VergeCloud's Advanced Analytics gives you a detailed view of everything happening across your CDN. Instead of broad summaries, it breaks down traffic behavior, security events, and individual request activity into three focused sections: Data Transfer, Security, and Request Inspector.

This article covers what each section does and how to use it effectively.

Data Transfer

 

The Data Transfer section provides visibility into bandwidth usage across your CDN. It helps you understand how much data was served, where it was delivered, how effectively content was cached, and which resources are driving traffic.

You can filter data by date range, granularity, status, URL, host, country, referer, IP, cache status, device, operating system, and browser.   

Total Data Transfer and Cache Status 

The Total Data Transfer card shows the total volume of data served during the selected time period.

The Cache Status card breaks that traffic down by cache outcome, including HIT, MISS, REVALIDATED, BYPASS, EXPIRED, and UPDATING. The Egress Over Time graph complements these metrics by showing how traffic changed throughout the selected window, making it easy to identify spikes, drops, or unusual patterns.

Data Transfer Volume by Country

This chart shows the countries generating the highest volume of egress traffic. It provides a quick view of where your content is being consumed and can help identify unexpected traffic concentrations or regional traffic spikes.

Paths, Data Centers, Referers, and Hosts 

These views help you understand what is driving bandwidth consumption.

• Paths shows the URLs generating the most egress traffic.
• Data Centers highlights the edge locations serving the most traffic.
• Referers shows where requests are originating from.
• Hosts displays the domains responsible for the highest volume of egress.

Together, these reports help identify high-traffic content, heavily utilized edge locations, and key traffic sources.

Source User Agents, Edge Status Codes, Source IPs, and ASN Traffic

These tables provide additional insight into traffic behavior.

• Source User Agents helps identify crawlers, bots, or unusual clients.
• Edge Status Codes breaks down traffic by response status, making it easier to spot bandwidth consumed by error responses.
• Source IPs highlights individual clients generating significant traffic.
• ASN Traffic groups traffic by network provider, helping identify broader traffic patterns across organizations and ISPs.

These views are particularly useful when investigating unexpected bandwidth usage or validating traffic trends observed elsewhere in the dashboard.

The Security section provides visibility into security events detected across your domain, including Firewall, WAF, DDoS, and Rate Limiting activity.

You can filter data by date range, URL, host, country, IP, referer, device, browser, and other dimensions to focus on specific traffic patterns or incidents.

Security Threats

The Security Threats graph shows blocked, challenged, and suspicious requests over time, while the Block Enforcement Breakdown highlights which security mechanism (Firewall, WAF, or Rate Limiting) took action.

Recent Security Threat Events

This table lists the latest requests that triggered a security action. For each event, you can view details such as the source IP, requested URI, firewall action, matched rules, DDoS status, and rate limit action. Selecting View Detail opens the complete request information.

Top Threat Dimensions

This section helps identify the main sources of security activity by showing the top URIs, source IPs, and ASNs associated with blocked, challenged, or suspicious traffic.

Firewall

The Firewall section shows which firewall rules matched the most requests and how traffic was distributed across actions such as Allow, Bypass, Challenge, and Deny.

WAF

The WAF section provides a breakdown of WAF decisions and the most frequently triggered WAF rules, helping you understand the types of application-layer threats being detected.

DDoS & Rate Limiting

This section highlights requests affected by DDoS protection and rate limiting, making it easier to identify excessive traffic patterns and mitigation actions.

Top Source Countries (DDoS Mitigated)

This shows the countries generating the highest volume of DDoS-mitigated requests. This helps you quickly identify geographic sources of attack traffic and determine whether additional country-level controls or rate limiting rules may be required.

Request Inspector

 

The Request Inspector shows you raw CDN log rows for whatever time window and filters you have set. Think of it as a searchable, filterable view directly into what your edge is seeing. No log exports, no third party tools.

The filter bar at the top lets you narrow down requests quickly. You can combine any of these together:

• Date range — focus on a specific time window
• Method — filter by GET, POST, or any other HTTP method
• URI contains — match requests to a specific path or endpoint
• IP contains — pull up all requests coming from a particular IP address
• Country code — filter traffic by the country it originated from
• Status label contains — find requests that returned a specific response like 403 or 502
• Cache status — see which requests were served from the edge and which went back to origin
• Referer contains — trace requests coming in from a specific source or campaign

The table search bar lets you search across URI, request ID, IP, user agent, and referer all at once.

Each row in the Requests table shows the timestamp, method, URI, status code, status label, cache status, bytes sent, and IP. 

Where this actually helps:

• A user reports a broken page or unexpected error. Filter by URI and status label to see exactly what the edge returned and when.
• You pushed a new WAF or cache rule and want to confirm it is working. Watch the relevant path here in real time.
• You are chasing intermittent cache misses. The cache status column shows you on every row whether the edge served it or went back to origin.
• You suspect traffic from a specific region or IP. Filter by country code or IP contains and see the full request history for that source.
• You want to trace requests coming from a particular site or campaign. Use the Referer contains filter to isolate that traffic.

Using Advanced Analytics Effectively

The three sections work best when used together. A common workflow is to start with the Security section when something looks off, identify the time window and type of activity, and then switch to the Request Inspector to look at the specific requests involved. The Data Transfer section can then tell you whether that activity had any impact on bandwidth or cache performance.

For day to day monitoring, a quick look at the Security section can catch unusual spikes in blocked traffic before they become a bigger issue. The Data Transfer section helps you keep tabs on caching behavior over time. The Request Inspector is there when you need to go from a high level observation down to a specific request.

Summary

Advanced Analytics gives you three different lenses to look at your CDN traffic. Data Transfer shows bandwidth usage and cache performance. Security surfaces what your WAF, rate limiting, and bot protection rules are catching. Request Inspector lets you get into the actual log rows when you need to understand exactly what happened at the edge.

Used together, they cover most investigation and monitoring needs without leaving the dashboard.