Real-Time Metrics
Real-Time Metrics is an Observe product that provides you with real-time access to metrics, through charts, so you can analyze the events of your applications and products configured on Azion. It also helps you optimize the use of Azion products and how your content is delivered.
By analyzing data through Real-Time Metrics, you can check and track the behavior of your applications in near real time. Real-Time Metrics gives you the opportunity to:
- Gain insights on the performance of your application.
- Examine the availability of your content.
- Quantify accesses and traffic to your content.
- See bandwidth savings.
- Find security threats in real time.
- Troubleshoot problems in real time.
- Compare your application’s data through different data intervals.
Real-Time Metrics fetches your data and metrics using Azion GraphQL API and generates charts based on its response. The maximum time for data aggregation to occur is 10 minutes.
You can combine your metrics analysis with Real-Time Events to further inspect your logs.
See the first steps for Real-Time Metrics.
Grafana plugin
Real-Time Metrics also has an Azion Grafana plugin integration available for local installation. With it, you can use Grafana’s interface to create dashboards and complement your metrics visualization.
Your dashboards can be created using GraphQL queries. You can use it to view and create:
- Top X metrics (such as IP addresses or blocked countries).
- Security metrics.
- Customized alerts.
- Specific status codes.
See how to:
Data storage
Azion stores your metrics’ events and logs for 2 years, but the new Real-Time Metrics provides data and metrics starting from October 15th, 2022.
If you want to view metrics for up to 2 years and before October 15th, 2022:
Use the Historical Real-Time MetricsData consideration
When comparing the data displayed on Real-Time Metrics and Azion Billing data, you may find differences. Real-Time Metrics focuses on performance, using an at-most-once approach, while Billing seeks precision, using an exactly-once approach. If you find such differences, you should consider Azion Billing data as the correct one.
On average, the difference between the two is smaller than 1%. See Azion Pricing and the Billing documentation for more information.
Product choice to view metrics
Real-Time Metrics allows you to analyze your applications’ metrics through several products, indicated by separate tabs according to their category. You can choose to visualize your metrics through the following categories:
- Build
- Secure
- Observe
After selecting the category you want, you can select a product to view metrics.
On the Build tab, you’ll find metrics related to:
- Edge Application
- Tiered Cache
- Edge Functions
- Image Processor
On the Secure tab, you’ll find metrics related to:
- WAF
- Edge DNS
- Bot Manager
On the Observe tab, you’ll find metrics related to:
- Data Stream
After selecting one of the category tabs and the product tab, you’ll see the available charts for that specific product according to the data on your account. If you select Data Stream, for example, you’ll see charts related to the streams configured in your account.
Some products, such as Edge Application, can also have subtabs, which separate different types of metrics for the same product. Each set of charts composes a dashboard. Find out more about each tab, subtab, and charts in the Metrics’ monitoring with charts section.
You must subscribe and activate the following products to view their metrics:
-
Data Stream -
Edge Functions -
Edge DNS -
Image Processor -
Tiered Cache
Data interval
After you decide which product you’ll be analyzing, you need to configure a data interval to fetch data for your charts.
On Real-Time Metrics’ screen, just before the section with the charts, you find the date interval filter, with two parts:
-
Time range: options to select the time period you want to use to exhibit data on your charts. By default, it comes with the Last Hour range selected, but you can choose between:
- Last Hour
- Last 24 Hours
- Last 7 Days
- Last 30 Days
- Last 6 Months
When you select Last Hour, Real-Time Metrics automatically refreshes your data every one minute.
- Date calendar: calendar field with the date and time of your chosen time range. When you select a time range, it automatically sets the begin and end dates. If you want to use a different time range, you need to manually set up the beginning and ending dates in the calendar fields.
The timezone used is the same as the one configured in your user preferences.
After you configure the Time range and Date calendar fields, your charts are refreshed to fetch the data related to the new configured data interval.
How to use Real-Time MetricsFilters
Real-Time Metrics allows you to filter your analysis, receiving specific fields and values. You can add a single or multiple filters depending on the analysis you want to conduct.
Go to add filters guideChart view
On the second section of Real-Time Metrics, after the configuration filters, you find all the available charts.
Each chart displays the following properties:
- Title: descriptive name for the graph.
- Type of chart: tag representing who created the chart and to whom it’s available for.
- Azion Chart: chart displayed by default by Azion’s servers.
- (?) Get help: tag that opens a Help Center article, which you can use to discover more about each chart and find a few tips and practical examples.
- Context menu: extra options of actions related to the chart.
- Copy Query: to copy the query of that specific chart to your clipboard.
- Export CSV: to download and export the points presented on that specific chart according to the data displayed.
- Show Mean Line/Hide Mean Line: to exhibit or stop exhibiting the average value of the chart. Each point of the chart is summed and divided by the total number of points, generating a mean for the data shown on that specific chart and time period.
- Description: a short text that explains what data that specific chart displays.
- Aggregator: type of aggregation being used in the query to generate the metrics on the chart. Either
Sum
orAvg
. - Variation tag: information shown on chart with only one series. It provides a percentage comparing the previous and current values of the chart in the corresponding time period. The tag shows a + if the current value is larger, a - if the previous value was larger, and no sign if the value is the same. Example: if you’re using the “Last hour” period and it’s 10:00, the chart shows data for the period from 9:00-10:00, and the feedback will show a comparison with the data from 8:00-9:00.
- Graph series: representation of data categories.
- Example: in a line graph that shows the number of requests over time, you can have several series, each one representing a different domain. Each series will have data points connected by a line to exhibit how the number of requests varied over time for each domain.
- Tooltip: information available by hovering the cursor over the graph series, which displays the value and the name of each series of that specific point in a descending order, according to the value. This feature isn’t available for viewports smaller than 540px.
- Time interval line: the x-axis of the graph, representing the time period line for the data on the graph.
- Legend: a list that reflects and describes series and data from the y-axis, based on the chart’s aggregation type. You can select and deselect each legend item to change the data displayed on the graph.
Legends can be displayed differently according to the type of chart and amount of series represented on it. They can appear on the bottom of the chart or on the right side, and the legend exhibits a maximum of 16 series per graph.
Metrics’ monitoring with charts
In the second section of Real-Time Metrics, right after the data interval filter, you find all the available charts for your account.
Even after you configure a data interval filter, you can still navigate through tabs and change the product you want to view metrics from. After you select a tab and, possibly, subtab, you can analyze your data for each chart.
Next, you can find detailed information about each tab and subtabs and about each of the charts available:
-
- WAF - Edge DNS - Bot Manager
Build
Edge Applications
The Edge Applications tab displays metrics related to the accesses of your edge applications configured in your account. You find four subtabs with different charts: Data Transferred, Requests, Status Codes, and Bandwidth Saving.
Data Transferred
Find out more about each chart:
Edge Cache
The Edge Cache graph represents how all information regarding your Edge Cache data is being accessed on Azion’s edge.
It provides a first layer of caching to the client content on Azion edges. The graph is divided into:
- Data Transferred Total: all data that was transferred in the process; value of Data Transferred In + Data Transferred Out.
END USER -> EDGE -> ORIGIN + ORIGIN -> EDGE -> END USER
- Data Transferred In: data transferred from the user to the edges, and from the edges to the client origin.
END USER -> EDGE -> ORIGIN
- Data Transferred Out: data transferred from the client origin to the edges, and from the edges to the user.
ORIGIN -> EDGE -> END USER
To use Edge Cache and analyze data on it, you must activate it in your account. See the Edge Cache documentation for more information.
In what unit does data appear on graphs?
Real-Time Metrics uses bytes to show your data. It automatically converts your data into megabytes (MB), gigabytes (GB), or terabytes (TB), for example, according to the amount of data available to make your visualization easier.
Edge Application In flow:
Edge Application Out flow:
Edge Applications flow:
If you have Tiered Cache enabled, your Edge Cache graph will exhibit:
- Edge Applications In: data transferred from the end user to the edges, and from the edges to the tiered cache layer.
- Edge Applications Out: data transferred from the tiered cache layer to the edges, and from the edges to the end user.
- Edge Applications: all data that was transferred in the process; value of Edge Applications In + Edge Applications Out.
Edge Offload
The Edge Offload graph shows the percentage of data delivered directly by the edge, without having to search for the content on the origin before delivering it.
END USER -> EDGE -> END USER
The higher the percentage of offloading, the better the efficiency of your applications regarding the use of cache policies to preserve infrastructure. Azion’s edge delivers the content from its cache, demanding less from your origin.
Practical example
Your application has 1 GB of data. If the graph shows your application had an average of 80% offload, this means 800 MB out of 1 GB were delivered directly by Azion’s edge.
In what unit does data appear on graphs?
Real-Time Metrics uses percentages to show your data on offload graphs. All data related to offloading reflects the average number of your applications’ access, and the graph then represents it with percentages (%).
Saved Data
The Saved Data graph shows the total sum of your edge application’s data that was delivered directly by Azion’s edge, without having to take the extra step of looking for the content on the origin.
Saved Data: content is delivered directly by the edge to the origin.
END USER -> EDGE -> END USER
A higher sum of saved data means your application is using cache policies on Azion’s edge more efficiently, demanding less from your origin during the period you’ve selected in the time range.
In what unit does data appear on graphs?
Real-Time Metrics uses bytes to show your data. It automatically converts your data into megabytes (MB), gigabytes (GB), or terabytes (TB), for example, according to the amount of data available to make your visualization easier.
Missed Data
The Missed Data graph shows the total sum of your edge application’s data when Azion’s edge had to look for the content on the origin and deliver it to the end user.
Missed Data: the edge looks for the content on the origin and then delivers it to the end user.
END USER -> EDGE -> ORIGIN -> EDGE -> END USER
When the content isn’t found on Azion’s cache, it’s necessary to take another step and look for it on the origin, and then deliver it to the end user.
In what unit does data appear on graphs?
Real-Time Metrics uses bytes to show your data. It automatically converts your data into megabytes (MB), gigabytes (GB), or terabytes (TB), for example, according to the amount of data available to make your visualization easier.
Total Bandwidth Usage
The Total Bandwidth Usage graph shows the total amount of bandwidth your application used during the period you’ve selected in the time range.
Bandwidth represents the amount of information being received every second. At Azion, it represents the content that was delivered by your application every second.
In what unit does data appear on graphs?
Real-Time Metrics uses bits and bytes per second on all graphs related to bandwidth data. It automatically converts your data into megabits per second (bit/s) or kilobytes per second (kB/s), for example, according to the amount of data available to make your visualization easier.
Bandwidth Offloaded
The Bandwidth Offloaded graph shows the percentage of bandwidth that was delivered directly by the edge, without having to search for the content on the origin before delivering it.
Bandwidth represents the amount of information being received every second. At Azion, it represents the content that was delivered by your application every second during the period you’ve selected in the time range.
The higher the percentage of offloading, the better the efficiency of your applications regarding the use of cache policies to preserve infrastructure. Azion’s edge delivers the content from its cache, demanding less from your origin.
In what unit does data appear on graphs?
Real-Time Metrics uses percentages to show your data on offload graphs. All data related to offloading reflects the average number of your applications’ access, and the graph then represents it with percentages (%).
Saved Bandwidth
The Saved Bandwidth graph shows how much bandwidth was delivered directly by Azion’s edge, without having to take the extra step of looking for the content on the origin.
Saved Bandwidth: content is delivered directly by the edge to the origin.
END USER -> EDGE -> END USER
A higher number of saved bandwidth means your application is using cache policies on Azion’s edge more efficiently, demanding less from your origin during the period you’ve selected in the time range.
In what unit does data appear on graphs?
Real-Time Metrics uses bits and bytes per second on all graphs related to bandwidth data. It automatically converts your data into megabits per second (bit/s) or kilobytes per second (kB/s), for example, according to the amount of data available to make your visualization easier.
Missed Bandwidth
The Missed Bandwidth graph shows how much bandwidth was delivered when Azion’s edge had to look for the content on the origin and deliver it to the end user.
Missed Bandwidth: the edge looks for the content on the origin and then delivers it to the end user.
END USER -> EDGE -> ORIGIN -> EDGE -> END USER
When the content isn’t found on Azion’s cache, it’s necessary to take another step and look for it on the origin, and then deliver it to the end user.
In what unit does data appear on graphs?
Real-Time Metrics uses bits and bytes per second on all graphs related to bandwidth data. It automatically converts your data into megabits per second (bit/s) or kilobytes per second (kB/s), for example, according to the amount of data available to make your visualization easier.
Requests
Find out more about each chart:
Total Requests
The Total Requests graph shows you the sum, the total amount of all types of requests that were processed on the edge application’s domain configured in your account.
Whenever the content of your application is accessed, one request is processed. The graph then shows all requests that occurred during the period you’ve selected in the time range.
1 access = 1 request
The graph is divided into:
- Http Requests Total: processed requests using the HTTP protocol.
- Edge Requests Total: all types of requests; value of http + https.
- Https Requests Total: processed requests using the HTTPS protocol, which uses encryption and verification.
Requests Offloaded
The Requests Offloaded graph shows the percentage of requests that were delivered directly by the edge, without having to search for the content on the origin before delivering it.
END USER -> EDGE -> END USER
The higher the percentage of offloading, the better the efficiency of your applications regarding the use of cache policies to preserve infrastructure. Azion’s edge delivers the content from its cache, demanding less from your origin.
Practical example
Your application received 5 requests. If the graph shows your application had an average of 80% offload, this means 4 out of 5 requests were delivered directly by Azion’s edge.
In what unit does data appear on graphs?
Real-Time Metrics uses percentages to show your data on offload graphs. All data related to offloading reflects the average number of your applications’ access, and the graph then presents it as percentages (%).
Saved Requests
The Saved Requests graph shows the total sum of your edge application’s requests that were delivered directly by Azion’s edge, without having to take the extra step of looking for the content on the origin.
Whenever the content of your application is accessed, one request is processed. The graph then shows all requests that were saved during the period you’ve selected in the time range.
Saved Requests: content is delivered directly by the edge to the origin.
END USER -> EDGE -> END USER
A higher sum of saved requests means your application is using cache policies on Azion’s edge more efficiently, demanding less from your origin during the period you’ve selected in the time range.
Missed Requests
The Missed Requests graph shows the total sum of your edge application’s requests when Azion’s edge had to look for the content on the origin and deliver it to the end user.
Whenever the content of your application is accessed, one request is processed. The graph then shows all requests that were missed during the period you’ve selected in the time range.
Missed Requests: the edge looks for the content on the origin and then delivers it to the end user.
END USER -> EDGE -> ORIGIN -> EDGE -> END USER
When the content isn’t found on Azion’s cache, it’s necessary to take another step and look for it on the origin, and then deliver it to the end user. The entire process counts as 1 request.
Total Requests per Second
The Total Requests per Second graph shows you the average of requests per seconds that were processed on the edge application’s domain configured in your account.
Whenever the content of your application is accessed, one request is processed. The graph then shows the average of all requests that occurred per second during the period you’ve selected in the time range.
In what unit does data appear on graphs?
Real-Time Metrics uses averages of requests/second to show your data. Example: 0.026/s
Requests per Second Offloaded
The Requests per Second Offloaded graph shows the percentage of requests per second that were delivered directly by the edge, without having to search for the content on the origin before delivering it.
END USER -> EDGE -> ORIGIN
The higher the percentage of offloading, the better the efficiency of your applications regarding the use of cache policies to preserve infrastructure. Azion’s edge delivers the content from its cache, demanding less from your origin.
Practical example
Your application received 5 requests in 1 second. If the graph shows your application had an average of 80% offload, this means 4 out of 5 requests in that second were delivered directly by Azion’s edge.
In what unit does data appear on graphs?
Real-Time Metrics uses percentages to show your data on offload graphs. All data related to offloading reflects the average number of your applications’ access, and the graph then represents it with percentages (%).
Saved Requests per Second
The Saved Requests per Second graph shows the average of your edge application’s requests per second that were delivered directly by Azion’s edge, without having to take the extra step of looking for the content on the origin.
Whenever the content of your application is accessed, one request is processed. The graph then shows the average of all requests that were saved per second during the period you’ve selected in the time range.
Saved Requests: content is delivered directly by the edge to the origin.
END USER -> EDGE -> END USER
A higher average of saved requests per second means your application is using cache policies on Azion’s edge more efficiently, demanding less from your origin during the period you’ve selected in the time range.
In what unit does data appear on graphs?
Real-Time Metrics uses averages of requests/second to show your data. Example: 0.026/s
Missed Requests per Second
The Missed Requests per Second graph shows the average of your edge application’s requests per second when Azion’s edge had to look for the content on the origin and deliver it to the end user.
Whenever the content of your application is accessed, one request is processed. The graph then shows the average of all requests that were missed per second during the period you’ve selected in the time range.
Missed Requests: the edge looks for the content on the origin and then delivers it to the end user.
END USER -> EDGE -> ORIGIN -> EDGE -> END USER
When the content isn’t found on Azion’s cache, it’s necessary to take another step and look for it on the origin, and then deliver it to the end user.
In what unit does data appear on graphs?
Real-Time Metrics uses averages of requests/second to show your data. Example: 0.026/s
Requests by Method
The Requests by Method graph shows the sum of HTTP methods that were used in the requests made to your domain. At Azion, it indicates how the client interacted with the content on the domain associated with an edge application.
The graph is divided into:
- Requests Http Method Get: retrieves resources from the server.
- Requests Http Method Post: sends resources to the server.
- Requests Http Method Head: retrieves data about the resource but doesn’t return the content.
- Requests Http Method Others: all other request methods, such as PUT or PATCH, are gathered on this option.
Status Codes
Find out more about each chart:
HTTP Status Codes 2XX
Whenever a domain that’s associated with an Azion edge application receives a request, it also receives a specific status code according to the server’s response. The graph then shows the sum of total requests that received a status 2XX.
The 2XX status codes indicate successful requests on the server’s side. This means the request passed the stages of: received, understood, accepted, and processed by the server, and the end user is able to see your domain’s content.
The graph is divided into:
- Requests Status Code200: the content was delivered to the user correctly. Standard status for a successful HTTP request.
- Requests Status Code204: the server completed the request, but had no content to deliver.
- Requests Status Code206: the server delivered only a part of the content because it was divided into parts.
- Requests Status Code2xx: the server indicated other status of the 2XX type. They rarely occur, and are all gathered on this option.
HTTP Status Codes 3XX
Whenever a domain that’s associated with an Azion edge application receives a request, it also receives a specific status code according to the server’s response. The graph then shows the sum of total requests that received a status 3XX.
The 3XX status codes indicate redirection on the server’s side. This means the request wasn’t fully completed because the content was in another location, and it had to perform one more action to deliver your domain’s content.
The graph is divided into:
- Requests Status Code301: current and all future requests will be redirected to another URL.
- Requests Status Code302: this request was temporarily redirected to another URL.
- Requests Status Code304: the content header indicates that it hasn’t been modified and doesn’t need to be resent. It can deliver the existing file to the user’s browser.
- Requests Status Code3xx: the server indicated other status of the 3XX type. They rarely occur, and are all gathered on this option.
HTTP Status Codes 4XX
Whenever a domain that’s associated with an Azion edge application receives a request, it also receives a specific status code according to the server’s response. The graph then shows the sum of total requests that received a status 4XX.
The 4XX status codes indicate there was an error on the client’s side. This means the request couldn’t be completed by the server because it identified an error, likely due to the page being unavailable or the request containing bad syntax. Therefore, the server couldn’t deliver your domain’s content.
The graph is divided into:
- Requests Status Code400: the server can’t process the request. Generally occurs due to an error with the request format.
- Requests Status Code403: the request is valid, but wasn’t authorized by the server. This means that the user or the IP address that’s making the request isn’t authorized to do so.
- Requests Status Code404: the file that was requested doesn’t exist on the origin server.
- Requests Status Code4xx: the server indicated other status of the 4XX type. They rarely occur, and are all gathered on this option.
HTTP Status Codes 5XX
Whenever a domain that’s associated with an Azion edge application receives a request, it also receives a specific status code according to the server’s response. The graph then shows the sum of total requests that received a status 5XX.
The 5XX status codes indicate there was an error on the server’s side. This means that the request by the end user seemed to be valid, but for some reason the server couldn’t perform the request or encountered an error in the process. Your domain’s content still exists, it just couldn’t be delivered.
The graph is divided into:
- Requests Status Code500: generic message given when an unexpected error occurs on the server and it’s unable to handle the request.
- Requests Status Code502: when the server is acting as a Gateway or Proxy and receives an invalid response from the origin. Generally occurs when the origin server is offline.
- Requests Status Code503: server isn’t available. Generally a temporary status.
- Requests Status Code5xx: the server indicated other status of the 5XX type. They rarely occur, and are all gathered on this option.
Bandwidth Saving
Bandwidth Saving
The Bandwidth Saving graph shows you the sum of savings on all transmissions of images that were somehow processed and deliver by Image Processor.
The processing of images can be related to resizing, cropping, changing quality, or any other feature that Image Processor provides. If an image had any kind of treatment through Image Processor, the savings of those images in your domain are shown in the graph.
In what unit does data appear on graphs?
Real-Time Metrics uses bytes to show your data. It automatically converts your data into megabytes (MB), gigabytes (GB), or terabytes (TB), for example, according to the amount of data available to make your visualization easier.
Tiered Cache
The Tiered Cache tab displays metrics related to the data of your applications using Tiered Cache configured in your account.
Find out more about each chart:
Tiered Cache
The Tiered Cache graph represents how all information regarding your Tiered Cache data is being accessed on Azion’s edge.
Tiered Cache is a feature for Edge Application that adds an extra layer of cache between the edge and the client origin. The graph is divided into:
- Data Transferred Total: all data that was transferred in the process; value of Data Transferred In + Data Transferred Out.
EDGE -> TIERED CACHE -> ORIGIN + ORIGIN -> TIERED CACHE -> EDGE
- Data Transferred In: data transferred from the edges and through Tiered Cache until the client origin.
EDGE -> TIERED CACHE -> ORIGIN
- Data Transferred Out: data transferred from the client origin and through Tiered Cache to the edges.
ORIGIN -> TIERED CACHE -> EDGE
To use Tiered Cache and analyze data on it, you must activate it in your account. See the Tiered Cache documentation for more information.
In what unit does data appear on graphs?
Real-Time Metrics uses bytes to show your data. It automatically converts your data into megabytes (MB), gigabytes (GB), or terabytes (TB), for example, according to the amount of data available to make your visualization easier.
Tiered Cache flow:
Tiered Cache In flow:
Tiered Cache Out flow:
Tiered Cache Offload
The Tiered Cache Offload graph shows you the percentage of data delivered through Tiered Cache, without having to search for the content on the origin before delivering it.
EDGE -> TIERED CACHE -> EDGE
The higher the percentage of offloading, the better the efficiency of your applications regarding the use of Tiered Cache policies to preserve infrastructure. Azion’s edge delivers the content from its cache, demanding less from your origin.
Practical example
Your application has 1 GB of data. If the graph shows your application had an average of 80% offload, this means 800 MB out of 1 GB were delivered through Tiered Cache.
In what unit does data appear on graphs?
Real-Time Metrics uses percentages to show your data on offload graphs. All data related to offloading reflects the average number of your applications’ access, and the graph then represents it with percentages (%).
Edge Functions
The Edge Functions tab displays metrics related to the invocations of the edge functions configured in your account.
Find out more about the chart:
Total Invocations
The Total Invocations graph shows you the sum of all occasions in which your edge functions were called.
The graph is divided into:
- Edge Firewall Invocations: total amount of executed edge functions associated to a firewall.
- Edge Application Invocations: total amount of executed edge functions associated to an application.
Whenever one of your configured edge functions is executed, one invocation is calculated.
Find out more on how to build applications with Edge Functions.
Image Processor
The Image Processor tab displays metrics related to the requests made to your images processed through Image Processor configured in your account.
Find out more about each chart:
Total Requests
The Total Requests graph shows you the sum of all requests related to a content that has images processed by Image Processor.
The processing of images can be related to resizing, cropping, changing quality, or any other feature that Image Processor provides.
If an image had any kind of treatment through Image Processor, the requests to the image in the domain it’s configured on are shown in the graph.
Total Requests per Second
The Total Requests per Second graph shows you the average of requests per second related to a content that has images processed by Image Processor.
The processing of images can be related to resizing, cropping, changing quality, or any other feature that Image Processor provides. If an image had any kind of treatment through Image Processor, the average of requests to the image in the domain it’s configured on that occurred per second during the period you’ve selected are shown in the graph.
In what unit does data appear on graphs?
Real-Time Metrics uses averages of requests/second to show your data. Example: 0.026/s
Secure
WAF
The WAF tab displays metrics related to threats protected by WAF in your account.
Find out more about each chart:
Threats vs Requests
The Threats vs Requests graph shows you the sum of attacks and regular requests made to your domain that were processed by Web Application Firewall (WAF).
WAF analyzes the requests made to your domain associated with an edge application, detects, and blocks any threats it identifies as malicious activity.
The graph displays the total amount of requests and attacks that were processed, and divides it into:
- Waf Requests Blocked: requests that were identified as a malicious threat and were blocked.
- Waf Requests Threats: requests that were identified as possible threats but weren’t blocked.
- Waf Requests Allowed: normal requests that weren’t identified as a threat.
For a more detailed view on the threats occurring against your domains, see your logs through Real-Time Events.
Cross-Site scripting (XSS) Threats
The Cross-Site Scripting (XSS) Threats graph shows you the sum of XSS attacks type made against your domains.
An XSS threat injects client-side malicious scripts into pages viewed by your visitors, compromising your application and website’s security. WAF analyzes each request and, when it’s identified as a threat, blocks it.
Then, the graph displays all requests that were identified as XSS threats during the period you’ve selected in the time range.
For more details on how WAF analyzed the requests, see your logs through Real-Time Events.
Remote File Inclusion (RFI) Threats
The Remote File Inclusion (RFI) Threats graph shows you the sum of RFI attacks type made against your domains.
An RFI threat usually includes remote files or scripts to your domain, compromising your application and website’s security. WAF analyzes each request and, when it’s identified as a threat, blocks it.
Then, the graph displays all requests that were identified as RFI threats during the period you’ve selected in the time range.
For more details on how WAF analyzed the requests, see your logs through Real-Time Events.
SQL Injection Threats
The SQL Injection Threats graph shows you the sum of SQL Injection attacks type made against your domains.
An SQL injection threat injects a code to your domain seeking to view and attack data that they shouldn’t be able to access, compromising your application and website’s security. WAF analyzes each request, and when it’s identified as a threat, blocks it.
Then, the graph displays all requests that were identified as SQL injection threats during the period you’ve selected in the time range.
For more details on how WAF analyzed the requests, see your logs through Real-Time Events.
Other Threats
The Other Threats graph shows you the sum of all requests that WAF considered as a threat and didn’t fit in other specific categories, such as XSS or RFI threats.
WAF analyzes all requests made to your domains, and when it identifies one as a threat, blocks it. Then, the graph displays all requests that were identified as threats during the period you’ve selected in the time range.
For more details on how WAF analyzed the requests, see your logs through Real-Time Events.
Edge DNS
The Edge DNS tab displays metrics related to queries made to the DNS configured in your account.
Find out more about the chart:
The Total Queries graph shows you the total amount of queries received by your DNS configured on Edge DNS.
By using Edge DNS, your domains are hosted and managed on Azion. Then, whenever a query is made to your DNS during the period you’ve selected in the time range, the graph displays it.
Bot Manager
The Bot Manager tab displays metrics related to Bot Manager activity. It has two sections: Overview and Breakdown.
Find out more about each chart:
Overview
Bad Bot Hits
The Bad Bot Hits graph shows the total number of requests identified as bad bots within the defined period.
Azion Bot Manager analyzes incoming requests and gives them a score. If the score is equal to or greater than the predetermined threshold you set when configuring Bot Manager, the request is considered a bad bot, and the defined action is executed. Otherwise, the request is processed.
Good Bot Hits
The Good Bot Hits graph shows the number of requests identified as good bots within the defined period.
Azion Bot Manager analyzes incoming requests and gives them a score. If the score is equal to or greater than the predetermined threshold you set when configuring Bot Manager, the request is considered a bad bot, and the defined action is executed. Otherwise, the request is processed normally. Good bots are classified as allowed traffic, and their requests proceed as usual.
Bot Hits
The Bot Hits graph shows the total number of requests identified as bots within the defined period. A request is considered a bot when it exhibits non-human characteristics or behavior, including abnormal patterns, missing or unusual request headers, suspicious user-agent strings, requests from IP addresses with a history of malicious activity, failing challenges such as CAPTCHAs, or automation tools.
In this context, bots can be either good or bad. Good bots, like search engine crawlers, are permitted. Bad bots, however, engage in harmful activities like scraping data, launching attacks, or overloading systems.
Azion Bot Manager analyzes incoming requests and gives them a score. If the score is equal to or greater than the predetermined threshold you set when configuring Bot Manager, the request is considered a bad bot, and the defined action is executed. Otherwise, the request is processed.
Transactions
The Transactions graph shows a sum referring to the total number of requests evaluated by Azion Bot Manager.
Bot Traffic
The Bot Traffic graph shows the evolution of bot traffic over time. It presents historical data by identifying the traffic into:
- Legitimate: the request wasn’t identified as an attack and there’s enough data to ensure it isn’t an attack, being considered legitimate and human traffic.
- Bad Bot: the request reached the score threshold or it was identified as an attack.
- Good Bot: the request wasn’t identified as an attack and matched any of the commonly used good bots, such as search engines.
- Under Evaluation: the request wasn’t identified as a bot, but there isn’t enough data to ensure it isn’t an attack, being considered suspicious access.
It helps to identify periods of suspicious activity and allows you to detect patterns and anomalies. By hovering over the lines in the graph, a card will appear with more detailed information about the date, time, and the number of bots in each category.
Top Bot Action
The Top Bot Action graph shows the actions performed by Azion Bot Manager for accesses identified as bots.
These actions could be:
- Allow: allowed the continuation of the request. If the score is less than the predetermined threshold, the request is processed, being
allow
the default action. - Deny: delivered a standard Status Code 403 response.
- Drop: terminated the request without a response to the user.
- Redirect: allowed the request to be redirected to a new URL/location when the security threshold is reached, including CAPTCHA challenges.
- Custom_html: delivered customized HTML content to the user in a threshold violation.
- Random_delay: made the function wait for a random period between 1 and 10 seconds before allowing the request to proceed.
- Hold_connection: held the request, keeping the connection open for 1 minute before dropping it.
Bot CAPTCHA line graph
The Bot CAPTCHA metric refers to the results of the challenge returned for requests classified as bots. This metric is presented in two graphics: a pie and a line graph.
In the case of the line graph, it displays the traffic identified as bots over time, being:
- Solved: if the challenge was solved. In this case, the bot completed the CAPTCHA challenge, providing the correct response and proceeding.
- Not Solved: if the challenge wasn’t solved or was solved incorrectly. In this case, the bot either failed to complete the challenge provided an incorrect response, or didn’t attempt to solve it, triggering the defined action for blocked or suspicious bots.
By hovering over the lines in the graph, a card will appear with more detailed information about the date and time, as well as the number of bots that either passed or failed the CAPTCHA.
Top Bot CAPTCHA Pie Graph
The Bot CAPTCHA metric refers to the results of the challenge returned for requests classified as bots. This metric is presented in two graphics: a pie and a line graph.
In the case of the pie graph, it displays the percentage of bots that either passed or failed the CAPTCHA, being:
- Solved: if the challenge was solved. In this case, the bot completed the CAPTCHA challenge, providing the correct response and proceeding.
- Not Solved: if the challenge wasn’t solved or was solved incorrectly. In this case, the bot either failed to complete the challenge provided an incorrect response, or didn’t attempt to solve it, triggering the defined action for blocked or suspicious bots.
It helps to adjust the difficulty or frequency of challenges to improve bot detection. It’s also useful for optimizing user experience and the effectiveness in bot mitigation.
Top Bot Classifications
The Top Bot Classifications graph shows you the sum of requests classified according to the tactics used and the purpose of the bots, including Crawling, Brute Force, Scraping, Bad Bot Signatures, Malicious Browser Behavior, Scripted Bots, Enterprise Bots, Reputation Intelligence, Monitoring Bots, and Malicious Intent Detected, among others.
Bot Activity Map
The Bot Activity Map displays the geographic origin of bot attacks.
Countries are color-coded based on the number of detected bot attacks:
- Red: more than 1,000,000 requests.
- Light red: between 100,000 and 1,000,000 requests.
- Orange: between 10,000 and 99,999 requests.
- Light orange: between 1,000 and 9,999 requests.
- Yellow: between 1 and 999 requests.
This information helps you identify regional patterns and implement geo-blocking and other region-specific mitigation strategies.
Breakdown
Impacted URLs
The Impacted URLs graph shows the total number of distinct URLs bots request.
Top Impacted URLs
The Top Impacted URLs graph shows the total number of requests detected as bots, broken down by the most affected URLs.
This allows you to identify which URLs are most frequently targeted by bots, empowering you to analyze patterns and define more protective measures.
Top Bad Bot IPs
The Top Bad Bot IPs graph shows the total number of requests detected as bad bots from different IP addresses, listing those with the highest activity.
You can use this data to:
- Identify IP addresses frequently used by bad bots to attack your site.
- Discover trends and patterns in bad bot activity.
- Block or limit traffic from risky IP addresses.
- Gain insights to respond quickly to bad bots attacks.
Observe
Data Stream
The Data Stream tab displays metrics related to the data and requests of the stream configured in your account.
Find out more about each chart:
Total Data Streamed
The Total Data Streamed graph shows you the total amount of data that was sent by the data streaming configured in your account.
Data Streaming sends your logs in packets. Once you have 2,000 records, every 60 seconds pass, or data reaches the max size you’ve defined, one packet is sent. The graph then shows the sum of all packets sent during the period you’ve selected in the time range.
In what unit does data appear on graphs?
Real-Time Metrics uses bytes to show your data. It automatically converts your data into megabytes (MB), gigabytes (GB), or terabytes (TB), for example, according to the amount of data available to make your visualization easier.
Total Requests
The Data Streaming Total Requests graph shows you the sum, the total amount of requests that were processed by the data streaming configured in your account.
Each request is made out of successful Data Streaming packets: when a packet with your logs is completed and sent, one request is created. Packets are created when you have 2,000 records, every 60 seconds pass, or data reaches the max size you’ve defined.
The graph shows the sum of all requests that occurred during the period you’ve selected in the time range.
Find out more about Data Streaming.
Limits
These are the default limits:
Scope | Limit |
---|---|
Log retention | 24 months |
UI queries | 120 requests per minute |
GraphQL API data transferred | 10,000 lines |
GraphQL API maximum fields | 35 fields |
GraphQL API maximum payload | 5 GB |
GraphQL API queries | 120 requests per minute |