GetQueryResults - AWS CloudTrail

GetQueryResults

Gets event data results of a query. You must specify the QueryID value returned by the StartQuery operation.

Request Syntax

{ "EventDataStore": "string", "MaxQueryResults": number, "NextToken": "string", "QueryId": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

EventDataStore

This parameter has been deprecated.

The ARN (or ID suffix of the ARN) of the event data store against which the query was run.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 256.

Pattern: ^[a-zA-Z0-9._/\-:]+$

Required: No

MaxQueryResults

The maximum number of query results to display on a single page.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 1000.

Required: No

NextToken

A token you can use to get the next page of query results.

Type: String

Length Constraints: Minimum length of 4. Maximum length of 1000.

Pattern: .*

Required: No

QueryId

The ID of the query for which you want to get results.

Type: String

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9\-]+$

Required: Yes

Response Syntax

{ "ErrorMessage": "string", "NextToken": "string", "QueryResultRows": [ [ { "string" : "string" } ] ], "QueryStatistics": { "BytesScanned": number, "ResultsCount": number, "TotalResultsCount": number }, "QueryStatus": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ErrorMessage

The error message returned if a query failed.

Type: String

Length Constraints: Minimum length of 4. Maximum length of 1000.

Pattern: .*

NextToken

A token you can use to get the next page of query results.

Type: String

Length Constraints: Minimum length of 4. Maximum length of 1000.

Pattern: .*

QueryResultRows

Contains the individual event results of the query.

Type: Array of arrays of string to string maps

QueryStatistics

Shows the count of query results.

Type: QueryStatistics object

QueryStatus

The status of the query. Values include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED.

Type: String

Valid Values: QUEUED | RUNNING | FINISHED | FAILED | CANCELLED | TIMED_OUT

Errors

For information about the errors that are common to all actions, see Common Errors.

EventDataStoreARNInvalidException

The specified event data store ARN is not valid or does not map to an event data store in your account.

HTTP Status Code: 400

EventDataStoreNotFoundException

The specified event data store was not found.

HTTP Status Code: 400

InactiveEventDataStoreException

The event data store is inactive.

HTTP Status Code: 400

InsufficientEncryptionPolicyException

This exception is thrown when the policy on the S3 bucket or AWS KMS key does not have sufficient permissions for the operation.

HTTP Status Code: 400

InvalidMaxResultsException

This exception is thrown if the limit specified is not valid.

HTTP Status Code: 400

InvalidNextTokenException

A token that is not valid, or a token that was previously used in a request with different parameters. This exception is thrown if the token is not valid.

HTTP Status Code: 400

InvalidParameterException

The request includes a parameter that is not valid.

HTTP Status Code: 400

NoManagementAccountSLRExistsException

This exception is thrown when the management account does not have a service-linked role.

HTTP Status Code: 400

OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400

QueryIdNotFoundException

The query ID does not exist or does not map to a query.

HTTP Status Code: 400

UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: