Timeseries Visualization
Last updated
Last updated
When the Timeseries visualization type is chosen, the Total Events section below represents a graph with a sequence of vertical bars collected over the same periods of time (where the time interval for each column is defined by the Time Range option in the top right corner of the Logs panel).
For now, this visualization type is available for Delivery events only. It will be expanded to cover other event types in the upcoming releases.
To get more space for investigating this graph, use the Options > Service Time switch in the top right corner to conceal the upper plot.
This data representation mode provides extended capabilities for intricate data analysis by means of advanced grouping options that appear under the visualization selection row upon choosing this display type.
There are 2 types of data management controls here:
Group into - defines the entity by which the data should be grouped (currently, only the fields selection is available here; advancement is coming soon)
Show - grouping parameters of the following structure:
Count unique - an expandable list, with the ability to choose an item or attribute that will be tallied uniquely within the given data set:
client_ip - to count unique IPs the requests came from
client_city - to count specific locations the requests came from
client_country_code - to count distinct countries the requests came from
cache_status - to count particular requests’ cache statuses (TCP_HIT, TCP_MISS, CONFIG_NOCACHE, etc)
client_as_org - to count unique networks or organizations the requests came from
client_isp - to count unique Internet Service Providers the requests came from
user_agent - to count unique User-Agent request headers
host - to count unique requested application hostnames
method - to count request methods (GET, POST, HEAD, etc)
path - to count requested application assets
pop - to count ADN/CDN points of presence the requests were delivered from
by - defines the parameter for grouping the events sorted upon the Count unique condition; the given list of options includes all the items mentioned above plus a set of additional ones as follows:
client_asn - to group requests by the network’s or organization’s Autonomous System Number (ASN)
status_code - to group requests by the request status code (200, 201, 202, etc)
waf_audit_alert - to group requests by true/false value of the boolean that indicates triggering of the WAF Audit mode alert
waf_prod_action - to group requests by true/false value of the boolean that indicates triggering of the WAF Block mode alert for production profiles
waf_prod_alert - to group requests by true/false value of the boolean that indicates triggering of the WAF Audit mode alert for production profiles
rl_alert - to group requests by true/false value of the boolean that indicates triggering of the Rare Limiting alert
You can add as many additional by parameters as you need to.
Also, by using a separate limit to control on the right, you can define the number of groups to display - either top 10, top 20, or top 50 - ranged based on the number of included results.
After applying all desired grouping filters, data within the graph columns is aggregated accordingly. Each group within a column is represented by a distinct color, with a corresponding color legend listed below the graph for clarity.
Hover over any of the colored groups within a column to view information about its label (i.e. the last by parameter value) and the number of records included based on your set grouping filters. Additionally, hovering over a particular color block within the legend will highlight all the corresponding color sections on the graph.
