:doc:`CloudTrail <../../cloudtrail>` / Client / put_insight_selectors

*********************
put_insight_selectors
*********************



.. py:method:: CloudTrail.Client.put_insight_selectors(**kwargs)

  

  Lets you enable Insights event logging on specific event categories by specifying the Insights selectors that you want to enable on an existing trail or event data store. You also use ``PutInsightSelectors`` to turn off Insights event logging, by passing an empty list of Insights types. The valid Insights event types are ``ApiErrorRateInsight`` and ``ApiCallRateInsight``, and valid EventCategories are ``Management`` and ``Data``.

   

  .. note::

    

    Insights on data events are not supported on event data stores. For event data stores, you can only enable Insights on management events.

    

   

  To enable Insights on an event data store, you must specify the ARNs (or ID suffix of the ARNs) for the source event data store ( ``EventDataStore``) and the destination event data store ( ``InsightsDestination``). The source event data store logs management events and enables Insights. The destination event data store logs Insights events based upon the management event activity of the source event data store. The source and destination event data stores must belong to the same Amazon Web Services account.

   

  To log Insights events for a trail, you must specify the name ( ``TrailName``) of the CloudTrail trail for which you want to change or add Insights selectors.

   

  
  * For Management events Insights: To log CloudTrail Insights on the API call rate, the trail or event data store must log ``write`` management events. To log CloudTrail Insights on the API error rate, the trail or event data store must log ``read`` or ``write`` management events.
   
  * For Data events Insights: To log CloudTrail Insights on the API call rate or API error rate, the trail must log ``read`` or ``write`` data events. Data events Insights are not supported on event data store.
  

   

  To log CloudTrail Insights events on API call volume, the trail or event data store must log ``write`` management events. To log CloudTrail Insights events on API error rate, the trail or event data store must log ``read`` or ``write`` management events. You can call ``GetEventSelectors`` on a trail to check whether the trail logs management events. You can call ``GetEventDataStore`` on an event data store to check whether the event data store logs management events.

   

  For more information, see `Working with CloudTrail Insights <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html>`__ in the *CloudTrail User Guide*.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectors>`_  


  **Request Syntax**
  ::

    response = client.put_insight_selectors(
        TrailName='string',
        InsightSelectors=[
            {
                'InsightType': 'ApiCallRateInsight'|'ApiErrorRateInsight',
                'EventCategories': [
                    'Management'|'Data',
                ]
            },
        ],
        EventDataStore='string',
        InsightsDestination='string'
    )
    
  :type TrailName: string
  :param TrailName: 

    The name of the CloudTrail trail for which you want to change or add Insights selectors.

     

    You cannot use this parameter with the ``EventDataStore`` and ``InsightsDestination`` parameters.

    

  
  :type InsightSelectors: list
  :param InsightSelectors: **[REQUIRED]** 

    Contains the Insights types you want to log on a specific category of events on a trail or event data store. ``ApiCallRateInsight`` and ``ApiErrorRateInsight`` are valid Insight types.The EventCategory field can specify ``Management`` or ``Data`` events or both. For event data store, you can log Insights for management events only.

     

    The ``ApiCallRateInsight`` Insights type analyzes write-only management API calls or read and write data API calls that are aggregated per minute against a baseline API call volume.

     

    The ``ApiErrorRateInsight`` Insights type analyzes management and data API calls that result in error codes. The error is shown if the API call is unsuccessful.

    

  
    - *(dict) --* 

      A JSON string that contains a list of Insights types that are logged on a trail or event data store.

      

    
      - **InsightType** *(string) --* 

        The type of Insights events to log on a trail or event data store. ``ApiCallRateInsight`` and ``ApiErrorRateInsight`` are valid Insight types.

         

        The ``ApiCallRateInsight`` Insights type analyzes write-only management API calls or read and write data API calls that are aggregated per minute against a baseline API call volume.

         

        The ``ApiErrorRateInsight`` Insights type analyzes management and data API calls that result in error codes. The error is shown if the API call is unsuccessful.

        

      
      - **EventCategories** *(list) --* 

        Select the event category on which Insights should be enabled.

         

        
        * If EventCategories is not provided, the specified Insights types are enabled on management API calls by default.
         
        * If EventCategories is provided, the given event categories will overwrite the existing ones. For example, if a trail already has Insights enabled on management events, and then a PutInsightSelectors request is made with only data events specified in EventCategories, Insights on management events will be disabled.
        

        

      
        - *(string) --* 

        
    
    

  :type EventDataStore: string
  :param EventDataStore: 

    The ARN (or ID suffix of the ARN) of the source event data store for which you want to change or add Insights selectors. To enable Insights on an event data store, you must provide both the ``EventDataStore`` and ``InsightsDestination`` parameters.

     

    You cannot use this parameter with the ``TrailName`` parameter.

    

  
  :type InsightsDestination: string
  :param InsightsDestination: 

    The ARN (or ID suffix of the ARN) of the destination event data store that logs Insights events. To enable Insights on an event data store, you must provide both the ``EventDataStore`` and ``InsightsDestination`` parameters.

     

    You cannot use this parameter with the ``TrailName`` parameter.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'TrailARN': 'string',
          'InsightSelectors': [
              {
                  'InsightType': 'ApiCallRateInsight'|'ApiErrorRateInsight',
                  'EventCategories': [
                      'Management'|'Data',
                  ]
              },
          ],
          'EventDataStoreArn': 'string',
          'InsightsDestination': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **TrailARN** *(string) --* 

        The Amazon Resource Name (ARN) of a trail for which you want to change or add Insights selectors.

        
      

      - **InsightSelectors** *(list) --* 

        Contains the Insights types you want to log on a specific category of events in a trail or event data store. ``ApiCallRateInsight`` and ``ApiErrorRateInsight`` are valid Insight types.The EventCategory field can specify ``Management`` or ``Data`` events or both. For event data store, you can only log Insights for management events only.

        
        

        - *(dict) --* 

          A JSON string that contains a list of Insights types that are logged on a trail or event data store.

          
          

          - **InsightType** *(string) --* 

            The type of Insights events to log on a trail or event data store. ``ApiCallRateInsight`` and ``ApiErrorRateInsight`` are valid Insight types.

             

            The ``ApiCallRateInsight`` Insights type analyzes write-only management API calls or read and write data API calls that are aggregated per minute against a baseline API call volume.

             

            The ``ApiErrorRateInsight`` Insights type analyzes management and data API calls that result in error codes. The error is shown if the API call is unsuccessful.

            
          

          - **EventCategories** *(list) --* 

            Select the event category on which Insights should be enabled.

             

            
            * If EventCategories is not provided, the specified Insights types are enabled on management API calls by default.
             
            * If EventCategories is provided, the given event categories will overwrite the existing ones. For example, if a trail already has Insights enabled on management events, and then a PutInsightSelectors request is made with only data events specified in EventCategories, Insights on management events will be disabled.
            

            
            

            - *(string) --* 
        
      
    
      

      - **EventDataStoreArn** *(string) --* 

        The Amazon Resource Name (ARN) of the source event data store for which you want to change or add Insights selectors.

        
      

      - **InsightsDestination** *(string) --* 

        The ARN of the destination event data store that logs Insights events.

        
  
  **Exceptions**
  
  *   :py:class:`CloudTrail.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`CloudTrail.Client.exceptions.InvalidParameterCombinationException`

  
  *   :py:class:`CloudTrail.Client.exceptions.TrailNotFoundException`

  
  *   :py:class:`CloudTrail.Client.exceptions.InvalidTrailNameException`

  
  *   :py:class:`CloudTrail.Client.exceptions.CloudTrailARNInvalidException`

  
  *   :py:class:`CloudTrail.Client.exceptions.InvalidHomeRegionException`

  
  *   :py:class:`CloudTrail.Client.exceptions.InvalidInsightSelectorsException`

  
  *   :py:class:`CloudTrail.Client.exceptions.InsufficientS3BucketPolicyException`

  
  *   :py:class:`CloudTrail.Client.exceptions.InsufficientEncryptionPolicyException`

  
  *   :py:class:`CloudTrail.Client.exceptions.S3BucketDoesNotExistException`

  
  *   :py:class:`CloudTrail.Client.exceptions.KmsException`

  
  *   :py:class:`CloudTrail.Client.exceptions.UnsupportedOperationException`

  
  *   :py:class:`CloudTrail.Client.exceptions.OperationNotPermittedException`

  
  *   :py:class:`CloudTrail.Client.exceptions.NotOrganizationMasterAccountException`

  
  *   :py:class:`CloudTrail.Client.exceptions.NoManagementAccountSLRExistsException`

  
  *   :py:class:`CloudTrail.Client.exceptions.ThrottlingException`

  