You can filter DNS query data using the filter menu.
- Click Add filter to select additional filter parameters.
For filters that accept input, once you have selected that filter, the input
field auto completes values as you begin to type:
- Time: Sets the data filter for the specified time
frame.
- You can specify whether you want date returned within the Last 10 minutes, Last 1 hour, Last 24 hours, Yesterday, Last 7 days, or a Custom time frame. By default, the DNS activity page returns all queries logged.
- When using Custom, select two dates on the calendar to
specify the time frame. You can also manually enter the date and
time in the Start and End fields. This can include
both the date and time, or only a date or only a time. If no
time is specified, results are returned from 00:00:00
(midnight).Note: If you are using keyboard navigation, you can use the Page Up and Page Down keys to navigate between months and years on the calendar.
- By default, DNS Insights tab is optimized to display data collected within the last 7 days. Changing the time frame doesn't modify this default period.
- Site: Sets the data filter for the specified site name.
- Source IP: Sets the data filter for the specified source IP address(es). Must be a valid IPv4 or IPv6 address, or list of IPv4 or IPv6 addresses.
- Query name: Sets the data filter for the specified query name.
- Query type: Sets the data filter for the specified query type.
- Response code: Sets the data filter for the specified response code (for example, NXDOMAIN, NOERROR, SERVFAIL).
- Response IP: Sets the data filter for the DNS events resolving to either of the specified IPv4 and/or IPv6 address(es). Must be valid IPv4 or IPv6 address(es).
- Policy: Sets the data filter for the specified policy name.
- Policy action: Sets the data filter for the specified policy action (Trust, Block, Monitor, Redirect, None).
- DNS resolver service: Sets the data filter for the specified DNS resolver service that the query passed through.
- GSLB rule: Sets the data filter for a specified
GSLB rule. When the filter is enabled, select one of the following GSLB
rule filter options:
- All queries: Sets the data filter to display all queries, regardless of GSLB rule.
- Queries matching any rule: Sets the data filter to display all queries that matched any GSLB rule.
- Queries matching specific rules: Sets the
data filter to display queries that matched against specified
GSLB rules. When selected, enter the GSLB rule names that
you would like to display matching queries for.Note: If a GSLB rule name has been updated multiple times, filtering by name may return results for all queries that mated the previous names associated with that rule. GSLB rule filtering is based on the GSLB rule ID which remains constant regardless of name changes.
- Threat Type: Sets the data filter for the specified threat type (DGA, Tunneling).
- Threat Indicator: Sets the data filter for the specified threat indicator (Entropy, Advanced DGA, Host Size, Suspect DNS, Suspect TLD, Uncommon Rec, Unique Char, Vol Tunnel).
- Protocol: Sets the data filter for the specified query protocol (TCP, UDP).
- Namespace: Sets the data filter for the specified namespace.
- Latency: Sets the data filter for the specified latency range for DNS queries. Select None (0 - 1 ms), Low, (1- 20 ms), Medium (20 - 100 ms), High (100 and above ms), or Custom (in milliseconds). If you select Custom, FROM must be less than or equal to TO.
- User ID: Sets the data filter for the specified User ID that initiated the DNS query. The User ID information is only returned when you enable the Add identity information to queries option on a site. For more information, refer to Creating a site.
You can edit filter parameters by selecting the name of the parameter or delete filter parameters by clicking the x icon next to the filter.
- Time: Sets the data filter for the specified time
frame.