Skip to content

Events


Guance provides a comprehensive event management and auditing platform that supports real-time monitoring and unified querying of multi-source event data. Through event aggregation and correlation, it can quickly locate anomalies and efficiently analyze data.

Under the Events feature module, you can monitor system abnormalities and service quality degradation issues through features such as monitors, intelligent inspections, and SLOs. All monitoring activities will generate event records, which are aggregated into the event analysis module for in-depth analysis and processing. This one-stop approach ensures that you have full visibility into the health of your system and can respond promptly to any potential issues.

Event Sources

Viewing Event Records

Event Content

Taking events triggered by monitor rules as an example, the event content is primarily based on the information filled in at Create Rules > Event Notifications.

As shown in the figure below, the event title is defined as Log Detection - Multi Index, and the event content includes DQL query statements and variables. The system generates and displays the final results based on actual monitoring data.

After the rule detects an anomaly, you can view related event content in Events > Event Details.

Event Field Description

The final event record will include the following fields:

Field
Description
date / timestamp Generation time. Unit in seconds
df_date_range Time range. Unit in seconds
df_check_range_start Start time of the check range. Unit in seconds
df_check_range_end End time of the check range. Unit in seconds
df_issue_start_time Time of the first failure occurrence in this round. Unit in seconds
df_issue_duration Duration of the failure in this round, unit in seconds (from df_issue_start_time to this event)
df_source Event source. Includes monitor, user, system, custom, audit
df_status Event status. Includes ok, info, warning, error, critical, nodata, nodata_ok, nodata_as_ok, manual_ok
df_sub_status Detailed event status (as a supplement to df_status)
df_event_id Unique event ID
df_title Title
df_message Description
  • When df_source = monitor, the following additional fields exist:
Field
Description
df_dimension_tags Detection dimension tags, such as {"host":"web01"}
df_monitor_id Alert strategy ID
df_monitor_name Alert strategy name
df_monitor_type Type: Custom monitoring events are custom, SLO events are slo, intelligent inspection events are fixed as bot_obs
df_monitor_checker Execution function name, such as: custom_metric etc.
df_monitor_checker_sub Detection phase: Generated during the data gap detection phase is nodata, generated during the normal detection phase is check
df_monitor_checker_id Monitor ID
df_monitor_checker_name Monitor name
df_monitor_checker_value Abnormal value when the event occurs
df_monitor_checker_value_dumps Abnormal value when the event occurs (JSON serialized)
Convenient for obtaining the original value via deserialization
df_monitor_checker_value_with_unit Abnormal value when the event occurs (optimal unit)
df_monitor_checker_ref Monitor association, only associated with fields linked to the DQL statement in the detection configuration
df_monitor_checker_event_ref Monitor event association, only associated with fields linked to df_dimension_tags and df_monitor_checker_id
df_monitor_ref_key Self-built inspection association key, used for correspondence with self-built inspections
df_fault_id Failure ID in this round, takes the value of the first failure event's df_event_id
df_fault_status Failure status in this round, redundant field of df_status and df_sub_status, marking whether it is OK, with the following values:
ok: Normal
fault: Failure
df_fault_start_time Start time of the failure in this round.
df_fault_duration Duration of the failure in this round, unit in seconds (from df_issue_start_time to this event)
df_event_detail Event detection details
df_event_report Intelligent monitoring report data
df_user_id Operator user ID when manually restored
df_user_name Operator username when manually restored
df_user_email Operator user email when manually restored
df_crontab_exec_mode Execution mode, optional values.
  • Automatic trigger (i.e., scheduled execution) crontab
  • Asynchronous call (i.e., manual execution) manual
  • df_site_name Current Guance site name
    df_workspace_name Belonging workspace name
    df_workspace_uuid Belonging workspace UUID
    df_label Monitor labels, labels specified in the monitor are stored in this field UUID
    df_alert_policy_ids Alert policy IDs (list)
    df_alert_policy_names Alert policy names (list)
    df_matched_alert_policy_rules Alert policy names and all matched rule names (list)
    df_channels List of channels for incident tracking associated with the event
    df_at_accounts @Account information
    df_at_accounts_nodata @Account information (data gap)
    df_message_at_accounts @User detailed information list in the fault alert message
    df_nodata_message_at_accounts @User detailed information list in the data gap alert message
    df_workspace_declaration Workspace attribute claims
    df_matched_alert_members List of all matching alert notification member information when selected to send by members
    df_matched_alert_upgrade_members List of all matching alert upgrade notification member information when selected to send by members
    df_matched_alert_member_groups All matching member group names when selected to send by members
    df_charts Chart information appended when charts are added in the monitor configuration and this alert event needs to send messages
    df_alert_info Recorded alert notification information
    df_is_silent Whether the event is muted, value is string "true" / "false"
    df_sent_target_types List of non-redundant alert notification object types sent for this event
    • When df_source = audit, the following additional fields exist:
    Field Description
    df_user_id Operator user ID
    df_user_name Operator username
    df_user_email Operator user email
    {Other Fields} Other fields based on specific audit data requirements
    • When df_source = user, the following additional fields exist:
    Field Description
    df_user_id Creator user ID
    df_user_name Creator username
    df_user_email Creator user email
    {Other Fields} Other fields generated based on user operations

    Further Reading

    Feedback

    Is this page helpful? ×