{"id":41023,"date":"2023-09-08T22:50:15","date_gmt":"2022-12-27T06:41:41","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/"},"modified":"2024-04-30T22:02:47","modified_gmt":"2024-04-30T14:02:47","slug":"%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/","title":{"rendered":"\u4f7f\u7528Lambda\u5c06CloudTrail\u65e5\u5fd7\u6295\u653e\u5230Elasticsearch"},"content":{"rendered":"

\u9996\u5148<\/h1>\n

\u6211\u89c9\u5f97\u628aCloudtrail\u65e5\u5fd7\u653e\u5165\u53ef\u4ee5\u4f7f\u7528Kibana\u7684Elasticsearch\u4e2d\u8fdb\u884c\u5206\u6790\u4f1a\u5f88\u65b9\u4fbf\uff0c\u6240\u4ee5\u53c2\u8003\u4e86\u8fd9\u4e2a\u5e76\u5c1d\u8bd5\u521b\u5efa\u4e86Lambda\u51fd\u6570\u7684\u793a\u4f8b\u3002<\/p>\n

\"SnapCrab_NoName_2015-2-21_23-17-16_No-00.png\"<\/div>\n

\u8fd9\u91cc\u662f\u521b\u5efa\u7684 Lambda \u51fd\u6570\u7684\u4ee3\u7801\u3002<\/p>\n

var<\/span> aws<\/span> =<\/span> require<\/span>(<\/span>'<\/span>aws-sdk<\/span>'<\/span>);<\/span>\r\nvar<\/span> zlib<\/span> =<\/span> require<\/span>(<\/span>'<\/span>zlib<\/span>'<\/span>);<\/span>\r\nvar<\/span> elasticsearch<\/span> =<\/span> require<\/span>(<\/span>'<\/span>elasticsearch<\/span>'<\/span>);<\/span>\r\n\r\nvar<\/span> ES_INDEX<\/span> =<\/span> '<\/span>cloudtrail<\/span>'<\/span>;<\/span> \/\/ Elasticsearch index name<\/span>\r\nvar<\/span> ES_TYPE<\/span> =<\/span> '<\/span>log<\/span>'<\/span>;<\/span> \/\/ Elsticsearch index type name<\/span>\r\nvar<\/span> ES_CLIENT<\/span> =<\/span> new<\/span> elasticsearch<\/span>.<\/span>Client<\/span>({<\/span>\r\n    host<\/span>:<\/span> '<\/span><ELASTICSEARCH_URL:PORT_NUMBER><\/span>'<\/span> \/\/Elasticsearch URL:port<\/span>\r\n});<\/span> \r\n\r\n\/\/start lambda function<\/span>\r\nexports<\/span>.<\/span>handler<\/span> =<\/span> function<\/span>(<\/span>event<\/span>,<\/span> context<\/span>)<\/span> {<\/span>\r\n    console<\/span>.<\/span>log<\/span>(<\/span>'<\/span>Received event:<\/span>'<\/span>);<\/span>\r\n    var<\/span> bucket<\/span> =<\/span> event<\/span>.<\/span>Records<\/span>[<\/span>0<\/span>].<\/span>s3<\/span>.<\/span>bucket<\/span>.<\/span>name<\/span>;<\/span>\r\n    var<\/span> key<\/span> =<\/span> event<\/span>.<\/span>Records<\/span>[<\/span>0<\/span>].<\/span>s3<\/span>.<\/span>object<\/span>.<\/span>key<\/span>;<\/span>\r\n    var<\/span> region<\/span> =<\/span> event<\/span>.<\/span>Records<\/span>[<\/span>0<\/span>].<\/span>awsRegion<\/span>;<\/span>\r\n    var<\/span> s3<\/span> =<\/span> new<\/span> aws<\/span>.<\/span>S3<\/span>({<\/span>\r\n        apiVersion<\/span>:<\/span> '<\/span>2006-03-01<\/span>'<\/span>,<\/span>\r\n        region<\/span> :<\/span> region<\/span>\r\n    });<\/span>\r\n\r\n    s3<\/span>.<\/span>getObject<\/span>({<\/span>\r\n        Bucket<\/span> :<\/span> bucket<\/span>,<\/span>\r\n        Key<\/span> :<\/span> key<\/span>\r\n    },<\/span> function<\/span>(<\/span>err<\/span>,<\/span>data<\/span>)<\/span> {<\/span>\r\n        if<\/span>(<\/span>err<\/span>){<\/span>\r\n            context<\/span>.<\/span>done<\/span>(<\/span>'<\/span>error<\/span>'<\/span>,<\/span>'<\/span>error getting file<\/span>'<\/span> +<\/span> err<\/span>);<\/span>\r\n        }<\/span> else<\/span> {<\/span>\r\n            var<\/span> contentType<\/span> =<\/span> data<\/span>.<\/span>ContentType<\/span>;<\/span>\r\n            var<\/span> contentEncoding<\/span> =<\/span> data<\/span>.<\/span>ContentEncoding<\/span>;<\/span>\r\n            if<\/span> (<\/span>contentType<\/span> ===<\/span> \"<\/span>application\/json<\/span>\"<\/span>\r\n                &&<\/span> contentEncoding<\/span> ===<\/span> \"<\/span>gzip<\/span>\"<\/span>)<\/span> {<\/span>\r\n                var<\/span> logFileName<\/span> =<\/span> key<\/span>.<\/span>substr<\/span>(<\/span>key<\/span>.<\/span>lastIndexOf<\/span>(<\/span>\"<\/span>\/<\/span>\"<\/span>)<\/span> +<\/span> 1<\/span>);<\/span>\r\n                var<\/span> buf<\/span> =<\/span> data<\/span>.<\/span>Body<\/span>;<\/span>\r\n                zlib<\/span>.<\/span>gunzip<\/span>(<\/span>buf<\/span>,<\/span> function<\/span>(<\/span>_<\/span>,<\/span> dezipped<\/span>)<\/span> {<\/span>\r\n                    var<\/span> json<\/span> =<\/span> JSON<\/span>.<\/span>parse<\/span>(<\/span>dezipped<\/span>.<\/span>toString<\/span>(<\/span>'<\/span>utf-8<\/span>'<\/span>));<\/span>\r\n                    sendToES<\/span>(<\/span>context<\/span>,<\/span>region<\/span>,<\/span>logFileName<\/span>,<\/span>json<\/span>);<\/span>\r\n                });<\/span>\r\n            }<\/span>\r\n        }<\/span>\r\n    });<\/span>\r\n};<\/span>\r\n\r\n\/\/bulk send to Elasticsearch<\/span>\r\nfunction<\/span> sendToES<\/span>(<\/span>context<\/span>,<\/span>region<\/span>,<\/span>logFileName<\/span>,<\/span>json<\/span>){<\/span>\r\n    var<\/span> records<\/span> =<\/span> json<\/span>.<\/span>Records<\/span>;<\/span>\r\n    var<\/span> searchRecords<\/span> =<\/span> [];<\/span>\r\n    for<\/span>(<\/span>var<\/span> i<\/span> =<\/span> 0<\/span>;<\/span> i<\/span> <<\/span> records<\/span>.<\/span>length<\/span>;<\/span> i<\/span>++<\/span>){<\/span>\r\n        var<\/span> record<\/span> =<\/span> records<\/span>[<\/span>i<\/span>];<\/span>\r\n        var<\/span> header<\/span> =<\/span> {<\/span>\r\n            \"<\/span>index<\/span>\"<\/span>:{<\/span>\r\n                \"<\/span>_index<\/span>\"<\/span>:<\/span> ES_INDEX<\/span>,<\/span>\r\n                \"<\/span>_type<\/span>\"<\/span>:<\/span> ES_TYPE<\/span>,<\/span>\r\n                \"<\/span>_id<\/span>\"<\/span>:<\/span> record<\/span>.<\/span>eventTime<\/span> +<\/span> \"<\/span>-<\/span>\"<\/span> +<\/span> record<\/span>.<\/span>requestID<\/span>\r\n            }<\/span>\r\n        };<\/span>\r\n\r\n        var<\/span> searchRecord<\/span> =<\/span> {<\/span>\r\n            \"<\/span>usertype<\/span>\"<\/span> :<\/span> record<\/span>.<\/span>userIdentity<\/span>.<\/span>type<\/span>,<\/span>\r\n            \"<\/span>arn<\/span>\"<\/span> :<\/span> record<\/span>.<\/span>userIdentity<\/span>.<\/span>arn<\/span>,<\/span>\r\n            \"<\/span>accesskeyid<\/span>\"<\/span> :<\/span> record<\/span>.<\/span>userIdentity<\/span>.<\/span>accessKeyId<\/span>,<\/span>\r\n            \"<\/span>username<\/span>\"<\/span> :<\/span> record<\/span>.<\/span>userIdentity<\/span>.<\/span>userName<\/span>,<\/span>\r\n            \"<\/span>eventtime<\/span>\"<\/span> :<\/span> record<\/span>.<\/span>eventTime<\/span>,<\/span>\r\n            \"<\/span>eventsource<\/span>\"<\/span> :<\/span> record<\/span>.<\/span>eventSource<\/span>,<\/span>\r\n            \"<\/span>eventname<\/span>\"<\/span> :<\/span> record<\/span>.<\/span>eventName<\/span>,<\/span>\r\n            \"<\/span>awsregion<\/span>\"<\/span> :<\/span> record<\/span>.<\/span>awsRegion<\/span>,<\/span>\r\n            \"<\/span>sourceipaddress<\/span>\"<\/span> :<\/span> record<\/span>.<\/span>sourceIPAddress<\/span>,<\/span>\r\n            \"<\/span>useragent<\/span>\"<\/span> :<\/span> record<\/span>.<\/span>userAgent<\/span>,<\/span>\r\n            \"<\/span>requestid<\/span>\"<\/span> :<\/span> record<\/span>.<\/span>requestID<\/span>,<\/span>\r\n            \"<\/span>eventid<\/span>\"<\/span> :<\/span> record<\/span>.<\/span>eventID<\/span>,<\/span>\r\n            \"<\/span>logfilename<\/span>\"<\/span> :<\/span> logFileName<\/span>\r\n        };<\/span>\r\n        searchRecords<\/span>.<\/span>push<\/span>(<\/span>header<\/span>);<\/span>\r\n        searchRecords<\/span>.<\/span>push<\/span>(<\/span>searchRecord<\/span>);<\/span>\r\n    };<\/span>\r\n    console<\/span>.<\/span>log<\/span>(<\/span>searchRecords<\/span>);<\/span>\r\n    ES_CLIENT<\/span>.<\/span>bulk<\/span>({<\/span>\r\n        \"<\/span>body<\/span>\"<\/span>:<\/span> searchRecords<\/span>\r\n    },<\/span> function<\/span>(<\/span>err<\/span>,<\/span> resp<\/span>){<\/span>\r\n            if<\/span>(<\/span>err<\/span>){<\/span>\r\n                console<\/span>.<\/span>log<\/span>(<\/span>err<\/span>);<\/span>\r\n                context<\/span>.<\/span>done<\/span>(<\/span>\"<\/span>error<\/span>\"<\/span>,<\/span>err<\/span>);<\/span>\r\n            }<\/span>else<\/span>{<\/span>\r\n                console<\/span>.<\/span>log<\/span>(<\/span>resp<\/span>);<\/span>\r\n                context<\/span>.<\/span>done<\/span>(<\/span>null<\/span>,<\/span>'<\/span>success<\/span>'<\/span>);<\/span>\r\n            };<\/span>\r\n    });<\/span>\r\n};<\/span>\r\n<\/code><\/pre>\n
\u7528\u6cd5<\/h2>\n
\u8bf7\u63d0\u524d\u542f\u7528CloudTrail\u3002CloudTrail\u65e5\u5fd7\u5e94\u653e\u7f6e\u5728\u4e0eLambda\u51fd\u6570\u76f8\u540c\u7684\u533a\u57df\u5185\u3002<\/p>\n
\u9996\u5148\uff0c\u51c6\u5907\u4e00\u53f0\u5b89\u88c5\u4e86Elasticsearch \/ kibana\u7684\u670d\u52a1\u5668\u3002\u7531\u4e8ekibana4\u6700\u8fd1\u5b98\u65b9\u53d1\u5e03\uff0c\u6240\u4ee5\u8fd9\u6b21\u9009\u62e9Elasticsearch 1.4.4\/kibana 4.0\u3002<\/p>\n
    \n
  • \n
      http:\/\/www.elasticsearch.org\/download\/<\/ul>\n<\/li>\n<\/ul>\n
       <\/p>\n
        http:\/\/www.elasticsearch.org\/overview\/kibana\/installation\/<\/ul>\n
        \u4e00\u65e6\u542f\u52a8Elasticsearch\uff0c\u5c31\u53ef\u4ee5\u521b\u5efa\u7d22\u5f15\u3002\u5f53\u5411Elasticsearch\u653e\u7f6e\u6587\u6863\u65f6\uff0c\u5b83\u4f1a\u81ea\u52a8\u521b\u5efa\u6620\u5c04\uff0c\u4f46\u5982\u679c\u5728Kibana\u4e2d\u4f7f\u7528\u65f6\uff0c\u6700\u597d\u660e\u786e\u6307\u5b9a\u4e3anot_analyzed\u3002<\/p>\n
        curl -XPUT http:\/\/localhost:9200\/cloudtrail -d '\r\n{\r\n    mappings: {\r\n        log: {\r\n            properties: {\r\n                accesskeyid: {\r\n                    type: \"string\",\r\n                    index: \"not_analyzed\"\r\n                },\r\n                arn: {\r\n                    type: \"string\",\r\n                    index: \"not_analyzed\"\r\n                },\r\n                awsregion: {\r\n                    type: \"string\",\r\n                    index: \"not_analyzed\"\r\n                },\r\n                eventid: {\r\n                    type: \"string\",\r\n                    index: \"not_analyzed\"\r\n                },\r\n                eventname: {\r\n                    type: \"string\",\r\n                    index: \"not_analyzed\"\r\n                },\r\n                eventsource: {\r\n                    type: \"string\",\r\n                    index: \"not_analyzed\"\r\n                },\r\n                eventtime: {\r\n                    type: \"date\",\r\n                    format: \"dateOptionalTime\"\r\n                },\r\n                logfilename: {\r\n                    type: \"string\",\r\n                    index: \"not_analyzed\"\r\n                },\r\n                requestid: {\r\n                    type: \"string\",\r\n                    index: \"not_analyzed\"\r\n                },\r\n                sourceipaddress: {\r\n                    type: \"string\",\r\n                    index: \"not_analyzed\"\r\n                },\r\n                useragent: {\r\n                    type: \"string\",\r\n                    index: \"not_analyzed\"\r\n                },\r\n                username: {\r\n                    type: \"string\",\r\n                    index: \"not_analyzed\"\r\n                },\r\n                usertype: {\r\n                    type: \"string\",\r\n                    index: \"not_analyzed\"\r\n                }\r\n            }\r\n        }\r\n    }\r\n}'\r\n<\/code><\/pre>\n
        \u4e00\u65e6Elasticsearch\u73af\u5883\u51c6\u5907\u5c31\u7eea\uff0c\u6211\u4eec\u5c06\u521b\u5efa\u4e00\u4e2alambda function\u3002<\/p>\n
        \u5b89\u88c5Node\u548cnpm\uff0c\u5e76\u8bbe\u7f6elambda\u51fd\u6570\u7684\u73af\u5883\u4ee5\u6253\u5305\u3002\u8fd9\u91cc\u53c2\u8003\u8bbe\u7f6eLambda\u5f00\u53d1\u73af\u5883\u3002
        \n\u7531\u4e8e\u51fd\u6570\u4e2d\u4f7f\u7528\u4e86Elasticsearch.js\uff0c\u6240\u4ee5\u4f7f\u7528npm\u8fdb\u884c\u5b89\u88c5\u3002<\/p>\n
        npm install elasticsearch\r\n<\/code><\/pre>\n
        \u5c06\u5f00\u5934\u7684Lambda\u51fd\u6570\u4fdd\u5b58\u4e3ajs\u683c\u5f0f\uff0c\u5e76\u4e0enode_module\u4e00\u8d77\u538b\u7f29\u4e3azip\u6587\u4ef6\u3002\u5f53 zip\u6587\u4ef6\u51c6\u5907\u597d\u540e\uff0c\u4e0a\u4f20\u5230Lambda\u4e2d\u3002
        \n\u4f7f\u7528aws cli\u5de5\u5177\uff0c\u4e0a\u4f20\u540e\u4f1a\u76f4\u63a5\u521b\u5efaLambda\u51fd\u6570\u3002<\/p>\n
        $ zip -r function.zip lambda-function.js node_modules\r\n\r\n$ aws lambda upload-function --function-name CloudtrailToElasticsearch --function-zip \".\/function.zip\" --runtime nodejs --role  arn:aws:iam::<AWS_ACCOUNT_ID>:role\/lambda_exec_role --mode event --handler lambda-function.handler \r\n<\/code><\/pre>\n
        \u521b\u5efaLambda\u51fd\u6570\u540e\uff0c\u9700\u8981\u8fdb\u884c\u4e8b\u4ef6\u6e90\u7684\u914d\u7f6e\u3002\u5728Lambda\u7ba1\u7406\u63a7\u5236\u53f0\u4e2d\uff0c\u70b9\u51fb\u201c\u914d\u7f6e\u4e8b\u4ef6\u6e90\u201d\uff0c\u9009\u62e9\u4f5c\u4e3aCloudtrail\u65e5\u5fd7\u8f93\u51fa\u7684S3\u5b58\u50a8\u6876\u4ee5\u53ca\u5728\u8bfb\u53d6\u65f6\u4f7f\u7528\u7684IAM\u89d2\u8272\uff0c\u5e76\u8fdb\u884c\u8bbe\u7f6e\u3002<\/p>\n
        \u5982\u679c\u60a8\u6309\u7167\u9019\u500b\u8a2d\u5b9a\uff0c\u4e26\u4e14\u6c92\u6709\u4efb\u4f55\u554f\u984c\u7684\u8a71\uff0cCloudTrail\u65e5\u8a8c\u5c07\u81ea\u52d5\u88ab\u63a8\u9001\u5230Elasticsearch\u3002<\/p>\n
        \u53ea\u9700\u4f7f\u7528Kibana4\u521b\u5efa\u4eea\u8868\u677f\u5373\u53ef\u3002 Kibana4\u7684\u64cd\u4f5c\u975e\u5e38\u6709\u7528\u3002<\/p>\n
        \"SnapCrab_NoName_2015-2-22_12-41-29_No-00.png\"<\/div>\n
        \"SnapCrab_NoName_2015-2-22_12-37-35_No-00.png\"<\/div>\n","protected":false},"excerpt":{"rendered":"
        \u9996\u5148 \u6211\u89c9\u5f97\u628aCloudtrail\u65e5\u5fd7\u653e\u5165\u53ef\u4ee5\u4f7f\u7528Kibana\u7684Elasticsearch\u4e2d\u8fdb\u884c\u5206\u6790\u4f1a\u5f88\u65b9\u4fbf\uff0c […]<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-41023","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n\u4f7f\u7528Lambda\u5c06CloudTrail\u65e5\u5fd7\u6295\u653e\u5230Elasticsearch - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528lambda\u5c06cloudtrail\u65e5\u5fd7\u6295\u653e\u5230elasticsearch\u3002\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u4f7f\u7528Lambda\u5c06CloudTrail\u65e5\u5fd7\u6295\u653e\u5230Elasticsearch\" \/>\n<meta property=\"og:description\" content=\"\u9996\u5148 \u6211\u89c9\u5f97\u628aCloudtrail\u65e5\u5fd7\u653e\u5165\u53ef\u4ee5\u4f7f\u7528Kibana\u7684Elasticsearch\u4e2d\u8fdb\u884c\u5206\u6790\u4f1a\u5f88\u65b9\u4fbf\uff0c […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528lambda\u5c06cloudtrail\u65e5\u5fd7\u6295\u653e\u5230elasticsearch\u3002\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-27T06:41:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-30T14:02:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d442237434c4406c9e49f\/2-0.png\" \/>\n<meta name=\"author\" content=\"\u6e05, \u626c\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u6e05, \u626c\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/\",\"name\":\"\u4f7f\u7528Lambda\u5c06CloudTrail\u65e5\u5fd7\u6295\u653e\u5230Elasticsearch - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2022-12-27T06:41:41+00:00\",\"dateModified\":\"2024-04-30T14:02:47+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u4f7f\u7528Lambda\u5c06CloudTrail\u65e5\u5fd7\u6295\u653e\u5230Elasticsearch\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461\",\"name\":\"\u6e05, \u626c\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g\",\"caption\":\"\u6e05, \u626c\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyang\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u4f7f\u7528Lambda\u5c06CloudTrail\u65e5\u5fd7\u6295\u653e\u5230Elasticsearch - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528lambda\u5c06cloudtrail\u65e5\u5fd7\u6295\u653e\u5230elasticsearch\u3002\/","og_locale":"zh_CN","og_type":"article","og_title":"\u4f7f\u7528Lambda\u5c06CloudTrail\u65e5\u5fd7\u6295\u653e\u5230Elasticsearch","og_description":"\u9996\u5148 \u6211\u89c9\u5f97\u628aCloudtrail\u65e5\u5fd7\u653e\u5165\u53ef\u4ee5\u4f7f\u7528Kibana\u7684Elasticsearch\u4e2d\u8fdb\u884c\u5206\u6790\u4f1a\u5f88\u65b9\u4fbf\uff0c […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528lambda\u5c06cloudtrail\u65e5\u5fd7\u6295\u653e\u5230elasticsearch\u3002\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2022-12-27T06:41:41+00:00","article_modified_time":"2024-04-30T14:02:47+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d442237434c4406c9e49f\/2-0.png"}],"author":"\u6e05, \u626c","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u6e05, \u626c","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"2 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/","name":"\u4f7f\u7528Lambda\u5c06CloudTrail\u65e5\u5fd7\u6295\u653e\u5230Elasticsearch - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2022-12-27T06:41:41+00:00","dateModified":"2024-04-30T14:02:47+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u4f7f\u7528Lambda\u5c06CloudTrail\u65e5\u5fd7\u6295\u653e\u5230Elasticsearch"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461","name":"\u6e05, \u626c","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g","caption":"\u6e05, \u626c"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyang\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8lambda%e5%b0%86cloudtrail%e6%97%a5%e5%bf%97%e6%8a%95%e6%94%be%e5%88%b0elasticsearch%e3%80%82\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=41023"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41023\/revisions"}],"predecessor-version":[{"id":94560,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41023\/revisions\/94560"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=41023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=41023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=41023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}