eventTime": "2023-07-24T05:55:00Z",
          "insightDetails": {
            "insightContext": {
              "attributions": [
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "pre-actiontrail.console.aliyun.com"
                    }
                  ],
                  "attribute": "Actiontrail/DeleteTrail/userAgent"
                },
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "null"
                    }
                  ],
                  "attribute": "Actiontrail/DeleteTrail/accessKeyId"
                },
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "29228928693846****"
                    }
                  ],
                  "attribute": "Actiontrail/DeleteTrail/principalId"
                },
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "null"
                    }
                  ],
                  "attribute": "Actiontrail/DeleteTrail/errorCode"
                },
                {
                  "insight": [
                    {
                      "average": 1,
                      "value": "Internal"
                    }
                  ],
                  "attribute": "Actiontrail/DeleteTrail/ipRelated"
                }
              ]
            },
            "state": "Start",
            "insightType": "TrailConcealmentInsight",
            "insightObject": "Actiontrail"
          },
          "acsRegion": "cn-shanghai",
          "eventType": "ActionTrailInsight"
        }