Document toolboxDocument toolbox

Web tab

Owned by Juan Tomás Alonso Nieto (Deactivated)
Jul 06, 2022
4 min read

In this tab we analyze web traffic history, both human and bot, and check additional useful information such as type of source devices used, most visited URLs or amount of error codes. To do this, the app gets data from a table called web.all.access, which is a union table that unifies all the information of any type of web server log.

Using the time travel option at the top, it is possible to apply a time filter to the widgets in the tab in order to inspect activity at an earlier date. You can select a specific period or day using the time buttons and the calendar. Then select Apply interval and all widgets will be updated immediately.

Alternatively, you can select either a single day or a time period using the time travel filter controls. There are buttons for selecting recent periods or calendar controls to select specific dates.

Web traffic

This area includes a heat calendar that shows the history of web traffic over the last 12 months, a line chart representing human and bot traffic over the last 30 days, and a Voronoi diagram that shows a breakdown of web traffic classified by country, city, ISP and site over the last 7 days.

Error codes and bot traffic

These two widgets show the amount of each HTTPS 4xx status code over the las 7 days, and the bot traffic over the last 24 hours grouped by user agent.

Correlation of devices and operating systems & most visited URLs

The Sankey diagram shows a correlation of the different devices types used, including bots, and operating systems associated over the last 7 days. The table next to it lists the most visited URLs over the last 7 days.

Source traffic IP reputation and traffic from anonymous sources

The world map shows web traffic sources over the last 24 hours. Countries are colored to indicate the average IP reputation score of the IP addresses from each country. The table next to the map lists the IP addresses with their corresponding country and reputation score.

The below widgets show the number and trend of connection requests from anonymous sources over the last 7 days, and a list of the URLs most requested by anonymous sources over the last 7 days.

HTTP status codes

The stacked bar is a breakdown of the HTTP status codes over the last 30 days, showing the amount of each type each day.

HTTP status codes by user agent

It is easy to check status code statistics in a web server using Devo agreggation capabilites (for example, using the stacked bar above), but you may need some extra information, like checking which type of device is causing each status code. Devo offers this information by joining two queries and representing the results in a graph cross diagram.

In this widget, you can see the devices (and navigators versions) at the right side, the status codes in the left side, and the accessed URLs in the middle.

Use case

The objective of this use case is to check if our web site is correctly configured. The desired behavior is that any type of device and any version of navigator get the same results (status code) when accesing the different URLs of the web site. This situation is difficult to achieve, since deprecated versions of navigators sometimes cause different responses when accesing a web site.

Using this widget, we can detect anomalies and try to fix them.

Since the graph is representing 24 hours of data, the result of the join may be a huge list of nodes. In these cases, the diagram shows only the biggest nodes, and hides the smaller ones. However, you may need to see all the nodes in some cases. You can use filters to handle overflow and specify the required number of nodes in case you need more than the ones shown, as in the following example.

                  

The view is then updated automatically.

Use the zoom and filter by device, URL or status code to narrow your search and show only the required data. Go to Graph diagram to check all the possibilities that this type of chart offers.