ListInsightsData - AWS CloudTrail
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsSee Also

ListInsightsData

Returns Insights events generated on a trail that logs data events. You can list Insights events that occurred in a Region within the last 90 days.

ListInsightsData supports the following Dimensions for Insights events:

  • Event ID

  • Event name

  • Event source

All dimensions are optional. The default number of results returned is 50, with a maximum of 50 possible. The response includes a token that you can use to get the next page of results.

The rate of ListInsightsData requests is limited to two per second, per account, per Region. If this limit is exceeded, a throttling error occurs.

Request Syntax

{
   "DataType": "string",
   "Dimensions": { 
      "string" : "string" 
   },
   "EndTime": number,
   "InsightSource": "string",
   "MaxResults": number,
   "NextToken": "string",
   "StartTime": number
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

DataType

Specifies the category of events returned. To fetch Insights events, specify InsightsEvents as the value of DataType

Type: String

Valid Values: InsightsEvents

Required: Yes

Dimensions

Contains a map of dimensions. Currently the map can contain only one item.

Type: String to string map

Map Entries: Maximum number of 1 item.

Valid Keys: EventId | EventName | EventSource

Value Length Constraints: Minimum length of 1. Maximum length of 2000.

Required: No

EndTime

Specifies that only events that occur before or at the specified time are returned. If the specified end time is before the specified start time, an error is returned.

Type: Timestamp

Required: No

InsightSource

The Amazon Resource Name(ARN) of the trail for which you want to retrieve Insights events.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 256.

Pattern: ^[a-zA-Z0-9._/\-:]+$

Required: Yes

MaxResults

The number of events to return. Possible values are 1 through 50. The default is 50.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 50.

Required: No

NextToken

The token to use to get the next page of results after a previous API call. This token must be passed in with the same parameters that were specified in the original call. For example, if the original call specified a EventName as a dimension with PutObject as a value, the call with NextToken should include those same parameters.

Type: String

Length Constraints: Minimum length of 4. Maximum length of 1000.

Pattern: .*

Required: No

StartTime

Specifies that only events that occur after or at the specified time are returned. If the specified start time is after the specified end time, an error is returned.

Type: Timestamp

Required: No

Response Syntax

{
   "Events": [ 
      { 
         "AccessKeyId": "string",
         "CloudTrailEvent": "string",
         "EventId": "string",
         "EventName": "string",
         "EventSource": "string",
         "EventTime": number,
         "ReadOnly": "string",
         "Resources": [ 
            { 
               "ResourceName": "string",
               "ResourceType": "string"
            }
         ],
         "Username": "string"
      }
   ],
   "NextToken": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Events

A list of events returned based on the InsightSource, DataType or Dimensions specified. The events list is sorted by time. The most recent event is listed first.

Type: Array of Event objects

NextToken

The token to use to get the next page of results after a previous API call. If the token does not appear, there are no more results to return. The token must be passed in with the same parameters as the previous call. For example, if the original call specified a EventName as a dimension with PutObject as a value, the call with NextToken should include those same parameters.

Type: String

Length Constraints: Minimum length of 4. Maximum length of 1000.

Pattern: .*

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidParameterException

The request includes a parameter that is not valid.

HTTP Status Code: 400

OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400

UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: