Events¶
Guance supports a one-stop view and audit of all event data. You can monitor and query events triggered by all sources in real-time, and also quickly identify anomalies and efficiently analyze abnormal data by aggregating related events and matching associated events.
Where are events from?¶
- All alert events triggered based on the configured Monitor;
- Based on the configuration, all alert events triggered by Intelligent Monitoring;
- All alert events triggered based on the configured Auto Detection;
- All alert events triggered based on configured SLO;
- Audit events based on system operations;
- Support for writing custom events through the OpenAPI of events. For more details, see Creating Event API.
Use Cases¶
- Unified event management
- Event visualization query and analysis
- Associated event query
Features¶
| Learn more | |
|---|---|
| Unrecovered Events | All Events |
| Intelligent Monitoring | Events Triggered by Monitors |
Field Description¶
| Fields | Description |
|---|---|
date / timestamp |
Generation time |
df_date_range |
Event date range |
df_check_range_start |
Detection range start time |
df_check_range_end |
Detection range end time |
df_issue_start_time |
The time of the first failure of the current round |
df_issue_duration |
The duration of this round of failures (from df_issue_start_time to this event) |
df_source |
Event source, including monitor, user, system, custom, audit |
df_status |
Event status, including ok, info, warning, error, critical, nodata, nodata_ok, nodata_as_ok, manual_ok |
df_sub_status |
Event status details. e.g. ok:Events recover from warning, error, critical, and other failure statesnodata_ok:Event returns to normal from nodata statenodata_as_ok:Event nodata status is regarded as returning to normalmanual_ok:Events of user active recovery |
df_event_id |
Event ID |
df_title |
Event title |
df_message |
Event message |
- When
df_source = monitor, the following additional fields exist:
| Fields | Description |
|---|---|
df_dimension_tags |
Event detection dimension tags, e.g. {"host":"web01"} |
df_monitor_id |
alert policy ID |
df_monitor_name |
alert policy name |
df_monitor_type |
Monitor Type. e.g.custom:Events generated by self-built monitoringslo:SLO eventbot_obs:Auto detection event |
df_monitor_checker |
Monitor checker type. e.g. custom_metric/custom_logcustom_apm/… |
df_monitor_checker_sub |
Monitor checker stage. e.g. nodata/check |
df_monitor_checker_id |
Monitor cherker ID |
df_monitor_checker_name |
Monitor checker name |
df_monitor_checker_value |
Detection result value when the event is generated |
df_monitor_checker_ref |
Association monitor This tag is used to filter events that are detected by the same DQL statement |
df_monitor_checker_event_ref |
Associate Monitor Events This tag is used to filter events for the same object generated by the same monitor |
df_monitor_ref_key |
The association Key of the self-built patrol, through which the events generated by the self-built patrol are associated |
df_event_detail |
Full details of the incident |
df_user_id |
For manual recovery, the operator user ID |
df_user_name |
For manual recovery, the operator user name |
df_user_email |
For manual recovery, the operator user mailbox |
df_exec_mode |
Exec mode,e.g. corontab: Automatic trigger, timed execution async: Invoked asynchronously, executed manually |
- When df_source = audit, the following additional fields exist:
| Fields | Description |
|---|---|
df_user_id |
the operator user ID |
df_user_name |
the operator user name |
df_user_email |
the operator user mailbox |
| {Other Fields} | Other fields based on specific audit data requirements |
- When df_source = user, the following additional fields exist:
| Fields | Description |
|---|---|
df_user_id |
the operator user ID |
df_user_name |
the operator user name |
df_user_email |
the operator user mailbox |
| {Other Fields} | Other fields that generate events based on user actions |
Event Storage Policy¶
Guance provides three data storage time choices for event data: 14 days, 30 days and 60 days. If you choose the data storage time of 30 days, events generated from different sources will be stored in 30 days. You can adjust as required in Management > Settings > Change Data Storage Strategy.
See Data Storage Strategy for more data storage policies.