This topic describes the key fields of an insight event log with examples.

Key fields of an insight event log

Field Type Required Example Description
eventVersion String Yes 1 The version of the log event format. The current version is 1.
eventTime String Yes 2021-03-10T21:00:00Z The time when the insight event was generated, in UTC.
acsRegion String Yes cn-hangzhou The ID of the region where the insight event was generated.
eventId String Yes F23A3DD5-7842-4EF9-9DA1-3776396A**** The ID of the insight event.
eventType String Yes ActionTrailInsight The type of the action that was recorded in the insight event log.

Valid value: ActionTrailInsight, which indicates that an insight event was generated.

recipient String Yes 112233445566**** The ID of the Alibaba Cloud account that receives the insight event.
insightDetails Dictionary Yes N/A The details of the insight event.

For more information, see Table 1.

eventCategory String Yes Insight The type of the generated event. Valid values:
  • Management: indicates a management event.
  • Insight: indicates an insight event.
userIdentity Dictionary Yes N/A The identity information about the requester.

For more information, see Table 1.

The following table describes the fields that InsightDetails contains.

Table 1. Fields contained in InsightDetails
Field Type Required Example Description
sourceIpAddress String Yes 42.120.XX.XX The IP address from which the insight event was generated. The value also represents an unusual IP address for an insight event of the IPInsight type.
insightType String Yes IpInsight The type of the insight event.

Valid value: IpInsight, which indicates an insight event that was generated due to API calls from an unusual IP address.

insightContext Dictionary Yes N/A The additional information about the insight event.

For more information, see Table 2.

The following table describes the fields that insightContext contains.

Table 2. Fields contained in insightContext
Field Type Required Example Description
statistics Dictionary Yes N/A The statistics recorded by the insight event. For example, this field may indicate the standard threshold, actual predicted value, and duration in seconds of the insight event, and the number of times the action is recorded.
baseline Dictionary Yes N/A The statistics on the standard threshold for the insight event.
threshold DOUBLE Yes 0.6 The standard threshold to measure the action recorded by the insight event. The action is considered normal if the actual predicted value is greater than the standard threshold. Otherwise, the action is considered abnormal.
insight Dictionary Yes N/A The statistics on the actual predicted value of the insight event.
predict DOUBLE Yes 0.1 The actual predicted value to measure the action recorded by the insight event. The action is considered normal if the actual predicted value is greater than the standard threshold. Otherwise, the action is considered abnormal.
insightDuration Integer Yes 300 The duration of the insight event.

Unit: seconds.

insightCount Integer Yes 10 The number of times the action is recorded.

Example

{
  "event": {
    "eventVersion": "1",
    "eventTime": 2021-03-10T21:00:00Z
    "acsRegion": "cn-hangzhou",
    "eventID": "F23A3DD5-7842-4EF9-9DA1-3776396A****",
    "eventType": "ActionTrailInsight",
    "recipient": "116214297662****",
    "insightDetails": {
      "sourceIpAddress": "42.120.XX.XX",
      "insightType": "IpInsight",
      "insightContext": {
        "statistics": {
          "baseline": {
            "threshold": 0.6
          },
          "insight": {
            "predict": 0.12
          },
          "insightDuration": 300,
          "insightCount": 10
        }
      }
    },
    "userIdentity": {
      "accountId": "112432432434****",
      "principalId": "231321312321****"
    },
    "eventCategory": "Insight"
  }
}