英文:
Create event data source for this query
问题
我正在尝试在CloudWatch Lake中执行此查询。
SELECT
*
FROM
$EDS_ID
WHERE
eventsource = 'signin.amazonaws.com'
AND eventname = 'ConsoleLogin'
AND Element_at(additionaleventdata, 'MFAUsed') = 'No'
但我无法正确创建事件数据源,因为下拉菜单中没有相关的登录选项。可用的“数据事件类型”类似于S3、Lambda等。
英文:
I am trying to execute this query in cloudwatch lake.
SELECT
*
FROM
$EDS_ID
WHERE
eventsource = 'signin.amazonaws.com'
AND eventname = 'ConsoleLogin'
AND Element_at(additionaleventdata, 'MFAUsed'
) = 'No'
But I am not able to create Event Data Source correctly. Because the relevant signin option is not available in the drop-down. Available "Data event type" are like S3, Lambda, etc.
答案1
得分: 1
我想你是指CloudTrail Lake和创建事件数据存储。
您无需选择“数据事件”框。您只需选择“管理事件”即可使其正常工作。
在创建事件数据存储时,保持所有默认设置不变,并测试以下查询:
SELECT
*
FROM
e1490c52-11ee-44be-827e-2cefa50780ab
WHERE
eventName='ConsoleLogin'
AND eventSource='signin.amazonaws.com'
AND Element_at(additionalEventData, 'MFAUsed') = 'No'
其中e1490c52-11ee-44be-827e-2cefa50780ab是事件数据存储ID。
英文:
I suppose you mean CloudTrail Lake and creating Event data store.
You do not need to select the Data Events box. All you need to make it work is the Management events.
Leave all by default when creating Event data store,
and test the query:
SELECT
*
FROM
e1490c52-11ee-44be-827e-2cefa50780ab
WHERE
eventName='ConsoleLogin'
AND eventsource='signin.amazonaws.com'
AND Element_at(additionaleventdata, 'MFAUsed'
) = 'No'
where e1490c52-11ee-44be-827e-2cefa50780ab is Event data store ID
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论