How to use filter condition
EdgeOne data analysis supports two types of filtering conditions:
1. Time filtering condition (required): View the data within the selected time range, for details, please refer to How to modify the query time range.
2. Other filtering conditions: Customize the data filtering according to the filtering options supported by each metric. The following is a detailed explanation of this part.
Supported Filtering Options
Analytics
Filter Option Name | API Parameter Name | Description | Example Value/Enumeration Value | Applicable to Metric List |
Site | ZoneId | EdgeOne site. | zone-3eoo0chifzcs | All metrics |
Content identifier | ZoneId | eocontent-3edho0x9tmea | L7 client traffic, L7 client bandwidth, L7 client requests | |
Host | domain | Client-requested Host. When the domain is onboarded via a wildcard, the recorded value is the wildcard domain itself, not the specific subdomain. | www.example.com or *.example.com | |
Country/Region | country | Country or region from which the client request originates, following the ISO 3166-1 alpha-2 standard. | CN | L7 client traffic, L7 client bandwidth, L7 client requests, L7 response time |
Status codes | statusCode | HTTP status code returned by EdgeOne to the client. Data for up to the last 30 days can be queried. | 1XX : 1xx status codes;2XX : 2xx status codes;3XX : 3xx status codes;4XX : 4xx status codes;5XX : 5xx status codes;Integers within the range [0,600). | L7 client traffic, L7 client bandwidth, L7 client requests |
HTTP protocol | protocol | HTTP version used by client request. | HTTP/1.0 HTTP/1.1 HTTP/2.0 HTTP/3 : HTTP/3.0 (QUIC protocol)WebSocket :WebSocket Over HTTP/1.1 | L7 client traffic, L7 client bandwidth, L7 client requests |
ISP | isp | ISP of the client IP. Only available for data from the mainland China service region. Data for up to the last 30 days can be queried. | 2 : CTCC;26 : CUCC;1046 : CMCC;3947 : China Tietong;38 : China Education Network;43 : Great Wall Broadband;0 : Other ISP. | L7 client traffic, L7 client bandwidth, L7 client requests, L7 response time |
Province | province | Province of the client IP. Only available for data from the mainland China service region. Data for up to the last 30 days can be queried. | L7 client traffic, L7 client bandwidth, L7 client requests, L7 response time | |
TLS version | tlsVersion | TLS protocol version used by client request. Data for up to the last 30 days can be queried. | TLS1.0 TLS1.1 TLS1.2 TLS1.3 | L7 client traffic, L7 client bandwidth, L7 client requests |
URL path | url | The URL path of the client request, excluding query parameters. Data for up to the last 30 days can be queried. | /content or /content/test.jpg | L7 client traffic, L7 client bandwidth, L7 client requests |
Referer | referer | Referer header value of client request, excluding query parameters. Data for up to the last 30 days can be queried. | http://www.example.com/ | L7 client traffic, L7 client bandwidth, L7 client requests |
Resource type | resourceType | Resource type of client request, i.e. the suffix of requested file. Data for up to the last 30 days can be queried. | .txt or .jpg | L7 client traffic, L7 client bandwidth, L7 client requests |
Device type | deviceType | The device type of client requests, extracted and categorized from User-Agent . Data for up to the last 30 days can be queried. | TV : TVTablet : TabletMobile : Mobile phoneDesktop : ComputerOther : Other | L7 client traffic, L7 client bandwidth, L7 client requests |
Browser type | browserType | The browser type of client requests, extracted and categorized from User-Agent . Data for up to the last 30 days can be queried. | Firefox : Firefox browser;Chrome : Chrome browser;Safari : Safari browser;Other : Other browser types;Bot : search engine crawler;MicrosoftEdge : Microsoft Edge browser;IE : IE browser;Opera : Opera browser;QQBrowser : QQ browser;LBBrowser : LB browser;MaxthonBrowser : Maxthon browser;SouGouBrowser : Sogou browser;BIDUBrowser : Baidu browser;TaoBrowser : Tao browser;UBrowser : UC Browser. | L7 client traffic, L7 client bandwidth, L7 client requests |
Client operating system | operatingSystemType | The operating system type used by client requests, extracted and categorized from User-Agent . Data for up to the last 30 days can be queried. | Linux : Linux operating system;MacOS : MacOS operating system;Android : Android operating system;IOS : IOS operating system;Windows : Windows operating system;NetBSD :NetBSD;ChromiumOS :ChromiumOS;Bot : search engine crawler;Other : other types of operating systems; | L7 client traffic, L7 client bandwidth, L7 client requests |
IP version | ipVersion | IP address version of client requests. Data for up to the last 30 days can be queried. | 4 :IPv4;6 :IPv6. | L7 client traffic, L7 client bandwidth, L7 client requests, L7 response time |
HTTP/HTTPS | socket | HTTP protocol type used by client request. | HTTP HTTPS | L7 client traffic, L7 client bandwidth, L7 client requests, L7 response time |
Cache status | cacheType | Cache status of client request. | hit : The request hits EdgeOne node cache, and resources are provided by node cache. A partial cache hit for resources is also recorded as a hit.miss : The request does not hit EdgeOne node cache, and resources are provided by the origin server.dynamic : The requested resources cannot be cached/unconfigured to be cached by the node, and resources are provided by the origin server.other : Unrecognizable cache status. Requests responded by Edge Functions will be recorded as other. | L7 client traffic, L7 client bandwidth, L7 client requests |
Mitigated by EdgeOne Web Security or not | mitigatedByWebSecurity | Indicates whether the request was mitigated by the EdgeOne Web Security module. Any action of "deny" or "challenge" is regarded as mitigated. | yes : Requests that have been blocked or challenged by the EdgeOne Web Security module, excluding requests that did not match any security rules and those whose final action was "Monitor" or "Allow".no : Requests that, after passing through protection, are ultimately served by EdgeOne or the origin server. | L7 client traffic, L7 client bandwidth, L7 client requests |
Client IP | clientIp | Client IP address. Data for up to the last 30 days can be queried. Supports multiple inputs when the operator is equal/not equal. | 1.1.1.1 | L7 client traffic, L7 client bandwidth, L7 client requests, L7 security policy hits |
User-Agent | userAgent | User-Agent header value of client request. Data for up to the last 30 days can be queried. | Mozilla/5.0 (Windows; U; Windows NT 5.2; sk; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15 | L7 client traffic, L7 client bandwidth, L7 client requests |
Layer 4 proxy forwarding rules | ruleId | Layer 4 proxy instance forwarding rule. | rule-3ddvs7nn3xap | |
Layer 4 proxy instance | proxyId | Layer 4 proxy instance. | sid-3ddun6tk0l9k | |
Edge Function name | - | Unique identifier of the EdgeOne Edge Function instance. | test1-zone-3e25s02xxbxe-1257620286 | |
Edge Function execution result | - | Edge Function execution result. | Successed. Failed. | |
DNS return code | - | DNS response status code. | NOError : No error, successful response.NXDomain : Non-existent record.NotImp : Unrealized, the DNS server does not support the requested query type. For supported query types, see DNS record type introduction.Refused : Deny execution. The DNS server denies the specified operation due to policy. | DNS resolution count |
DNS record | - | DNS record type. | DNS resolution count | |
DNS region | - | Continent from which the client request originates. | Asia Europe Africa Oceania Americas | DNS resolution count |
Applied action | - | The action taken on the request by the Web Security rule. | Monitor | L7 security policy hits |
Rule ID | - | Web Security rule ID that the request matched. | 2186065971 | L7 security policy hits |
DDoS protection instance | - | DDoS protection instance. | | |
EdgeOne Shield space | - | EdgeOne Shield space. | |
Web Security Analysis
Supports filtering based on request features, rule features, various detailed Web protection rules, and Bot management policy features. The specific filtering options are described as follows:
Site: EdgeOne site.
Client IP: View only the request data from the specified client IP. Supports entering multiple values separated by carriage returns.
Client IP Region: The client IP comes from the specified country or region.
Client IP (prioritizing XFF header): View only the request data from the specified client IP (prioritizing XFF header). Supports entering multiple values separated by carriage returns.
Client IP Region (prioritizing XFF header): The client IP (prioritizing XFF header) comes from the specified country or region.
User-Agent: The User-Agent header information carried in the client request. Supports entering multiple values separated by carriage returns.
Request URL: The URL in the client request (excluding Host and only including the request path and query parameters). Supports entering multiple values separated by carriage returns.
Hostname: The host of the client request. Supports entering multiple values separated by carriage returns.
Referer: The referer carried in the client request. Supports entering multiple values separated by carriage returns.
Applied Action: The final disposal result of the request by the Web protection module. For details, see Action.The disposition result "Unknown" signifies that no predefined disposal methods have been executed. It serves solely as a fallback classification for data statistical processes and can be disregarded in routine analysis.
Request Path (Path): The URL path of the client request (HTTP request path, excluding Host and query parameters). Supports entering multiple values separated by carriage returns.
Request JA3 Fingerprint: JA3 fingerprint calculated based on the relevant parameters for the TLS handshake request of the client. Only supports the data of the domain names with Bot Management enabled.
Request Method (Method): The HTTP method of the client request.
Request ID: Unique identifier of a request, that is, the
Request ID
of the default block page, {{ EO_REQ_ID }}
of the custom response page, EO-LOG-UUID
in the EdgeOne default response header, and RequestID
in the L7 access logs.Rule Category: View only the request data that hits the specified category of Web protection rules.
Rule ID: View only the request data that hits the specified Web protection rule ID.
Relationship Between Multiple Filtering Conditions
The relationship between multiple filtering conditions is "And", and the relationship between multiple values within the same filtering condition is "Or".
For example, adding filtering conditions
Country/Region=Singapore; Thailand
and Status Code=404
means querying data that meets the access from Singapore or Thailand clients and the edge response status code is 404.Supported Operators
Operator | Description |
Equal | Query data with the filter item equal to any specified value |
Does not equal | Query data with the filter item not equal to any specified value |
Contain | Query data with a field such as URL, Referer, and resource type containing a specified string (for example, query data with URL containing /example ) |
Does not contain | Query data with a field such as URL, Referer, and resource type not containing a specified string (for example, query data with URL not containing /example ) |
Starts with | Query data with a field such as URL, Referer, and resource type starting with a specified string |
Does not start with | Query data with a field such as URL, Referer, and resource type not starting with a specified string |
Ends with | Query data with a field such as URL, Referer, and resource type ending with a specified string |
Does not end with | Query data with a field such as URL, Referer, and resource type not ending with a specified string |