After careful consideration, we have decided to discontinue Amazon Kinesis Data Analytics for SQL applications: 1. From **September 1, 2025**, we won't provide any bug fixes for Amazon Kinesis Data Analytics for SQL applications because we will have limited support for it, given the upcoming discontinuation. 2. From **October 15, 2025**, you will not be able to create new Kinesis Data Analytics for SQL applications. 3. We will delete your applications starting **January 27, 2026**. You will not be able to start or operate your Amazon Kinesis Data Analytics for SQL applications. Support will no longer be available for Amazon Kinesis Data Analytics for SQL from that time. For more information, see [Amazon Kinesis Data Analytics for SQL Applications discontinuation](discontinuation.md). # Monitoring for SQL Applications Monitoring Monitoring is an important part of maintaining the reliability, availability, and performance of and your application. You should collect monitoring data from all of the parts of your AWS solution so that you can more easily debug a multipoint failure if one occurs. Before you start monitoring , however, you should create a monitoring plan that includes answers to the following questions: + What are your monitoring goals? + What resources will you monitor? + How often will you monitor these resources? + What monitoring tools will you use? + Who will perform the monitoring tasks? + Who should be notified when something goes wrong? The next step is to establish a baseline for normal performance in your environment, by measuring performance at various times and under different load conditions. As you monitor , you can store historical monitoring data. If you do, you can compare it with current performance data, identify normal performance patterns and performance anomalies, and devise methods to address issues. With , you monitor the application. The application processes data streams (input or output), both of which include *identifiers* which you can use to narrow your search on CloudWatch logs. For information about how processes data streams, see [Amazon Kinesis Data Analytics for SQL Applications: How It Works](how-it-works.md). The most important metric is the `millisBehindLatest`, which indicates how far behind an application is reading from the streaming source. In a typical case, the milliseconds behind should be at or near zero. It is common for brief spikes to appear, which appears as an increase in `millisBehindLatest`. We recommend that you set up a CloudWatch alarm that triggers when the application is behind by more than an hour reading the streaming source. For some use cases that require very close to real-time processing, such as emitting processed data to a live application, you might choose to set the alarm at a lower value, such as five minutes. **Topics** + [ # Monitoring Tools ](monitoring-automated-manual.md) + [ # Monitoring with Amazon CloudWatch ](monitoring-cloudwatch.md) + [ # Logging API Calls with AWS CloudTrail ](logging-using-cloudtrail.md) # Monitoring Tools AWS provides various tools that you can use to monitor . You can configure some of these tools to do the monitoring for you, while some of the tools require manual intervention. We recommend that you automate monitoring tasks as much as possible. ## Automated Monitoring Tools Automated Tools You can use the following automated monitoring tools to watch and report when something is wrong: + **Amazon CloudWatch Alarms** – Watch a single metric over a time period that you specify, and perform one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The action is a notification sent to an Amazon Simple Notification Service (Amazon SNS) topic or Amazon EC2 Auto Scaling policy. CloudWatch alarms do not invoke actions simply because they are in a particular state; the state must have changed and been maintained for a specified number of periods. For more information, see [Monitoring with Amazon CloudWatch](monitoring-cloudwatch.md). + **Amazon CloudWatch Logs** – Monitor, store, and access your log files from AWS CloudTrail or other sources. For more information, see [Monitoring Log Files](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchLogs.html) in the *Amazon CloudWatch User Guide*. + **Amazon CloudWatch Events** – Match events and route them to one or more target functions or streams to make changes, capture state information, and take corrective action. For more information, see [What is Amazon CloudWatch Events](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchEvents.html) in the *Amazon CloudWatch User Guide*. + **AWS CloudTrail Log Monitoring** – Share log files between accounts, monitor CloudTrail log files in real time by sending them to CloudWatch Logs, write log processing applications in Java, and validate that your log files have not changed after delivery by CloudTrail. For more information, see [Working with CloudTrail Log Files](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-working-with-log-files.html) in the *AWS CloudTrail User Guide*. ## Manual Monitoring Tools Manual Tools Another important part of monitoring involves manually monitoring those items that the CloudWatch alarms don't cover. The , CloudWatch, Trusted Advisor, and other AWS Management Console dashboards provide an at-a-glance view of the state of your AWS environment. + The CloudWatch home page shows the following: + Current alarms and status + Graphs of alarms and resources + Service health status In addition, you can use CloudWatch to do the following: + Create [customized dashboards](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CloudWatch_Dashboards.html) to monitor the services you care about + Graph metric data to troubleshoot issues and discover trends + Search and browse all your metrics + Create and edit alarms to be notified of problems + AWS Trusted Advisor can help you monitor your to improve performance, reliability, security, and cost effectiveness. Four Trusted Advisor checks are available to all users. More than 50 checks are available to users with a Business or Enterprise support plan. For more information, see [AWS Trusted Advisor](https://aws.amazon.com/premiumsupport/trustedadvisor/). # Monitoring with Amazon CloudWatch You can monitor applications using Amazon CloudWatch. CloudWatch collects and processes raw data from into readable, near real-time metrics. These statistics are retained for a period of two weeks. You can access the historical information and gain a better perspective on how your web application or service is performing. By default, metric data is automatically sent to CloudWatch. For more information, see [What Is Amazon CloudWatch?](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatch.html) in the *Amazon CloudWatch User Guide*. **Topics** + [ # Metrics and Dimensions ](monitoring-metrics.md) + [ # Viewing Metrics and Dimensions ](metrics-dimensions.md) + [ # Creating CloudWatch Alarms to Monitor ](creating-alarms.md) + [ # Working with Amazon CloudWatch Logs ](cloudwatch-logs.md) # Metrics and Dimensions Metrics and Dimensions The `AWS/KinesisAnalytics` namespace includes the following metrics. | Metric | Description | | --- | --- | | `Bytes` | The number of bytes read (per input stream) or written (per output stream). Levels: Per input stream and per output stream | | `KPUs` | The number of Kinesis Processing Units that are used to run your stream processing application. The average number of KPUs used each hour determines the billing for your application. Levels: Application-level | | `MillisBehindLatest` | Indicates how far behind from the current time an application is reading from the streaming source. Levels: Application-level | | `Records` | The number of records read (per input stream) or written (per output stream). Levels: Per input stream and per output stream | | `Success` | 1 for each successful delivery attempt to the destination configured for your application; 0 for every failed delivery attempt. The average value of this metric indicates how many successful deliveries are performed. Levels: Per destination. | | `InputProcessing.Duration` | The time taken for each AWS Lambda function invocation performed by . Levels: Per input stream | | `InputProcessing.OkRecords ` | The number of records returned by a Lambda function that were marked with `Ok` status. Levels: Per input stream | | `InputProcessing.OkBytes ` | The sum of bytes of the records returned by a Lambda function that were marked with `Ok` status. Levels: Per input stream | | `InputProcessing.DroppedRecords ` | The number of records returned by a Lambda function that were marked with `Dropped` status. Levels: Per input stream | | `InputProcessing.ProcessingFailedRecords ` | The number of records returned by a Lambda function that were marked with `ProcessingFailed` status. Levels: Per input stream | | `InputProcessing.Success` | The number of successful Lambda invocations by . Levels: Per input stream | | `LambdaDelivery.OkRecords` | The number of records returned by a Lambda function that were marked with `Ok` status. Levels: Per Lambda destination | | `LambdaDelivery.DeliveryFailedRecords` | The number of records returned by a Lambda function that were marked with `DeliveryFailed` status. Levels: Per Lambda destination | | `LambdaDelivery.Duration` | The time taken for each Lambda function invocation performed by . Levels: Per Lambda destination | provides metrics for the following dimensions. | Dimension | Description | | --- | --- | | `Flow` | Per input stream: Input Per output stream: Output | | `Id` | Per input stream: Input Id Per output stream: Output Id | # Viewing Metrics and Dimensions Viewing Metrics and Dimensions When your application processes data streams, sends the following metrics and dimensions to CloudWatch. You can use the following procedures to view the metrics for . On the console, metrics are grouped first by service namespace, and then by the dimension combinations within each namespace. **To view metrics using the CloudWatch console** 1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/). 1. In the navigation pane, choose **Metrics**. 1. In the **CloudWatch Metrics by Category** pane for , choose a metrics category. 1. In the upper pane, scroll to view the full list of metrics. **To view metrics using the AWS CLI** + At a command prompt, use the following command. ``` 1. aws cloudwatch list-metrics --namespace "AWS/KinesisAnalytics" --region region ``` metrics are collected at the following levels: + Application + Input stream + Output stream # Creating CloudWatch Alarms to Monitor Alarms You can create an Amazon CloudWatch alarm that sends an Amazon SNS message when the alarm changes state. An alarm watches a single metric over a time period you specify. It performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The action is a notification sent to an Amazon SNS topic or Auto Scaling policy. Alarms invoke actions for sustained state changes only. For a CloudWatch alarm to invoke an action, the state must have changed and been maintained for a specified amount of time. You can set alarms using the AWS Management Console, CloudWatch AWS CLI, or CloudWatch API, as described following. **To set an alarm using the CloudWatch console** 1. Sign in to the AWS Management Console and open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/). 1. Choose **Create Alarm**. The **Create Alarm Wizard** starts. 1. Choose **Kinesis Analytics Metrics**. Then scroll through the metrics to locate the metric you want to place an alarm on. To display just metrics, search for the file system ID of your file system. Choose the metric to create an alarm for, and then choose **Next**. 1. Enter values for **Name**, **Description**, and **Whenever** for the metric. 1. If you want CloudWatch to send you an email when the alarm state is reached, in the **Whenever this alarm:** field, choose **State is ALARM**. In the **Send notification to:** field, choose an existing SNS topic. If you select **Create topic**, you can set the name and email addresses for a new email subscription list. This list is saved and appears in the field for future alarms. **Note** If you use **Create topic** to create a new Amazon SNS topic, the email addresses must be verified before they receive notifications. Emails are only sent when the alarm enters an alarm state. If this alarm state change happens before the email addresses are verified, they do not receive a notification. 1. In the **Alarm Preview** section, preview the alarm you’re about to create. 1. Choose **Create Alarm** to create the alarm. **To set an alarm using the CloudWatch CLI** + Call `[mon-put-metric-alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/cli/cli-mon-put-metric-alarm.html)`. For more information, see the [Amazon CloudWatch CLI Reference](https://docs.aws.amazon.com/AmazonCloudWatch/latest/cli/). **To set an alarm using the CloudWatch API** + Call `[PutMetricAlarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricAlarm.html)`. For more information, see the [Amazon CloudWatch API Reference](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/). # Working with Amazon CloudWatch Logs Logs If an application is misconfigured, it can transition to a running state during application start. Or it can update but not process any data into the in-application input stream. By adding a CloudWatch log option to the application, you can monitor for application configuration problems. can generate configuration errors under the following conditions: + The Kinesis data stream used for input doesn't exist. + The Amazon Data Firehose delivery stream used for input doesn't exist. + The Amazon S3 bucket used as a reference data source doesn't exist. + The specified file in the reference data source in the S3 bucket doesn't exist. + The correct resource is not defined in the AWS Identity and Access Management (IAM) role that manages related permissions. + The correct permission is not defined in the IAM role that manages related permissions. + doesn't have permission to assume the IAM role that manages related permissions. For more information about Amazon CloudWatch, see the [http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/](http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/). ## Adding the PutLogEvents Policy Action needs permissions to write misconfiguration errors to CloudWatch. You can add these permissions to the IAM role that assumes, as described following. For more information on using an IAM role for , see [Identity and Access Management in Kinesis Data Analytics](iam-role.md). ### Trust Policy To grant permissions to assume an IAM role, you can attach the following trust policy to the role. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "kinesisanalytics.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } ``` ------ ### Permissions Policy To grant an application permissions to write log events to CloudWatch from a resource, you can use the following IAM permissions policy. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "Stmt0123456789000", "Effect": "Allow", "Action": [ "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream*" ] } ] } ``` ------ ## Adding Configuration Error Monitoring Use the following API actions to add a CloudWatch log option to a new or existing application or change a log option for an existing application. **Note** You can currently only add a CloudWatch log option to an application by using API actions. You can't add CloudWatch log options by using the console. ### Adding a CloudWatch Log Option When Creating an Application The following code example demonstrates how to use the `CreateApplication` action to add a CloudWatch log option when you create an application. For more information on `Create_Application`, see [CreateApplication](API_CreateApplication.md). ``` { "ApplicationCode": "", "ApplicationDescription": "", "ApplicationName": "", "Inputs": [ ... ], "Outputs": [ ... ], "CloudWatchLoggingOptions": [{ "LogStreamARN": "", "RoleARN": "" }] } ``` ### Adding a CloudWatch Log Option to an Existing Application The following code example demonstrates how to use the `AddApplicationCloudWatchLoggingOption` action to add a CloudWatch log option to an existing application. For more information about `AddApplicationCloudWatchLoggingOption`, see [AddApplicationCloudWatchLoggingOption](API_AddApplicationCloudWatchLoggingOption.md). ``` { "ApplicationName": "", "CloudWatchLoggingOption": { "LogStreamARN": "", "RoleARN": "" }, "CurrentApplicationVersionId": } ``` ### Updating an Existing CloudWatch Log Option The following code example demonstrates how to use the `UpdateApplication` action to modify an existing CloudWatch log option. For more information about `UpdateApplication`, see [UpdateApplication](API_UpdateApplication.md). ``` { "ApplicationName": "", "ApplicationUpdate": { "CloudWatchLoggingOptionUpdates": [ { "CloudWatchLoggingOptionId": "", "LogStreamARNUpdate": "", "RoleARNUpdate": "" } ], }, "CurrentApplicationVersionId": } ``` ### Deleting a CloudWatch Log Option from an Application The following code example demonstrates how to use the `DeleteApplicationCloudWatchLoggingOption` action to delete an existing CloudWatch log option. For more information about `DeleteApplicationCloudWatchLoggingOption`, see [DeleteApplicationCloudWatchLoggingOption](API_DeleteApplicationCloudWatchLoggingOption.md). ``` { "ApplicationName": "", "CloudWatchLoggingOptionId": "", "CurrentApplicationVersionId": } ``` ## Configuration Errors The following sections contain details about errors that you might see in Amazon CloudWatch Logs from a misconfigured application. ### Error Message Format Error messages generated by application misconfiguration appear in the following format. ``` { "applicationARN": "string", "applicationVersionId": integer, "messageType": "ERROR", "message": "string", "inputId": "string", "referenceId": "string", "errorCode": "string" "messageSchemaVersion": "integer", } ``` The fields in an error message contain the following information: + `applicationARN`: The Amazon Resource Name (ARN) of the generating application, for example: `arn:aws:kinesisanalytics:us-east-1:112233445566:application/sampleApp` + `applicationVersionId`: The version of the application at the time the error was encountered. For more information, see [ApplicationDetail](API_ApplicationDetail.md). + `messageType`: The message type. Currently, this type can be only `ERROR`. + `message`: The details of the error, for example: ``` There is a problem related to the configuration of your input. Please check that the resource exists, the role has the correct permissions to access the resource and that Kinesis Analytics can assume the role provided. ``` + `inputId`: The ID associated with the application input. This value is only present if this input is the cause of the error. This value is not present if `referenceId` is present. For more information, see [DescribeApplication](API_DescribeApplication.md). + `referenceId`: The ID associated with the application reference data source. This value is only present if this source is the cause of the error. This value is not present if `inputId` is present. For more information, see [DescribeApplication](API_DescribeApplication.md). + `errorCode`: The identifier for the error. This ID is either `InputError` or `ReferenceDataError`. + `messageSchemaVersion`: A value that specifies the current message schema version, currently `1`. You can check this value to see if the error message schema has been updated. ### Errors The errors that might appear in CloudWatch Logs for include the following. #### Resource Does Not Exist If an ARN is specified for a Kinesis input stream that doesn't exist, but the ARN is syntactically correct, an error like the following is generated. ``` { "applicationARN": "arn:aws:kinesisanalytics:us-east-1:112233445566:application/sampleApp", "applicationVersionId": "5", "messageType": "ERROR", "message": "There is a problem related to the configuration of your input. Please check that the resource exists, the role has the correct permissions to access the resource and that Kinesis Analytics can assume the role provided.", "inputId":"1.1", "errorCode": "InputError", "messageSchemaVersion": "1" } ``` If an incorrect Amazon S3 file key is used for reference data, an error like the following is generated. ``` { "applicationARN": "arn:aws:kinesisanalytics:us-east-1:112233445566:application/sampleApp", "applicationVersionId": "5", "messageType": "ERROR", "message": "There is a problem related to the configuration of your reference data. Please check that the bucket and the file exist, the role has the correct permissions to access these resources and that Kinesis Analytics can assume the role provided.", "referenceId":"1.1", "errorCode": "ReferenceDataError", "messageSchemaVersion": "1" } ``` #### Role Does Not Exist If an ARN is specified for an IAM input role that doesn't exist, but the ARN is syntactically correct, an error like the following is generated. ``` { "applicationARN": "arn:aws:kinesisanalytics:us-east-1:112233445566:application/sampleApp", "applicationVersionId": "5", "messageType": "ERROR", "message": "There is a problem related to the configuration of your input. Please check that the resource exists, the role has the correct permissions to access the resource and that Kinesis Analytics can assume the role provided.", "inputId":null, "errorCode": "InputError", "messageSchemaVersion": "1" } ``` #### Role Does Not Have Permissions to Access the Resource If an input role is used that doesn't have permission to access the input resources, such as a Kinesis source stream, an error like the following is generated. ``` { "applicationARN": "arn:aws:kinesisanalytics:us-east-1:112233445566:application/sampleApp", "applicationVersionId": "5", "messageType": "ERROR", "message": "There is a problem related to the configuration of your input. Please check that the resource exists, the role has the correct permissions to access the resource and that Kinesis Analytics can assume the role provided.", "inputId":null, "errorCode": "InputError", "messageSchemaVersion": "1" } ``` # Logging API Calls with AWS CloudTrail Using AWS CloudTrail is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in . CloudTrail captures all API calls for as events. The calls captured include calls from the console and code calls to the API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for . If you don't configure a trail, you can still view the most recent events in the CloudTrail console in **Event history**. Using the information collected by CloudTrail, you can determine the request that was made to , the IP address from which the request was made, who made the request, when it was made, and additional details. To learn more about CloudTrail, see the [AWS CloudTrail User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). ## Information in CloudTrail CloudTrail is enabled on your AWS account when you create the account. When activity occurs in , that activity is recorded in a CloudTrail event along with other AWS service events in **Event history**. You can view, search, and download recent events in your AWS account. For more information, see [Viewing Events with CloudTrail Event History](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html). For an ongoing record of events in your AWS account, including events for , create a trail. A *trail* enables CloudTrail to deliver log files to an Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all . The trail logs events from all Regions in the AWS partition and delivers the log files to the Amazon S3 bucket that you specify. Additionally, you can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following: + [Overview for Creating a Trail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html) + [CloudTrail Supported Services and Integrations](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-integrations) + [Configuring Amazon SNS Notifications for CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_notifications_top_level.html) + [Receiving CloudTrail Log Files from Multiple Regions](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html) and [Receiving CloudTrail Log Files from Multiple Accounts](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html) All actions are logged by CloudTrail and are documented in the [ API reference](/managed-flink/latest/apiv2/Welcome.html). For example, calls to the `[CreateApplication](/kinesisanalytics/latest/dev/API_CreateApplication.html)` and ` [UpdateApplication](/kinesisanalytics/latest/dev/API_UpdateApplication.html)` actions generate entries in the CloudTrail log files. Every event or log entry contains information about who generated the request. The identity information helps you determine the following: + Whether the request was made with AWS account root user or user credentials. + Whether the request was made with temporary security credentials for a role or federated user. + Whether the request was made by another AWS service. For more information, see the [CloudTrail userIdentity Element](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html). ## Understanding Log File Entries A trail is a configuration that enables delivery of events as log files to an Amazon S3 bucket that you specify. CloudTrail log files contain one or more log entries. An event represents a single request from any source and includes information about the requested action, the date and time of the action, request parameters, and so on. CloudTrail log files aren't an ordered stack trace of the public API calls, so they don't appear in any specific order. The following example shows a CloudTrail log entry that demonstrates the [AddApplicationCloudWatchLoggingOption](/kinesisanalytics/latest/dev/API_AddApplicationCloudWatchLoggingOption.html) and [DescribeApplication](/kinesisanalytics/latest/dev/API_DescribeApplication.html) actions. ``` { "Records": [ { "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::012345678910:user/Alice", "accountId": "012345678910", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2019-03-14T01:03:00Z", "eventSource": "kinesisanalytics.amazonaws.com", "eventName": "AddApplicationCloudWatchLoggingOption", "awsRegion": "us-east-1", "sourceIPAddress": "127.0.0.1", "userAgent": "aws-sdk-java/unknown-version Linux/x.xx", "requestParameters": { "currentApplicationVersionId": 1, "cloudWatchLoggingOption": { "roleARN": "arn:aws:iam::012345678910:role/cloudtrail_test", "logStreamARN": "arn:aws:logs:us-east-1:012345678910:log-group:cloudtrail-test:log-stream:sql-cloudwatch" }, "applicationName": "cloudtrail-test" }, "responseElements": null, "requestID": "e897cd34-45f4-11e9-8912-e52573a36cd9", "eventID": "57fe50e9-c764-47c3-a0aa-d0c271fa1cbb", "eventType": "AwsApiCall", "apiVersion": "2015-08-14", "recipientAccountId": "303967445486" }, { "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::012345678910:user/Alice", "accountId": "012345678910", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2019-03-14T05:37:20Z", "eventSource": "kinesisanalytics.amazonaws.com", "eventName": "DescribeApplication", "awsRegion": "us-east-1", "sourceIPAddress": "127.0.0.1", "userAgent": "aws-sdk-java/unknown-version Linux/x.xx", "requestParameters": { "applicationName": "cloudtrail-test" }, "responseElements": null, "requestID": "3b74eb29-461b-11e9-a645-fb677e53d147", "eventID": "750d0def-17b6-4c20-ba45-06d9d45e87ee", "eventType": "AwsApiCall", "apiVersion": "2015-08-14", "recipientAccountId": "012345678910" } ] } ```