智能日志管理平台

  • cloudtrail (读取 Records 字段)

    最近更新时间:2018-08-28 19:19:14

    Cloudtrail Transformer 是针对 AWS CloudTrail 的数据做格式转换的 Transformer,可以将 CloudTrail 的 json 格式中的 Records逐条变为数据。

    示例

    将数据由一条:

    {"Records": [{
        "eventVersion": "1.04",
        "userIdentity": {
            "type": "IAMUser",
            "principalId": "EX_PRINCIPAL_ID",
            "arn": "arn:aws:iam::123456789012:user/Alice",
            "accountId": "123456789012",
            "accessKeyId": "EXAMPLE_KEY_ID",
            "userName": "Alice"
        },
        "eventTime": "2016-07-14T19:15:45Z",
        "eventSource": "cloudtrail.amazonaws.com",
        "eventName": "UpdateTrail",
        "awsRegion": "us-east-2",
        "sourceIPAddress": "205.251.233.182",
        "userAgent": "aws-cli/1.10.32 Python/2.7.9 Windows/7 botocore/1.4.22",
        "errorCode": "TrailNotFoundException",
        "errorMessage": "Unknown trail: myTrail2 for the user: 123456789012",
        "requestParameters": {"name": "myTrail2"},
        "responseElements": null,
        "requestID": "5d40662a-49f7-11e6-97e4-d9cb6ff7d6a3",
        "eventID": "b7d4398e-b2f0-4faa-9c76-e2d316a8d67f",
        "eventType": "AwsApiCall",
        "recipientAccountId": "123456789012"
    },{
        "eventVersion": "1.0",
        "userIdentity": {
            "type": "IAMUser",
            "principalId": "EX_PRINCIPAL_ID",
            "arn": "arn:aws:iam::123456789012:user/Alice",
            "accountId": "123456789012",
            "accessKeyId": "EXAMPLE_KEY_ID",
            "userName": "Alice"
        },
        "eventTime": "2014-03-24T21:11:59Z",
        "eventSource": "iam.amazonaws.com",
        "eventName": "CreateUser",
        "awsRegion": "us-east-2",
        "sourceIPAddress": "127.0.0.1",
        "userAgent": "aws-cli/1.3.2 Python/2.7.5 Windows/7",
        "requestParameters": {"userName": "Bob"},
        "responseElements": {"user": {
            "createDate": "Mar 24, 2014 9:11:59 PM",
            "userName": "Bob",
            "arn": "arn:aws:iam::123456789012:user/Bob",
            "path": "/",
            "userId": "EXAMPLEUSERID"
        }}
    }]}
    

    转变为两条:

    {
        "eventVersion": "1.04",
        "userIdentity": {
            "type": "IAMUser",
            "principalId": "EX_PRINCIPAL_ID",
            "arn": "arn:aws:iam::123456789012:user/Alice",
            "accountId": "123456789012",
            "accessKeyId": "EXAMPLE_KEY_ID",
            "userName": "Alice"
        },
        "eventTime": "2016-07-14T19:15:45Z",
        "eventSource": "cloudtrail.amazonaws.com",
        "eventName": "UpdateTrail",
        "awsRegion": "us-east-2",
        "sourceIPAddress": "205.251.233.182",
        "userAgent": "aws-cli/1.10.32 Python/2.7.9 Windows/7 botocore/1.4.22",
        "errorCode": "TrailNotFoundException",
        "errorMessage": "Unknown trail: myTrail2 for the user: 123456789012",
        "requestParameters": {"name": "myTrail2"},
        "responseElements": null,
        "requestID": "5d40662a-49f7-11e6-97e4-d9cb6ff7d6a3",
        "eventID": "b7d4398e-b2f0-4faa-9c76-e2d316a8d67f",
        "eventType": "AwsApiCall",
        "recipientAccountId": "123456789012"
    }
    
    {
        "eventVersion": "1.0",
        "userIdentity": {
            "type": "IAMUser",
            "principalId": "EX_PRINCIPAL_ID",
            "arn": "arn:aws:iam::123456789012:user/Alice",
            "accountId": "123456789012",
            "accessKeyId": "EXAMPLE_KEY_ID",
            "userName": "Alice"
        },
        "eventTime": "2014-03-24T21:11:59Z",
        "eventSource": "iam.amazonaws.com",
        "eventName": "CreateUser",
        "awsRegion": "us-east-2",
        "sourceIPAddress": "127.0.0.1",
        "userAgent": "aws-cli/1.3.2 Python/2.7.5 Windows/7",
        "requestParameters": {"userName": "Bob"},
        "responseElements": {"user": {
            "createDate": "Mar 24, 2014 9:11:59 PM",
            "userName": "Bob",
            "arn": "arn:aws:iam::123456789012:user/Bob",
            "path": "/",
            "userId": "EXAMPLEUSERID"
        }}
    }
    
    以上内容是否对您有帮助?
  • Icon free helper
    Close