Skip to content

Event Center


The event management and auditing platform provided by Guance supports real-time monitoring and unified querying of multi-source event data. Through event aggregation and correlation, it can quickly locate anomalies and efficiently analyze data.

Under the Event Center Features module, you can monitor system anomalies and service quality degradation issues through Functions such as monitors, Intelligent Inspection, and SLOs. You can use monitors, Intelligent Inspection, and SLO Functions to monitor system anomalies and service quality degradation issues. All results of monitoring activities will generate event records and be aggregated into the Explorer module for subsequent in-depth analysis and processing.

Event Sources

Event Viewing

  • All Events: Summarizes events from all sources;
  • Unresolved Events: Displays events that have not been resolved within the last 48 hours in the current workspace (df_status !=ok);
  • Change Events: Records of operational activities in Kubernetes clusters that differ from expected patterns;
  • Intelligent Monitoring Events: Includes all events triggered by intelligent monitoring rules.

Event Content

Taking an event triggered by a monitor rule as an example, the main content of the event is based on the information entered at Create > Event Notifications.

As shown in the figure below, the event title is defined as Log Detection - Multi Indices, and the event content includes DQL query statements and variables. The system generates and displays the final result based on actual monitoring data.

After the rule detects an anomaly, you can view related event content in Events > Event Details.

Event Fields

The final event record will include the following fields:

Field
Description
date / timestamp Generation time. Unit in seconds
df_date_range Time range. Unit in seconds
df_check_range_start Start time of the detection range. Unit in seconds
df_check_range_end End time of the detection range. Unit in seconds
df_issue_start_time Time of the first failure occurrence in this round. Unit in seconds
df_issue_duration Duration of the failure in this round, unit in seconds (from df_issue_start_time to this event)
df_source Event source. Includes monitor, user, system, custom, audit
df_status Event status. Includes ok, info, warning, error, critical, nodata, nodata_ok, nodata_as_ok, manual_ok
df_sub_status Event detail status (as a supplement to df_status)
df_event_id Unique event ID
df_title Title
df_message Description
  • When df_source = monitor, additional fields exist:
Field
Description
df_dimension_tags Detection dimension tags, e.g., {"host":"web01"}
df_monitor_id Alert strategy ID
df_monitor_name Alert strategy name
df_monitor_type Type: Custom monitoring events are custom, SLO events are slo, Intelligent Inspection events are fixed as bot_obs
df_monitor_checker Execution function name, e.g., custom_metric
df_monitor_checker_sub Detection phase: If generated during the data interruption detection phase, it's nodata; if generated during the normal detection phase, it's check
df_monitor_checker_id Monitor ID
df_monitor_checker_name Monitor name
df_monitor_checker_value Abnormal value at the time of event generation
df_monitor_checker_value_dumps Abnormal value at the time of event generation (JSON serialized)
Convenient for obtaining original values via deserialization
df_monitor_checker_value_with_unit Abnormal value at the time of event generation (optimal unit)
df_monitor_checker_ref Monitor association, only associated with fields linked to the DQL statement in the detection configuration
df_monitor_checker_event_ref Monitor event association, only associated with fields linked to df_dimension_tags and df_monitor_checker_id
df_monitor_ref_key Self-built inspection association key, used to correspond with self-built inspections
df_fault_id Failure ID for this round, taken from the df_event_id of the first failure event
df_fault_status Failure status for this round, redundant field for df_status and df_sub_status, marking whether it is OK, with the following values:
ok: Normal
fault: Fault
df_fault_start_time Start time of the failure for this round.
df_fault_duration Duration of the failure for this round, unit in seconds (from df_issue_start_time to this event)
df_event_detail Event detection details
df_event_report Intelligent monitoring report data
df_user_id Operator user ID when manually recovered
df_user_name Operator username when manually recovered
df_user_email Operator user email when manually recovered
df_crontab_exec_mode Execution mode, optional values.
  • Automatic trigger (i.e., scheduled execution) crontab
  • Asynchronous call (i.e., manual execution) manual
  • df_site_name Current Guance site name
    df_workspace_name Workspace name belonging to
    df_workspace_uuid Workspace UUID belonging to
    df_label Monitor label, labels specified in the monitor are stored in this field UUID
    df_alert_policy_ids Alert policy IDs (list)
    df_alert_policy_names Alert policy names (list)
    df_matched_alert_policy_rules Alert policy names and all matching rule names (list)
    df_channels List of channels for Incident associated with the event
    df_at_accounts @Account information
    df_at_accounts_nodata @Account information (data interruption)
    df_message_at_accounts Detailed information list of @users in fault alert messages
    df_nodata_message_at_accounts Detailed information list of @users in data interruption alert messages
    df_workspace_declaration Attribute Claims of the workspace
    df_matched_alert_members List of all matching alert notification member information when sending by members
    df_matched_alert_upgrade_members List of all matching alert upgrade notification member information when sending by members
    df_matched_alert_member_groups List of all matching member group names when sending by members
    df_charts Chart information appended when charts are added in the monitor configuration and this alert event requires sending a message
    df_alert_info Recorded alert notification information
    df_is_silent Whether the event is muted, with values as strings "true" / "false"
    df_sent_target_types List of unique alert notification object types sent for this event
    • When df_source = audit, additional fields exist:
    Field Description
    df_user_id Operator user ID
    df_user_name Operator username
    df_user_email Operator user email
    {Other Fields} Other fields based on specific audit data needs
    • When df_source = user, additional fields exist:
    Field Description
    df_user_id Creator user ID
    df_user_name Creator username
    df_user_email Creator user email
    {Other Fields} Other fields generated based on user actions

    Further Reading

    Feedback

    Is this page helpful? ×