All Products
Search

This Product

    ActionTrail:Fix unavailable advanced event query and alerting in ActionTrail

    Document Center

    ActionTrail:Fix unavailable advanced event query and alerting in ActionTrail

    Last Updated:Feb 28, 2026

    ActionTrail advanced event query and alerting stop working when Logstore index settings are modified. This topic describes how to identify and fix the issue.

    Cause

    When you create a trail that delivers events to Simple Log Service (SLS), ActionTrail automatically configures full-text and field indexes in the destination Logstore. These indexes are required for advanced event query and alerting to work.

    If you manually change these index settings in the SLS console, the features may become unavailable.

    Solution 1: Restore index settings in the SLS console

    Manually reset the index configuration to the required defaults.

    1. Log on to the ActionTrail console.

    2. In the left-side navigation pane, click Trails.

    3. On the Trails page, find the trail and click the Logstore name in the Storage Service column. The SLS console opens.

    4. On the Logstore details page, choose Index Attributes > Attributes.

    5. Configure the following index settings:

      • Full-text Index: Enabled

      • Enable Analytics: Enabled for all sub-fields of the event field

      • LogReduce: Disabled

    6. Click OK.

    7. In the Search & Analysis confirmation dialog, click OK.

    Verify the fix

    1. Return to the ActionTrail console.

    2. Run an advanced event query on the trail.

    3. Confirm that query results appear and alerting is available.

    Note

    Index changes apply only to events ingested after the update. Events delivered while the indexes were misconfigured may not be queryable.

    Solution 2: Restore index settings by using Cloud Shell

    Run a single command in Cloud Shell to restore the default indexes automatically.

    1. Log on to Cloud Shell.

    2. Run the following command:

      actiontrail-update-index [project] [logstore] [regionId]

      Replace the placeholders with your actual values:

      ParameterDescriptionExample
      [project]SLS project nameactiontrail-ev****
      [logstore]Logstore nameactiontrail-test****
      [regionId]Region where the SLS project residescn-hangzhou
      Note

      You can find the project name, Logstore name, and region on the trail details page in the ActionTrail console.

      Example:

      actiontrail-update-index actiontrail-ev**** actiontrail-test**** cn-hangzhou

    Verify the fix

    1. Return to the ActionTrail console.

    2. Run an advanced event query on the trail.

    3. Confirm that query results appear and alerting is available.

    Prevent recurrence

    • Do not manually modify the full-text or field index settings in the SLS Logstore that ActionTrail manages.

    • If you need custom indexes for other purposes, create a separate Logstore and use SLS data transformation to replicate events. Do not modify the ActionTrail-managed Logstore directly.