DocsICP FilingConsole
官方文档
首页

Query behavior event logs in ActionTrail

更新时间:
复制 MD 格式
产品详情
我的收藏

DataWorks integrates with ActionTrail, allowing you to view and search DataWorks behavior event logs for your Alibaba Cloud account from the past 90 days. You can also use ActionTrail to deliver event logs to a Simple Log Service (SLS) Logstore or a specified Object Storage Service (OSS) bucket to monitor events, configure alerts, and perform timely audits or trace issues. This topic describes how to query DataWorks behavior event logs in ActionTrail.

Background information

ActionTrail is an Alibaba Cloud service that lets you query and deliver records of resource operations within your Alibaba Cloud account. It monitors and records access to and use of cloud products and services through the Alibaba Cloud console, API operations, and developer tools. You can download these behavior events or save them to an SLS Logstore or an OSS bucket. You can then perform behavior analysis, security analysis, resource change tracking, and compliance auditing. For more information, see What is ActionTrail?.

Notes

You can configure a tracking alert for important events to promptly detect and handle anomalous activities.

Query DataWorks behavior event logs

  1. Log on to the ActionTrail console.

  2. In the left-side navigation pane, click Event > Event Query and select a region.

  3. On the Event Query page, in the Cloud Service drop-down list, select DataWorks to view the list of audited DataWorks events.

    The list displays basic information such as the event time, related resources, and operations. For a list of auditable DataWorks events, see DataWorks audit events.

    Use the Event Name to determine if an event is an API operation call and to find its description.

    Note

    API operation call events include UI actions that invoke API operations and direct API calls from code.

    • API operation call events: The Event Name for this type of event directly corresponds to an API operation name. You can search for the Event Name in the List of API operations to find its description.

    • Non-API operation call events: The following table describes these events.

      Event name

      Description

      Service module

      DIDeleteDatasource

      Deletes a data source from a tenant.

      Tenant

      DIBatchDeleteDatasource

      Deletes multiple data sources from a tenant in a batch operation.

      DICloneDatasource

      Clones a data source within a tenant.

      DownloadExecutionResult

      Downloads query results.

      Data Analytics

      CreateBusiness

      Creates a workflow.

      DestroyRelationTableFromBusiness

      Deletes all tables in a workflow.

      DeleteBusiness

      Deletes a workflow.

      ExecuteFile

      Runs a file as a temporary task.

      LockFile

      Forcibly acquires a file lock for editing.

      DICreateDatasource

      Adds a data source in Data Integration.

      Data Integration

      DIBatchCreateDatasource

      Adds multiple data sources in Data Integration in a batch operation.

      DIUpdateDatasource

      Modifies a data source in Data Integration.

      DITestDatasourceConnection

      Performs a connectivity test on a data source in Data Integration.

      DIManageDatasourcePermission

      Manages permissions for a data source in Data Integration.

      DICreateTableByDDL

      Automatically generates a destination table schema in Data Integration.

      DIPreviewData

      Previews a batch synchronization task in Data Integration.

      DIUpdateDataxJob

      Updates a batch synchronization task in Data Integration.

      DIUpdateStreamxJob

      Updates a real-time synchronization task in Data Integration.

      DIRunStreamxJob

      Starts a real-time synchronization task of Data Integration in Operation Center.

      DIBatchRunStreamxJob

      Starts multiple real-time synchronization tasks of Data Integration in a batch operation in Operation Center.

      DIStopStreamxJob

      Stops a real-time synchronization task of Data Integration in Operation Center.

      DIBatchStopStreamxJob

      Stops multiple real-time synchronization tasks of Data Integration in a batch operation in Operation Center.

      DIOfflineStreamxJob

      Undeploys a real-time synchronization task of Data Integration in Operation Center.

      DIBatchOfflineStreamxJob

      Undeploys multiple real-time synchronization tasks of Data Integration in a batch operation in Operation Center.

      DIUpdateStreamxJobOwner

      Changes the owner of a real-time synchronization task in Operation Center.

      DICreateAlarmRule

      Creates an alert rule in Operation Center.

      DIBatchCreateAlarmRule

      Creates multiple alert rules in a batch operation in Operation Center.

      DISimulateAlarm

      Simulates an alert for testing in Operation Center.

      DIStopAlarmRule

      Pauses an alert rule in Operation Center.

      DIBatchStopAlarmRule

      Pauses multiple alert rules in a batch operation in Operation Center.

      DIStartAlarmRule

      Enables an alert rule in Operation Center.

      DIBatchStartAlarmRule

      Enables multiple alert rules in a batch operation in Operation Center.

      DIDeleteAlarmRule

      Deletes an alert rule in Operation Center.

      DIBatchDeleteAlarmRule

      Deletes multiple alert rules in a batch operation in Operation Center.

      DIUpdateAlarmRule

      Modifies an alert rule in Operation Center.

      DISaveSolution

      Creates or modifies a solution in Data Integration.

      DIDeleteSolution

      Deletes a solution in Data Integration.

      DIStartSolution

      Runs a solution (start, rerun, or apply updates) in Data Integration.

      DIStopSolution

      Stops a solution in Data Integration.

      DICloneSolution

      Clones a solution in Data Integration.

      DICreateSolutionAlarmRule

      Creates an alert rule for a solution.

      DISimulateSolutionAlarmRule

      Simulates an alert rule for a solution for testing.

      DIDeleteSolutionAlarmRule

      Deletes an alert rule for a solution.

      DIUpdateSolutionAlarmRule

      Updates an alert rule for a solution (configured, paused, or enabled).

      DISaveSolutionV1

      Creates or modifies a solution in the legacy console.

      DIDeleteSolutionV1

      Deletes a solution from the legacy console.

      DIStartSolutionV1

      Runs or reruns a solution from the legacy console.

      DICloneSolutionV1

      Clones a solution in the legacy console.

      DIFullSupplementData

      Backfills data for a solution in the legacy console.

      DownloadSqlResult

      Downloads SQL query results from DataAnalysis.

      DataAnalysis

      DownloadSheet

      Downloads a worksheet from DataAnalysis.

      RunTask

      Runs an SQL query in DataAnalysis.

  4. View the event details.

    Click View Event Details for an event to see its details, such as the event source, event record, and related resources. The event details page displays event metadata, including fields such as API Request ID, Event ID, Operator Name (for example, a RAM role), Event Time, Event Source, Region, Cloud Service (for example, DataWorks), Event Name (for example, ListResourceGroups), Error Code, Source IP Address, and AccessKey ID. The page also includes the Related Resources section and the Event Record section, which contains the event details in JSON format.

Next steps

You can use these event logs to perform behavior analysis, security analysis, resource change tracking, and compliance auditing.

Previous:Tag managementNext:Data Analysis