事件数据(Event)

事件(Event)是指值得关注的、有价值的数据。例如监控告警数据、定期巡检作业的结果等。

格式

日志服务的事件数据遵循CloudEvents协议规范,具体说明如下表所示。

字段类型

字段名

是否必选

数据格式

说明

协议字段

specversion

String

根据CloudEvents协议规范,默认使用1.0

id

String

事件ID,您可以根据source+id来区分事件的唯一性。

source

String

通常用来标识事件发生的上下文信息,例如事件来源、发布事件的实例等。

type

String

事件类型,例如sls.alert

subject

String

事件主题,是对source字段的补充,例如用于描述实际触发事件的对象。

datacontenttype

String

事件类型,默认取值为application/cloudevents+json

dataschema

URI

data字段需要遵循的Schema,默认为空。

data

JSON

具体的事件内容。不同来源和类型的事件格式会有差异。

time

Timestamp

事件时间,具体格式,请参见RFC 3339。例如2022-10-17T11:20:45.984+0800

扩展字段

title

String

事件标题。

message

String

事件描述。

status

String

事件状态。取值:

  • ok

  • info

  • warning

  • error

示例

例如一个告警事件,示例数据如下:

{
    "specversion": "1.0",
    "id": "af****6c",
    "source": "acs:sls",
    "type": "sls.alert",
    "subject": "https://sls.console.aliyun.com/lognext/project/demo-alert-chengdu/logsearch/nginx-access-log?encode=base64&endTime=1684312259&queryString=c3RhdHVzID49IDQwMCB8IHNlbGVjdCByZXF1ZXN0X21ldGhvZCwgY291bnQoKikgYXMgY250IGdyb3VwIGJ5IHJlcXVlc3RfbWV0aG9kIA%3D%3D&queryTimeType=99&startTime=1684311959",
    "datacontenttype": "application/cloudevents+json",
    "data": {
        "aliuid": "16****50",
        "region": "cn-chengdu",
        "project": "demo-alert-chengdu",
        "alert_id": "alert-16****96-247190",
        "alert_name": "Nginx访问错误",
        "alert_instance_id": "77****e4-1aad9f7",
        "alert_type": "sls_alert",
        "next_eval_interval": 300,
        "fire_time": 1684299959,
        "alert_time": 1684312259,
        "resolve_time": 0,
        "status": "firing",
        "severity": 10,
        "labels": {
            "request_method": "GET"
        },
        "annotations": {
            "__count__": "1",
            "cnt": "49",
            "desc": "Nginx最近五分钟内GET请求错误49次",
            "title": "Nginx访问错误告警触发"
        },
        "results": [
            {
                "region": "cn-chengdu",
                "project": "demo-alert-chengdu",
                "store": "nginx-access-log",
                "store_type": "log",
                "role_arn": "",
                "query": "status >= 400 | select request_method, count(*) as cnt group by request_method ",
                "start_time": 1684311959,
                "end_time": 1684312259,
                "fire_result": {
                    "cnt": "49",
                    "request_method": "GET"
                },
                "raw_results": [
                    {
                        "cnt": "49",
                        "request_method": "GET"
                    },
                    {
                        "cnt": "3",
                        "request_method": "DELETE"
                    },
                    {
                        "cnt": "7",
                        "request_method": "POST"
                    },
                    {
                        "cnt": "6",
                        "request_method": "PUT"
                    }
                ],
                "raw_result_count": 4,
                "truncated": false,
                "dashboard_id": "",
                "chart_title": "",
                "is_complete": true,
                "power_sql_mode": "auto"
            }
        ],
        "fire_results": [
            {
                "cnt": "49",
                "request_method": "GET"
            }
        ],
        "fire_results_count": 1,
        "condition": "Count:[1] > 0; Condition:[49] > 20",
        "raw_condition": "Count:__count__ > 0; Condition:cnt > 20"
    },
    "time": "2023-05-17T08:30:59Z",
    "title": "Nginx访问错误告警触发",
    "message": "Nginx最近五分钟内GET请求错误49次",
    "status": "error"
}