User Guide

Filter Building in the Traffic Viewer

Overview

The filter builder allows you to easily navigate records to find the specific traffic interactions that interest you. As stated in the using the traffic viewer article, the filter bar connects with each traffic view. There are many ways to build filters; some methods are dependent on if you are in a records or summary view.

traffic viewer filter bar

General Filter Usage

Regardless of the current traffic view type, you can write in filters directly to the filter bar.

Example Query

You can find an example query just above the filter bar to have an idea of how to model your query.

Filter Parameters

You can see the available search parameters by clicking on the info icon next to the example query.

Filter History

The filter history remembers the last twenty filter queries made during your current traffic viewer session.

Apply Filter

You can apply a filter by either clicking the ‘Apply’ button or by pressing enter.

Filter Errors

If a query is malformed, an error will appear below the bar to provide guidance for corrections.

traffic viewer filter error

Records View Filter Usage

All general filter usage principles apply to usage in the records view, along with a few additional features. You can access the options for any cell within the table by right clicking the cell value or by clicking the dropdown arrow that appears on cell hover.

traffic viewer records filter options

Add to Filter

You can add the cell value to the filter by selecting ‘Add to filter’ within the cell context menu. This action will take the cell value and header in the appropriate filter format and append it to your current filter. This action stays within it’s respective view; it does not trigger a new traffic view.

Replace Filter

You can replace your current filter entirely with a cell’s value by selecting “Replace filter” within the cell context menu. This action will clear the current filter and replace it with the cell value and header in the appropriate filter format. This action stays within it’s respective view; it does not trigger a new traffic view.

Summary View Filter Usage

Again, all general filter usage principles apply to usage in the summary view, with one additional feature.

traffic viewer summary show records

Show These Records

To see all records that are within a specific group, you can select the arrow at the end of the line to show all records within that group. This will create a new view with that grouping value and header appended to your current filter.

Filter Parameters

Bytes In (bytes_in)

Bytes received by the Webscale proxy, including the HTTP request line and headers.

Bytes Out (bytes_out)

Bytes sent out by the Webscale proxy, including the headers.

Completed (completed)

An ISO8601-formatted date at which a request processing was completed.

Country (country)

A two letter ISO 3166-2 country code for the location where a request originated.

Delivery Status (delivery_status)

Returns zero for normal traffic; when non-zero, the request was handled directly by the Webscale proxy. See the delivery status section below for more details.

Peer Address (peer_address)

The peer at the other end of a request connection.

Proxy Address (proxy_address)

The IP address of the proxy that handled a request.

Referrer (referrer)

The contents of the referrer request header within a request.

Request Address (request_address)

The remote IP address of the user agent that made a request.

Request Host (request_host)

The contents of the host HTTP header for a request.

Request Method (request_method)

The HTTP method for a request. Possible values are: GET, PATCH, POST, DELETE, PUT, etc.

Request Path (request_path)

The virtual path of a HTTP request. This is the latter portion of the request URL separated by backslashes after the main website name.

Request Port (request_port)

The port number on which a request was received.

Request Query (request_query)

The query parameters within a HTTP URL request located in the later sections of the request URL.

Request Scheme (request_scheme)

The scheme used to initialize the URI instance, for example, http, https, etc.

Request URL (request_url)

The entire string containing the host, scheme, path, and query parameters for a HTTP request.

Response Content Type (response_content_type)

The outgoing content-type header specified in a HTTP response.

Server Address (server_address)

The application server address used to fulfill a request.

Session ID (session_id)

The unique number that a server assigns a specific user for the duration of that session.

Status Code (status_code)

The response code given by a server that helps identify the status of a request or error.

TLS Cipher (tls_cipher)

The encryption algorithms for the transport layer security.

TLS Version (tls_version)

The highest version of the transport layer security protocol the client supports.

Useragent (useragent)

The contents of the user agent request header within a record.

Useragent Device (useragent_device)

The type of device used to make a request, for example, smartphone, desktop, etc.

Useragent Name (useragent_name)

The type of browser used to make a request, for example, Google Chrome, Safari, etc.

Useragent OS (useragent_os)

The type of operating system used to make a request, for example, Android, Mac, etc.

Web Controls (webcontrols)

A list of the web control ID’s that were applied to a logged request.

Delivery Status

All non-NULL values of the delivery status code indicate that the Webscale proxy server intercepted the request.

1: Request was rejected because the source ip address was in the blacklist.

2: Request was rejected due to activated WAF rule uploaded by the user.

3:  Request was rejected because it was sitting in the suspended queue for a time equal to or greater than maximum_queue_time.

4: Request was rejected because proxy could not process the request as the suspended queue was full.

5: Shield mode was turned on and the request was presented with the CAPTCHA page.

6: Shield mode was turned on and CAPTCHA page was validated successfully by the client.

7: Shield mode was turned on and unsuccessful attempt was made by the user to verify the CAPTCHA successfully.

8: Shield mode was turned on and an invalid token was presented by the client, request was presented with the CAPCHA page.

9: Request was denied by page control action “deny”.

10: Request was redirected by page control action “Redirect”.

11: Request had a mod_pagespeed_beacon.

12: Internal request.

13 : Request was satisfied by Amazon Cloudfront.

14: Request is satisfied by the proxy, that is, server address was null.