Skip to main content
Sumo Logic

Install the Fastly App and view the Dashboards

The Fastly App  provides ready-made dashboards and queries that you can modify to suit your reporting needs.

Install the Sumo Logic App

Now that you have configured Fastly, install the Sumo Logic App for Fastly to take advantage of the preconfigured searches and dashboards to analyze your data. 

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app.

  2. To install the app, click Add to Library. The Add Fastly to Library popup appears.
    add-fastly.png

  3. Supply the following information.

    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Log data source for Request Logs. Enter the source category that you assigned to the HTTP Source for request logs when you performed the procedure in Collect Logs for Fastly.

    3. Log data source for Debug Logs. Enter the source category that you assigned to the HTTP Source for debug logs when you performed the procedure in Collect Logs for Fastly.

    4. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.

    5. Click Add to Library.

Dashboards

There are four dashboards for Fastly that you can configure to accommodate your individual reporting needs.

Fastly - CDN - Overview

The overview dashboard provides a high-level view of your Fastly traffic and identifies potential problems within the service.

Fastly Overview

  • Visitor Geolocations. Uses geolocation to display visitors by country using their IP addresses. 
  • Download Performance Hotspots - Avg Download Above 300ms by Country. Uses a geolocation operation to display performance download time hotspots on a map of the world by IP addresses, lets you see a count of hits per location over the last 60 minutes.
  • Visitor Countries. Displays the originating country of visitors to your site by IP address over the last three hours in a pie chart. Hover over a section of the pie chart to display more details.
  • Top 404-Causing URLs. Displays the top 25  URLs that have produced a 404 error in the last 60 minutes and counts the errors in a bar chart.
  • Top Server Error-Causing URLs. Lists the servers with error-causing URLs for the last 60 minutes.
  • Origin Download 90%-ile Latency (Microsecs). Line chart of the number of origin downloads with 90th percentile latency over the last 60 minutes.
  • Cache Hit Percentage Over Time. Line chart of the cache hit percentage over the last 60 minutes.

Fastly - CDN - Origin Performance

Focus in on Origin Host performance to check latencies, slow URLs and error-causing URLs.

Fastly Origin Performance

  • 90%-ile Latency (millisecs) by Origin Host. Displays the 90th percentile of the data center response time latency as a line chart on a timeline for the last hour, using timeslices of one minute.
  • Median Latency (millisecs) by Origin Host. Displays the median latency time as a line chart for the past hour.
  • Slowest URLs (millisecs) Lists the top 10 slowest URLs, including the path and the maximum latency metric for the last hour, in an aggregation table.
  • Origin Content Download Time (millisecs) Histogram. Displays download times for origin content for the number of requests and the response time in a column chart for the last hour.
  • Error Rate 4xx by Code. Displays the number of 4xx error events by code in a stacked column chart on a timeline using timeslices of 10 minutes for the past 24 hours.
  • Top 5xx Error-Causing URLs. Displays the URLs that have produced the most errors in the last 15 minutes and counts the errors in a bar chart.
  • Top 404-Causing URLs. Displays the top 25 URLs that have produced a 404 error in the last 15 minutes and counts the errors in a bar chart.
  • Error Rate 5xx. Shows the number of 5xx error events by code in a stacked column chart on a timeline using timeslices of 10 minutes for the past 24 hours.

Fastly - CDN - Quality of Service

See where quality of service is below minimum thresholds such as download times, cache performance, and data center performance.

Fastly Quality of Service Dashboard

  • Download Performance Hotspots - Avg Download Above 300ms.  Uses a geolocation operation to display performance download time hotspots on a map of the world by IP addresses, lets you see a count of hits per location for the last hour.
  • Cache Performance. The number of Hits, Passes, and Misses as a percentage over a period of time.
  • Cache Hit Percentage Over Time. Line graph of the percentage of cache hits over the last 60 minutes.
  • Overall Content Download Time (millisecs) Histogram. Bar chart of response time to requests over the last hour.
  • Cacheable Content Download Time (millisecs) Histogram. Shows download times for cached content for the number of requests and the response time in a column chart for the last hour.
  • Performance (millisecs) Stats by Country. Provides an aggregation table of performance statistics by IP address per country code for the last hour.
  • Performance (millisecs) Stats by Data Center. Provides an aggregation table of performance statistics by IP address per data center for the last hour.

Fastly - CDN - Visitors

See where you're getting the most traffic and from where.

Fastly Visitor Dashboard

  • Visitor Geolocations. See where your visitors originate with a map that provides the geolocation of visitor IP addresses.
  • Requests by Country. Percentage of requests by country to help you find the origin of traffic to Fastly.
  • Requests by DataCenter. Percentage of requests by datacenter, see the percentage of requests in a pie chart.
  • Requests by Content Type. Pie chart displaying the percentage of requests by content type.
  • TLS Usage. Binary view of the percentage of users connecting using TLS versus non-TLS to track use of the protocol.
  • HTTP2 Usage. Binary view of the percentage of users connecting using HTTP2 versus non-HTTP2 to track use of the protocol.
  • Requests by User Agent. Pie chart of the percentage of requests by user agent for the last 60 minutes.
  • Overall Request Volume. Shows the number of requests made in a column chart on a timeline using timeslices of five minutes over the last three hours.
  • Total Request Size Over Time. Line chart of request sizes for the last day.
  • Total Response Size over time. Line chart of response sizes for the last day.
  • Top 10 Referrers. Displays top ten referrer requests as a bar chart for the last hour.
  • Top Requests. Displays the top requests by path and count in a bar chart for the last hour.
  • Bot Traffic Over Time.  Displays bot traffic by volume for the last hour as a line chart.

Fastly - WAF - Overview

See the overview of Fastly WAF including the states, hits, and threat intel on warning and blocked events.

FastlyWAFOverview.png

  • WAF Analysis
    • WAF States. See the count of requests that triggered WAF. It shows if the request triggered a rule(s) but passed to origin (warn), was blocked (bad), went through WAF and triggered no rules (good), cause an error (failure) for the last 24 hour as a line chart.

    • Daily Hits. See the count of requests that triggered WAF in the last 7 days on a bar chart.

The following panels are grouped as blocking and warning (which triggered a rule but passed to origin) events.

  • Threat Intelligence - Warn Events
    • Top URLs (Warn). See the count of top URLs for warning events in the last 24 hours in a table.

    • Rule Count (Warn). See the details of rules for warning events including the WAF rule ID,  WAF message, count of distinct IPs, and total count, in the last 24 hours displayed in a table.

    • Top Messages (Warn). See the count and percentage of WAF messages for warning events in the last 24 hours on a pie chart.

  • Threat Intelligence - Blocked Events
    • Top URLs (Blocked). See the count and status of top URLs for blocked events in the last 24 hours in a table.

    • Rule Count (Blocked). See the details of rules for blocked events including the WAF rule ID,  WAF message, count of distinct IPs, and total count, in the last 24 hours displayed in a table.

    • Top Messages (Blocked). See the count and percentage of WAF messages for blocked events in the last 24 hours on a pie chart.

Fastly - WAF - Offenders

See the details on WAF offenders including the location, client IP addresses for warning and blocked events, and OWASP offenders in different attack categories and threshold exceptions.

WAF-Offenders.png

  • Geo Location of All Users. See the count and user location where WAF was executed in the last 24 hours on a world map.

  • Top Clients affected by Threats. See the top 10 client IP addresses by count that are affected by threats in the last 24 hours.

  • Client IP (Warn). See the count of IP addresses for warning events in the last 24 hours on a column chart.

  • Client IP (Blocked). See the count of IP addresses for blocked events in the last seven days on a column chart.

  • OWASP Top Offenders. The following panels show the top 10 client IP addresses that trigger WAF in block and monitor mode in different attack categories and the threshold exceptions.
    • Overall Threat Trends. See the trend in the overall threats in the last 24 hours on a stacked column chart.

    • Threshold Exceptions. See the top 10 IP addresses by count triggering the threshold exception rule in the last 24 hours displayed in a table.

    • HTTP. See the top 10 IP addresses by count triggering HTTP exception rule in the last 24 hours.

    • Session Fixation. See the top 10 IP addresses by count triggering the session fixation rule in the last 24 hours.

    • PHP Injection. See the top 10 IP addresses by count triggering the PHP injection rule in the last 24 hours.

    • SQL Injection. See the top 10 IP addresses by count triggering the SQL injection rule in the last 24 hours.

    • XSS. See the top 10 IP addresses by count triggering the XSS rule in the last 24 hours.

    • LFI-RCE-RFI. See the top 10 IP addresses by count triggering the local file inclusion, remote file inclusion, and remote code execution rules in the last 24 hours.

Fastly - WAF - OWASP

See the overall Open Web Application Security Project (OWASP) anomaly score quartiles and by rule category.

WAF-OWASP.png

  • OWASP Thresholds. The panels in this dashboard show the overall anomaly score quartiles and by rule category. They show the following statistics: minimum, 25th percentile, median, 75th percentile, maximum, and the average in the last hour, for each of the following:
    • OWASP Overall.

    • HTTP Violations.

    • Inbound HTTP.

    • LFI (Local File Inclusion)

    • RFI (Remote File Inclusion).

    • Command Injections.

    • PHP Injections.

    • XSS (Cross-site Scripting)

    • SQL Injections.

    • Session Fixations.