tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Cloud EdgeOne
    Documentation
    Download PDF

    How to use filter condition

    Last updated: 2024-10-18 11:43:55
    Download PDF
      EdgeOne data analysis supports two types of filtering conditions:
      1. Time filtering condition (required): View the data within the selected time range, for details, please refer to How to modify the query time range.
      2. Other filtering conditions: Customize the data filtering according to the filtering options supported by each page. The following is a detailed explanation of this part.

      Supported Operators

      Operator
      Description
      Equal
      Query data with the filter item equal to any specified value
      Does not equal
      Query data with the filter item not equal to any specified value
      Contain
      Query data with a field such as URL, Referer, and resource type containing a specified string (for example, query data with URL containing /example )
      Does not contain
      Query data with a field such as URL, Referer, and resource type not containing a specified string (for example, query data with URL not containing /example )
      Starts with
      Query data with a field such as URL, Referer, and resource type starting with a specified string
      Does not start with
      Query data with a field such as URL, Referer, and resource type not starting with a specified string
      Ends with
      Query data with a field such as URL, Referer, and resource type ending with a specified string
      Does not end with
      Query data with a field such as URL, Referer, and resource type not ending with a specified string

      Relationship between multiple filtering conditions

      The relationship between multiple filtering conditions is "And", and the relationship between multiple values within the same filtering condition is "Or".
      For example, adding filtering conditions Country/Region=Singapore; Thailand and Status Code=404 means querying data that meets the access from Singapore or Thailand clients and the edge response status code is 404.

      Supported Filtering Options

      Metric Analysis

      Site: EdgeOne site.
      Host: The host of the client request.
      Country/Region: The country or region where the client request comes from.
      Status Codes: The status codes used by EdgeOne for responding to the client.
      HTTP Protocol Version: The HTTP version used by the client request. Values include:
      HTTP/1.0
      HTTP/1.1
      HTTP/2.0
      HTTP/3.0 (QUIC protocol)
      WebSocket Over HTTP/1.1 (WebSocket protocol initiated by HTTP/1.1)
      ISP: The ISP where the client request comes from. Supports only the data of sites in the Chinese mainland availability zone.
      Province : The province where the client request comes from. Supports only the data of sites in the Chinese mainland availability zone.
      TLS Version: The TLS protocol version used by the client request. Values include:
      TLS 1.0
      TLS 1.1
      TLS 1.2
      TLS 1.3
      URL: The URL path (path) of the client request. Supports entering multiple values separated by semicolons, such as /example1;/example2.
      Referer: The referer of the client request. Supports entering multiple values separated by semicolons.
      Resource Type: The resource type requested by the client. Supports entering multiple values separated by semicolons, such as .txt;.jpg.
      Device Type: The device type used by the client request, parsed from the User-Agent in the HTTP request header. Values include:
      TV: televisions
      Tablet: tablet computer
      Mobile: mobile phone
      Desktop: computer
      Other: others
      Empty: empty
      Browser Type: The browser type used by the client request. Values include:
      Firefox
      Chrome
      Safari
      Opera
      QQBrowser
      LBBrowser
      MaxthonBrowser
      SouGouBrowser
      BIDUBrowser
      TaoBrowser
      UBrowser
      IE
      Microsoft Edge
      Bot
      Empty
      Other
      System Type: The operating system type used by the client request. Values include:
      Empty
      Android
      IOS
      MacOS
      Linux
      Windows
      ChromiumOS
      NetBSD
      Bot
      Other
      IP Version: The IP address version used by the client request. Values include:
      IPv4
      IPv6
      HTTP/HTTPS: The HTTP protocol type used by the client request. Values include:
      HTTP
      HTTPS
      Cache Status: The cache status for the client request. Values include:
      hit: The request hits the EdgeOne node cache, and the resource is provided by the node cache. Resources that partially hit the cache are also recorded as hit.
      miss: The request does not hit the EdgeOne node cache, and the resource is provided by the origin server.
      dynamic: The resource requested cannot be cached or is not configured to be cached by the node. The resource is provided by the origin server.
      other: Unrecognizable cache status. Requests responded to by edge functions are recorded as other.
      L4 Proxy Forwarding Rules: The specific forwarding rules for the L4 proxy instance.
      L4 Proxy Instance: The name of the L4 proxy instance.
      DNS Return Code: The DNS resolution response status code. Values include:
      NOError: Successful response with no errors.
      NXDomain: Non-existent record.
      NotImp: Not implemented. The DNS server does not support the request query type. For implemented request query types, see Record Type.
      Refused: Refused. The DNS server refuses to perform the specified operation due to policies.
      DNS Record: The DNS record type. For values, see Record Type.
      DNS Region: The continent where the client request comes from. Currently supports the following options:
      Asia
      Europe
      Africa
      Oceania
      America
      Applied Action: View only the requests that hit the security rules and apply the specified action (excluding release or exception rules). Values include:
      Monitor
      Rule ID: View only the request data that hits the specified Web protection rule ID.
      Request Path: View only the request data for accessing the specified request path.
      Client IP: View only the request data from the specified client IP. Supports entering multiple values separated by carriage returns when the operator is Equal or Does not equal.
      Anti-DDoS Instance: View the data of the specified Anti-DDoS (Enterprise) instance.
      EdgeOne Shield Space: View the data of the specified EdgeOne Shield space.
      Note
      When the metrics L7 Access Traffic and L7 Access Requests are selected, the filtering options including L4 Proxy Forwarding Rules, L4 Proxy Instance, DNS Return Code, DNS Record, DNS Region, Applied Action, Rule ID,Anti-DDoS Instance, and EdgeOne Shield Space are not supported.
      When the metric L7 Access Bandwidth is selected, only the filtering options including Country/Region, Host, HTTP/HTTPS, and HTTP Protocol Version are supported.

      Web Security Analysis

      Supports filtering based on request features, rule features, various detailed Web protection rules, and Bot management policy features. The specific filtering options are described as follows:
      Site: EdgeOne site.
      Client IP: View only the request data from the specified client IP. Supports entering multiple values separated by carriage returns.
      Client IP Region: The client IP comes from the specified country or region.
      Client IP (prioritizing XFF header): View only the request data from the specified client IP (prioritizing XFF header). Supports entering multiple values separated by carriage returns.
      Client IP Region (prioritizing XFF header): The client IP (prioritizing XFF header) comes from the specified country or region.
      User-Agent: The User-Agent header information carried in the client request. Supports entering multiple values separated by carriage returns.
      Request URL: The URL in the client request (excluding Host and only including the request path and query parameters). Supports entering multiple values separated by carriage returns.
      Hostname: The host of the client request. Supports entering multiple values separated by carriage returns.
      Referer: The referer carried in the client request. Supports entering multiple values separated by carriage returns.
      Applied Action: The final disposal result of the request by the Web protection module. For details, see Action.
      Request Path (Path): The URL path of the client request (HTTP request path, excluding Host and query parameters). Supports entering multiple values separated by carriage returns.
      Request JA3 Fingerprint: JA3 fingerprint calculated based on the relevant parameters for the TLS handshake request of the client. Only supports the data of the domain names with Bot Management enabled.
      Request Method (Method): The HTTP method of the client request.
      Request ID: Unique identifier of a request, that is, the Request ID of the default block page, {{ EO_REQ_ID }} of the custom response page, EO-LOG-UUID in the EdgeOne default response header , and RequestID in the L7 access logs.
      Rule Category: View only the request data that hits the specified category of Web protection rules.
      Rule ID: View only the request data that hits the specified Web protection rule ID.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy