Add a filter
-
From the Select Dimension menu, choose a dimension by which to filter.
The dimension appears as a filter item accompanied by a menu and a Select Items box.
-
From the menu, select how you would like your box values to be treated by the filter (The selections available here will depend on which dimension you chose):
-
Match Any. The filter matches any of the values you specify. It’s equivalent to an ‘OR’ statement.
Example: If for the IP address you choose Match Any and specify1.1.1.1
,2.2.2.2
,3.3.3.3
, the query returns the requests that originate from any of the IP addresses. -
Match All. The filter matches all of the values you specify. It’s equivalent to an ‘AND’ statement.
Example: If for the Attack Type dimension you choose Match All and specifyBot
,WAF
,Custom
, the query returns the requests that had all three attack types triggered on them. -
Does Not Match Any. The filter excludes all of the values you specify. It’s equivalent to an ‘not(OR)’ statement.
Example: If for the Connecting AS Number dimension you choose Does Not Match Any and specify100
,200
,300
, the query returns the requests that didn’t originate from these three AS Numbers. -
Starts With Any. Filters on multiple “starts with” conditions to show content that begins with the characters you specify.
Example: If for the Hostname dimension you choose Starts With Any and specifym
,www
,qa
, the query returns the requests where the hostnames start with ‘m’, ‘www’, or ‘qa’. -
Does Not Start With Any. Filters on multiple “does not start with” conditions to exclude content that begins with the characters you specify.
Example: If for the Hostname dimension you choose Does Not Start With Any and specifym
,www
,qa
, the query returns the requests where the hostnames don’t start with ‘m’, ‘www’, or ‘qa’. -
Ends With Any. Filters on multiple “ends with” conditions to show content that ends with the characters you specify.
Example: If for the Hostname dimension you choose Ends With Any and specifycom
,security
,io
, the query returns the requests where the hostnames end with ‘com’, ‘security’, or ‘io’. -
Does Not End With Any. Filters on multiple “does not end with” conditions to exclude content that ends with the characters you specify.
Example: If for the Hostname dimension you choose Does Not End With Any and specifycom
,security
,io
, the query returns the requests where the hostnames don't end with ‘com’, ‘security’, or ‘io’. -
ContainsAny. The filter matches content that contains any of the match conditions.
Example: If for the Path dimension you choose Contains Any and specifypen
,book
,tablet
, the query returns the requests where the path contains any of the specified values. -
Does Not Contain Any. The filter matches content that doesn’t contain any of the match conditions.
Example: If for the Path dimension you choose Does Not Contain Any and specifypen
,book
,tablet
, the query returns the requests where the path doesn’t contain any of the specified values. -
Greater Than. If you are creating a filter with the reputation score dimension, this selection allows you to create filters that match scores that are greater than the values you enter.
-
Greater Than or Equal To. If you are creating a filter with the bot score dimension, this selection allows you to create filters that match scores that are greater or equal to the values you enter.
-
Less Than. If you are creating a filter with the reputation score dimension, this selection allows you to create filters that match scores that are less than the values you enter.
-
Less Than or Equal To. If you are creating a filter with the bot score dimension, this selection allows you to create filters that match scores that are less or equal to the values you enter.
-
If you use the Contains Any or Ends With Any operators, limit the time range to 24 hours at maximum.
-
If the selected dimension is either Path or Query, click
, to specify the case-sensitivity of the match condition.
If you select Case-Insensitive from the menu, limit the time range to 24 hours at maximum.
-
In the Select Items box, depending on the dimension you're working with, click in the box and choose an item from the resulting menu, or enter a value of your own choosing, as appropriate. For ease of use, you can copy and paste comma- or tab-delimited values in this box.
If you'd like to remove an entry, click the x at the its right-hand side. To remove all of a dimension's entries click X at the right-hand side of the Select Items box.
To remove a dimension and its entries, click X at the upper right-hand corner of the dimension's area. To clear all dimensions and their entries, click Clear All at the bottom of the filter area.
-
If you wish to add another dimension to the filter, click Add and repeat the above steps.
-
Using the Apply filter by slider, select Request or Rule, as desired. A request-based filter applies its conditions to the requests and all the related rules that triggered. Rule-based filters apply the conditions on a per-rule basis.
-
Click Apply. The filter appears in the filter area, and the display refreshes to present the filtered data.
Updated over 2 years ago