Skip to content

Get Sampled Requests

wafv2_get_sampled_requests R Documentation

Gets detailed information about a specified number of requests–a sample–that WAF randomly selects from among the first 5,000 requests that your Amazon Web Services resource received during a time range that you choose

Description

Gets detailed information about a specified number of requests–a sample–that WAF randomly selects from among the first 5,000 requests that your Amazon Web Services resource received during a time range that you choose. You can specify a sample size of up to 500 requests, and you can specify any time range in the previous three hours.

get_sampled_requests returns a time range, which is usually the time range that you specified. However, if your resource (such as a CloudFront distribution) received 5,000 requests before the specified time range elapsed, get_sampled_requests returns an updated time range. This new time range indicates the actual period during which WAF selected the requests in the sample.

Usage

wafv2_get_sampled_requests(WebAclArn, RuleMetricName, Scope, TimeWindow,
  MaxItems)

Arguments

WebAclArn

[required] The Amazon resource name (ARN) of the WebACL for which you want a sample of requests.
RuleMetricName

[required] The metric name assigned to the Rule or RuleGroup dimension for which you want a sample of requests.
Scope

[required] Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution.

To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

  • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

  • API and SDKs - For all calls, use the Region endpoint us-east-1.
TimeWindow

[required] The start date and time and the end date and time of the range for which you want get_sampled_requests to return a sample of requests. You must specify the times in Coordinated Universal Time (UTC) format. UTC format includes the special designator, Z. For example, "2016-09-27T14:50Z". You can specify any time range in the previous three hours. If you specify a start time that's earlier than three hours ago, WAF sets it to three hours ago.
MaxItems

[required] The number of requests that you want WAF to return from among the first 5,000 requests that your Amazon Web Services resource received during the time range. If your resource received fewer requests than the value of MaxItems, get_sampled_requests returns information about all of them.

Value

A list with the following syntax:

list(
  SampledRequests = list(
    list(
      Request = list(
        ClientIP = "string",
        Country = "string",
        URI = "string",
        Method = "string",
        HTTPVersion = "string",
        Headers = list(
          list(
            Name = "string",
            Value = "string"
          )
        )
      ),
      Weight = 123,
      Timestamp = as.POSIXct(
        "2015-01-01"
      ),
      Action = "string",
      RuleNameWithinRuleGroup = "string",
      RequestHeadersInserted = list(
        list(
          Name = "string",
          Value = "string"
        )
      ),
      ResponseCodeSent = 123,
      Labels = list(
        list(
          Name = "string"
        )
      ),
      CaptchaResponse = list(
        ResponseCode = 123,
        SolveTimestamp = 123,
        FailureReason = "TOKEN_MISSING"|"TOKEN_EXPIRED"|"TOKEN_INVALID"|"TOKEN_DOMAIN_MISMATCH"
      ),
      ChallengeResponse = list(
        ResponseCode = 123,
        SolveTimestamp = 123,
        FailureReason = "TOKEN_MISSING"|"TOKEN_EXPIRED"|"TOKEN_INVALID"|"TOKEN_DOMAIN_MISMATCH"
      ),
      OverriddenAction = "string"
    )
  ),
  PopulationSize = 123,
  TimeWindow = list(
    StartTime = as.POSIXct(
      "2015-01-01"
    ),
    EndTime = as.POSIXct(
      "2015-01-01"
    )
  )
)

Request syntax

svc$get_sampled_requests(
  WebAclArn = "string",
  RuleMetricName = "string",
  Scope = "CLOUDFRONT"|"REGIONAL",
  TimeWindow = list(
    StartTime = as.POSIXct(
      "2015-01-01"
    ),
    EndTime = as.POSIXct(
      "2015-01-01"
    )
  ),
  MaxItems = 123
)