Skip to content

Events Center


The event management and audit platform provided by Guance supports real-time monitoring and unified querying of event data from multiple sources. Through event aggregation and correlation, it enables quick identification of anomalies and efficient data analysis.

Under the Events Center functional module, you can monitor system anomalies and service degradation issues through modules such as Monitors, Intelligent Monitoring, and SLO. You can leverage functions like monitors, intelligent monitoring, and SLO to detect system anomalies and service quality degradation. All monitoring activities will generate event records that are collected into the Explorer module for further in-depth analysis and processing.

Event Sources

Viewing Events

  • All Events: Aggregates events from all sources;
  • Unrecovered Events: Displays events within the current workspace that have not been resolved in the last 48 hours (df_status != ok);
  • Change Events: Records operational activity events in Kubernetes clusters that deviate from expected patterns;
  • Intelligent Monitoring Events: Includes all events triggered by satisfying intelligent monitoring rules.

Event Content

Taking an event triggered by a monitor rule as an example, the event content is primarily based on the information filled out in Create Rule > Event Notification.

As shown in the figure below, the event title is defined as Log Detection - Multi-Index, and the event content contains the DQL query statement and variables. The system will generate and display the final results based on the actual monitored data.

After abnormality detection by the rule, related event content can be viewed in Events > Event Details.

Event Fields

The final event record includes the following fields:

Field
Description
date / timestamp Occurrence time. Unit: seconds
df_date_range Time range. Unit: seconds
df_check_range_start Start time of the check range. Unit: seconds
df_check_range_end End time of the check range. Unit: seconds
df_issue_start_time Time when the first failure occurred in this round. Unit: seconds
df_issue_duration Duration of the failure in this round, unit: seconds (from df_issue_start_time to the current event)
df_source Event source. Includes monitor, user, system, custom, audit
df_status Event status. Includes ok, info, warning, error, critical, nodata, nodata_ok, nodata_as_ok, manual_ok
df_sub_status Event detail status (as a supplement to df_status)
df_event_id Unique event ID
df_title Title
df_message Description
  • When df_source = monitor, the following additional fields exist:
Field
Description
df_dimension_tags Detection dimension tags, e.g., {"host":"web01"}
df_monitor_id Alert policy ID
df_monitor_name Alert policy name
df_monitor_type Associated type: custom for custom monitoring events, slo for SLO events, bot_obs fixed for intelligent inspection events
df_monitor_checker Execution function name, e.g., custom_metric
df_monitor_checker_sub Detection phase: nodata for the no-data detection phase, check for the normal detection phase
df_monitor_checker_id Monitor ID
df_monitor_checker_name Monitor name
df_monitor_checker_value Abnormal value at event generation
df_monitor_checker_value_dumps Abnormal value at event generation (JSON serialized)
Facilitates obtaining original values after deserialization
df_monitor_checker_value_with_unit Abnormal value at event generation (optimal unit)
df_monitor_checker_ref Monitor association, only related to fields associated with the DQL statement configured in detection
df_monitor_checker_event_ref Monitor event association, only related to df_dimension_tags and df_monitor_checker_id
df_monitor_ref_key Self-built inspection association key, used to correspond with self-built inspections
df_fault_id Fault ID for this round, taken as the df_event_id of the first fault event
df_fault_status Fault status for this round, redundant field of df_status and df_sub_status, indicating whether it's OK, possible values:
ok: Normal
fault: Fault
df_fault_start_time Start time of the fault in this round.
df_fault_duration Duration of the fault in this round, unit: seconds (from df_issue_start_time to the current event)
df_event_detail Event detection details
df_event_report Intelligent monitoring report data
df_user_id User ID of the operator during manual recovery
df_user_name Username of the operator during manual recovery
df_user_email Email address of the operator during manual recovery
df_crontab_exec_mode Execution mode, optional values.
  • Automatically triggered (scheduled execution) crontab
  • Asynchronous call (manual execution) manual
  • df_site_name Current Guance site name
    df_workspace_name Associated workspace name
    df_workspace_uuid UUID of the associated workspace
    df_label Monitor label; labels specified in the monitor are stored in this field
    df_alert_policy_ids Alert policy IDs (list)
    df_alert_policy_names Alert policy names (list)
    df_matched_alert_policy_rules Alert policy names and all matched rule names (list)
    df_channels List of incident channels associated with the event
    df_at_accounts @account information
    df_at_accounts_nodata @account information (no data)
    df_message_at_accounts Detailed list of @user information in the fault alert message
    df_nodata_message_at_accounts Detailed list of @user information in the no-data alert message
    df_workspace_declaration Attribute declaration of the workspace
    df_matched_alert_members When sending alerts by member is selected, list of all matched alert notification members
    df_matched_alert_upgrade_members When sending alerts by member is selected, list of all matched alert escalation notification members
    df_matched_alert_member_groups When sending alerts by member is selected, list of all matched member group names
    df_charts Chart information appended when charts are added to the monitor configuration and this alert event requires message sending
    df_alert_info Record of alert notification information
    df_is_silent Whether the event is muted, values are strings "true" / "false"
    df_sent_target_types List of non-repeating alert notification target types already sent for this event
    df_check_targets Records detection time and metrics in the monitor configuration
    df_check_conditiondf_check_condition_expr Records trigger rules in the monitor configuration
    df_check_rules Records detection count and rules in the monitor configuration
    • When df_source = audit, the following additional fields exist:
    Field Description
    df_user_id Operator user ID
    df_user_name Operator username
    df_user_email Operator email address
    {other fields} Other fields according to specific audit data requirements
    • When df_source = user, the following additional fields exist:
    Field Description
    df_user_id Creator user ID
    df_user_name Creator username
    df_user_email Creator email address
    {other fields} Other fields generated based on user operations

    Further Reading

    Feedback

    Is this page helpful? ×