If you want to query the events of an Alibaba Cloud account or an AccessKey pair, you can use the system templates provided by the advanced event query feature of ActionTrail. The system templates include Events of Console Logons by Using Alibaba Cloud Account, Events of Access by Using AccessKey Pair of Alibaba Cloud Account, Events of Logons by Using RAM User without MFA, and Events of Failed Access by Using AccessKey Pair. This topic describes how to use a system template to query the details of console logon events by using an Alibaba Cloud account.
Prerequisites
The advanced event query feature is enabled. For more information, see Enable the advanced event query feature.
Procedure
Log on to the ActionTrail console.
In the left-side navigation pane, choose .
In the Query Range pane, click the Template Library tab and choose .
On the Events of Console Logons by Using Alibaba Cloud Account tab, specify a time range to query events and click Run.
NoteBy default, ActionTrail queries the events within seven days.
You can click Event Alert on the right side of the tab to configure an alert for the current event. For more information, see Create a custom alert rule.
You can modify the default SQL statement in the system template and click Save to save the template as a custom template for reuse in subsequent tasks.
View the query results.
Raw log
On the Raw Log tab, find the event that you want to view and click View Event Details in the Actions column to view the basic information and JSON format of the event.
Histogram
On the Query Histogram tab, view the histograms of events.
References
You can configure filter conditions or SQL statements to query event details. For more information, see Perform custom event queries.