GetSampledRequests - AWS WAFV2
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsSee Also

GetSampledRequests

Note

This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.

For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use.

Gets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose. You can specify a sample size of up to 500 requests, and you can specify any time range in the previous three hours.

GetSampledRequests returns a time range, which is usually the time range that you specified. However, if your resource (such as an Amazon CloudFront distribution) received 5,000 requests before the specified time range elapsed, GetSampledRequests returns an updated time range. This new time range indicates the actual period during which AWS WAF selected the requests in the sample.

Request Syntax

{
   "MaxItems": number,
   "RuleId": "string",
   "TimeWindow": { 
      "EndTime": number,
      "StartTime": number
   },
   "WebAclId": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

MaxItems

The number of requests that you want AWS WAF to return from among the first 5,000 requests that your AWS resource received during the time range. If your resource received fewer requests than the value of MaxItems, GetSampledRequests returns information about all of them.

Type: Long

Valid Range: Minimum value of 1. Maximum value of 500.

Required: Yes

RuleId

RuleId is one of three values:

  • The RuleId of the Rule or the RuleGroupId of the RuleGroup for which you want GetSampledRequests to return a sample of requests.

  • Default_Action, which causes GetSampledRequests to return a sample of the requests that didn't match any of the rules in the specified WebACL.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: .*\S.*

Required: Yes

TimeWindow

The start date and time and the end date and time of the range for which you want GetSampledRequests to return a sample of requests. You must specify the times in Coordinated Universal Time (UTC) format. UTC format includes the special designator, Z. For example, "2016-09-27T14:50Z". You can specify any time range in the previous three hours.

Type: TimeWindow object

Required: Yes

WebAclId

The WebACLId of the WebACL for which you want GetSampledRequests to return a sample of requests.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: .*\S.*

Required: Yes

Response Syntax

{
   "PopulationSize": number,
   "SampledRequests": [ 
      { 
         "Action": "string",
         "Request": { 
            "ClientIP": "string",
            "Country": "string",
            "Headers": [ 
               { 
                  "Name": "string",
                  "Value": "string"
               }
            ],
            "HTTPVersion": "string",
            "Method": "string",
            "URI": "string"
         },
         "RuleWithinRuleGroup": "string",
         "Timestamp": number,
         "Weight": number
      }
   ],
   "TimeWindow": { 
      "EndTime": number,
      "StartTime": number
   }
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

PopulationSize

The total number of requests from which GetSampledRequests got a sample of MaxItems requests. If PopulationSize is less than MaxItems, the sample includes every request that your AWS resource received during the specified time range.

Type: Long

SampledRequests

A complex type that contains detailed information about each of the requests in the sample.

Type: Array of SampledHTTPRequest objects

TimeWindow

Usually, TimeWindow is the time range that you specified in the GetSampledRequests request. However, if your AWS resource received more than 5,000 requests during the time range that you specified in the request, GetSampledRequests returns the time range for the first 5,000 requests. Times are in Coordinated Universal Time (UTC) format.

Type: TimeWindow object

Errors

For information about the errors that are common to all actions, see Common Errors.

WAFInternalErrorException

The operation failed because of a system problem, even though the request was valid. Retry your request.

HTTP Status Code: 500

WAFNonexistentItemException

The operation failed because the referenced object doesn't exist.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: