:doc:`WAFRegional <../../waf-regional>` / Client / get_sampled_requests

********************
get_sampled_requests
********************



.. py:method:: WAFRegional.Client.get_sampled_requests(**kwargs)

  

  .. note::

    

    This is **AWS WAF Classic** documentation. For more information, see `AWS WAF Classic <https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html>`__ in the developer guide.

     

    **For the latest version of AWS WAF**, use the AWS WAFV2 API and see the `AWS WAF Developer Guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`__. With the latest version, AWS WAF has a single set of endpoints for regional and global use.

    

   

  Gets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose. You can specify a sample size of up to 500 requests, and you can specify any time range in the previous three hours.

   

  ``GetSampledRequests`` returns a time range, which is usually the time range that you specified. However, if your resource (such as a CloudFront distribution) received 5,000 requests before the specified time range elapsed, ``GetSampledRequests`` returns an updated time range. This new time range indicates the actual period during which AWS WAF selected the requests in the sample.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/GetSampledRequests>`_  


  **Request Syntax**
  ::

    response = client.get_sampled_requests(
        WebAclId='string',
        RuleId='string',
        TimeWindow={
            'StartTime': datetime(2015, 1, 1),
            'EndTime': datetime(2015, 1, 1)
        },
        MaxItems=123
    )
    
  :type WebAclId: string
  :param WebAclId: **[REQUIRED]** 

    The ``WebACLId`` of the ``WebACL`` for which you want ``GetSampledRequests`` to return a sample of requests.

    

  
  :type RuleId: string
  :param RuleId: **[REQUIRED]** 

    ``RuleId`` is one of three values:

     

    
    * The ``RuleId`` of the ``Rule`` or the ``RuleGroupId`` of the ``RuleGroup`` for which you want ``GetSampledRequests`` to return a sample of requests.
     
    * ``Default_Action``, which causes ``GetSampledRequests`` to return a sample of the requests that didn't match any of the rules in the specified ``WebACL``.
    

    

  
  :type TimeWindow: dict
  :param TimeWindow: **[REQUIRED]** 

    The start date and time and the end date and time of the range for which you want ``GetSampledRequests`` to return a sample of requests. You must specify the times in Coordinated Universal Time (UTC) format. UTC format includes the special designator, ``Z``. For example, ``"2016-09-27T14:50Z"``. You can specify any time range in the previous three hours.

    

  
    - **StartTime** *(datetime) --* **[REQUIRED]** 

      The beginning of the time range from which you want ``GetSampledRequests`` to return a sample of the requests that your AWS resource received. You must specify the date and time in Coordinated Universal Time (UTC) format. UTC format includes the special designator, ``Z``. For example, ``"2016-09-27T14:50Z"``. You can specify any time range in the previous three hours.

      

    
    - **EndTime** *(datetime) --* **[REQUIRED]** 

      The end of the time range from which you want ``GetSampledRequests`` to return a sample of the requests that your AWS resource received. You must specify the date and time in Coordinated Universal Time (UTC) format. UTC format includes the special designator, ``Z``. For example, ``"2016-09-27T14:50Z"``. You can specify any time range in the previous three hours.

      

    
  
  :type MaxItems: integer
  :param MaxItems: **[REQUIRED]** 

    The number of requests that you want AWS WAF to return from among the first 5,000 requests that your AWS resource received during the time range. If your resource received fewer requests than the value of ``MaxItems``, ``GetSampledRequests`` returns information about all of them.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'SampledRequests': [
              {
                  'Request': {
                      'ClientIP': 'string',
                      'Country': 'string',
                      'URI': 'string',
                      'Method': 'string',
                      'HTTPVersion': 'string',
                      'Headers': [
                          {
                              'Name': 'string',
                              'Value': 'string'
                          },
                      ]
                  },
                  'Weight': 123,
                  'Timestamp': datetime(2015, 1, 1),
                  'Action': 'string',
                  'RuleWithinRuleGroup': 'string'
              },
          ],
          'PopulationSize': 123,
          'TimeWindow': {
              'StartTime': datetime(2015, 1, 1),
              'EndTime': datetime(2015, 1, 1)
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **SampledRequests** *(list) --* 

        A complex type that contains detailed information about each of the requests in the sample.

        
        

        - *(dict) --* 

          .. note::

            

            This is **AWS WAF Classic** documentation. For more information, see `AWS WAF Classic <https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html>`__ in the developer guide.

             

            **For the latest version of AWS WAF**, use the AWS WAFV2 API and see the `AWS WAF Developer Guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`__. With the latest version, AWS WAF has a single set of endpoints for regional and global use.

            

           

          The response from a  GetSampledRequests request includes a ``SampledHTTPRequests`` complex type that appears as ``SampledRequests`` in the response syntax. ``SampledHTTPRequests`` contains one ``SampledHTTPRequest`` object for each web request that is returned by ``GetSampledRequests``.

          
          

          - **Request** *(dict) --* 

            A complex type that contains detailed information about the request.

            
            

            - **ClientIP** *(string) --* 

              The IP address that the request originated from. If the ``WebACL`` is associated with a CloudFront distribution, this is the value of one of the following fields in CloudFront access logs:

               

              
              * ``c-ip``, if the viewer did not use an HTTP proxy or a load balancer to send the request
               
              * ``x-forwarded-for``, if the viewer did use an HTTP proxy or a load balancer to send the request
              

              
            

            - **Country** *(string) --* 

              The two-letter country code for the country that the request originated from. For a current list of country codes, see the Wikipedia entry `ISO 3166-1 alpha-2 <https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2>`__.

              
            

            - **URI** *(string) --* 

              The part of a web request that identifies the resource, for example, ``/images/daily-ad.jpg``.

              
            

            - **Method** *(string) --* 

              The HTTP method specified in the sampled web request. CloudFront supports the following methods: ``DELETE``, ``GET``, ``HEAD``, ``OPTIONS``, ``PATCH``, ``POST``, and ``PUT``.

              
            

            - **HTTPVersion** *(string) --* 

              The HTTP version specified in the sampled web request, for example, ``HTTP/1.1``.

              
            

            - **Headers** *(list) --* 

              A complex type that contains two values for each header in the sampled web request: the name of the header and the value of the header.

              
              

              - *(dict) --* 

                .. note::

                  

                  This is **AWS WAF Classic** documentation. For more information, see `AWS WAF Classic <https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html>`__ in the developer guide.

                   

                  **For the latest version of AWS WAF**, use the AWS WAFV2 API and see the `AWS WAF Developer Guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`__. With the latest version, AWS WAF has a single set of endpoints for regional and global use.

                  

                 

                The response from a  GetSampledRequests request includes an ``HTTPHeader`` complex type that appears as ``Headers`` in the response syntax. ``HTTPHeader`` contains the names and values of all of the headers that appear in one of the web requests that were returned by ``GetSampledRequests``.

                
                

                - **Name** *(string) --* 

                  The name of one of the headers in the sampled web request.

                  
                

                - **Value** *(string) --* 

                  The value of one of the headers in the sampled web request.

                  
            
          
        
          

          - **Weight** *(integer) --* 

            A value that indicates how one result in the response relates proportionally to other results in the response. A result that has a weight of ``2`` represents roughly twice as many CloudFront web requests as a result that has a weight of ``1``.

            
          

          - **Timestamp** *(datetime) --* 

            The time at which AWS WAF received the request from your AWS resource, in Unix time format (in seconds).

            
          

          - **Action** *(string) --* 

            The action for the ``Rule`` that the request matched: ``ALLOW``, ``BLOCK``, or ``COUNT``.

            
          

          - **RuleWithinRuleGroup** *(string) --* 

            This value is returned if the ``GetSampledRequests`` request specifies the ID of a ``RuleGroup`` rather than the ID of an individual rule. ``RuleWithinRuleGroup`` is the rule within the specified ``RuleGroup`` that matched the request listed in the response.

            
      
    
      

      - **PopulationSize** *(integer) --* 

        The total number of requests from which ``GetSampledRequests`` got a sample of ``MaxItems`` requests. If ``PopulationSize`` is less than ``MaxItems``, the sample includes every request that your AWS resource received during the specified time range.

        
      

      - **TimeWindow** *(dict) --* 

        Usually, ``TimeWindow`` is the time range that you specified in the ``GetSampledRequests`` request. However, if your AWS resource received more than 5,000 requests during the time range that you specified in the request, ``GetSampledRequests`` returns the time range for the first 5,000 requests. Times are in Coordinated Universal Time (UTC) format.

        
        

        - **StartTime** *(datetime) --* 

          The beginning of the time range from which you want ``GetSampledRequests`` to return a sample of the requests that your AWS resource received. You must specify the date and time in Coordinated Universal Time (UTC) format. UTC format includes the special designator, ``Z``. For example, ``"2016-09-27T14:50Z"``. You can specify any time range in the previous three hours.

          
        

        - **EndTime** *(datetime) --* 

          The end of the time range from which you want ``GetSampledRequests`` to return a sample of the requests that your AWS resource received. You must specify the date and time in Coordinated Universal Time (UTC) format. UTC format includes the special designator, ``Z``. For example, ``"2016-09-27T14:50Z"``. You can specify any time range in the previous three hours.

          
    
  
  **Exceptions**
  
  *   :py:class:`WAFRegional.Client.exceptions.WAFNonexistentItemException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFInternalErrorException`

  

  **Examples**

  The following example returns detailed information about 100 requests --a sample-- that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received between the time period 2016-09-27T15:50Z to 2016-09-27T15:50Z.
  ::

    response = client.get_sampled_requests(
        MaxItems=100,
        RuleId='WAFRule-1-Example',
        TimeWindow={
            'EndTime': datetime(2016, 9, 27, 15, 50, 0, 1, 271, 0),
            'StartTime': datetime(2016, 9, 27, 15, 50, 0, 1, 271, 0),
        },
        WebAclId='createwebacl-1472061481310',
    )
    
    print(response)

  
  Expected Output:
  ::

    {
        'PopulationSize': 50,
        'SampledRequests': [
            {
                'Action': 'BLOCK',
                'Request': {
                    'ClientIP': '192.0.2.44',
                    'Country': 'US',
                    'HTTPVersion': 'HTTP/1.1',
                    'Headers': [
                        {
                            'Name': 'User-Agent',
                            'Value': 'BadBot ',
                        },
                    ],
                    'Method': 'HEAD',
                },
                'Timestamp': datetime(2016, 9, 27, 14, 55, 0, 1, 271, 0),
                'Weight': 1,
            },
        ],
        'TimeWindow': {
            'EndTime': datetime(2016, 9, 27, 15, 50, 0, 1, 271, 0),
            'StartTime': datetime(2016, 9, 27, 14, 50, 0, 1, 271, 0),
        },
        'ResponseMetadata': {
            '...': '...',
        },
    }

  