The BTP Application Events Monitor tracks and alerts on audit events within your SAP BTP Cloud Foundry environment. It allows for granular tracking of application lifecycle changes, security events, and operational actions by communicating with the Cloud Foundry V3 Audit Events API.

Network connectivity from the collector to your BTP API endpoints (e.g., api.cf.eu10.hana.ondemand.com). BTP Credentials: A User Profile with at least Space Auditor permissions for the targeted spaces/organizations. Endpoints accessed: /v3/audit_events: To retrieve the stream of events for specific applications or spaces. /v3/apps: (Via BtpUtil) To resolve application GUIDs and metadata for filtering. Authentication: OAuth2 Password Grant (handled automatically using the configured User Profile).

==== Event Tracking ==== The monitor captures detailed information for every discovered event: - Event Type: Lifecycle events (audit.app.update, audit.app.restaging), scaling, or custom BTP events. - Actor Details: Identifies who (user or service) initiated the event. - Target Info: Maps events to specific Application Names, Spaces, and Subdomains. - Contextual Data: Captures reasons, exit descriptions, and instance IDs where available.

- Event Type Filtering: Monitor specific events (e.g., only audit.app.crash) or use * for everything. - Scope Control: Filter by Application Name, Space, or Subdomain using exact names or wildcards. - Temporal Precision: Only processes new events since the last execution to prevent duplicate processing.

- Event-Based Alarming: Trigger an alarm immediately when an event matching your criteria is detected. - Unique Identification: Each alarm is tied to the BTP Event GUID, ensuring multiple events of the same type in one cycle are all reported. - Configurable Severity: Assign different severity levels (Warning, Critical) per configuration row.

1. Metadata Sync: The monitor ensures BTP metadata (GUIDs, Orgs, Spaces) is fresh to allow users to use human-readable names in the configuration instead of GUIDs. 2. Request Generation: For each active row, a filtered API request is built using the created_ats[gt] parameter to fetch only events since the last successful run. 3. Pagination: The runner automatically handles BTP API pagination (up to 10 pages) to ensure no events are missed during busy periods. 4. Metadata Storage: Discovered events are stored as metadata (visible in the Event Log/Reports) even if alarms are disabled.

1. Create a Web Service Connector:

1. URL: Your BTP API endpoint (e.g., https://api.cf.eu10.hana.ondemand.com).
2. Auth Type: Associate with a User Profile containing valid BTP credentials.

1. Open the monitor configuration. 2. Click the “Load BTP Apps” button. 3. The table will populate with known applications. 4. Specify the Event Types you wish to monitor for those apps (e.g., audit.app.crash).

=== Method 2: Global/Wildcard Monitoring === To monitor all events across a whole space or subdomain: 1. App Name: Set to *. 2. Space / Subdomain: Enter a specific name to filter, or * for the entire subaccount. 3. Event Types: Set to * to see every audit event.

The monitor stores data under the category: BTP_APP_EVENTS

- “No cache → skipping monitoring”: Ensure the Connector is valid and the “Load BTP Apps” action works. This usually indicates a connectivity or credential issue. - Alarms not triggering: Check if the “Alarm” checkbox is checked for that specific row. If using “Event Types”, ensure the string matches the official BTP audit event type exactly. - Missing Events: The monitor fetches events since its last execution. If the monitor was inactive for a long time, it will only look back at the last 60 minutes by default. - Events show “Unknown” Space/Subdomain: This happens if an app was deleted or created very recently and is not yet in the local metadata cache. It will resolve once the cache refreshes (max 1 hour).