Get Top Event Log Entries

WAF Insights does not support automation via our REST API web service. If you are currently using WAF Insights, upgrade your WAF solution to take advantage of our REST API.

Identifies up to the top 10 events for a particular event log field. It returns a list of these events stored in descending order of frequency.

This endpoint only supports JSON.

Request

A request to retrieve a list of the most frequent events for the specified field is described below.

HTTP Method	Request URI
GET	https://api.transactcdn.com/v2/mcc/customers/AccountNumber/waf/eventlogs/top?field=Field&start_time=StartDateTime&end_time=EndDateTime&page_size=ItemsPerPage

Define the following terms when submitting the above request:

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3).	Description
AccountNumber Required	Replace this variable with a customer account number. This account number may be found in the upper left-hand corner of the TCC.
Field Required	Replace this variable with the name of the desired field. Use the Get Available Event Log Fields (WAF) endpoint to retrieve a list of the available fields. Fields & 500 Internal Server Error Invalid syntax may generate a 500 Internal Server Error. Avoid the following syntax issues: The syntax for this parameter is "?field=field." Enclosing the desired field name in quotes (e.g., ?field="Host") may generate an error. A field name is invalid if it is misspelled or if it uses the wrong case (e.g., HOST). Use the Get Available Event Log Fields (WAF) endpoint to retrieve a list of valid field names.
StartDateTime Required	Replace this variable with the start date/time for the report. Only activity that took place after the specified date/time will be included in the report. Format:YYYY-MM-DDThh:mm:ss Note: Time (i.e., Thh:mm:ss) is optional. If time is not specified, then a default time (i.e., 00:00:00) will be used. Learn more about date/time format.
EndDateTime Required	Replace this variable with the end date/time for the report. Activity that took place after the specified date/time will not be included in the report. Format:YYYY-MM-DDThh:mm:ss Note: Time (i.e., Thh:mm:ss) is optional. If time is not specified, then a default time (i.e., 00:00:00) will be used. Learn more about date/time format.
ItemsPerPage	Replace this variable with the number of log events that may be included on each page. Key information: Omitting the page_size query string parameter in the request will return a maximum of 10 log events per page. The maximum value for this variable is 100.

Description

AccountNumber

Required

Replace this variable with a customer account number. This account number may be found in the upper left-hand corner of the TCC.

Field

Required

Replace this variable with the name of the desired field. Use the Get Available Event Log Fields (WAF) endpoint to retrieve a list of the available fields.

StartDateTime

Required

Replace this variable with the start date/time for the report. Only activity that took place after the specified date/time will be included in the report.

Format:YYYY-MM-DDThh:mm:ss

Note: Time (i.e., Thh:mm:ss) is optional. If time is not specified, then a default time (i.e., 00:00:00) will be used.

Learn more about date/time format.

EndDateTime

Required

Replace this variable with the end date/time for the report. Activity that took place after the specified date/time will not be included in the report.

Format:YYYY-MM-DDThh:mm:ss

Note: Time (i.e., Thh:mm:ss) is optional. If time is not specified, then a default time (i.e., 00:00:00) will be used.

Learn more about date/time format.

ItemsPerPage

Replace this variable with the number of log events that may be included on each page.

Key information:

Omitting the page_size query string parameter in the request will return a maximum of 10 log events per page.
The maximum value for this variable is 100.

Request Headers

This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.

Request Body

Request body parameters are not required by this endpoint.

Response

The response to the above request includes an HTTP status code, response headers, and a response body.

This endpoint only supports JSON.

Status Code

A status code indicates whether the request was successfully performed.

Response Headers

The response for this endpoint only includes standard HTTP response headers.

View common response headers.

Response Body

The response body for a successful request contains the following response parameters:

Name	Data Type	Description
total	Integer	Indicates the total number of events that occurred during the specified time period.
signature Deprecated	Array	This response parameter contains a list of the most frequent events for the field specified in the request. Key information: The upper limit for the number of log events included in this list is determined by the page_size query string parameter defined in the request. This list is sorted in descending order of frequency.
count Deprecated	Integer	signature array Indicates the total number of events that were: Assigned the value defined in the term response parameter. Occurred during the time period defined in the request.
term Deprecated	String	signature array Indicates a unique value for the field defined in the request (i.e., ?field=Field)
time_to	Number floating-point	Indicates the report's end date/time, in seconds, using Unix time. Sample value: 1414022400.0
time_from	Number floating-point	Indicates the report's start date/time, in seconds, using Unix time. Sample value: 1414022400.0
anomaly	Array Objects	This response parameter contains a list of the most frequent events for the field specified in the request. Key information: This list is limited to a maximum of 10 events. This list is sorted in descending order of frequency.
count	Integer	anomaly object Indicates the total number of events that were: Assigned the value defined in the term response parameter. Occurred during the time period defined in the request.
term	String	anomaly object Indicates a unique value for the field defined in the request (i.e., ?field=Field)
results	Array Objects	This response parameter contains a list of the most frequent events for the field specified in the request. Key information: The upper limit for the number of log events included in this list is determined by the page_size query string parameter defined in the request. This list is sorted in descending order of frequency.
count	Integer	results array Indicates the total number of events that were: Assigned the value defined in the term response parameter. Occurred during the time period defined in the request.
term	String	results array Indicates a unique value for the field defined in the request (i.e., ?field=Field)

Errors

The response body for an unsuccessful request will contain an error response that provides additional information.

View common error messages.

Sample Request and Response

A sample JSON request is shown below.

GET https://api.transactcdn.com/v2/mcc/customers/0001/waf/eventlogs/top?field=Host&start_time=2022-01-20&end_time=2022-01-21 HTTP/1.1

Authorization: TOK:12345678-1234-1234-1234-1234567890ab

Accept: application/json

Host:api.transactcdn.com

A sample JSON response is shown below.

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/json; charset=utf-8

Date: Thu, 15 Apr 2021 12:00:00 GMT

Content-Length: 382

{
	"total" : 15112,
	"signature" : [{
			"count" : 15111,
			"term" : "www.example.com"
		}, {
			"count" : 1,
			"term" : "www.example.com:443"
		}
	],
	"time_to" : 1414022400.0,
	"time_from" : 1413936000.0,
	"anomaly" : [],
	"results" : [{
			"count" : 15111,
			"term" : "www.example.com"
		}, {
			"count" : 1,
			"term" : "www.example.com:443"
		}
	]
}