The Dashboard page displays all incoming traffic and the actions executed in response to the different traffic events.

The user interface has three main sections:

1. Query specification

2. Timelines

3. Top Metrics

Note also that the Top Metrics section includes some tools for quickly building queries, often useful when investigating security events.

Query specification

Constructing a query

The controls at the top allow you to easily filter the display to show only the data you want. Initially, it asks you to supply a query.

Adding a query to the Search field and selecting the magnifying glass icon will display the results.

If the Search field is left empty, Reblaze will display all results that match the specified parameters in the date/time selection field.

Filter syntax

Queries consist of field names, operators, and arguments. Multiple filters can be combined (separating them with commas), and are evaluated with a logical AND. Some examples:

• Show blocked requests: blocked=true

• Show requests from the United States: country="United States"

• Show requests with status codes in the 200s: status>199,status<=299

• Show requests containing the string contentfilter in their reason for being blocked: reason~"contentfilter"

Copying a query

If you have constructed a query that you want to use for another purpose, select the "duplicate" icon next to the magnifying glass icon. A text string for the query will be copied to your clipboard.

Transferring a query to the Events Log

To transfer the current query to the Events Log, simply select the "Open Events Log" button on the upper right. (Note that in order for the query to transfer, it must have been run already.)

Working with the Dashboard charts

Data categories

Reblaze reports data according to several categories, summarized here:

For a full explanation of these categories and their relationships to each other, see this page: Traffic Reporting and Analytics.

Time scale

The charts display all data for the query's time period.

To adjust the time period shown in the charts, modify the query in the Search field or date/time control.

Showing data for points in time

Hovering the cursor over a chart will display the values at that point on the graph.

Quickly filtering data categories

You can filter the items being shown in a chart by selecting the data categories in the legend to enable/disable them.

Timelines

Passed vs. Blocked

This chart shows the traffic that was processed by Reblaze: requests which passed through to the upstream servers, and requests that were blocked. Hits are distributed by time and sorted into three different categories: Humans, Challenges, and Blocked.

Response Status

Counts the number of status codes in a certain time period.

HTTP Status response codes are divided into five categories:

• 1xx - Informational Response

• 2xx - Request Successful

• 3xx - Request For Redirection

• 4xx - Client Error

• 5xx - Server Error

For a detailed list of response codes, go here.

Unique Sessions and IPs

How many unique sessions and IP addresses were active at any given time.

Total Bandwidth (Bytes)

Total bandwidth for all proxies.

Requests Count

The number of network requests during a certain period of time.

Bandwidth (Bytes)

Bandwidth for the current proxy.

Latency

The time (in milliseconds) consumed by Reblaze's processing.

Top Metrics

The bottom part of the Dashboard displays traffic statistics according to a variety of "top" or "most frequent" metrics: the Top Applications, Top Countries, Top Targets, etc.

Each metric contains a list of entries. Where appropriate, entries representing blocked requests are shown in red.

In most of these lists, right-clicking on the entries will display a menu with options to copy the corresponding value to the clipboard, automatically rebuild the current query to show only (or exclude) that value, or show the Events Log with requests matching (or excluding) that value.

Most of the Top Metrics lists display their results according to the data categories described above (i.e., Hits, Humans, Bots, etc.)

Some of the lists include values for Down (the amount of traffic that originated from the upstream server towards the clients) and Up (the amount of traffic that originated from the client towards the upstream server).

Applications

Shows all protected sites for the current Reblaze deployment.

Countries

Shows incoming traffic sorted by country. Each country's flag is shown by its name.

Sources

Shows traffic data according to IP address. The ASN (autonomous system number) is included where appropriate.

Sessions

Shows the nature of user sessions. Sessions that pass Reblaze's bot mitigation challenge are identified as originating from humans, and are listed here according to the user's RBZ (Reblaze) cookie ID. Sessions that did not pass the challenge are shown with - for the ID.

Targets

Shows the URLs that were accessed the most frequently.

Blocked & Monitored

Shows the most common reasons why requests are being blocked or monitored during the time period.

Referers

Shows the referers that were extracted from the request headers.

Browsers

Shows all the user agents that initiated requests for the application(s).

Organizations

Shows all of the ASNs (Autonomous System Numbers) from which requests were sent. The ASN can identify individual entities, or larger networks: for example, a telecom provider or a cloud provider.

Total Time

Shows a list of URIs, with the total latency for each.

Reblaze Time

Shows a list of URIs, with the latency for each from Reblaze.

Origin Time

Shows a list of URIs, with the latency for each due to the upstream server.

Building queries while investigating security events

When security incidents occur, the investigator will frequently submit a succession of queries, often starting from a broad scope and then drilling down into a narrower focus while trying to discern the underlying cause.

Reblaze provides several tools in the Top Metrics section to make this process easier. The entries in each list can be right-clicked to display a popup menu, as shown below.

In this example, the admin is observing the Organizations list in the Top Metrics section, and has right-clicked on the top entry.

The options in the menu will do the following.

Copy Value to Clipboard: Copies the value of whatever was right-clicked to the clipboard. In the example above, this string would be copied: ASN4766 Korea Telecom.

Show Matching: Adds a filter parameter (for whatever was right-clicked) to the existing query in the Search field at the top of the page. Submitting the modified query will restrict the results to requests that match the field and value that was selected. In the example above, the following string would be added to the query: organization="ASN4766 Korea Telecom".

Hide Matching: Adds a filter parameter (for whatever was right-clicked) to the existing query in the Search field at the top of the page. Submitting the modified query will exclude requests that match the field and value that was selected. In the example above, the following string would be added to the query: organization!="ASN4766 Korea Telecom".

Events Log (Matching): The same as Show Matching, except that it opens the Events Log with the modified query.

Events Log (Other): The same as Hide Matching, except that it opens the Events Log with the modified query.