ASM Reporting feature

Question

Hello, &nbsp;I am trying to generate some report using the Reporting feature available on ASM. However, I have strange results for example : Report for top 20 IP on a defined period (1st day to 1st day of the next month) I can see an IP with X hits When i search on this IP on events logs (with same period), i have more logs than what is generated in the report. &nbsp;Hits for an IP and no logs (illegal requests)&nbsp;I am on BigIP 14.1.2.X Have anyone already encounter this kind of behavior with the reporting capability of ASM ? Or are there any specification on the Reporting capabilities ? &nbsp;Best Regards.

andrew-f5 · Answer

ASM uses the AVR module to collect and report its statistical data. AVR aggregates logs by smaller segments - 1 day logs collected over 7 days get aggregated to a 1 week log, 1 week log over 4 weeks turns into 1 month aggregated, etc and it's this behavior that causes you to see a difference compared to the ASM request logs. The ASM requests logs do not aggregate.

Forum Discussion

ASM Reporting feature

1 Reply

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

F5 Threat Report - November 19th, 2025

F5 Threat Report - November 26th, 2025

F5 Threat Report - October 1st, 2025

CIS F5 Benchmark Reporter

Aswin MK - November 2025 Featured Member

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS