F5 WAF Reporting Question

Under Reporting>Application>Charts, we are pulling reports based of what Attack Types on our particular security policy (Attached). We are seeing some pretty high numbers in comparison to the Event logs. Question would be where does this pull from? I know we are blocking all these attack types in our security policy just seems like allowed traffic is being including with these numbers cause they seem so high or maybe I am just looking at it wrong.