--- title: Querying Cloudflare Network Firewall Intrusion Detection System (IDS) samples with GraphQL description: Query Network Firewall IDS samples via GraphQL. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/analytics/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Querying Cloudflare Network Firewall Intrusion Detection System (IDS) samples with GraphQL In this example, we are going to use the GraphQL Analytics API to query for IDS samples over a specified time period. The following API call will request IDS samples over a one hour period, and output the requested fields. Be sure to replace `` and ``[1](#user-content-fn-1) with your account tag and API credentials, and adjust the `datetime_geg` and `datetime_leq` values to your liking. ## API Call Terminal window ``` echo '{ "query": "query IDSActivity { viewer { accounts(filter: { accountTag: $accountTag }) { magicIDPSNetworkAnalyticsAdaptiveGroups( filter: $filter limit: 10 ) { sum { bits packets } dimensions { datetimeFiveMinutes } } } } }", "variables": { "accountTag": "", "filter": { "datetime_geq": "2023-06-20T11:00:00.000Z", "datetime_leq": "2023-06-20T12:00:00.000Z", "verdict": "drop", "outcome": "pass" } } }' | tr -d '\n' | curl --silent \ https://api.cloudflare.com/client/v4/graphql \ --header "Authorization: Bearer " \ --header "Accept: application/json" \ --header "Content-Type: application/json" \ --data @- ``` The returned values represent the total number of packets and bits that matched IDS rules during the five minute interval. The result will be in JSON (as requested), so piping the output to `jq` will make it easier to read, like in the following example: Terminal window ``` ... | curl --silent \ https://api.cloudflare.com/client/v4/graphql \ --header "Authorization: Bearer " \ --header "Accept: application/json" \ --header "Content-Type: application/json" \ --data @- | jq . #=> { #=> "data": { #=> "viewer": { #=> "accounts": [ #=> { #=> "magicIDPSNetworkAnalyticsAdaptiveGroups": [ #=> { #=> sum: { bits: 327680, packets: 16384 }, #=> dimensions: { #=> datetimeFiveMinute: '2021-05-12T22:00-00:00' #=> } #=> }, #=> { #=> sum: { bits: 360448, packets: 8192 }, #=> dimensions: { #=> datetimeFiveMinute: '2021-05-12T22:05-00:00' #=> } #=> }, #=> { #=> sum: { bits: 327680, packets: 8192 }, #=> dimensions: { #=> datetimeFiveMinute: '2021-05-12T22:05-00:00' #=> } #=> }, #=> { #=> sum: { bits: 360448, packets: 8192 }, #=> dimensions: { #=> datetimeFiveMinute: '2021-05-12T22:20-00:00' #=> } #=> }, #=> { #=> sum: { bits: 327680, packets: 8192 }, #=> dimensions: { #=> datetimeFiveMinute: '2021-05-12T22:20-00:00' #=> } #=> } #=> ] #=> } #=> ] #=> } #=> }, #=> "errors": null #=> } ``` ## Footnotes 1. Refer to [Configure an Analytics API token](https://developers.cloudflare.com/analytics/graphql-api/getting-started/authentication/api-token-auth/) for more information on configuration and permissions. [↩](#user-content-fnref-1) ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/analytics/","name":"Analytics"}},{"@type":"ListItem","position":3,"item":{"@id":"/analytics/graphql-api/","name":"GraphQL Analytics API"}},{"@type":"ListItem","position":4,"item":{"@id":"/analytics/graphql-api/tutorials/","name":"Tutorials"}},{"@type":"ListItem","position":5,"item":{"@id":"/analytics/graphql-api/tutorials/querying-network-firewall-ids-samples/","name":"Querying Cloudflare Network Firewall Intrusion Detection System (IDS) samples with GraphQL"}}]} ```