Skip to content

Event Center

Guance provides an event management and auditing platform that supports real-time monitoring and unified querying of event data from multiple sources. Through event aggregation and correlation, it can quickly locate anomalies and efficiently analyze data.

Under the Event Center feature module, you can monitor system anomalies and service quality degradation through functional modules such as Monitors and SLO. The results of all monitoring activities generate event records, which are aggregated into the Explorer module for further in-depth analysis and processing.

Event Sources

Event Views

  • All Events: Aggregates events from all sources.

  • Unrecovered Events: Displays events that have not recovered (df_status !=ok) in the current workspace within the last 48 hours.

  • Change Events: Event records for operational activities in Kubernetes clusters that differ from the expected pattern.

  • Intelligent Monitoring Events: Includes all events triggered by meeting Intelligent Monitoring rules.

Event Content

Taking events triggered by Monitor rules as an example, the event content is primarily based on the information filled in at Create > Event Notification.

As shown in the figure below, the event title is defined as Log Detection - Multi-Index, and the event content includes DQL query statements and variables. The system will generate and display the final result based on actual monitoring data.

After the rule detects an anomaly, you can view the relevant event content in Event > Event Details.

Event Fields

The final event record will contain the following fields:

Field
 Description
date / timestamp Generation time. Unit: seconds.
df_date_range Time range. Unit: seconds.
df_check_range_start Detection range start time. Unit: seconds.
df_check_range_end Detection range end time. Unit: seconds.
df_issue_start_time The time when the first failure occurred in this round. Unit: seconds.
df_issue_duration The duration of this round of failure, in seconds (from df_issue_start_time to this event).
df_source Event source. Includes monitor, user, system, custom, audit.
df_status Event status. Includes ok, info, warning, error, critical, nodata, nodata_ok, nodata_as_ok, manual_ok.
df_sub_status Event detail status (supplement to df_status).
df_event_id Event unique ID.
df_title Title.
df_message Description.
  • When df_source = monitor, the following additional fields exist:
Field
 Description
df_dimension_tags Detection dimension tags, e.g., {"host":"web01"}.
df_monitor_id Alert policy ID.
df_monitor_name Alert policy name.
df_monitor_type Belonging type: custom for custom monitoring events, slo for SLO events, fixed as bot_obs for Intelligent Inspection events.
df_monitor_checker Execution function name, e.g., custom_metric, etc.
df_monitor_checker_sub Detection phase: nodata for those generated during the data gap detection phase, check for those generated during the normal detection phase.
df_monitor_checker_id Monitor ID.
df_monitor_checker_name Monitor name.
df_monitor_checker_value Anomaly value when the event was generated.
df_monitor_checker_value_dumps Anomaly value when the event was generated (JSON serialized).
Facilitates obtaining the original value through deserialization by the user.
df_monitor_checker_value_with_unit Anomaly value when the event was generated (optimal unit).
df_monitor_checker_ref Monitor association, only associated with the fields related to the DQL statement of the detection configuration.
df_monitor_checker_event_ref Monitor event association, only associated with df_dimension_tags and df_monitor_checker_id.
df_monitor_ref_key Association Key for self-built inspections, used to correspond with self-built inspections.
df_fault_id This round of fault ID, takes the value of the df_event_id of the first failure event.
df_fault_status This round of fault status, a redundant field for df_status and df_sub_status, marking whether it is OK, with the following values:
ok: normal
fault: failure.
df_fault_start_time The start time of this round of failure.
df_fault_duration The duration of this round of failure, in seconds (from df_issue_start_time to this event).
df_event_detail Event detection details.
df_event_report Intelligent monitoring report data.
df_user_id Operator user ID when manually recovered.
df_user_name Operator username when manually recovered.
df_user_email Operator user email when manually recovered.
df_crontab_exec_mode Execution mode, optional values.
  • Auto-trigger (i.e., scheduled execution) crontab
  • Asynchronous call (i.e., manual execution) manual.
    		•
    df_site_name Current Guance site name.
    df_workspace_name Belonging workspace name.
    df_workspace_uuid Belonging workspace UUID.
    df_label Monitor labels, labels specified in the monitor are stored in this field.
    df_alert_policy_ids Alert policy IDs (list).
    df_alert_policy_names Alert policy names (list).
    df_matched_alert_policy_rules Alert policy names and all matching rule names (list).
    df_channels List of Incident channels the event belongs to.
    df_at_accounts @ account information.
    df_at_accounts_nodata @ account information (data gap).
    df_message_at_accounts Detailed list of @user in failure alert messages.
    df_nodata_message_at_accounts Detailed list of @user in data gap alert messages.
    df_workspace_declaration Workspace attribute claims.
    df_matched_alert_members List of all matched alert notification member information when sending by member is selected.
    df_matched_alert_upgrade_members List of all matched alert upgrade notification member information when sending by member is selected.
    df_matched_alert_member_groups All matched member group names when sending by member is selected.
    df_charts Chart information appended when charts are added in the monitor configuration and this alert event needs to send a message.
    df_alert_info Records alert notification information.
    df_is_silent Whether the event is muted, takes the string value "true" / "false".
    df_sent_target_types List of non-duplicate alert notification target types that this event has been sent to.
    df_check_targets Records the detection time and detection metrics in the monitor configuration.
    df_check_condition, df_check_condition_expr Records the trigger rules in the monitor configuration.
    df_check_rules Records the detection count and detection rules in the monitor configuration.
    df_check_targets Records the detection time and detection metrics in the monitor configuration.
    df_check_condition Records the trigger rules in the monitor configuration.
    df_check_interval Records the detection frequency in the monitor configuration.
    df_fault_end_time Records the fault recovery time.
    • When df_source = audit, the following additional fields exist:
    Field Description
    df_user_id Operator user ID.
    df_user_name Operator username.
    df_user_email Operator user email.
    {Other fields} Other fields based on specific audit data requirements.
    • When df_source = user, the following additional fields exist:
    Field Description
    df_user_id Creator user ID.
    df_user_name Creator username.
    df_user_email Creator user email.
    {Other fields} Other fields generated by user operations.

    Further Reading

    Feedback

    Is this page helpful? ×