Logging Insights events with the Amazon CLI
You can configure your trails and event data stores to log Insights events using the Amazon CLI.
Note
To log Insights events on the API call rate, the trail must log write
management events. To log Insights events on the API error rate, the trail must log
read or write management events.
Logging Insights events for a trail using the Amazon CLI
To return the current Insights selectors for a trail, run the
get-insight-selectors command.
aws cloudtrail get-insight-selectors --trail-nameTrailName
The following example response shows the Insights selectors for a trail named
insights-trail.
{ "TrailARN": "arn:aws:cloudtrail:us-east-1:123456789012:trail/insights-trail", "InsightSelectors": [ { "InsightType": "ApiCallRateInsight" }, { "InsightType": "ApiErrorRateInsight" } ] }
If the trail does not have Insights enabled, the get-insight-selectors command returns the following error message: "An error occurred (InsightNotEnabledException) when calling the GetInsightSelectors operation: Trail arn:aws:cloudtrail:us-east-1:123456789012:trail/trailName does not have Insights enabled. Edit the trail settings to enable Insights, and then try the operation again."
To configure your trail to log Insights events, run the put-insight-selectors
command. The following example shows how to configure your trail to include Insights events.
Insights selector values can be ApiCallRateInsight,
ApiErrorRateInsight, or both.
aws cloudtrail put-insight-selectors --trail-nameTrailName--insight-selectors '[{"InsightType": "ApiCallRateInsight"},{"InsightType": "ApiErrorRateInsight"}]'
The following result shows the Insights event selector that is configured for the trail.
{ "TrailARN": "arn:aws:cloudtrail:us-east-1:123456789012:trail/TrailName", "InsightSelectors": [ { "InsightType": "ApiErrorRateInsight" }, { "InsightType": "ApiCallRateInsight" } ] }