The common on-prem ADC pattern keeps reporting outside the data path. The appliance carries traffic, ships metrics to a management platform via AppFlow / IPFIX / syslog, and that VM collects, visualizes and generates reports. The cost of this model is more than the software license: the management VM's capacity planning, backup strategy, patching cadence, security posture and day-to-day operation all belong to the total stack you bought.
For many organizations the second platform becomes wasted capital. Operators take the views they actually use directly from the ADC's operator console; periodic PDF reports are sent to a handful of stakeholders once a month. A multi-thousand-dollar annual management-platform license ends up paying for a few PDFs per month.
The second platform also introduces visibility lag. Data shipped from the data plane, batched on the management side and re-indexed for query takes time. An attack or latency spike from an hour ago shows up on the dashboard only after the management platform finishes processing its buffers.
Standard reports are usually not customizable. The management platform ships its templates; bespoke tables, custom breakdowns or organization-specific grouping requires development work or professional services. The operator cannot say "slice this traffic by this condition and show me those columns" without a project.
TR7 L7 Traffic Analytics & Reporting solves all three: no second platform, visibility lives on the appliance in real time, and breakdowns are extensible by the operator.
TR7 designs reporting as part of the data path — storage, visualization and delivery layers all live on the same appliance.
Common on-prem ADC products require a separate management VM to be licensed, deployed and operated for deep traffic analytics. TR7 runs reporting inside the same appliance that serves the traffic — no second platform to size, license or operate.
Operator-console live panels, on-demand PDF / XLSX / HTML reports, and cron-based scheduled deliveries all draw from the same data stream. Operators learn one model and apply it across every reporting surface.
Time-series data is down-sampled to eight different resolutions on the appliance: from sub-minute up to 1-hour, 6-hour and 1-day steps, retained for up to 10 years. Yearly trend charts, post-incident replays and capacity planning all run on top of this store.
In addition to the 30+ standard dimensions, operators define their own report sections: title, column set and condition. The resulting table is appended to the report. Organization-specific views like "4xx requests from selected countries by header X value" become first-class report content.
Traffic analytics with three output formats, more than thirty breakdown dimensions, and one-click access from the operator console.
The report visualizes vService traffic as a separate section for every axis: day-of-month, hour-of-day, country, city, continent, host, host header, path, 404 pages, static files, status code (and 1xx / 2xx / 3xx / 4xx / 5xx groups), method, HTTP version, content type (request + response), SSL parameters (request + response), referer, backend, cache source (resFrom), source IP, ASN, OS, browser, user agent, and listener IP:port. Each dimension produces two charts (hits + visitors) and a top-N table.
The same data source produces three formats. PDF: A4-sized, branded cover (custom logo + vService name + date range), one chart-plus-table per breakdown, SVG world heat map, frontend and backend chart sets. XLSX: one tab per section, configurable row cap. HTML: a fully interactive view opened directly from the operator console.
Frontend graphs: HTTP(S) request rate, frontend bandwidth (RX / TX), throughput, SSL connections, concurrent connections, new sessions. Backend graphs: backend response time, backend request rate, health-check result and time — organized into separate sections per backend group (default / frontend / conditional).
Traffic origin countries appear on a world map with a warm-to-cool color scale. Standard slide material for PCI DSS audit reports, regulator geographic-risk submissions and executive dashboards. The same visual is shared with the WAAP attack report.
Every PDF report opens with a branded cover: customer logo (configurable), vService name (bold), date range and TR7 footer. In service-provider scenarios a separate logo can be assigned per vService; the same engine produces reports for different customers with different covers.
Operators define their own sections: title, column set (with smart-content support including FX variables) and condition. The resulting table is appended to the report. Organization-specific views become first-class content rather than ad-hoc exports.
The ad-hoc report form accepts a date range in hours (h), days (d), weeks (w), months (M) and years (y). Default value is 15 hours; because retention reaches up to 10 years, multi-year trend reports come from the same interface.
Every vService can carry one primary report profile and any number of additional profiles. Each profile owns its dimension set, chart selection, row cap and recipient list. Example: monthly executive PDF summary, weekly detailed XLSX for operations, daily full HTML for audit — all for the same vService.
Report generation is designed alongside the storage architecture, demand handling, format conversion and cluster behavior.
Raw L7 logs are summarized once per hour; an aggregate file is produced automatically at the end of each hour. On-demand reports stitch together these pre-processed summaries, keeping report generation time bounded even over long ranges.
Numeric metrics are down-sampled to 5-second, 15-second, 1-minute, 5-minute, 15-minute, 1-hour, 6-hour and 1-day resolutions on the appliance. Short-range dashboards run at sub-minute granularity; yearly trends run at daily granularity. The report engine selects the appropriate resolution automatically based on the requested range.
PDF generation is headless-Chrome-based; EJS templates, Chart.js charts and SVG maps are inlined. XLSX is produced from HTML table structures into a multi-sheet workbook. In service-provider scenarios language preference can be set per report.
In a high-availability cluster the same scheduled report is generated and sent once, from the active node only. No duplicate delivery, no duplicate PDF generation; ad-hoc reports run against the data visible to the node the operator is connected to.
From the vService panel, a "Get report" form opens to choose format (HTML / XLSX / PDF), date range, dimension set, chart selection and optional email recipient. The same form can be saved as a profile so the next request needs no parameter re-entry.
This capability is designed for L7 HTTP / HTTPS traffic. For pure TCP / UDP or L3 / L4 packet-level statistics, TR7 provides live operator panels and on-device RRD dashboards; the PDF / XLSX reporting surface is L7-focused.
Banks, government agencies and conglomerates with mature reporting discipline can ship a covered, summarized PDF per vService to their board every month. Geographic distribution, traffic trend, error rate and backend health — all in a single document.
PCI DSS, GDPR or internal audit reviews need slices of a vService's historical traffic — by geography, by source IP, by status code. TR7 produces these slices as a single document, with retention reaching up to 10 years back.
SRE teams can review annual traffic growth, peak windows, content-type distribution and per-backend load balance retroactively. Multi-resolution retention means the same query answers both minute-level and year-level ranges.
Service providers define a separate vService per end customer and generate branded PDFs with the customer's own logo. The same engine produces reports for tens of customers in different languages and with different breakdown sets.
30+ breakdown dimensions, three formats, 10-year on-device history, MSP-ready branded covers. Let us walk you through a live demo on your own vService.