Get Top Event Log Entries

WAF Insights does not support automation via our REST API web service. If you are currently using WAF Insights, upgrade your WAF solution to take advantage of our REST API.

Identifies up to the top 10 events for a particular event log field. It returns a list of these events stored in descending order of frequency.

This endpoint only supports JSON.

Request

A request to retrieve a list of the most frequent events for the specified field is described below.

HTTP Method Request URI

GET

https://api.transactcdn.com/v2/mcc/customers/AccountNumber/waf/eventlogs/top?field=Field&start_time=StartDateTime&end_time=EndDateTime&page_size=ItemsPerPage

Define the following terms when submitting the above request:

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3). Description

AccountNumber

Required

Replace this variable with a customer account number. This account number may be found in the upper left-hand corner of the TCC.

Field

Required

Replace this variable with the name of the desired field. Use the Get Available Event Log Fields (WAF) endpoint to retrieve a list of the available fields.

StartDateTime

Required

Replace this variable with the start date/time for the report. Only activity that took place after the specified date/time will be included in the report.

Format:YYYY-MM-DDThh:mm:ss

Note: Time (i.e., Thh:mm:ss) is optional. If time is not specified, then a default time (i.e., 00:00:00) will be used.

Learn more about date/time format.

EndDateTime

Required

Replace this variable with the end date/time for the report. Activity that took place after the specified date/time will not be included in the report.

Format:YYYY-MM-DDThh:mm:ss

Note: Time (i.e., Thh:mm:ss) is optional. If time is not specified, then a default time (i.e., 00:00:00) will be used.

Learn more about date/time format.

ItemsPerPage

Replace this variable with the number of log events that may be included on each page.

Key information:

  • Omitting the page_size query string parameter in the request will return a maximum of 10 log events per page.
  • The maximum value for this variable is 100.

Request Headers

This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.

Request Body

Request body parameters are not required by this endpoint.

Response

The response to the above request includes an HTTP status code, response headers, and a response body.

This endpoint only supports JSON.

Status Code

A status code indicates whether the request was successfully performed.

Response Headers

The response for this endpoint only includes standard HTTP response headers.

View common response headers.

Response Body

The response body for a successful request contains the following response parameters:

Name Data Type Description

total

Integer

Indicates the total number of events that occurred during the specified time period.

signature

Deprecated

Array

This response parameter contains a list of the most frequent events for the field specified in the request.

Key information:

  • The upper limit for the number of log events included in this list is determined by the page_size query string parameter defined in the request.
  • This list is sorted in descending order of frequency.

count

Deprecated

Integer

signature array

Indicates the total number of events that were:

  • Assigned the value defined in the term response parameter.
  • Occurred during the time period defined in the request.

term

Deprecated

String

signature array

Indicates a unique value for the field defined in the request (i.e., ?field=Field)

time_to

Number

floating-point

Indicates the report's end date/time, in seconds, using Unix time.

Sample value:

1414022400.0

time_from

Number

floating-point

Indicates the report's start date/time, in seconds, using Unix time.

Sample value:

1414022400.0

anomaly

Array

Objects

This response parameter contains a list of the most frequent events for the field specified in the request.

Key information:

  • This list is limited to a maximum of 10 events.
  • This list is sorted in descending order of frequency.

count

Integer

anomaly object

Indicates the total number of events that were:

  • Assigned the value defined in the term response parameter.
  • Occurred during the time period defined in the request.

term

String

anomaly object

Indicates a unique value for the field defined in the request (i.e., ?field=Field)

results

Array

Objects

This response parameter contains a list of the most frequent events for the field specified in the request.

Key information:

  • The upper limit for the number of log events included in this list is determined by the page_size query string parameter defined in the request.
  • This list is sorted in descending order of frequency.

count

Integer

results array

Indicates the total number of events that were:

  • Assigned the value defined in the term response parameter.
  • Occurred during the time period defined in the request.

term

String

results array

Indicates a unique value for the field defined in the request (i.e., ?field=Field)

Errors

The response body for an unsuccessful request will contain an error response that provides additional information.

View common error messages.

Sample Request and Response

A sample JSON request is shown below.

GET https://api.transactcdn.com/v2/mcc/customers/0001/waf/eventlogs/top?field=Host&start_time=2022-01-20&end_time=2022-01-21 HTTP/1.1

Authorization: TOK:12345678-1234-1234-1234-1234567890ab

Accept: application/json

Host:api.transactcdn.com

A sample JSON response is shown below.

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/json; charset=utf-8

Date: Thu, 15 Apr 2021 12:00:00 GMT

Content-Length: 382

{
	"total" : 15112,
	"signature" : [{
			"count" : 15111,
			"term" : "www.example.com"
		}, {
			"count" : 1,
			"term" : "www.example.com:443"
		}
	],
	"time_to" : 1414022400.0,
	"time_from" : 1413936000.0,
	"anomaly" : [],
	"results" : [{
			"count" : 15111,
			"term" : "www.example.com"
		}, {
			"count" : 1,
			"term" : "www.example.com:443"
		}
	]
}