Get Event Log Entries

WAF Insights does not support automation via our REST API web service. If you are currently using WAF Insights, upgrade your WAF solution to take advantage of our REST API.

Generates paginated event log data. This data can be filtered by:

A request for event log entries may return information on thousands of requests. Due to the amount of time that it would take to transmit this data, the response for this endpoint has been split up into pages. Retrieve all events that match the specified criteria by requesting each page. Use the page_of response parameter in your script to cycle through each page.

This endpoint only supports JSON.

Request

A request to retrieve event log data is described below.

HTTP Method Request URI

GET

https://api.edgecast.com/v2/mcc/customers/AccountNumber/defend/rate_limiting/eventlogs?start_time=StartDateTime&end_time=EndDateTime&per_page=ItemsPerPage&page=PageNumber&filters=Filters

Define the following terms when submitting the above request:

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3).

Description

AccountNumber

Required

Replace this variable with a customer account number. This account number may be found in the upper right-hand corner of the MCC.

StartDateTime

Replace this variable with the start date/time for the report. Only activity that took place after the specified date/time will be included in the report.

Format:

start_time=YYYY-MM-DDThh:mm:ss

Key information:

  • A valid request must either include or exclude both date/time parameters (i.e., start_time and end_time).
  • Omitting both date/time parameters (i.e., start_time and end_time) will return the events that took place within the last 24 hours.
  • Time (i.e., Thh:mm:ss) is optional when defining a start and end date/time. If time is not specified, then a default time (i.e., 00:00:00) will be used.

For more information on date/time format, please refer to Report Date/Time Format.

Event log data may only be retrieved for the last 30 days. Specifying an older date will return a 400 Bad Request.

EndDateTime

Replace this variable with the end date/time for the report. Activity that took place before the end of the specified date/time will be included in the report.

Format:

end_time=YYYY-MM-DDThh:mm:ss

Key information:

  • A valid request must either include or exclude both date/time parameters (i.e., start_time and end_time).
  • Omitting both date/time parameters (i.e., start_time and end_time) will return the events that took place within the last 24 hours.
  • Time (i.e., Thh:mm:ss) is optional when defining a start and end date/time. If time is not specified, then a default time (i.e., 00:00:00) will be used.

For more information on date/time format, please refer to Report Date/Time Format.

ItemsPerPage

Replace this variable with the number of events that may be included on each page.

Key information:

  • The maximum value for this variable is 1000.
  • Omitting the per_page query string parameter in the request will return a maximum of 10 entries per page.
  • The number of items per page determines the total number of pages that may be returned.

PageNumber

Replace this variable with the page number that will be returned.

Key information:

  • The response will be limited to the set of events corresponding to the specified page.
  • Omitting the page query string parameter will generate a response for the first page (i.e., page=1).

Filters

Replace this variable with the desired filter(s).

Key information:

  • Omitting the filters query string parameter allows the response to include all events that took place within the specified time period.
  • Specify one or more filters using URL-encoded JSON.
  • Only events that satisfy all specified filters may be returned by this endpoint.
  • Specify an event name and a value for each desired filter.

    Use the Get Available Event Log Fields endpoint to retrieve a list of fields.

  • Event names and values are case-sensitive.
  • Use a comma to delimit each filter.
  • Set up a filter that can be satisfied by multiple values by comma-delimiting each value within brackets.

    Example (Requires URL-Encoding):

    {"Host":["www.example.com","cdn.example.com","secure.example.com"]}

    Example (URL-Encoded):

    %7B%22Host%22%3A%5B%22www.example.com%22%2C%22cdn.example.com%22%2C%22secure.example.com%22%5D%7D

Request Headers

This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.

Request Body

Request body parameters are not required by this endpoint.

Response

The response to the above request includes an HTTP status code, response headers, and a response body.

Status Code

A status code indicates whether the request was successfully performed.

Response Headers

The response for this endpoint only includes standard HTTP response headers.

View common response headers.

Response Body

The response body for a successful request contains the following response parameters:

Name Data Type Description

page_of

Integer

Indicates the total number of pages in the report.

This value is determined by the total number of eligible event log entries divided by the maximum number of entries per page. Both of these factors are defined in the request URL.

time_to

Number

floating-point

Indicates the report's end date/time, in seconds, using Unix time.

Sample value:

1473638400.0

time_from

Number

floating-point

Indicates the report's start date/time, in seconds, using Unix time.

Sample value:

1473638400.0

events

Array

Contains a list of fields for each event reported on this page.

The current page is indicated by the page response parameter.

Status

String

events array

Identifies by name the HTTP status code for the response to a rate limited request.

Format:

HTTP_STATUS_Name

Example:

HTTP_STATUS_FOUND

In the above sample value, the HTTP status code describing the response for a rate limited request was a 302 Found.

Epoch Time

Number

floating-point

events array

Indicates the Unix time, in seconds, at which the request was processed.

Syntax:

Seconds.Microseconds

Sample value:

1473207640.345809

Rate Limiting Enforcement Type

String

events array

Indicates the type of action that was applied to the rate limited request.

Client IP

String

events array

Indicates the IP address of the client that submitted the rate limited request.

URL

String

events array

Indicates the URL that was requested.

Timestamp

String

events array

Indicates the date and time (UTC) at which the request was processed.

Format:

YYYY-MM-DDThh:mm:ss:ffffffZ

Example:

2024-06-30T20:42:09.330793Z

The above value represents June 30th, 2024 at 8:42 p.m. UTC.

For more information on date/time format, please refer to Report Date/Time Format.

Rate Limiting Enforcement Rule ID

String

events array

This field is reserved for future use.

@fields.COMMON_Header

Object

events array

This field is reserved for future use.

Country Code

String

events array

Identifies the country from which the request originated by its ISO 3166 country code.

A list of country codes is available from the Country Codes (ISO 3166) article in the CDN Help Center.

Rate Limiting Enforcement Tuple ID

String

events array

Indicates the action that was applied to the rate limited request by its system-defined ID.

Host

String

events array

Identifies the host to which the request was directed. This value is derived from the request's Host header.

Referer

String

events array

Identifies the request's referrer. This value is derived from the request's Referer header.

Rate Limiting Enforcement Start Epoch

Integer

events array

Indicates when the rate limiting action was applied to the request. The date and time is reported in Unix time (a.k.a. POSIX time or Unix epoch).

Time is reported in milliseconds instead of seconds. Please convert this value from milliseconds to seconds prior to leveraging it with Unix time functions.

Request Method

String

events array

Indicates the request's HTTP method.

Format:

HTTP_METHOD_Name

Example:

HTTP_METHOD_GET

Rate Limiting Enforcement Percentage

Number

floating-point

events array

Indicates the percentage of eligible requests that were rate limited when the event took place.

Rate Limiting Enforcement Duration

Integer

events array

Indicates the minimum length of time, in seconds, that eligible requests were rate limited when the event took place.

User Agent

String

events array

Indicates the user agent that submitted the request. This value is derived from the request's User-Agent header.

id

String

events array

Identifies the event log entry that describes the current rate limited request by its system-defined ID.

page

Integer

Indicates the page number for the page that was returned by this endpoint.

This response parameter will be set to the value defined by the request's pageExample: page=10 query string parameter. If it was omitted, then this response parameter will be set to 1.

Errors

The response body for an unsuccessful request will contain an error response that provides additional information.

View common error messages.

Sample Request and Response

A sample JSON request is shown below.

GET https://api.edgecast.com/v2/mcc/customers/0001/defend/rate_limiting/eventlogs?start_time=2015-06-30T20:00:00&end_time=2015-06-30T21:00:00&page=1 HTTP/1.1

Authorization: TOK:12345678-1234-1234-1234-1234567890ab

Accept: application/json

Content-Type: application/json

Host:api.edgecast.com

A sample JSON response is shown below.

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/json; charset=utf-8

Date: Thu, 15 Apr 2021 12:00:00 GMT

Content-Length: 4782

{
	"page_of" : 1,
	"time_to" : 1473638400.0,
	"time_from" : 1472688000.0,
	"events" : [{
			"Status" : "HTTP_STATUS_SERVICE_NOT_AVAILABLE",
			"Epoch Time" : 1473470411.2213371,
			"Host" : "cdn.example.com",
			"Client IP" : "192.12.16.24",
			"URL" : "http://cdn.example.com/000001/mywebpage.html",
			"Timestamp" : "2016-09-10T01:20:11.221337Z",
			"Rate Limiting Enforcement Rule ID" : "XXXNAXXX@ddos.RULE_ID",
			"@fields.COMMON_HEADER" : {},
			"Country Code" : "US",
			"Rate Limiting Enforcement Tuple ID" : "2c85167d-865d-4701-9a9a-11410327f8610001",
			"Rate Limiting Enforcement Type" : "DROP_REQUEST",
			"Referer" : "XXXNAXXX@fields.REFERER",
			"Rate Limiting Enforcement Start Epoch" : 1473470411000,
			"Request Method" : "HTTP_METHOD_GET",
			"Rate Limiting Enforcement Percentage" : 96.97,
			"Rate Limiting Enforcement Duration" : 280,
			"User Agent" : "Server Load Tester",
			"id" : "z-dgB40S7zgoqT8Nh_-zTyhxxLprMULRXpQLDCOwjOC_D1RvHs9qFCL4i88CPJ7SW6ssFBGPsmQ9GqiO_A_LMw=="
		}, {
			"Status" : "HTTP_STATUS_SERVICE_NOT_AVAILABLE",
			"Epoch Time" : 1473470409.111583,
			"Host" : "cdn.example.com",
			"Client IP" : "192.12.16.24",
			"URL" : "http://cdn.example.com/000001/mywebpage.html",
			"Timestamp" : "2016-09-10T01:20:09.111583Z",
			"Rate Limiting Enforcement Rule ID" : "XXXNAXXX@ddos.RULE_ID",
			"@fields.COMMON_HEADER" : {},
			"Country Code" : "US",
			"Rate Limiting Enforcement Tuple ID" : "2c85167d-865d-4701-9a9a-11410327f8610001",
			"Rate Limiting Enforcement Type" : "DROP_REQUEST",
			"Referer" : "XXXNAXXX@fields.REFERER",
			"Rate Limiting Enforcement Start Epoch" : 1473470409000,
			"Request Method" : "HTTP_METHOD_GET",
			"Rate Limiting Enforcement Percentage" : 96.97,
			"Rate Limiting Enforcement Duration" : 280,
			"User Agent" : "Server Load Tester",
			"id" : "f84X3jRXsz-IgoQfwxYusIBxior1LVSYyBP1ma0rCqi9r1OKtmEumEshb2mcERx9GkCvUIvcGw_UZqK9_hyrwg=="
		}, {
			"Status" : "HTTP_STATUS_SERVICE_NOT_AVAILABLE",
			"Epoch Time" : 1473470406.968225,
			"Host" : "cdn.example.com",
			"Client IP" : "192.12.16.24",
			"URL" : "http://cdn.example.com/000001/mywebpage.html",
			"Timestamp" : "2016-09-10T01:20:06.968225Z",
			"Rate Limiting Enforcement Rule ID" : "XXXNAXXX@ddos.RULE_ID",
			"@fields.COMMON_HEADER" : {},
			"Country Code" : "US",
			"Rate Limiting Enforcement Tuple ID" : "2c85167d-865d-4701-9a9a-11410327f8610001",
			"Rate Limiting Enforcement Type" : "DROP_REQUEST",
			"Referer" : "XXXNAXXX@fields.REFERER",
			"Rate Limiting Enforcement Start Epoch" : 1473470406000,
			"Request Method" : "HTTP_METHOD_GET",
			"Rate Limiting Enforcement Percentage" : 96.97,
			"Rate Limiting Enforcement Duration" : 280,
			"User Agent" : "Server Load Tester",
			"id" : "cEzkzBm5eOg-HtRyWJ226cQsttK7tL2EKYDpSWBVHdV2rmCDDCjMdiSm4gNBgAf-ruCE1vItn4nHbSriRXsaGw=="
		}, {
			"Status" : "HTTP_STATUS_SERVICE_NOT_AVAILABLE",
			"Epoch Time" : 1473470404.8476729,
			"Host" : "cdn.example.com",
			"Client IP" : "192.12.16.24",
			"URL" : "http://cdn.example.com/000001/mywebpage.html",
			"Timestamp" : "2016-09-10T01:20:04.847673Z",
			"Rate Limiting Enforcement Rule ID" : "XXXNAXXX@ddos.RULE_ID",
			"@fields.COMMON_HEADER" : {},
			"Country Code" : "US",
			"Rate Limiting Enforcement Tuple ID" : "2c85167d-865d-4701-9a9a-11410327f8610001",
			"Rate Limiting Enforcement Type" : "DROP_REQUEST",
			"Referer" : "XXXNAXXX@fields.REFERER",
			"Rate Limiting Enforcement Start Epoch" : 1473470404000,
			"Request Method" : "HTTP_METHOD_GET",
			"Rate Limiting Enforcement Percentage" : 96.97,
			"Rate Limiting Enforcement Duration" : 280,
			"User Agent" : "Server Load Tester",
			"id" : "Le2hCRqVgr_-wc6x6TlV8lrY1MRAdVC5hA4oinRwl0nzZBnqgV9MdhO5RCOcvbRcySUG6uDowCWlznD0fGwA1g=="
		}, {
			"Status" : "HTTP_STATUS_SERVICE_NOT_AVAILABLE",
			"Epoch Time" : 1473470402.730159,
			"Host" : "cdn.example.com",
			"Client IP" : "192.12.16.24",
			"URL" : "http://cdn.example.com/000001/mywebpage.html",
			"Timestamp" : "2016-09-10T01:20:02.730159Z",
			"Rate Limiting Enforcement Rule ID" : "XXXNAXXX@ddos.RULE_ID",
			"@fields.COMMON_HEADER" : {},
			"Country Code" : "US",
			"Rate Limiting Enforcement Tuple ID" : "2c85167d-865d-4701-9a9a-11410327f8610001",
			"Rate Limiting Enforcement Type" : "DROP_REQUEST",
			"Referer" : "XXXNAXXX@fields.REFERER",
			"Rate Limiting Enforcement Start Epoch" : 1473470402000,
			"Request Method" : "HTTP_METHOD_GET",
			"Rate Limiting Enforcement Percentage" : 96.97,
			"Rate Limiting Enforcement Duration" : 280,
			"User Agent" : "Server Load Tester",
			"id" : "F39U9yCoV6CaXBELa-2cjS5QDcjjPPQmH-mVRP5aUIXAhznwjC3I8kMDjcPEgmxKzMIrkJqYZ0KduFKWMqp-3Q=="
		}
	],
	"page" : 1
}