Managed Service for OpenSearch Audit Trails Events: GrantedPrivilegesRestEvent
Event JSON schema
{
"eventId": "string",
"eventSource": "string",
"eventType": "string",
"eventTime": "string",
"authentication": {
"authenticated": "boolean",
// Includes only one of the fields `subjectType`
"subjectType": "string",
// end of the list of possible fields
// Includes only one of the fields `subjectId`
"subjectId": "string"
// end of the list of possible fields
},
"authorization": {
"authorized": "boolean"
},
"resourceMetadata": {
"path": [
{
"resourceType": "string",
"resourceId": "string",
// Includes only one of the fields `resourceName`
"resourceName": "string"
// end of the list of possible fields
}
]
},
"requestMetadata": {
"remoteAddress": "string",
"userAgent": "string",
"requestId": "string",
// Includes only one of the fields `remotePort`
"remotePort": "string"
// end of the list of possible fields
},
"eventStatus": "string",
"error": {
"code": "integer",
"message": "string",
"details": [
"object"
]
},
"details": {
"clusterId": "string",
"clusterName": "string",
"formatVersion": "string",
"category": "string",
"timestamp": "string",
"nodeId": "string",
"nodeName": "string",
"nodeHostAddress": "string",
"nodeHostName": "string",
"requestOrigin": "string",
"requestLayer": "string",
"requestRemoteAddress": "string",
"requestEffectiveUser": "string",
"requestPrivilege": "string",
"requestBody": "string",
"requestInitiatingUser": "string",
"requestEffectiveUserIsAdmin": "string",
"restRequestPath": "string",
"restRequestMethod": "string",
"restRequestHeaders": "object",
"restRequestParams": "object"
},
"requestParameters": "object",
"response": "object"
}
Field description
|
Field |
Description |
|
eventId |
string |
|
eventSource |
string |
|
eventType |
string |
|
eventTime |
string (date-time) String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
authentication |
|
|
authorization |
|
|
resourceMetadata |
|
|
requestMetadata |
|
|
eventStatus |
enum (EventStatus)
|
|
error |
The error result of the operation in case of failure or cancellation. |
|
details |
|
|
requestParameters |
object |
|
response |
object |
DatabaseAuthentication
|
Field |
Description |
|
authenticated |
boolean |
|
subjectType |
enum (DatabaseSubjectType) Includes only one of the fields
|
|
subjectId |
string Includes only one of the fields |
Authorization
|
Field |
Description |
|
authorized |
boolean |
ResourceMetadata
|
Field |
Description |
|
path[] |
Resource
|
Field |
Description |
|
resourceType |
string |
|
resourceId |
string |
|
resourceName |
string Includes only one of the fields |
RequestMetadata
|
Field |
Description |
|
remoteAddress |
string |
|
userAgent |
string |
|
requestId |
string |
|
remotePort |
string (int64) Includes only one of the fields |
Status
The error result of the operation in case of failure or cancellation.
|
Field |
Description |
|
code |
integer (int32) Error code. An enum value of google.rpc.Code. |
|
message |
string An error message. |
|
details[] |
object A list of messages that carry the error details. |
RestEventDetails
|
Field |
Description |
|
clusterId |
string |
|
clusterName |
string |
|
formatVersion |
string (int64) |
|
category |
string |
|
timestamp |
string (date-time) String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
nodeId |
string |
|
nodeName |
string |
|
nodeHostAddress |
string |
|
nodeHostName |
string |
|
requestOrigin |
string |
|
requestLayer |
string |
|
requestRemoteAddress |
string |
|
requestEffectiveUser |
string |
|
requestPrivilege |
string |
|
requestBody |
string |
|
requestInitiatingUser |
string |
|
requestEffectiveUserIsAdmin |
string |
|
restRequestPath |
string |
|
restRequestMethod |
string |
|
restRequestHeaders |
object |
|
restRequestParams |
object |