Get Event Log Entry

WAF Insights does not support automation via our REST API web service. If you are currently using WAF Insights, upgrade your WAF solution to take advantage of our REST API.

Retrieves a specific event log entry by its system-defined ID.

Logging for rate limited requests is downsampled due to the volume of requests that may occur during a single incident (e.g., volumetric Distributed Denial-of-Service attack). Log data for downsampled rate limited requests cannot be retrieved.

A unique ID is generated for each rate limited request. However, this ID is not an indicator of whether log data is available for retrieval.

This endpoint only supports JSON.

Request

A request to retrieve an event log entry is described below.

HTTP Method	Request URI
GET	https://api.transactcdn.com/v2/mcc/customers/AccountNumber/defend/rate_limiting/eventlogs/recordid=EventID

Define the following terms when submitting the above request:

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3).	Description
AccountNumber Required	Replace this variable with a customer account number. This account number may be found in the upper left-hand corner of the TCC.
EventID Required	Replace this variable with the encoded ID of the desired event log entry. Use the Get Event Log Entries endpoint to retrieve a list of event log entries and an encoded version of their system-assigned IDs.

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3).

Description

AccountNumber

Required

Replace this variable with a customer account number. This account number may be found in the upper left-hand corner of the TCC.

EventID

Required

Replace this variable with the encoded ID of the desired event log entry.

Use the Get Event Log Entries endpoint to retrieve a list of event log entries and an encoded version of their system-assigned IDs.

Request Headers

This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.

Request Body

Request body parameters are not required by this endpoint.

Response

The response to the above request includes an HTTP status code, response headers, and a response body.

Status Code

A status code indicates whether the request was successfully performed.

Response Headers

The response for this endpoint only includes standard HTTP response headers.

View common response headers.

Response Body

The response body for a successful request contains the following response parameters:

Name	Data Type	Description
event	Array	This response parameter contains a list of fields for the requested event.
Status	String	event array Identifies by name the HTTP status code for the response to a rate limited request. Format: HTTP_STATUS_Name Example: HTTP_STATUS_FOUND In the above sample value, the HTTP status code describing the response for a rate limited request was a 302 Found.
Epoch Time	Number floating-point	event array Indicates the Unix time, in seconds, at which the request was processed. Syntax: Seconds.Microseconds Sample value: 1473207640.345809
Rate Limiting Enforcement Rule ID	String	event array Indicates the action that was applied to the rate limited request by its system-defined ID.
Client IP	String	event array Indicates the IP address of the client that submitted the rate limited request.
URL	String	event array Indicates the URL that was requested.
Timestamp	String	event array Indicates the date and time (UTC) at which the request was processed. Format: YYYY-MM-DDThh:mm:ss:ffffffZ Example: 2022-06-30T20:42:09.330793Z The above value represents June 30th, 2022 at 8:42 p.m. UTC. For more information on date/time format, please refer to Report Date/Time Format.
Rate Limiting Enforcement Duration	Integer	event array Indicates the minimum length of time, in seconds, that eligible requests were rate limited when the event took place. View a sample scenario. This example assumes that a duration of 280 seconds was reported for an event. This means that the rule's rate limiting policy was enforced for a minimum of 4 minutes and 40 seconds. The actual duration of the enforcement period was determined by the length of time that requests exceeded the rule's threshold.
Country Code	String	event array Identifies the country from which the request originated by its ISO 3166 country code. A list of country codes is available from the Country Codes (ISO 3166) article in the CDN Help Center.
@fields.COMMON_HEADER	Object	event array This field is reserved for future use.
Rate Limiting Enforcement Tuple ID	String	event array Indicates the action that was applied to the rate limited request by its system-defined ID.
Rate Limiting Enforcement Type	String	event array Indicates the type of action that was applied to the rate limited request.
Referer	String	event array Identifies the request's referrer. This value is derived from the request's Referer header.
Rate Limiting Enforcement Start Epoch	Integer	event array Indicates when the rate limiting action was applied to the request. The date and time is reported in Unix time (a.k.a. POSIX time or Unix epoch). Time is reported in milliseconds instead of seconds. Please convert this value from milliseconds to seconds prior to leveraging it with Unix time functions.
Request Method	String	event array Indicates the request's HTTP method. Format: HTTP_METHOD_Name Example: HTTP_METHOD_GET
Rate Limiting Enforcement Percentage	Number floating-point	event array Indicates the percentage of eligible requests that were rate limited when the event took place. View a sample scenario. A percentage of 20% indicates that 20% of eligible requests were rate limited when the event took place. In other words, if there are 1000 eligible requests per minute, then a predefined action (e.g., URL redirection) was applied to 200 requests.
Host	String	event array Identifies the host to which the request was directed. This value is derived from the request's Host header.
User Agent	String	event array Indicates the user agent that submitted the request. This value is derived from the request's User-Agent header.
id	String	event array Identifies the event log entry that describes the current rate limited request by its system-defined ID.

Errors

The response body for an unsuccessful request will contain an error response that provides additional information.

View common error messages.

Sample Request and Response

A sample JSON request is shown below.

GET https://api.transactcdn.com/v2/mcc/customers/0001/defend/rate_limiting/eventlogs/recordid=z-dgB40S7zgoqT8Nh_-zTyhxxLprMULRXpQLDCOwjOC_D1RvHs9qFCL4i88CPJ7SW6ssFBGPsmQ9GqiO_A_LMw== HTTP/1.1

Authorization: TOK:12345678-1234-1234-1234-1234567890ab

Accept: application/json

Content-Type: application/json

Host:api.transactcdn.com

A sample JSON response is shown below.

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/json; charset=utf-8

Date: Thu, 15 Apr 2021 12:00:00 GMT

Content-Length: 932

{
	"event" : {
		"Status" : "HTTP_STATUS_SERVICE_NOT_AVAILABLE",
		"Epoch Time" : 1473470411.2213371,
		"Rate Limiting Enforcement Rule ID" : "XXXNAXXX@ddos.RULE_ID",
		"Client IP" : "192.12.16.24",
		"URL" : "http://cdn.example.com/000001/mywebpage.html",
		"Timestamp" : "2016-09-10T01:20:11.221337Z",
		"Rate Limiting Enforcement Duration" : 280,
		"Country Code" : "US",
		"@fields.COMMON_HEADER" : {},
		"Rate Limiting Enforcement Tuple ID" : "2c85167d-865d-4701-9a9a-11410327f86114631",
		"Rate Limiting Enforcement Type" : "DROP_REQUEST",
		"Referer" : "XXXNAXXX@fields.REFERER",
		"Rate Limiting Enforcement Start Epoch" : 1473470411000,
		"Request Method" : "HTTP_METHOD_GET",
		"Rate Limiting Enforcement Percentage" : 96.97,
		"Host" : "cdn.example.com",
		"User Agent" : "Server Load Tester",
		"id" : "z-dgB40S7zgoqT8Nh_-zTyhxxLprMULRXpQLDCOwjOC_D1RvHs9qFCL4i88CPJ7SW6ssFBGPsmQ9GqiO_A_LMw=="
	}
}