Simplify AWS CloudTrail log evaluation with pure language question era in CloudTrail Lake (preview)
|
At the moment, I’m completely happy to announce in preview the generative synthetic intelligence (generative AI)–powered pure language question era in AWS CloudTrail Lake, which is a managed information lake for capturing, storing, accessing, and analyzing AWS CloudTrail exercise logs to satisfy compliance, safety, and operational wants. You may ask a query utilizing pure language about these exercise logs (administration and information occasions) saved in CloudTrail Lake with out having the technical experience to write down a SQL question or spend time to decode the precise construction of exercise occasions. For instance, you may ask, “Inform me what number of database cases are deleted and not using a snapshot”, and the characteristic will convert that query to a CloudTrail Lake question, which you’ll run as-is or modify to get the requested occasion data. Pure language question era makes the method of exploration of AWS exercise logs less complicated.
Now, let me present you the right way to begin utilizing pure language question era.
Getting began with pure language question era
The pure language question generator makes use of generative AI to provide a ready-to-use SQL question out of your immediate, which you’ll then select to run within the question editor of CloudTrail Lake.
Within the AWS CloudTrail console, I select Question below Lake. The question generator can solely generate queries for occasion information shops that accumulate CloudTrail administration and information occasions. I select an occasion information retailer for my CloudTrail Lake question from the dropdown checklist in Occasion information retailer. Within the Question generator, I enter the next immediate within the Immediate discipline utilizing pure language:
What number of errors have been logged through the previous month?
Then, I select Generate question. The next SQL question is robotically generated:
SELECT COUNT(*) AS error_count
FROM 8a6***
WHERE eventtime >= '2024-04-21 00:00:00'
AND eventtime <= '2024-05-21 23:59:59'
AND (
errorcode IS NOT NULL
OR errormessage IS NOT NULL
)I select Run to see the outcomes.
That is fascinating, however I wish to know extra particulars. I wish to see which companies had essentially the most errors and why these actions have been erroring out. So I enter the next immediate to request extra particulars:
What number of errors have been logged through the previous month for every service and what was the reason for every error?
I select Generate question, and the next SQL question is generated:
SELECT eventsource,
errorcode,
errormessage,
COUNT(*) AS errorCount
FROM 8a6***
WHERE eventtime >= '2024-04-21 00:00:00'
AND eventtime <= '2024-05-21 23:59:59'
AND (
errorcode IS NOT NULL
OR errormessage IS NOT NULL
)
GROUP BY 1,
2,
3
ORDER BY 4 DESC;
I select Run to see the outcomes.
Within the outcomes, I see that my account experiences most variety of errors associated to Amazon S3, and prime errors are associated to CORS and object stage configuration. I can proceed to dig deeper to see extra particulars by asking additional questions. However now let me give pure language question generator one other instruction. I enter the next immediate within the Immediate discipline:
What are the highest 10 AWS companies that I used up to now month? Embrace occasion identify as effectively.
I select Generate question, and the next SQL question is generated. This SQL assertion retrieves the sphere names (eventSource,eventName, COUNT(*) AS event_count), restricts the rows with the date interval of the previous month within the WHERE clause, teams the rows by eventSource and eventName, kinds them by the utilization rely, and restrict the consequence to 10 rows as I requested in a pure language.
SELECT eventSource,
eventName,
COUNT(*) AS event_count
FROM 8a6***
WHERE eventTime >= timestamp '2024-04-21 00:00:00'
AND eventTime <= timestamp '2024-05-21 23:59:59'
GROUP BY 1,
2
ORDER BY 3 DESC
LIMIT 10;
Once more, I select Run to see the outcomes.
I now have a greater understanding of what number of errors have been logged through the previous month, what service the error was for, and what induced the error. You may strive asking questions in plain language and run the generated queries over your logs to see how this characteristic works together with your information.
Be a part of the preview
Pure language question era is obtainable in preview within the US East (N. Virginia) Area as a part of CloudTrail Lake.
You should use pure language question era in preview for no extra value. CloudTrail Lake question expenses apply when working the question to generate outcomes. For extra data, go to AWS CloudTrail Pricing.
To be taught extra and get began utilizing pure language question era, go to AWS CloudTrail Lake Person Information.
