Logging Insights events with the AWS CLI
Logging Insights events for a trail using the AWS CLI
To return the current Insights selectors for a trail, run the
get-insight-selectors command.
aws cloudtrail get-insight-selectors --trail-nameTrailName
The following example response shows the Insights selectors for a trail named
insights-trail.
{ "TrailARN": "arn:aws:cloudtrail:us-east-1:123456789012:trail/insights-trail", "InsightSelectors": [ { "InsightType": "ApiCallRateInsight", "EventCategories": [ "Management", "Data" ] }, { "InsightType": "ApiErrorRateInsight", "EventCategories": [ "Management", "Data" ] } ] }
If the trail does not have Insights enabled, the get-insight-selectors command returns the following error message: "An error occurred (InsightNotEnabledException) when calling the GetInsightSelectors operation: Trail arn:aws:cloudtrail:us-east-1:123456789012:trail/trailName does not have Insights enabled. Edit the trail settings to enable Insights, and then try the operation again."
To configure your trail to log Insights events, run the put-insight-selectors
command. The following example shows how to configure your trail to include Insights events.
Insights selector values can be ApiCallRateInsight,
ApiErrorRateInsight, or both. Each InsightType can be enabled for management EventCategory or data EventCategory or both.
aws cloudtrail put-insight-selectors --trail-nameTrailName--insight-selectors '[{"InsightType": "ApiCallRateInsight", "EventCategories": ["Data"]},{"InsightType": "ApiErrorRateInsight", "EventCategories": ["Data", "Management"]}]'
The following result shows the Insights event selector that is configured for the trail.
{ "TrailARN": "arn:aws:cloudtrail:us-east-1:123456789012:trail/TrailName", "InsightSelectors": [ { "InsightType": "ApiErrorRateInsight", "EventCategories": [ "Data" ] }, { "InsightType": "ApiCallRateInsight", "EventCategories": [ "Data", "Management" ] } ] }