CloudWatch alarm for API calls without MFA

Our AWS partner setup metrics and alarms for us a couple years ago, and one of them was an alarm to watch for API activity where the "user" was not signed in with MFA. It appears they used something like in this link, but it's not in the public documentation anymore. https://github.com/awsdocs/aws-cloudtrail-user-guide/blob/master/doc_source/cloudwatch-alarms-for-cloudtrail-additional-examples.md#cloudwatch-alarms-for-cloudtrail-no-mfa-example

Over time we had to add additional parameters to the filter for things like AWSServiceRoleForAutoScaling. Eventually we reached the 1024 character limit of the filter expression. Is there a way to work around that limit, or since the example has been removed from AWS documentation, is it no longer necessary to have an alarm that is triggered when API calls are made without MFA?