1 of 20
2 of 20
3 of 20
4 of 20
5 of 20
6 of 20
7 of 20
8 of 20
9 of 20
10 of 20
11 of 20
12 of 20
13 of 20
14 of 20
15 of 20
16 of 20
17 of 20
18 of 20
19 of 20
20 of 20

Real-Time Events

Edit on GitHub

Real-Time Events is an Edge Analytics module that allows you to display data from your Azion Products and Services in real time. You can use Real-Time Events to perform complex searches and explore data from your Azion applications.

To access Real-Time Events, proceed as follows:

  1. Access the Real-Time Manager;
  2. Click on the Products menu on the top left corner;
  3. Select Real-Time Events in the Edge Analytics section.

You will see the following fields:

  1. Data Sources
  2. Time Filter
  3. Filter by
  4. Refresh

1. Data Sources

The first step to explore your data is choosing the Data Source, which represents the Azion product or service that generated the events.

When submitting a search, the Data Source represents the index from where you want to collect data.

Azion provides the following Data Sources:

Edge Applications

It displays the data from requests made to your Edge Applications at Azion.

Variables Description
$asn AS Number refers to Autonomous System Number Allocation which corresponds to a group of IP address networks managed by one or more network operators that have a clear and unique routing policy. Consulting the ASN Whois service for LACNIC, Azion’s ASN, for example, is AS52580. Choose the ASN type to represent a list of AS groups, filling in one address per line, with only the number without the prefix.
$bytes_sent Bytes sent to the user, including header and body.
$client_id Unique Azion customer identifier.
$geoloc_city_name The remote client city name, for example “Chicago”, ”Boston”. Geolocation detection by IP address.
$geoloc_country_name The remote client country name, for example “Russian Federation”, “United States”. Geolocation detection by IP address.
$geoloc_region_name The remote client region name, for example “California” , ”Florida”. Geolocation detection by IP address.
$host Host information sent on the request line; or HTTP header Host field.
$http_referrer Information from the last page the user was on before making the request.
$http_user_agent The identification of the application that made the request, for example: Mozilla/5.0 (Windows NT 10.0; Win64; x64).
$proxy_status HTTP Status Code of origin (”-” in case of cache).
$remote_address IP address of the request.
$remote_port Remote port of the request.
$request_length Request size, including request line, headers and body.
$request_method Request method; usually “GET” or “POST”.
$request_time Request processing time, with resolution in milliseconds.
$request_uri URI of the request made by the user, without the Host and Protocol information.
$scheme Request scheme “http” or “https”.
$sent_http_content_type “Content-Type” header sent in the origin’s response.
$server_protocol The protocol of the connection established, usually “HTTP/1.1” or “HTTP/2.0”.
$ssl_cipher Cipher string used to establish SSL connection.
$ssl_protocol The protocol for an established SSL connection, for example “TLS v1.2”.
$status The status code of the request, for example: 200.
$timestamp Request date and time, for example: “01 June, 2021, 12:21:19”.
$upstream_bytes_received Number of bytes received by the origin’s Edge, if the content is not cached.
$upstream_cache_status Status of the Edge cache. It can assume the values “MISS”, “BYPASS”, “EXPIRED”, “STALE”, “UPDATING”, “REVALIDATED” or “HIT”.
$upstream_response_time Time in milliseconds for Edge to receive all of the response from the origin, including headers and body (“-“ in case of cache).
$upstream_status HTTP Status Code of the origin (“-“ in case of cache).

Data Streaming

If you have contracted the Data Streaming product, this data source will display the event records of sending the data to your endpoints.

Variable Description
$client_id Unique Azion customer identifier.
$data_streamed Amount of bytes that was streamed in the streaming (attempt/sink/send).
$endpoint_type Endpoint type configured for sending data, such as: HTTP / HTTPS Post, Kafka, S3, etc.
$job_name Unique Azion identification for naming the type of streaming created (E.g.: Data Streaming HTTP, Data Streaming WAF).
$status_code The status code of the request, for example: 200.
$streamed_lines Total amount of lines sent to the selected endpoint.
$timestamp Date and time when the data is sent to the configured endpoint, for example: “01 June, 2021, 12:21:19”.
$url The URL where the client data was sent/sink.

Edge Pulse

If you are using the Azion Pulse in your Edge Applications, the Edge Pulse data source will display the performance data measured from the user’s browser (RUM).

Variable Description
$browser The UUID generated for the client browser used on the request.
$client_id Unique Azion customer identifier.
$contentdownload Time used to download the requested content.
$dns DNS resolution time.
$downlink It returns the average volume of data received (Mb/s).
$effectivetype The effective type of the connection (2g, 3g, 4g).
$locationhref It returns the complete URL of the current page.
$networkduration Duration without query browser waiting.
$pageloadtime Time from the start of navigation to the full page load.
$platform Operating system architecture (for example Linux x86_64, Iphone, etc).
$redirectcount It returns the number of redirects since the last navigation, without redirection in the context of the current navigation.
$referrer It returns the previous url to the current page. That is, the url by which the user arrived at “locationHref”. If the access originated directly from the current page (not through a link, but for example, through a bookmark), its value will be an empty string. It does not provide DOM access to the reference page.
$rendertime The amount of time it took to render the page.
$ssl Standard protocol used to maintain a secure traffic connection. If the requested url has secure connection, returns the time it took for authenticating.
$tcp Internet protocol that returns the data that makes up the page. The time it takes for the TCP handshake is the time between the connection start and connection end.
$timestamp Request date and time.
$ttfb Time until the arrival of the first byte of the requested page. Time To First Byte is the time between the start of the navigation and when the first byte of response data is received.
$type It returns the type of navigation without redirection. Indicates how the navigation to this page/script was done (E.g.: navigation, reload).
$typebackforward Type of navigation through the session history.
$typenavigate It returns the type of the last navigation without redirection, for example: by clicking on a link, entering the URL in the address bar or submitting a form.
$typereload Type of navigation for the reload operation, that is, when the page was reloaded.
$typereserved Any type of navigation not defined by those previously mentioned (typeNavigate, typeReload).
$userAgent It identifies the client UA browser.

WAF

If you have contracted the Web Application Firewall product, the WAF Events data source will display the requests analyzed by WAF to allow you to map the score assigned to the request, the WAF rules that matched, the reason for the block and more.

Variable Description
$attack_family It tells you the attack families, categories where our Web Application Firewall identifies the attack and classifies it according to the OWASP Top 10.
$blocked It informs whether the WAF blocked the action or not; 0 when not blocked and 1 when blocked. When in “Learning Mode”, it will not be blocked, regardless of the return.
$client_id Unique Azion customer identifier.
$geoloc_country_name Name of the remote client’s country, for example “Russian Federation”, “United States”.
Detection by IP address geolocation.
$host Host information sent on the request line; or Host field of the HTTP header.
$remote_address IP address of the request.
$server_protocol The protocol of the connection established, usually “HTTP/1.1” or “HTTP/2.0”.
$timestamp Request date and time.
$total_blocked It informs the total number of blocked requests.
$total_processed It informs the total number of processed requests.
$waf_action It reports WAF’s action regarding the action ($BLOCK, $PASS, $LEARNING_BLOCK, $LEARNING_PASS).
$waf_args The request arguments.
$waf_learning It informs if WAF is in learning mode, usually 0 or 1.
$waf_match List of infractions found in the request, it is formed by key-value elements; the key refers to the type of violation detected; the value shows the string that generated the infraction.
$waf_score It reports the score that will be increased in case of match.
$waf_server Hostname used in the request.
$waf_uri URI used in the request.

2. Time Filter

Real-Time Events keeps the events from the last 72 hours. The Time Filter allows you to refine the event search result, and is selected by default for Last 15 minutes, but you can change the scope of the search by selecting:

  • Last 15 minutes
  • Last 30 minutes
  • Last 1 hour
  • Last 3 hours
  • Last 6 hours
  • Last 12 hours
  • Last day
  • Last 2 days
  • Last 3 days

Note: Using the Custom field, you can also customize your search by selecting a time range during the last 72 hours.


3. Filter by

In the Filter by field, you can optionally filter your search results using a keyword or phrase.

When submitting a search with a blank Filter by field, you will get all existing records in the Data Origin, for the selected time filter.

The searches are restricted to a particular field, using the notation: key='value', such as status='200'. In this case, you will filter only the records which have these specified pair, value and key. As key, you can use any variable from the tables above, but note that each Data Source has its own list of variables.

You may search for more complex field compositions. Use the notations AND, OR and NOT in the search field to combine the fields, such as status='200' AND scheme='https'.

The Filter by field uses SQL language, therefore you must use “equals” (=) after the key and “single quotes” ( ‘ ) around values, for example: status='200'.

If you intend to search for a more generic value, you can use the “like” operator instead of “equals”, exactly like you use in SQL queries. The final query for this search can be host like '%mydomain%'.

Depending on the size of our data, the query limit may exceed, if this happens, please filter by a short time filter.


4. Refresh

The search always returns the results ordered by the time of the event, from the most recent to the oldest.

You can use the Refresh button to update the returned data, repeating the last search performed.


Didn’t find what you were looking for? Open a support ticket.