Amazon AWS Elastic Kubernetes Service Sample Event Messages
Use these sample event messages to verify a successful integration with JSA.
Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Amazon AWS Elastic Kubernetes Service Sample Message when you use the Amazon Web Services Protocol
Sample 1: The following sample event message shows that a watch role changed to an object of kind role.
{"kind":"Event","apiVersion":"audit.k8s.io/ v1","level":"Request","auditID":"8716c01c-7a52-4100-8e97-1b9640c72a2f","stage":"ResponseComplete", "requestURI":"/apis/rbac.authorization.k8s.io/v1/roles? allowWatchBookmarks=true&resourceVersion=1575982&timeout=6m33s&timeoutSeconds=393&watch=true","ver b":"watch","user":{"username":"system:kube-controller-manager","groups": ["system:authenticated"]},"sourceIPs":["10.0.46.47"],"userAgent":"kube-controller-manager/v1.18.9 (linux/amd64) kubernetes/d1db3c4/shared-informers","objectRef": {"resource":"roles","apiGroup":"rbac.authorization.k8s.io","apiVersion":"v1"},"responseStatus": {"metadata":{},"status":"Success","message":"Connection closed early","code":200},"requestReceivedTimestamp":"2021-03-29T19:15:03.945243Z","stageTimestamp":"2021 -03-29T19:21:36.945705Z","annotations":{"authorization.k8s.io/ decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"system:kube-controller-manager\" of ClusterRole \"system:kube-controller-manager\" to User \"system:kube-controller-manager\""}}
JSA field name |
Highlighted values in the event payload |
---|---|
Event ID |
Watch |
Event Category |
Event Category |
Source IP |
10.0.46.47 |
Username |
system:kube-controller-manager |
Device Time |
2021-03-29T19:21:36.945705Z |
Sample 2: The following sample event shows that the specified lease is replaced.
{LogStreamName: kube-apiserver-audit-e5c612db6e0f317f383ed50f22c28423,Timestamp: 1616696002054,Message: {"kind":"Event","apiVersion":"audit.k8s.io/ v1","level":"Metadata","auditID":"e4b88806-2ebf-45b7-8e92-998a33fb0689","stage":"ResponseComplete" ,"requestURI":"/apis/coordination.k8s.io/v1/namespaces/kube-system/leases/kube-controller-manager? timeout=10s","verb":"update","user":{"username":"system:kube-controller-manager","groups": ["system:authenticated"]},"sourceIPs":["10.0.184.90"],"userAgent":"kube-controller-manager/ v1.18.9 (linux/amd64) kubernetes/d1db3c4/leader-election","objectRef": {"resource":"leases","namespace":"kube-system","name":"kube-controllermanager"," uid":"a047cca1-2cda-4e10-9f5c-205de4effe90","apiGroup":"coordination.k8s.io","apiVersion ":"v1","resourceVersion":"36409"},"responseStatus":{"metadata": {},"code":200},"requestReceivedTimestamp":"2021-03-25T18:13:21.066654Z","stageTimestamp":"2021-03- 25T18:13:21.071075Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/ reason":"RBAC: allowed by ClusterRoleBinding \"system:kube-controller-manager\" of ClusterRole \"system:kube-controller-manager\" to User \"system:kube-controller-manager\""}},IngestionTime: 1616696007143,EventId: 36053525605289394950164595066735255382191488289159053312}
JSA field name |
Highlighted values in the payload |
---|---|
Event ID |
update |
Event Category |
Event Category |
Source IP |
10.0.184.90 |
Username |
system:kube-controller-manager |
Device Time |
2021-03-25T18:13:21.071075Z |