Mobile Endpoint Security

Mobile Endpoint Security Security Service Edge

Mobile Endpoint Security Security Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Mobile Endpoint Security

Mobile Endpoint Security Contents

MES Console

Small and Medium Business Solutions (SMB)

Lookout for Work

MDMs

SIEM Integrations

Partner and Mobile Risk APIs

Mobile Risk API

Query Parameter Reference

Common Query Parameters

Common Query Parameters

Both the /events and /audit endpoints take the following parameters:


Query parameter	Type	Description	Example
`streamPosition`	String	Opaque String used to keep track of the stream position.	Return up to 100 events starting at position 376734: `/events?streamPosition=376734`
`limit`	Integer	The maximum number of events to return. The API returns the lowest of the specified `limit`, the internal limit of 100, and the actual number of events from the provided `streamPosition`.	Return up to 50 events starting at the beginning of the stream: `/events?limit=50`
`ascending`	Boolean	Defaults to `true`, returning events in normal time order. Setting this to `false` returns events prior to the provided `streamPosition` and sorted in reverse order, with the most recent events first. This parameter cannot be used if using `order`.	Return up to 50 events before stream position 200: `/events?streamPosition=200&limit=50&ascending=false`
`offset`	Integer	After refining query results based on other filter parameters, skip the first `offset` number of events. Specifying `offset` causes the API to return a `totalCount` value as part of the response. This value is the number of events that match all filters in the initial query.	Skip the first event and return the second event by the specified actor: `/events?actorId=9d17632c-abf9-dc26-1234-7821e296a253&limit=1&offset=1`
`sortBy`	enum	Defaults to `eventTime`. Can be set to `auditEventType only` if using `/events` with `eventType` set to `AUDIT` only or when using the /events/audit end point. If you are querying for THREAT or DEVICE events, sort by auditEventType will fail.	Return the first 10 audit events sorted alphabetically by `auditEventType`, and then by `eventTime` for audit events of the same type: `/events/audit?limit=10&sortBy=auditEventType`
`order`	enum	Defaults to `ASC`. One of `DESC` or `ASC`. This parameter cannot be used if using `ascending`.	Return events 10-20 starting from the specified time and sorted in descending order by `eventTime` (the implied `sortBy` value): `/events?startTime=2017-06-06T20:44:47.000Z&limit=10?offset=10&order=DESC`
`startTime`	ISO 8601 String	Return events with `eventTime` greater than `startTime`, in the format `<YYYY-MM-DD>T<HH:mm:ss.SSS>Z`. If `ascending=false`, return events with `eventTime` less than `startTime`.	Return events between the two specified times on the same day: `/events?startTime=2019-04-02T20:44:47.000Z&endTime=2019-04-02T23:18:00.000Z`
`endTime`	ISO 8601 String	Return events with `eventTime` less than `startTime`, in the format `<YYYY-MM-DD>T<HH:mm:ss.SSS>Z`. If `ascending=false`, return events with `eventTime` greater than `startTime`.
`actorId`	UUID	Return events from the specified actor. You can specify the parameter multiple times to filter for events from multiple actors.	Return up to 100 events from either of the two actors: `/events?actorId=3422d5b6-12a9-4663-2dd7-a6b1822d0133&actorId=9d17632c-abf9-dc26-1234-7821e296a253`
`targetId`	UUID	Return events that affect the specified target. This is useful for viewing the event stream for a single device.	`/events?targetId=3422d5b6-12a9-4663-2dd7-a6b1822d0133`
`changeType`	enum	Return events with the specified `changeType`. One of `CREATED`, `UPDATED`, `DELETED`.	`/events/audit?changeType=DELETED`

Last updated: September 30, 2024

lookout-footer

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.