Overview
Menu

How to use filter condition

Currently, EdgeOne data analysis supports two types of filtering conditions:
1. Time filtering condition (required): View the data within the selected time range, for details, please refer to How to modify the query time range.
2. Other filtering conditions: Customize the data filtering according to the filtering options supported by each page. The following is a detailed explanation of this part.

Supported Operators

Operator
Description
Equal
Query data with the filter item equal to any specified value
Does not equal
Query data with the filter item not equal to any specified value
Contain
Query data with URL, Referer, and resource type containing the specified string (e.g., query URL contains /example data)
Does not contain
Query data with URL, Referer, and resource type not containing the specified string (e.g., query URL does not contain /example data)
Starts with
Query data with URL, Referer, and resource type prefix matching the specified string
Does not start with
Query data with URL, Referer, and resource type prefix not matching the specified string
Ends with
Query data with URL, Referer, and resource type suffix matching the specified string
Does not end with
Query data with URL, Referer, and resource type suffix not matching the specified string

Relationship between multiple filtering conditions

The relationship between multiple filtering conditions is "And", and the relationship between multiple values within the same filtering condition is "Or".
For example, adding filtering conditions Country/Region=Singapore; Thailand and Status Code=404 means querying data that meets the access from Singapore or Thailand clients and the edge response status code is 404.

Filtering options supported by different data analysis pages

Traffic Analysis

Site: Filter data belonging to different sites, support multiple selection, only available in multi-site aggregated data analysis.
Host: The host requested by the client, supports multiple selection, only available in single-site data analysis.
Country/Region: The country or region where the client request comes from, supports multiple selection.
Status Code: The status code of EdgeOne responding to the client, supports multiple selection, only available in single-site data analysis.
HTTP: The HTTP version used by the client request, supports multiple selection, values are:
HTTP/1.0
HTTP/1.1
HTTP/2.0
HTTP/3.0 (QUIC Protocol)
Websocket Over HTTP/1.1 (Websocket protocol initiated by HTTP/1.1)
TLS Version: The TLS protocol version used by the client request, supports multiple selection, only available in single-site data analysis. Values are:
TLS 1.0
TLS 1.1
TLS 1.2
TLS 1.3
URL: The URL path (path) requested by the client, only available in single-site data analysis. Supports entering multiple values, separated by semicolons. For example: /example1;/example2
Referer: The referer of the client request, only available in single-site data analysis. Supports entering multiple values, separated by semicolons.
Resource Types: The resource type requested by the client, only available in single-site data analysis. Supports entering multiple values, separated by semicolons. For example: .txt;.jpg
Device Type: The device type of the client request, derived from the User-Agent in the HTTP request header, supports multiple selection, only available in single-site data analysis. Values are:
TV
Tablet
Mobile
Desktop
Other
Empty
Browser: The browser type used by the client request, only available in single-site data analysis. Supports multiple selection.
System Type: The operating system type used by the client request, only available in single-site data analysis. Supports multiple selection.
IP Version: The IP address version used by the client request, only available in single-site data analysis. Values are:
IPv4
IPv6
HTTP/HTTPS: The HTTP protocol type used by the client request, values are:
HTTP
HTTPS
Province: The province where the client request comes from, only available in single-site data analysis. Only available for sites in the Chinese mainland.
Carrier: The carrier where the client request comes from, only available in single-site data analysis. Only available for sites in the Chinese mainland.
Note:
1. When the core indicator is selected as "Bandwidth Peak", only the "Country/Region", "Host", "HTTP/HTTPS", and "HTTP Version" filtering options are supported.
2. Different plans may support different filtering conditions, for details, please refer to Plan Comparison.

Cache Analysis

Site: Filter data belonging to different sites, support multiple selection, only available in multi-site aggregated data analysis.
Host: The host requested by the client, supports multiple selection, only available in single-site data analysis.
Cache Status: The cache status of the client request, only available in single-site data analysis. Values are:
Hit: The request hits the EdgeOne node cache, and the resource is provided by the node cache.
Miss: The request does not hit the EdgeOne node cache, and the resource is provided by the origin.
Dynamic: The requested resource cannot be cached/is not configured to be cached by the node, and the resource is provided by the origin.
Status Code: The status code of EdgeOne responding to the client, supports multiple selection.
URL: The URL path (path) requested by the client, only available in single-site data analysis. Supports entering multiple values, separated by semicolons. For example: /example1;/example2
Resource Type: The resource type requested by the client, only available in single-site data analysis. Supports entering multiple values, separated by semicolons. For example: .txt;.jpg

Security Analysis

Site Security Overview

Request Disposal Result: Only view requests that hit security rules and apply the corresponding action (excluding release or exception rules).
Request Path: Only view request data for specific request paths.
Rule ID: Only view request data that hits specific rules.
Client IP: Only view request data from a specific client IP.
Host: Only view request data for a specific domain service.

Web Security Analysis

Supports filtering based on request features, rule features, and detailed Web Protection rules and Bot management policies features. The description of the related filtering options for request features is as follows:
Client IP: Only view request data from a specific client IP, supports entering multiple values, separated by Enter.
Client IP (XFF Header Priority): Only view request data from a specific client IP, if the client accesses through a Web proxy, the first IP in the XFF header will be used for filtering. Supports entering multiple values, separated by Enter.
User Agent: The User Agent information carried in the client request, supports entering multiple values, separated by Enter.
URL: Only view request data for a specific URL (excluding Host, only including request path and query parameters), supports entering multiple values, separated by Enter.
Hostname: The host requested by the client, supports entering multiple values, separated by Enter.
Request Referer: The referer carried in the client request, supports entering multiple values, separated by Enter.
Applied action: Only view requests that hit specific security rules and apply the corresponding action, supports multiple selection. For detailed request disposal result descriptions, please refer to Web Protection action and Bot Management action.
Request Path: Only view request data for a specific path (HTTP request path, excluding Host and query parameters). Supports entering multiple values, separated by Enter.
Request JA3 Fingerprint: View request data matching a specific JA3 fingerprint.
Request Method: Only view request data using a specific HTTP Method to access the site, supports multiple selection.
Request ID: Only view specific requests (the request ID is the same as the request ID in the interception page and log, corresponding to a unique request).

DNS Resolution

Site: Filter data belonging to different sites, support multiple selection, only available in multi-site aggregated data analysis.
Subdomain: The host requested by the client, supports multiple selection, only available in single-site data analysis.
Record Type: DNS record type, for values please refer to Record Type.
Return Code: DNS resolution response status code. Values are:
NOError: No error, successful response
NXDomain: Non-existent record
NotImp: Not implemented, DNS server does not support the requested query type; implemented request query types refer to Record Type.
Refused: Refused, DNS server refuses to execute the specified operation due to policy.
Area: The continent where the client request comes from, currently supports the following options:
Asia
Europe
Africa
Oceania
America