Queries event details.

When you call this operation to query event details, you can query the event details at most twice per second.

Note Do not frequently call this operation. You can create a trail to deliver events to Log Service. Then, you can query event details in near real time by using the real-time log consumption feature of Log Service. For more information, see Create a single-account trail, Create a multi-account trail, and Overview.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes LookupEvents

The operation that you want to perform. Set the value to LookupEvents.

NextToken String No eyJhY2NvdW50IjoiMTQyNDM3OTU4NjM4NzE2MSIsImV2ZW50SWQiOiI3MkJDRTExRi02OTU3LTQ0NUItQjY0MC1CNEUyMkM4NUEwQzgiLCJsb2dJZCI6IjgyLTE0MjQzNzk1ODYzODcxNjEiLCJ0aW1lIjoxNjAyMzExNTQwMD****

The token used to request the next page of query results.

Note The request parameters must be the same as those of the last request.
MaxResults String No 20

The maximum number of entries to be returned.

Valid values: 0 to 50.

StartTime String No 2020-10-08T11:00:00Z

The beginning of the time range to query. The default time is seven days prior to the current time. Specify the time in the ISO 8601 standard in the YYYY-MM-DDThh:mm:ssZ format. The time must be in UTC.

EndTime String No 2020-10-15T11:00:00Z

The end of the time range to query. The default time is the current time. Specify the time in the ISO 8601 standard in the YYYY-MM-DDThh:mm:ssZ format. The time must be in UTC.

Direction String No BACKWARD

The order in which details of events are to be retrieved. Valid values:

  • FORWARD: ascending order.
  • BACKWARD: descending order. This is the default value.
LookupAttribute.N.Key String No ServiceName

The key of the query condition. Valid values:

  • ServiceName: the name of a specific Alibaba Cloud service.
  • EventName: the name of a specific event.
  • User: the name of the RAM user who calls a specific operation.
  • EventId: the ID of a specific event.
  • ResourceType: the type of resources.
  • ResourceName: the name of a specific resource.
  • EventRW: the read/write type of events.
  • EventAccessKeyId: the AccessKey ID used in events.
    Note You can use only one query condition for each query.
LookupAttribute.N.Value String No Ecs

The value of the query condition. Valid values:

  • When the LookupAttribute.N.Key parameter is set to ServiceName, you can set this parameter to a value such as Ecs.
  • When the LookupAttribute.N.Key parameter is set to EventName, you can set this parameter to a value such as ConsoleSignin.
  • When the LookupAttribute.N.Key parameter is set to User, you can set this parameter to a value such as Alice.
  • When the LookupAttribute.N.Key parameter is set to EventId, you can set this parameter to a value such as B702AFA3-FD4B-40E3-88E4-C0752FAA****.
  • When the LookupAttribute.N.Key parameter is set to ResourceType, you can set this parameter to a value such as ACS::ECS::Instance.
  • When the LookupAttribute.N.Key parameter is set to ResourceName, you can set this parameter to a value such as i-bp14664y88udkt45****.
  • When the LookupAttribute.N.Key parameter is set to EventRW, you can set this parameter to Read or Write.
  • When the LookupAttribute.N.Key parameter is set to EventAccessKeyId, you can set this parameter to a value such as LTAI4FoDkCf4DU1bic1V****.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
EndTime String 2020-07-22T14:00:00Z

The end of the time range when event details were queried.

NextToken String eyJhY2NvdW50IjoiMTQyNDM3OTU4NjM4NzE2MSIsImV2ZW50SWQiOiI3MkJDRTExRi02OTU3LTQ0NUItQjY0MC1CNEUyMkM4NUEwQzgiLCJsb2dJZCI6IjgyLTE0MjQzNzk1ODYzODcxNjEiLCJ0aW1lIjoxNjAyMzExNTQwMD****

The token used to return the next page of query results.

Note This parameter is not returned if no more results are to be returned.
RequestId String FD79665A-CE8B-49D4-82E6-5EE2E0E791DD

The ID of the request.

Events Array of Object N/A (see sample success responses)

The returned event details.

For more information about the fields in an event log, see ActionTrail event log reference.

StartTime String 2020-07-15T14:00:00Z

The beginning of the time range when event details were queried.

Examples

Sample requests

http(s)://[Endpoint]/?Action=LookupEvents
&<Common request parameters>

Sample success responses

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
    "RequestId": "FD79665A-CE8B-49D4-82E6-5EE2E0E791DD"
	"NextToken": "eyJhY2NvdW50IjoiMTQyNDM3OTU4NjM4NzE2MSIsImV2ZW50SWQiOiI3MkJDRTExRi02OTU3LTQ0NUItQjY0MC1CNEUyMkM4NUEwQzgiLCJsb2dJZCI6IjgyLTE0MjQzNzk1ODYzODcxNjEiLCJ0aW1lIjoxNjAyMzExNTQwMD****",
	"EndTime": "2020-07-22T14:00:00Z",
	"Events": [
        {
		  "eventId": "B702AFA3-FD4B-40E3-88E4-C0752FAA****",
		  "eventVersion": 1,
		  "eventSource": "actiontrail.cn-hangzhou.aliyuncs.com",
		  "requestParameters": {
				"AcsHost": "actiontrail.cn-hangzhou.aliyuncs.com",
				"RequestId": "B702AFA3-FD4B-40E3-88E4-C0752FAA5A07",
				"AcsProduct": "Actiontrail",
				"Region": "cn-hangzhou",
				"LookupAttribute.1.Value": "Ecs",
				"HostId": "actiontrail.cn-hangzhou.aliyuncs.com",
				"LookupAttribute.1.Key": "ServiceName"
			},
			"sourceIpAddress": "100.68.XX.XX",
			"eventType": "ApiCall",
			"userIdentity": {
				"accessKeyId": "LTAI4GK3D6YtNkNZfjDV****",
				"sessionContext": {
					"attributes": {
						"mfaAuthenticated": "false",
						"creationDate": "2020-10-10T08:31:47Z"
					}
				},
				"accountId": "142437958638****",
				"principalId": "142437958638****",
				"type": "root-account",
				"userName": "root"
			},
			"serviceName": "Actiontrail",
			"additionalEventData": {
				"Scheme": "http"
			},
			"apiVersion": "2020-07-06",
			"requestId": "B702AFA3-FD4B-40E3-88E4-C0752FAA5A07",
			"eventTime": "2020-10-10T08:31:47Z",
			"isGlobal": false,
			"acsRegion": "cn-hangzhou",
			"eventName": "LookupEvents"
	   }
    ],
	"StartTime": "2020-07-15T14:00:00Z",
}

Error codes

HTTP status code Error code Error message Description
400 IncompleteSignature The request signature does not conform to Alibaba Cloud standards. The error message returned because the request signature does not conform to the standards of Alibaba Cloud. Check whether the AccessKey ID and AccessKey secret are valid and whether the signature method is appropriate. For more information, see Signature method.
400 InvalidParameterCombination The end time must be later than the start time. The error message returned because the end of the time range is earlier than or equal to the beginning.
400 InvalidQueryParameter The specified query parameter is invalid. The error message returned because the specified request parameters are invalid.
400 InvalidParameterEndTime The specified EndTime is invalid. The error message returned because the value of the EndTime parameter is invalid.
400 InvalidParameterStartTime The specified StartTime is invalid. The error message returned because the value of the StartTime parameter is invalid.

For a list of error codes, visit the API Error Center.