This topic describes the key fields of an insight event log with examples.
Key fields of an insight event log
| Field | Type | Required | Example | Description |
|---|---|---|---|---|
| eventVersion | String | Yes | 1 | The version of the log event format. The current version is 1. |
| eventTime | String | Yes | 2021-03-10T21:00:00Z | The time when the insight event was generated, in UTC. |
| acsRegion | String | Yes | cn-hangzhou | The ID of the region where the insight event was generated. |
| eventId | String | Yes | F23A3DD5-7842-4EF9-9DA1-3776396A**** | The ID of the insight event. |
| eventType | String | Yes | ActionTrailInsight | The type of the action that was recorded in the insight event log.
Valid value: ActionTrailInsight, which indicates that an insight event was generated. |
| recipient | String | Yes | 112233445566**** | The ID of the Alibaba Cloud account that receives the insight event. |
| insightDetails | Dictionary | Yes | N/A | The details of the insight event.
For more information, see Table 1. |
| eventCategory | String | Yes | Insight | The type of the generated event. Valid values:
|
| userIdentity | Dictionary | Yes | N/A | The identity information about the requester.
For more information, see Table 1. |
The following table describes the fields that InsightDetails contains.
| Field | Type | Required | Example | Description |
|---|---|---|---|---|
| sourceIpAddress | String | Yes | 42.120.XX.XX | The IP address from which the insight event was generated. The value also represents an unusual IP address for an insight event of the IPInsight type. |
| insightType | String | Yes | IpInsight | The type of the insight event.
Valid value: IpInsight, which indicates an insight event that was generated due to API calls from an unusual IP address. |
| insightContext | Dictionary | Yes | N/A | The additional information about the insight event.
For more information, see Table 2. |
The following table describes the fields that insightContext contains.
| Field | Type | Required | Example | Description |
|---|---|---|---|---|
| statistics | Dictionary | Yes | N/A | The statistics recorded by the insight event. For example, this field may indicate the standard threshold, actual predicted value, and duration in seconds of the insight event, and the number of times the action is recorded. |
| baseline | Dictionary | Yes | N/A | The statistics on the standard threshold for the insight event. |
| threshold | DOUBLE | Yes | 0.6 | The standard threshold to measure the action recorded by the insight event. The action is considered normal if the actual predicted value is greater than the standard threshold. Otherwise, the action is considered abnormal. |
| insight | Dictionary | Yes | N/A | The statistics on the actual predicted value of the insight event. |
| predict | DOUBLE | Yes | 0.1 | The actual predicted value to measure the action recorded by the insight event. The action is considered normal if the actual predicted value is greater than the standard threshold. Otherwise, the action is considered abnormal. |
| insightDuration | Integer | Yes | 300 | The duration of the insight event.
Unit: seconds. |
| insightCount | Integer | Yes | 10 | The number of times the action is recorded. |
Example
{
"event": {
"eventVersion": "1",
"eventTime": 2021-03-10T21:00:00Z
"acsRegion": "cn-hangzhou",
"eventID": "F23A3DD5-7842-4EF9-9DA1-3776396A****",
"eventType": "ActionTrailInsight",
"recipient": "116214297662****",
"insightDetails": {
"sourceIpAddress": "42.120.XX.XX",
"insightType": "IpInsight",
"insightContext": {
"statistics": {
"baseline": {
"threshold": 0.6
},
"insight": {
"predict": 0.12
},
"insightDuration": 300,
"insightCount": 10
}
}
},
"userIdentity": {
"accountId": "112432432434****",
"principalId": "231321312321****"
},
"eventCategory": "Insight"
}
}