Get Sampled Requests

wafv2_get_sampled_requests

R Documentation

Gets detailed information about a specified number of requests–a sample–that WAF randomly selects from among the first 5,000 requests that your Amazon Web Services resource received during a time range that you choose¶

Description¶

Gets detailed information about a specified number of requests–a sample–that WAF randomly selects from among the first 5,000 requests that your Amazon Web Services resource received during a time range that you choose. You can specify a sample size of up to 500 requests, and you can specify any time range in the previous three hours.

get_sampled_requests returns a time range, which is usually the time range that you specified. However, if your resource (such as a CloudFront distribution) received 5,000 requests before the specified time range elapsed, get_sampled_requests returns an updated time range. This new time range indicates the actual period during which WAF selected the requests in the sample.

Usage¶

wafv2_get_sampled_requests(WebAclArn, RuleMetricName, Scope, TimeWindow,
  MaxItems)

Arguments¶

WebAclArn

[required] The Amazon resource name (ARN) of the WebACL for which you want a sample of requests.

RuleMetricName

[required] The metric name assigned to the Rule or RuleGroup dimension for which you want a sample of requests.

Scope

[required] Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.

TimeWindow

[required] The start date and time and the end date and time of the range for which you want get_sampled_requests to return a sample of requests. You must specify the times in Coordinated Universal Time (UTC) format. UTC format includes the special designator, Z. For example, "2016-09-27T14:50Z". You can specify any time range in the previous three hours. If you specify a start time that's earlier than three hours ago, WAF sets it to three hours ago.

MaxItems

[required] The number of requests that you want WAF to return from among the first 5,000 requests that your Amazon Web Services resource received during the time range. If your resource received fewer requests than the value of MaxItems, get_sampled_requests returns information about all of them.

Value¶

A list with the following syntax:

href="#__codelineno-1-1">list( SampledRequests = list( list( Request = list( ClientIP = "string", Country = "string", URI = "string", Method = "string", HTTPVersion = "string", Headers = list( list( Name = "string", Value = "string" ) ) ), Weight = 123, Timestamp = as.POSIXct( "2015-01-01" ), Action = "string", RuleNameWithinRuleGroup = "string", RequestHeadersInserted = list( list( Name = "string", Value = "string" ) ), ResponseCodeSent = 123, Labels = list( list( Name = "string" ) ), CaptchaResponse = list( ResponseCode = 123, SolveTimestamp = 123, FailureReason = "TOKEN_MISSING"|"TOKEN_EXPIRED"|"TOKEN_INVALID"|"TOKEN_DOMAIN_MISMATCH" ), ChallengeResponse = list( ResponseCode = 123, SolveTimestamp = 123, FailureReason = "TOKEN_MISSING"|"TOKEN_EXPIRED"|"TOKEN_INVALID"|"TOKEN_DOMAIN_MISMATCH" ), OverriddenAction = "string" ) ), PopulationSize = 123, TimeWindow = list( StartTime = as.POSIXct( "2015-01-01" ), EndTime = as.POSIXct( "2015-01-01" ) ) )

Request syntax¶

svc$get_sampled_requests(
  WebAclArn = "string",
  RuleMetricName = "string",
  Scope = "CLOUDFRONT"|"REGIONAL",
  TimeWindow = list(
    StartTime = as.POSIXct(
      "2015-01-01"
    ),
    EndTime = as.POSIXct(
      "2015-01-01"
    )
  ),
  MaxItems = 123
)