Queries event details.
When you call this operation to query event details, you can query the event details at most twice per second.
Note: Do not frequently call this operation. You can create a trail to deliver events to Log Service. Then, you can query event details in near real time by using the real-time log consumption feature of Log Service.
For more information, see Create a single-account trail, Create a multi-account trail, and Real-time subscription and consumption.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | LookupEvents |
The operation that you want to perform. Set the value to LookupEvents. |
NextToken | String | No | eyJhY2NvdW50IjoiMTQyNDM3OTU4NjM4NzE2MSIsImV2ZW50SWQiOiI3MkJDRTExRi02OTU3LTQ0NUItQjY0MC1CNEUyMkM4NUEwQzgiLCJsb2dJZCI6IjgyLTE0MjQzNzk1ODYzODcxNjEiLCJ0aW1lIjoxNjAyMzExNTQwMD**** |
The token used to request the next page of query results. Note The request parameters must be the same as those of the last request.
|
MaxResults | String | No | 20 |
The maximum number of entries to be returned. Valid values: 0 to 50. |
StartTime | String | No | 2020-10-08T11:00:00Z |
The beginning of the time range to query. The default time is seven days prior to
the current time. Specify the time in the ISO 8601 standard. The time must be in UTC.
Format: Note The maximum time range is 30 days. You can query the detailed information about events
that are generated in the recent 90 days.
|
EndTime | String | No | 2020-10-15T11:00:00Z |
The end of the time range to query. The default time is the current time. Specify
the time in the ISO 8601 standard. The time must be in UTC. Format: Note The maximum time range is 30 days. You can query the detailed information about events
that are generated in the recent 90 days.
|
LookupAttribute.N.Key | String | No | ServiceName |
The key of the query condition. Valid values:
|
LookupAttribute.N.Value | String | No | Ecs |
The value of the query condition. Valid values:
|
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
Events | List | N/A (see sample success responses) |
The returned event details. For more information about the fields in an event log, see ActionTrail event log reference. |
NextToken | String | eyJhY2NvdW50IjoiMTQyNDM3OTU4NjM4NzE2MSIsImV2ZW50SWQiOiI3MkJDRTExRi02OTU3LTQ0NUItQjY0MC1CNEUyMkM4NUEwQzgiLCJsb2dJZCI6IjgyLTE0MjQzNzk1ODYzODcxNjEiLCJ0aW1lIjoxNjAyMzExNTQwMD**** |
The token used to return the next page of query results. Note This parameter is not returned if no more results are to be returned.
|
StartTime | String | 2020-07-15T14:00:00Z |
The beginning of the time range when event details were queried. |
EndTime | String | 2020-07-22T14:00:00Z |
The end of the time range when event details were queried. |
RequestId | String | FD79665A-CE8B-49D4-82E6-5EE2E0E791DD |
The ID of the request. |
Examples
Sample requests
http(s)://[Endpoint]/? Action=LookupEvents
&<Common request parameters>
Sample success responses
JSON
format
{
"RequestId": "FD79665A-CE8B-49D4-82E6-5EE2E0E791DD"
"NextToken": "eyJhY2NvdW50IjoiMTQyNDM3OTU4NjM4NzE2MSIsImV2ZW50SWQiOiI3MkJDRTExRi02OTU3LTQ0NUItQjY0MC1CNEUyMkM4NUEwQzgiLCJsb2dJZCI6IjgyLTE0MjQzNzk1ODYzODcxNjEiLCJ0aW1lIjoxNjAyMzExNTQwMD****",
"EndTime": "2020-07-22T14:00:00Z",
"Events": [
{
"eventId": "B702AFA3-FD4B-40E3-88E4-C0752FAA****",
"eventVersion": 1,
"eventSource": "actiontrail.cn-hangzhou.aliyuncs.com",
"requestParameters": {
"AcsHost": "actiontrail.cn-hangzhou.aliyuncs.com",
"RequestId": "B702AFA3-FD4B-40E3-88E4-C0752FAA5A07",
"AcsProduct": "Actiontrail",
"Region": "cn-hangzhou",
"LookupAttribute.1.Value": "Ecs",
"HostId": "actiontrail.cn-hangzhou.aliyuncs.com",
"LookupAttribute.1.Key": "ServiceName"
},
"sourceIpAddress": "100.68.XX.XX",
"eventType": "ApiCall",
"userIdentity": {
"accessKeyId": "LTAI4GK3D6YtNkNZfjDV****",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2020-10-10T08:31:47Z"
}
},
"accountId": "142437958638****",
"principalId": "142437958638****",
"type": "root-account",
"userName": "root"
},
"serviceName": "Actiontrail",
"additionalEventData": {
"Scheme": "http"
},
"apiVersion": "2020-07-06",
"requestId": "B702AFA3-FD4B-40E3-88E4-C0752FAA5A07",
"eventTime": "2020-10-10T08:31:47Z",
"isGlobal": false,
"acsRegion": "cn-hangzhou",
"eventName": "LookupEvents"
}
],
"StartTime": "2020-07-15T14:00:00Z",
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | IncompleteSignature | The request signature does not conform to Alibaba Cloud standards. | The error message returned because the request signature does not conform to the standards of Alibaba Cloud. Check whether the AccessKey ID and AccessKey secret are valid and whether the signature method is appropriate. For more information, see Signature method. |
400 | InvalidParameterCombination | The end time must be later than the start time. | The error message returned because the end of the time range must be later than the beginning. |
400 | InvalidQueryParameter | The specified query parameter is invalid. | The error message returned because the specified request parameters are invalid. |
400 | InvalidParameterDateOutOfRange | Query time range exceeds 30 days. | The error message returned because the specified time range exceeds 30 days. |
400 | InvalidParameterEndTime | The specified EndTime is invalid. | The error message returned because the value of the EndTime parameter is invalid. |
400 | InvalidParameterStartTime | The specified StartTime is invalid. | The error message returned because the value of the StartTime parameter is invalid. |
400 | InvalidParameterStartTimeExceedsCurrent | The StartTime exceeds the current time. Use GMT time format for queries. | The error message returned because the beginning of the time range is later than the current time. Specify a valid time range in UTC. |
400 | InvalidParameterStartTimeOutOfDate | The StartTime exceeds the limit of 90 days. | The error message returned because the beginning of the time range is more than 90 days before the current time. |
400 | InvalidTimeRangeException | The end time must be later than the start time. The time span cannot exceed 30 days. | The error message returned because the end of the time range must be later than the beginning and the time range must not exceed 30 days. |
For a list of error codes, visit the API Error Center.