All Products
Search

This Product

    ActionTrail:How do I configure the LookupAttribute parameter when calling LookupInsightEvents?

    Document Center

    ActionTrail:How do I configure the LookupAttribute parameter when calling LookupInsightEvents?

    Last Updated:Jan 16, 2026

    The LookupAttribute parameter allows you to filter the results when you call the LookupInsightEvents API operation. This topic describes the supported filter attributes and their usage.

    Note

    You can specify a maximum of two AttributeItem objects as filter conditions in the LookupAttribute parameter. However, using two objects is subject to certain limitations. For more information, see the "Limitations" section.

    Each AttributeItem object is a key-value pair that you can use to filter events based on their properties, such as the service name or event name. For example, to find events from Elastic Compute Service (ECS), you can specify an attribute key of ServiceName and an attribute value of Ecs. The following table lists the supported attribute keys.

    Attribute key

    Attribute value

    Example

    ServiceName

    The service code for the Alibaba Cloud service. For more information, see the Service code column in the Services that work with ActionTrail list.

    Ecs

    EventName

    The name of the event. For more information, see the Event column in the Audited events in ActionTrail list.

    LookupEvents

    SourceIpAddress

    The source IP address of the request.

    192.168.***.***

    InsightType

    The type of the Insights event. For a list of valid values, see the Insights event type description in Insights event structure.

    IpInsight

    EventId

    The event ID.

    B702AFA3-FD4B-40E3-88E4-C0752FAA****

    AccessKeyId

    The AccessKey ID used to make the request.

    LTAI****************

    InsightObject

    The primary subject of the Insights event analysis. The value of this key depends on the InsightType. For example, if InsightType is AkInsight, the InsightObject is the AccessKey pair ID. For a list of valid values, see the Insights event analysis object description in Insights event structure.

    LTAI****************

    Limitations

    You can specify a maximum of two AttributeItem objects in the LookupAttribute parameter. The query performs a case-sensitive, exact match on the specified key-value pairs.

    • When two AttributeItem objects are specified, the query returns events that match both conditions (a logical AND).

    • When using two AttributeItem objects, the only supported combination of attribute keys is ServiceName and EventName.

    • Specifying more than two retrieval conditions is not supported and will result in an error.