Data Formats
Last updated on
The Telemetry Router enables the forwarding of standardized telemetry data to various targets. The following sections explain the data standards.
Audit Logs
Section titled “Audit Logs”Audit logs are security-relevant records that provide a complete and verifiable history of all activities within the cloud environment. Audit logs are processed and forwarded according to the OpenTelemetry Schema.
| Field Name | Required | Type | Description | Example |
|---|---|---|---|---|
Timestamp | YES | uint64 | Time when the event occurred. | 1544712660300000000 |
Body | YES | string | Human-readable message for the audit log entry. | ”Instance was created” |
SeverityText | YES | string | String representation of the severity. Possible values: “TRACE”, “DEBUG”, “INFO”, “WARN”, “ERROR”, “FATAL" | "INFO” |
Attributes["service.name"] | YES | string | The STACKIT service associated with the audit log entry (in the style of the API identifier). | “secrets-manager” |
Attributes["service.instance.id"] | YES | string | Identifies the instance affected by the event. Usually the instance ID or the name of the resource. | ”141270e1-20ac-4c19-9ab8-5d12076def1c” |
Attributes["cloud.region"] | YES | string | Region where the log occurred. Possible values: “global”, “eu01”, “eu02”, ”…" | "eu01” |
Attributes["stackit.resource.type"] | YES | string | Type of the space where the log occurred. Possible values: “PROJECT”, “FOLDER”, “ORGANIZATION”, “SYSTEM”, … Other values are possible but these logs cannot be routed to the owner. | ”PROJECT” |
Attributes["stackit.resource.id"] | YES | string | Identifies the space. This is usually the project/folder/organization ID. | ”bc0ab21d-396b-4880-9678-71831bada614” |
Attributes["stackit.log.id"] | YES | string | Unique identifier for the audit log entry. | ”1b84d181-857e-4a1c-99aa-7a2cbc08557a” |
Attributes["stackit.log.type"] | YES | string | This value must be “AUDIT” for audit logs. | ”AUDIT” |
Attributes["stackit.action"] | YES | string | Specific action performed in the x-stackit-authorization pattern for actions, e.g., <product>.<target>.<verb> | ”secrets-manager.instance.create” |
Attributes["stackit.request.body"] | YES | string | The full, sanitized request body. | {"key": "value"} |
Attributes["stackit.visibility"] | YES | enum | The visibility level of the source of the audit log. Possible values: “PUBLIC”, “INTERNAL" | "PUBLIC” |
Attributes["stackit.initiator"] | YES | string | Identifies the actor responsible for the event. Use the user ID if available, otherwise “SYSTEM” for system events or other identifiers. | ”1472b021-f261-4bac-86cb-931a6759b7a2” or “SYSTEM” |
Attributes["user_agent.original"] | NO | string | Agent name that created the HTTP request. | ”curl/7.81.0” |
Attributes["http.request.method"] | NO | string | HTTP method used by the client. | ”POST” |
Attributes["client.address"] | NO | string | IP address of the client. | ”0.0.0.0” |
Attributes["server.address"] | NO | string | Hostname called by the client. | ”secrets-manager.api.eu01.stackit.cloud” |
Attributes["url.path"] | NO | string | Path that was accessed by the client. | /v1/projects/<uuid>/instances |
Attributes["..."] | NO | any | Other values that provide value. | --- |
Example as JSON:
{ "resourceLogs": [ { "resource": { "attributes": [] }, "scopeLogs": [ { "scope": { "name": "stackit-audit-provider" }, "logRecords": [ { "attributes": [ { "key": "stackit.resource.type", "value": { "stringValue": "PROJECT" } }, { "key": "cloud.provider", "value": { "stringValue": "stackit" } }, { "key": "service.name", "value": { "stringValue": "secrets-manager" } }, { "key": "stackit.resource.id", "value": { "stringValue": "bc0ab21d-396b-4880-9678-71831bada614" } }, { "key": "stackit.log.type", "value": { "stringValue": "AUDIT" } }, { "key": "stackit.log.id", "value": { "stringValue": "2aabe527-2cfa-40cf-a379-dafbf1825ffe" } }, { "key": "stackit.action", "value": { "stringValue": "secrets-manager.apikey.delete" } }, { "key": "stackit.visibility", "value": { "stringValue": "PUBLIC" } }, { "key": "stackit.initiator", "value": { "stringValue": "1472b021-f261-4bac-86cb-931a6759b7a2" } }, { "key": "service.instance.id", "value": { "stringValue": "550e8400-e29b-41d4-a716-446655440000" } }, { "key": "stackit.request.body", "value": { "stringValue": "{\"apikey_id\": \"key-9982\", \"reason\": \"rotation\"}" } }, { "key": "user_agent.original", "value": { "stringValue": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36" } }, { "key": "http.request.method", "value": { "stringValue": "DELETE" } }, { "key": "url.path", "value": { "stringValue": "/v1/projects/bc0ab21d/apikeys/key-9982" } }, { "key": "client.address", "value": { "stringValue": "192.168.1.45" } }, { "key": "cloud.region", "value": { "stringValue": "eu01" } } ], "body": { "stringValue": "API Key 'key-9982' was successfully deleted by user." }, "observedTimeUnixNano": 1775575195000000000, "severityNumber": "SEVERITY_NUMBER_INFO", "severityText": "INFO", "timeUnixNano": 1775575194605756000 } ] } ] } ]}