diff --git a/internal/model/types.go b/internal/model/types.go
index 6005f85..102dc97 100644
--- a/internal/model/types.go
+++ b/internal/model/types.go
@@ -54,26 +54,28 @@ func (d Decision) PrimaryReason() string {
 }
 
 type Event struct {
-	ID              int64          `json:"id"`
-	SourceName      string         `json:"source_name"`
-	ProfileName     string         `json:"profile_name"`
-	OccurredAt      time.Time      `json:"occurred_at"`
-	RemoteIP        string         `json:"remote_ip"`
-	ClientIP        string         `json:"client_ip"`
-	Host            string         `json:"host"`
-	Method          string         `json:"method"`
-	URI             string         `json:"uri"`
-	Path            string         `json:"path"`
-	Status          int            `json:"status"`
-	UserAgent       string         `json:"user_agent"`
-	Decision        DecisionAction `json:"decision"`
-	DecisionReason  string         `json:"decision_reason"`
-	DecisionReasons []string       `json:"decision_reasons,omitempty"`
-	Enforced        bool           `json:"enforced"`
-	RawJSON         string         `json:"raw_json"`
-	CreatedAt       time.Time      `json:"created_at"`
-	CurrentState    IPStateStatus  `json:"current_state"`
-	ManualOverride  ManualOverride `json:"manual_override"`
+	ID              int64              `json:"id"`
+	SourceName      string             `json:"source_name"`
+	ProfileName     string             `json:"profile_name"`
+	OccurredAt      time.Time          `json:"occurred_at"`
+	RemoteIP        string             `json:"remote_ip"`
+	ClientIP        string             `json:"client_ip"`
+	Host            string             `json:"host"`
+	Method          string             `json:"method"`
+	URI             string             `json:"uri"`
+	Path            string             `json:"path"`
+	Status          int                `json:"status"`
+	UserAgent       string             `json:"user_agent"`
+	Decision        DecisionAction     `json:"decision"`
+	DecisionReason  string             `json:"decision_reason"`
+	DecisionReasons []string           `json:"decision_reasons,omitempty"`
+	Enforced        bool               `json:"enforced"`
+	RawJSON         string             `json:"raw_json"`
+	CreatedAt       time.Time          `json:"created_at"`
+	CurrentState    IPStateStatus      `json:"current_state"`
+	ManualOverride  ManualOverride     `json:"manual_override"`
+	Bot             *BotMatch          `json:"bot,omitempty"`
+	Actions         ActionAvailability `json:"actions"`
 }
 
 type IPState struct {
@@ -179,11 +181,11 @@ type RecentIPRow struct {
 }
 
 type TopIPRow struct {
-	IP           string     `json:"ip"`
-	Events       int64      `json:"events"`
-	TrafficBytes int64      `json:"traffic_bytes"`
-	LastSeenAt   time.Time  `json:"last_seen_at"`
-	Bot          *BotMatch  `json:"bot,omitempty"`
+	IP           string    `json:"ip"`
+	Events       int64     `json:"events"`
+	TrafficBytes int64     `json:"traffic_bytes"`
+	LastSeenAt   time.Time `json:"last_seen_at"`
+	Bot          *BotMatch `json:"bot,omitempty"`
 }
 
 type TopSourceRow struct {
@@ -201,11 +203,39 @@ type TopURLRow struct {
 	LastSeenAt   time.Time `json:"last_seen_at"`
 }
 
+type ActivitySourceCount struct {
+	SourceName string `json:"source_name"`
+	Events     int64  `json:"events"`
+}
+
+type ActivityBucket struct {
+	BucketStart time.Time             `json:"bucket_start"`
+	TotalEvents int64                 `json:"total_events"`
+	Sources     []ActivitySourceCount `json:"sources,omitempty"`
+}
+
+type MethodBreakdownRow struct {
+	Method string `json:"method"`
+	Events int64  `json:"events"`
+}
+
+type BotBreakdownRow struct {
+	Key    string `json:"key"`
+	Label  string `json:"label"`
+	Events int64  `json:"events"`
+}
+
 type OverviewOptions struct {
 	ShowKnownBots bool
 	ShowAllowed   bool
 }
 
+type EventListOptions struct {
+	ShowKnownBots bool
+	ShowAllowed   bool
+	ReviewOnly    bool
+}
+
 type SourceOffset struct {
 	SourceName string
 	Path       string
@@ -225,17 +255,20 @@ type IPDetails struct {
 }
 
 type Overview struct {
-	TotalEvents     int64          `json:"total_events"`
-	TotalIPs        int64          `json:"total_ips"`
-	BlockedIPs      int64          `json:"blocked_ips"`
-	ReviewIPs       int64          `json:"review_ips"`
-	AllowedIPs      int64          `json:"allowed_ips"`
-	ObservedIPs     int64          `json:"observed_ips"`
-	ActivitySince   time.Time      `json:"activity_since,omitempty"`
-	TopIPsByEvents  []TopIPRow     `json:"top_ips_by_events"`
-	TopIPsByTraffic []TopIPRow     `json:"top_ips_by_traffic"`
-	TopSources      []TopSourceRow `json:"top_sources"`
-	TopURLs         []TopURLRow    `json:"top_urls"`
-	RecentIPs       []IPState      `json:"recent_ips"`
-	RecentEvents    []Event        `json:"recent_events"`
+	TotalEvents     int64                `json:"total_events"`
+	TotalIPs        int64                `json:"total_ips"`
+	BlockedIPs      int64                `json:"blocked_ips"`
+	ReviewIPs       int64                `json:"review_ips"`
+	AllowedIPs      int64                `json:"allowed_ips"`
+	ObservedIPs     int64                `json:"observed_ips"`
+	ActivitySince   time.Time            `json:"activity_since,omitempty"`
+	ActivityBuckets []ActivityBucket     `json:"activity_buckets"`
+	Methods         []MethodBreakdownRow `json:"methods"`
+	Bots            []BotBreakdownRow    `json:"bots"`
+	TopIPsByEvents  []TopIPRow           `json:"top_ips_by_events"`
+	TopIPsByTraffic []TopIPRow           `json:"top_ips_by_traffic"`
+	TopSources      []TopSourceRow       `json:"top_sources"`
+	TopURLs         []TopURLRow          `json:"top_urls"`
+	RecentIPs       []IPState            `json:"recent_ips"`
+	RecentEvents    []Event              `json:"recent_events"`
 }
diff --git a/internal/service/service.go b/internal/service/service.go
index 4e3c814..0281878 100644
--- a/internal/service/service.go
+++ b/internal/service/service.go
@@ -102,8 +102,15 @@ func (s *Service) GetOverview(ctx context.Context, since time.Time, limit int, o
 	return overview, nil
 }
 
-func (s *Service) ListEvents(ctx context.Context, limit int) ([]model.Event, error) {
-	return s.store.ListRecentEvents(ctx, limit)
+func (s *Service) ListEvents(ctx context.Context, since time.Time, limit int, options model.EventListOptions) ([]model.Event, error) {
+	items, err := s.store.ListEvents(ctx, since, limit, options)
+	if err != nil {
+		return nil, err
+	}
+	if err := s.decorateEvents(ctx, items); err != nil {
+		return nil, err
+	}
+	return items, nil
 }
 
 func (s *Service) ListIPs(ctx context.Context, limit int, state string) ([]model.IPState, error) {
@@ -673,6 +680,47 @@ func recentRowIPs(items []model.RecentIPRow) []string {
 	return result
 }
 
+func eventIPs(items []model.Event) []string {
+	result := make([]string, 0, len(items))
+	for _, item := range items {
+		result = append(result, item.ClientIP)
+	}
+	return result
+}
+
+func (s *Service) decorateEvents(ctx context.Context, items []model.Event) error {
+	if len(items) == 0 {
+		return nil
+	}
+	investigations, err := s.store.GetInvestigationsForIPs(ctx, eventIPs(items))
+	if err != nil {
+		return err
+	}
+	actionsByIP := make(map[string]model.ActionAvailability, len(items))
+	for index := range items {
+		ip := items[index].ClientIP
+		if investigation, ok := investigations[ip]; ok {
+			items[index].Bot = investigation.Bot
+		} else {
+			s.enqueueInvestigation(ip)
+		}
+		if _, ok := actionsByIP[ip]; !ok {
+			state := model.IPState{
+				IP:             ip,
+				State:          items[index].CurrentState,
+				ManualOverride: items[index].ManualOverride,
+			}
+			if state.State == "" {
+				state.State = model.IPStateObserved
+			}
+			backend := s.resolveOPNsenseStatus(ctx, state)
+			actionsByIP[ip] = actionAvailability(state, backend)
+		}
+		items[index].Actions = actionsByIP[ip]
+	}
+	return nil
+}
+
 func (s *Service) decorateOverviewTopIPs(ctx context.Context, overview *model.Overview) error {
 	if overview == nil {
 		return nil
diff --git a/internal/store/store.go b/internal/store/store.go
index b8e2c01..3036ae6 100644
--- a/internal/store/store.go
+++ b/internal/store/store.go
@@ -225,19 +225,38 @@ func (s *Store) RecordEvent(ctx context.Context, event *model.Event) error {
 
 const responseBytesExpression = `CASE WHEN json_valid(e.raw_json) THEN CAST(COALESCE(json_extract(e.raw_json, '$.size'), 0) AS INTEGER) ELSE 0 END`
 
+func knownBotExistsClause(ipExpression string) string {
+	return `EXISTS (
+		SELECT 1
+		FROM ip_investigations i
+		WHERE i.ip = ` + ipExpression + `
+		  AND json_valid(i.payload_json)
+		  AND json_type(i.payload_json, '$.bot') IS NOT NULL
+		  AND COALESCE(json_extract(i.payload_json, '$.bot.verified'), 0) = 1
+	)`
+}
+
 func overviewFilterQueryParts(options model.OverviewOptions) (joins []string, clauses []string) {
 	if !options.ShowAllowed {
 		joins = append(joins, `LEFT JOIN ip_state s ON s.ip = e.client_ip`)
 		clauses = append(clauses, `COALESCE(s.state, '') <> '`+string(model.IPStateAllowed)+`'`)
 	}
 	if !options.ShowKnownBots {
-		clauses = append(clauses, `NOT EXISTS (
-			SELECT 1
-			FROM ip_investigations i
-			WHERE i.ip = e.client_ip
-			  AND json_valid(i.payload_json)
-			  AND json_type(i.payload_json, '$.bot') IS NOT NULL
-		)`)
+		clauses = append(clauses, `NOT `+knownBotExistsClause(`e.client_ip`))
+	}
+	return joins, clauses
+}
+
+func eventFilterQueryParts(options model.EventListOptions) (joins []string, clauses []string) {
+	joins = append(joins, `LEFT JOIN ip_state s ON s.ip = e.client_ip`)
+	if !options.ShowAllowed {
+		clauses = append(clauses, `COALESCE(s.state, '') <> '`+string(model.IPStateAllowed)+`'`)
+	}
+	if options.ReviewOnly {
+		clauses = append(clauses, `COALESCE(s.state, '') = '`+string(model.IPStateReview)+`'`)
+	}
+	if !options.ShowKnownBots {
+		clauses = append(clauses, `NOT `+knownBotExistsClause(`e.client_ip`))
 	}
 	return joins, clauses
 }
@@ -440,8 +459,23 @@ func (s *Store) GetOverview(ctx context.Context, since time.Time, limit int, opt
 	if err != nil {
 		return model.Overview{}, err
 	}
+	activityBuckets, err := s.listActivityBuckets(ctx, since, options)
+	if err != nil {
+		return model.Overview{}, err
+	}
+	methods, err := s.listMethodBreakdown(ctx, since, options)
+	if err != nil {
+		return model.Overview{}, err
+	}
+	bots, err := s.listBotBreakdown(ctx, since, options)
+	if err != nil {
+		return model.Overview{}, err
+	}
 	overview.RecentIPs = recentIPs
 	overview.RecentEvents = recentEvents
+	overview.ActivityBuckets = activityBuckets
+	overview.Methods = methods
+	overview.Bots = bots
 	overview.TopIPsByEvents = topIPsByEvents
 	overview.TopIPsByTraffic = topIPsByTraffic
 	overview.TopSources = topSources
@@ -610,6 +644,200 @@ func (s *Store) listTopURLRows(ctx context.Context, since time.Time, limit int,
 	return items, nil
 }
 
+func (s *Store) listActivityBuckets(ctx context.Context, since time.Time, options model.OverviewOptions) ([]model.ActivityBucket, error) {
+	if since.IsZero() {
+		return nil, nil
+	}
+	joins, clauses := overviewFilterQueryParts(options)
+	query := `
+		SELECT (CAST(strftime('%s', e.occurred_at) AS INTEGER) / 600) * 600 AS bucket_unix,
+		       e.source_name,
+		       COUNT(*) AS event_count
+		FROM events e`
+	if len(joins) > 0 {
+		query += ` ` + strings.Join(joins, ` `)
+	}
+	args := []any{formatTime(since)}
+	clauses = append([]string{`e.occurred_at >= ?`}, clauses...)
+	if len(clauses) > 0 {
+		query += ` WHERE ` + strings.Join(clauses, ` AND `)
+	}
+	query += ` GROUP BY bucket_unix, e.source_name ORDER BY bucket_unix ASC, event_count DESC, e.source_name ASC`
+
+	rows, err := s.db.QueryContext(ctx, query, args...)
+	if err != nil {
+		return nil, fmt.Errorf("list activity buckets: %w", err)
+	}
+	defer rows.Close()
+
+	type bucketKey int64
+	bucketMap := map[bucketKey]*model.ActivityBucket{}
+	for rows.Next() {
+		var bucketUnix int64
+		var sourceName string
+		var events int64
+		if err := rows.Scan(&bucketUnix, &sourceName, &events); err != nil {
+			return nil, fmt.Errorf("scan activity bucket: %w", err)
+		}
+		key := bucketKey(bucketUnix)
+		bucket, ok := bucketMap[key]
+		if !ok {
+			bucket = &model.ActivityBucket{BucketStart: time.Unix(bucketUnix, 0).UTC()}
+			bucketMap[key] = bucket
+		}
+		bucket.TotalEvents += events
+		bucket.Sources = append(bucket.Sources, model.ActivitySourceCount{SourceName: sourceName, Events: events})
+	}
+	if err := rows.Err(); err != nil {
+		return nil, fmt.Errorf("iterate activity buckets: %w", err)
+	}
+
+	start := since.UTC().Truncate(10 * time.Minute)
+	end := time.Now().UTC().Truncate(10 * time.Minute)
+	buckets := make([]model.ActivityBucket, 0, int(end.Sub(start)/(10*time.Minute))+1)
+	for current := start; !current.After(end); current = current.Add(10 * time.Minute) {
+		bucket, ok := bucketMap[bucketKey(current.Unix())]
+		if !ok {
+			buckets = append(buckets, model.ActivityBucket{BucketStart: current})
+			continue
+		}
+		sort.Slice(bucket.Sources, func(left int, right int) bool {
+			if bucket.Sources[left].Events != bucket.Sources[right].Events {
+				return bucket.Sources[left].Events > bucket.Sources[right].Events
+			}
+			return bucket.Sources[left].SourceName < bucket.Sources[right].SourceName
+		})
+		buckets = append(buckets, *bucket)
+	}
+	return buckets, nil
+}
+
+func (s *Store) listMethodBreakdown(ctx context.Context, since time.Time, options model.OverviewOptions) ([]model.MethodBreakdownRow, error) {
+	joins, clauses := overviewFilterQueryParts(options)
+	query := `
+		SELECT COALESCE(NULLIF(UPPER(TRIM(e.method)), ''), 'OTHER') AS method,
+		       COUNT(*) AS event_count
+		FROM events e`
+	if len(joins) > 0 {
+		query += ` ` + strings.Join(joins, ` `)
+	}
+	args := make([]any, 0, 2)
+	if !since.IsZero() {
+		clauses = append([]string{`e.occurred_at >= ?`}, clauses...)
+		args = append(args, formatTime(since))
+	}
+	if len(clauses) > 0 {
+		query += ` WHERE ` + strings.Join(clauses, ` AND `)
+	}
+	query += ` GROUP BY method ORDER BY event_count DESC, method ASC`
+
+	rows, err := s.db.QueryContext(ctx, query, args...)
+	if err != nil {
+		return nil, fmt.Errorf("list method breakdown: %w", err)
+	}
+	defer rows.Close()
+
+	items := make([]model.MethodBreakdownRow, 0, 8)
+	for rows.Next() {
+		var item model.MethodBreakdownRow
+		if err := rows.Scan(&item.Method, &item.Events); err != nil {
+			return nil, fmt.Errorf("scan method breakdown row: %w", err)
+		}
+		items = append(items, item)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, fmt.Errorf("iterate method breakdown rows: %w", err)
+	}
+	return items, nil
+}
+
+func (s *Store) listBotBreakdown(ctx context.Context, since time.Time, options model.OverviewOptions) ([]model.BotBreakdownRow, error) {
+	joins, clauses := overviewFilterQueryParts(options)
+	joins = append(joins, `LEFT JOIN ip_investigations i ON i.ip = e.client_ip`)
+	query := `
+		SELECT
+		  COALESCE(SUM(CASE WHEN json_valid(i.payload_json)
+		                       AND json_type(i.payload_json, '$.bot') IS NOT NULL
+		                       AND COALESCE(json_extract(i.payload_json, '$.bot.verified'), 0) = 1
+		                  THEN 1 ELSE 0 END), 0) AS known_bots,
+		  COALESCE(SUM(CASE WHEN json_valid(i.payload_json)
+		                       AND json_type(i.payload_json, '$.bot') IS NOT NULL
+		                       AND COALESCE(json_extract(i.payload_json, '$.bot.verified'), 0) <> 1
+		                  THEN 1 ELSE 0 END), 0) AS possible_bots,
+		  COALESCE(SUM(CASE WHEN NOT json_valid(i.payload_json)
+		                       OR json_type(i.payload_json, '$.bot') IS NULL
+		                  THEN 1 ELSE 0 END), 0) AS other_traffic
+		FROM events e`
+	if len(joins) > 0 {
+		query += ` ` + strings.Join(joins, ` `)
+	}
+	args := make([]any, 0, 2)
+	if !since.IsZero() {
+		clauses = append([]string{`e.occurred_at >= ?`}, clauses...)
+		args = append(args, formatTime(since))
+	}
+	if len(clauses) > 0 {
+		query += ` WHERE ` + strings.Join(clauses, ` AND `)
+	}
+
+	var knownBots int64
+	var possibleBots int64
+	var otherTraffic int64
+	if err := s.db.QueryRowContext(ctx, query, args...).Scan(&knownBots, &possibleBots, &otherTraffic); err != nil {
+		return nil, fmt.Errorf("list bot breakdown: %w", err)
+	}
+	return []model.BotBreakdownRow{
+		{Key: "known", Label: "Known bots", Events: knownBots},
+		{Key: "possible", Label: "Possible bots", Events: possibleBots},
+		{Key: "other", Label: "Other traffic", Events: otherTraffic},
+	}, nil
+}
+
+func (s *Store) ListEvents(ctx context.Context, since time.Time, limit int, options model.EventListOptions) ([]model.Event, error) {
+	if limit <= 0 {
+		limit = 100
+	}
+	joins, clauses := eventFilterQueryParts(options)
+	query := `
+		SELECT e.id, e.source_name, e.profile_name, e.occurred_at, e.remote_ip, e.client_ip, e.host,
+		       e.method, e.uri, e.path, e.status, e.user_agent, e.decision, e.decision_reason,
+		       e.decision_reasons_json, e.enforced, e.raw_json, e.created_at,
+		       COALESCE(s.state, ''), COALESCE(s.manual_override, '')
+		FROM events e`
+	if len(joins) > 0 {
+		query += ` ` + strings.Join(joins, ` `)
+	}
+	args := make([]any, 0, 2)
+	if !since.IsZero() {
+		clauses = append([]string{`e.occurred_at >= ?`}, clauses...)
+		args = append(args, formatTime(since))
+	}
+	if len(clauses) > 0 {
+		query += ` WHERE ` + strings.Join(clauses, ` AND `)
+	}
+	query += ` ORDER BY e.occurred_at DESC, e.id DESC LIMIT ?`
+	args = append(args, limit)
+
+	rows, err := s.db.QueryContext(ctx, query, args...)
+	if err != nil {
+		return nil, fmt.Errorf("list events: %w", err)
+	}
+	defer rows.Close()
+
+	items := make([]model.Event, 0, limit)
+	for rows.Next() {
+		item, err := scanEvent(rows)
+		if err != nil {
+			return nil, err
+		}
+		items = append(items, item)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, fmt.Errorf("iterate events: %w", err)
+	}
+	return items, nil
+}
+
 func (s *Store) ListRecentEvents(ctx context.Context, limit int) ([]model.Event, error) {
 	if limit <= 0 {
 		limit = 50
diff --git a/internal/web/handler.go b/internal/web/handler.go
index b9bc8bf..88c5a25 100644
--- a/internal/web/handler.go
+++ b/internal/web/handler.go
@@ -18,7 +18,7 @@ import (
 
 type App interface {
 	GetOverview(ctx context.Context, since time.Time, limit int, options model.OverviewOptions) (model.Overview, error)
-	ListEvents(ctx context.Context, limit int) ([]model.Event, error)
+	ListEvents(ctx context.Context, since time.Time, limit int, options model.EventListOptions) ([]model.Event, error)
 	ListIPs(ctx context.Context, limit int, state string) ([]model.IPState, error)
 	ListRecentIPs(ctx context.Context, since time.Time, limit int) ([]model.RecentIPRow, error)
 	GetIPDetails(ctx context.Context, ip string) (model.IPDetails, error)
@@ -31,6 +31,7 @@ type App interface {
 type handler struct {
 	app           App
 	overviewPage  *template.Template
+	queryLogPage  *template.Template
 	ipDetailsPage *template.Template
 }
 
@@ -48,11 +49,13 @@ func NewHandler(app App) http.Handler {
 	h := &handler{
 		app:           app,
 		overviewPage:  template.Must(template.New("overview").Parse(overviewHTML)),
+		queryLogPage:  template.Must(template.New("query-log").Parse(queryLogHTML)),
 		ipDetailsPage: template.Must(template.New("ip-details").Parse(ipDetailsHTML)),
 	}
 
 	mux := http.NewServeMux()
 	mux.HandleFunc("/", h.handleOverviewPage)
+	mux.HandleFunc("/queries", h.handleQueryLogPage)
 	mux.HandleFunc("/healthz", h.handleHealth)
 	mux.HandleFunc("/ips/", h.handleIPPage)
 	mux.HandleFunc("/api/overview", h.handleAPIOverview)
@@ -75,6 +78,18 @@ func (h *handler) handleOverviewPage(w http.ResponseWriter, r *http.Request) {
 	renderTemplate(w, h.overviewPage, pageData{Title: "Caddy OPNsense Blocker"})
 }
 
+func (h *handler) handleQueryLogPage(w http.ResponseWriter, r *http.Request) {
+	if r.URL.Path != "/queries" {
+		http.NotFound(w, r)
+		return
+	}
+	if r.Method != http.MethodGet {
+		methodNotAllowed(w)
+		return
+	}
+	renderTemplate(w, h.queryLogPage, pageData{Title: "Query Log"})
+}
+
 func (h *handler) handleIPPage(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodGet {
 		methodNotAllowed(w)
@@ -125,7 +140,17 @@ func (h *handler) handleAPIEvents(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	limit := queryLimit(r, 100)
-	events, err := h.app.ListEvents(r.Context(), limit)
+	hours := queryInt(r, "hours", 24)
+	if hours <= 0 {
+		hours = 24
+	}
+	since := time.Now().UTC().Add(-time.Duration(hours) * time.Hour)
+	options := model.EventListOptions{
+		ShowKnownBots: queryBool(r, "show_known_bots", true),
+		ShowAllowed:   queryBool(r, "show_allowed", true),
+		ReviewOnly:    queryBool(r, "review_only", false),
+	}
+	events, err := h.app.ListEvents(r.Context(), since, limit, options)
 	if err != nil {
 		writeError(w, http.StatusInternalServerError, err)
 		return
@@ -359,55 +384,65 @@ const overviewHTML = `<!doctype html>
   <title>{{ .Title }}</title>
   <style>
     :root { color-scheme: dark; }
-    body { font-family: system-ui, sans-serif; margin: 0; background: #0f172a; color: #e2e8f0; }
-    header { padding: 1rem 1.5rem; border-bottom: 1px solid #334155; background: #0f172a; }
+    body { font-family: system-ui, sans-serif; margin: 0; background: linear-gradient(180deg, #0f172a 0%, #020617 100%); color: #e2e8f0; }
+    header { padding: 1rem 1.5rem; border-bottom: 1px solid #334155; background: rgba(2, 6, 23, .92); }
+    .header-row { display: flex; justify-content: space-between; align-items: center; gap: 1rem; flex-wrap: wrap; }
+    .nav { display: inline-flex; gap: .5rem; flex-wrap: wrap; }
+    .nav-link { padding: .45rem .75rem; border-radius: 999px; border: 1px solid #334155; background: #111827; color: #cbd5e1; text-decoration: none; }
+    .nav-link.active { background: linear-gradient(135deg, #2563eb, #0f766e); color: white; border-color: transparent; }
     main { padding: 1.5rem; display: grid; gap: 1.25rem; }
-    h1, h2 { margin: 0 0 .75rem 0; }
-    table { width: 100%; border-collapse: collapse; }
-    th, td { padding: .55rem .65rem; border-bottom: 1px solid #1e293b; text-align: left; vertical-align: top; }
-    th { color: #93c5fd; white-space: nowrap; }
+    h1, h2 { margin: 0; }
     a { color: #93c5fd; text-decoration: none; }
     a:hover { text-decoration: underline; }
-    .stats { display: grid; grid-template-columns: repeat(auto-fit, minmax(140px, 1fr)); gap: .75rem; }
-    .card { background: #111827; border: 1px solid #334155; border-radius: .75rem; padding: .9rem; }
-    .stat-value { font-size: 1.7rem; font-weight: 700; }
-    .status { display: inline-block; padding: .15rem .45rem; border-radius: 999px; font-size: .8rem; background: #1e293b; }
-    .status.blocked { background: #7f1d1d; }
-    .status.review { background: #78350f; }
-    .status.allowed { background: #14532d; }
-    .status.observed { background: #1e293b; }
     .muted { color: #94a3b8; }
-    .mono { font-family: ui-monospace, monospace; }
-    .panel { background: #111827; border: 1px solid #334155; border-radius: .75rem; padding: 1rem; overflow: auto; -webkit-overflow-scrolling: touch; }
+    .mono { font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace; }
+    .stats { display: grid; grid-template-columns: repeat(auto-fit, minmax(150px, 1fr)); gap: .75rem; }
+    .card { background: #111827; border: 1px solid #334155; border-radius: .85rem; padding: .95rem; position: relative; overflow: hidden; }
+    .card::before { content: ''; position: absolute; inset: 0 auto 0 0; width: .3rem; background: #334155; }
+    .card.total::before { background: #38bdf8; }
+    .card.tracked::before { background: #60a5fa; }
+    .card.blocked::before { background: #ef4444; }
+    .card.review::before { background: #f59e0b; }
+    .card.allowed::before { background: #22c55e; }
+    .card.observed::before { background: #a78bfa; }
+    .stat-value { font-size: 1.8rem; font-weight: 800; margin-top: .2rem; }
+    .panel, .leader-card { background: #111827; border: 1px solid #334155; border-radius: .85rem; padding: 1rem; overflow: hidden; }
     .controls { display: flex; justify-content: space-between; align-items: center; gap: 1rem; flex-wrap: wrap; }
     .controls-group { display: flex; align-items: center; gap: 1rem; flex-wrap: wrap; }
-    .leaders { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 1rem; }
-    .leader-card { background: #111827; border: 1px solid #334155; border-radius: .75rem; padding: 1rem; min-height: 15rem; }
-    .leader-card h2 { margin-bottom: .35rem; font-size: 1rem; }
-    .leader-list { list-style: none; margin: .75rem 0 0 0; padding: 0; display: grid; gap: .65rem; }
-    .leader-item { display: grid; gap: .2rem; padding: .55rem .65rem; border-radius: .6rem; }
-    .leader-item:nth-child(odd) { background: #0f172a; }
-    .leader-item:nth-child(even) { background: #111c31; }
-    .leader-main { display: flex; align-items: center; justify-content: space-between; gap: .75rem; min-width: 0; }
-    .leader-main .mono { overflow: hidden; text-overflow: ellipsis; }
-    .leader-value { font-weight: 600; white-space: nowrap; }
-    .leader-placeholder { color: #64748b; }
-    @media (max-width: 1100px) { .leaders { grid-template-columns: 1fr; } }
-    .toolbar { display: flex; justify-content: space-between; align-items: baseline; gap: 1rem; margin-bottom: .75rem; }
-    .toolbar .meta { font-size: .95rem; color: #94a3b8; }
-    .toolbar-right { display: flex; align-items: center; gap: 1rem; flex-wrap: wrap; justify-content: flex-end; }
     .toggle { display: inline-flex; align-items: center; gap: .45rem; font-size: .95rem; color: #cbd5e1; }
     .toggle input { margin: 0; }
-    .sort-button { appearance: none; background: transparent; border: 0; color: inherit; cursor: pointer; font: inherit; padding: 0; }
-    .sort-button[data-active="true"] { color: #dbeafe; }
-    .actions { display: flex; gap: .35rem; flex-wrap: wrap; }
-    .action-link, button { display: inline-flex; align-items: center; justify-content: center; gap: .35rem; border-radius: .45rem; padding: .3rem .6rem; font-size: .9rem; }
-    .action-link { background: #1e293b; color: #e2e8f0; text-decoration: none; }
-    button { background: #2563eb; color: white; border: 0; cursor: pointer; }
-    button.secondary { background: #475569; }
-    button.danger { background: #dc2626; }
-    .ip-cell { display: flex; align-items: center; gap: .45rem; }
-    .bot-chip { display: inline-flex; align-items: center; justify-content: center; width: 1.25rem; height: 1.25rem; border-radius: 999px; border: 1px solid #334155; background: #0f172a; color: #e2e8f0; font-size: .72rem; font-weight: 700; cursor: help; }
+    .dashboard-grid { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 1rem; }
+    .chart-wide { grid-column: 1 / -1; }
+    .panel-head { display: flex; justify-content: space-between; align-items: flex-start; gap: 1rem; margin-bottom: .9rem; flex-wrap: wrap; }
+    .legend { display: flex; flex-wrap: wrap; gap: .5rem; }
+    .legend-chip { display: inline-flex; align-items: center; gap: .4rem; padding: .25rem .55rem; border: 1px solid #334155; border-radius: 999px; background: #0b1220; font-size: .82rem; color: #cbd5e1; }
+    .legend-dot { width: .7rem; height: .7rem; border-radius: 999px; display: inline-block; }
+    .chart-placeholder { min-height: 15rem; display: flex; align-items: center; justify-content: center; color: #64748b; background: linear-gradient(180deg, rgba(15, 23, 42, .85), rgba(2, 6, 23, .6)); border: 1px dashed #334155; border-radius: .75rem; }
+    .activity-shell svg { width: 100%; height: auto; display: block; }
+    .activity-axis { fill: #64748b; font-size: 12px; }
+    .activity-gridline { stroke: #1e293b; stroke-width: 1; }
+    .donut-shell { min-height: 15rem; display: flex; align-items: center; justify-content: center; }
+    .donut-grid { display: grid; grid-template-columns: minmax(160px, 220px) 1fr; gap: 1rem; align-items: center; width: 100%; }
+    .donut { width: min(100%, 220px); aspect-ratio: 1; border-radius: 999px; position: relative; margin: 0 auto; }
+    .donut-hole { position: absolute; inset: 22%; border-radius: 999px; background: #0b1220; display: flex; flex-direction: column; align-items: center; justify-content: center; text-align: center; box-shadow: inset 0 0 0 1px #334155; }
+    .donut-hole strong { font-size: 1.6rem; }
+    .donut-hole span { font-size: .8rem; color: #94a3b8; }
+    .legend-list { list-style: none; margin: 0; padding: 0; display: grid; gap: .45rem; }
+    .legend-list li { display: flex; align-items: center; justify-content: space-between; gap: .75rem; padding: .45rem .55rem; border-radius: .65rem; background: #0b1220; }
+    .legend-label { display: inline-flex; align-items: center; gap: .5rem; min-width: 0; }
+    .legend-label span:last-child { overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
+    .legend-value { white-space: nowrap; font-weight: 700; }
+    .leaders { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 1rem; }
+    .leader-card h2 { margin-bottom: .35rem; font-size: 1rem; }
+    .leader-list { list-style: none; margin: .9rem 0 0 0; padding: 0; display: grid; gap: .35rem; }
+    .leader-item { padding: .6rem .65rem; border-radius: .65rem; background: #0b1220; border: 1px solid #1e293b; }
+    .leader-item:nth-child(even) { background: #111a2c; }
+    .leader-main { display: flex; align-items: center; justify-content: space-between; gap: .75rem; }
+    .leader-main .mono { overflow: hidden; text-overflow: ellipsis; }
+    .leader-value { font-weight: 700; white-space: nowrap; }
+    .leader-placeholder { color: #64748b; }
+    .ip-cell { display: flex; align-items: center; gap: .45rem; min-width: 0; }
+    .bot-chip { display: inline-flex; align-items: center; justify-content: center; width: 1.25rem; height: 1.25rem; border-radius: 999px; border: 1px solid #334155; background: #0f172a; color: #e2e8f0; font-size: .72rem; font-weight: 700; cursor: help; flex: 0 0 auto; }
     .bot-chip.verified { border-color: #2563eb; }
     .bot-chip.hint { border-style: dashed; }
     .bot-chip.google { background: #2563eb; color: white; }
@@ -422,41 +457,79 @@ const overviewHTML = `<!doctype html>
     .bot-chip.yandex { background: #dc2626; color: white; }
     .bot-chip.baidu { background: #7c3aed; color: white; }
     .bot-chip.bytespider { background: #111827; color: white; }
+    @media (max-width: 1100px) {
+      .dashboard-grid, .leaders { grid-template-columns: 1fr; }
+      .donut-grid { grid-template-columns: 1fr; }
+    }
     @media (max-width: 720px) {
       header { padding: .9rem 1rem; }
       main { padding: 1rem; gap: 1rem; }
       .panel, .leader-card, .card { padding: .85rem; }
       .stats { grid-template-columns: repeat(2, minmax(0, 1fr)); }
       .controls { align-items: flex-start; }
-      .controls-group, .toolbar-right { width: 100%; justify-content: flex-start; }
-      .toolbar { flex-direction: column; align-items: flex-start; }
-      table { min-width: 720px; }
-      .leader-card { min-height: 0; }
-      .leader-item { padding: .5rem .55rem; }
-      .action-link, button { min-height: 2.2rem; }
+      .controls-group { width: 100%; justify-content: flex-start; }
+      .chart-placeholder, .donut-shell { min-height: 13rem; }
     }
   </style>
 </head>
 <body>
   <header>
-    <h1>{{ .Title }}</h1>
-    <div class="muted">Local-only review and enforcement console</div>
+    <div class="header-row">
+      <div>
+        <h1>{{ .Title }}</h1>
+        <div class="muted">Local-only review and enforcement console</div>
+      </div>
+      <nav class="nav">
+        <a class="nav-link active" href="/">Dashboard</a>
+        <a class="nav-link" href="/queries">Query Log</a>
+      </nav>
+    </div>
   </header>
   <main>
     <section class="stats" id="stats">
-      <div class="card"><div class="muted">Total events</div><div class="stat-value">—</div></div>
-      <div class="card"><div class="muted">Tracked IPs</div><div class="stat-value">—</div></div>
-      <div class="card"><div class="muted">Blocked</div><div class="stat-value">—</div></div>
-      <div class="card"><div class="muted">Review</div><div class="stat-value">—</div></div>
-      <div class="card"><div class="muted">Allowed</div><div class="stat-value">—</div></div>
-      <div class="card"><div class="muted">Observed</div><div class="stat-value">—</div></div>
+      <div class="card total"><div class="muted">Total events</div><div class="stat-value">—</div></div>
+      <div class="card tracked"><div class="muted">Tracked IPs</div><div class="stat-value">—</div></div>
+      <div class="card blocked"><div class="muted">Blocked</div><div class="stat-value">—</div></div>
+      <div class="card review"><div class="muted">Review</div><div class="stat-value">—</div></div>
+      <div class="card allowed"><div class="muted">Allowed</div><div class="stat-value">—</div></div>
+      <div class="card observed"><div class="muted">Observed</div><div class="stat-value">—</div></div>
     </section>
     <section class="panel controls">
       <div class="controls-group">
         <label class="toggle"><input id="show-bots-toggle" type="checkbox" checked onchange="toggleKnownBots()">Show known bots</label>
         <label class="toggle"><input id="show-allowed-toggle" type="checkbox" checked onchange="toggleAllowed()">Show allowed</label>
       </div>
-      <div class="muted">These two filters affect both the leaderboards and the Recent IPs list.</div>
+      <div class="muted">These filters affect all dashboard charts and top lists.</div>
+    </section>
+    <section class="dashboard-grid">
+      <section class="panel chart-card chart-wide">
+        <div class="panel-head">
+          <div>
+            <h2>Activity</h2>
+            <div class="muted">Requests per 10-minute bucket</div>
+          </div>
+          <div class="legend" id="activity-legend"></div>
+        </div>
+        <div id="activity-chart" class="chart-placeholder">Loading activity…</div>
+      </section>
+      <section class="panel chart-card">
+        <div class="panel-head">
+          <div>
+            <h2>Methods</h2>
+            <div class="muted">Last 24 hours</div>
+          </div>
+        </div>
+        <div id="methods-chart" class="donut-shell chart-placeholder">Loading methods…</div>
+      </section>
+      <section class="panel chart-card">
+        <div class="panel-head">
+          <div>
+            <h2>Bots</h2>
+            <div class="muted">Last 24 hours</div>
+          </div>
+        </div>
+        <div id="bots-chart" class="donut-shell chart-placeholder">Loading bot distribution…</div>
+      </section>
     </section>
     <section class="leaders" id="leaderboards">
       <section class="leader-card">
@@ -496,69 +569,33 @@ const overviewHTML = `<!doctype html>
         </ol>
       </section>
     </section>
-    <section class="panel">
-      <div class="toolbar">
-        <h2>Recent IPs</h2>
-        <div class="toolbar-right">
-          <label class="toggle"><input id="show-review-toggle" type="checkbox" onchange="toggleReviewOnly()">Review only</label>
-          <div class="meta">Last 24 hours · click a column to sort</div>
-        </div>
-      </div>
-      <table>
-        <thead>
-          <tr>
-            <th><button class="sort-button" data-sort="ip" onclick="setSort('ip')">IP</button></th>
-            <th><button class="sort-button" data-sort="source" onclick="setSort('source')">Source</button></th>
-            <th><button class="sort-button" data-sort="state" onclick="setSort('state')">State</button></th>
-            <th><button class="sort-button" data-sort="events" onclick="setSort('events')">Events</button></th>
-            <th><button class="sort-button" data-sort="last_seen" onclick="setSort('last_seen')">Last seen</button></th>
-            <th><button class="sort-button" data-sort="reason" onclick="setSort('reason')">Reason</button></th>
-            <th>Actions</th>
-          </tr>
-        </thead>
-        <tbody id="ips-body"><tr><td colspan="7" class="muted">Loading recent IPs…</td></tr></tbody>
-      </table>
-    </section>
   </main>
   <script>
     const recentHours = 24;
-    const storageKeys = {
-      showKnownBots: 'caddy-opnsense-blocker.overview.showKnownBots',
-      showAllowed: 'caddy-opnsense-blocker.overview.showAllowed',
-      showReviewOnly: 'caddy-opnsense-blocker.overview.showReviewOnly',
-      sortKey: 'caddy-opnsense-blocker.overview.sortKey',
-      sortDirection: 'caddy-opnsense-blocker.overview.sortDirection',
-    };
-    const sortLabels = {
-      ip: 'IP',
-      source: 'Source',
-      state: 'State',
-      events: 'Events',
-      last_seen: 'Last seen',
-      reason: 'Reason',
-    };
-    const stateOrder = { blocked: 0, review: 1, observed: 2, allowed: 3 };
-    let currentItems = null;
-    let currentSort = loadSortPreference();
-    let showKnownBots = loadShowKnownBotsPreference();
-    let showAllowed = loadShowAllowedPreference();
-    let showReviewOnly = loadShowReviewOnlyPreference();
+    const sourcePalette = ['#38bdf8', '#22c55e', '#f59e0b', '#a78bfa', '#f97316', '#14b8a6', '#ec4899', '#60a5fa', '#84cc16', '#ef4444'];
+    let showKnownBots = loadBooleanPreference('cob.dashboard.showKnownBots', true);
+    let showAllowed = loadBooleanPreference('cob.dashboard.showAllowed', true);
 
-    function renderStats(data) {
-      const stats = [
-        ['Total events', data.total_events],
-        ['Tracked IPs', data.total_ips],
-        ['Blocked', data.blocked_ips],
-        ['Review', data.review_ips],
-        ['Allowed', data.allowed_ips],
-        ['Observed', data.observed_ips],
-      ];
-      document.getElementById('stats').innerHTML = stats.map(([label, value]) => [
-        '<div class="card">',
-        '  <div class="muted">' + escapeHtml(label) + '</div>',
-        '  <div class="stat-value">' + escapeHtml(value) + '</div>',
-        '</div>'
-      ].join('')).join('');
+    function loadBooleanPreference(key, fallback) {
+      try {
+        const raw = localStorage.getItem(key);
+        return raw === null ? fallback : raw === 'true';
+      } catch (error) {
+        return fallback;
+      }
+    }
+
+    function saveBooleanPreference(key, value) {
+      localStorage.setItem(key, value ? 'true' : 'false');
+    }
+
+    function escapeHtml(value) {
+      return String(value ?? '')
+        .replaceAll('&', '&amp;')
+        .replaceAll('<', '&lt;')
+        .replaceAll('>', '&gt;')
+        .replaceAll('"', '&quot;')
+        .replaceAll("'", '&#39;');
     }
 
     function formatBytes(value) {
@@ -566,126 +603,25 @@ const overviewHTML = `<!doctype html>
       if (!Number.isFinite(bytes) || bytes <= 0) {
         return '0 B';
       }
-      const units = ['B', 'kB', 'MB', 'GB', 'TB'];
-      let current = bytes;
+      const units = ['B', 'KB', 'MB', 'GB', 'TB'];
+      let amount = bytes;
       let unitIndex = 0;
-      while (current >= 1000 && unitIndex < units.length - 1) {
-        current /= 1000;
+      while (amount >= 1024 && unitIndex < units.length - 1) {
+        amount /= 1024;
         unitIndex += 1;
       }
-      const precision = current >= 100 || unitIndex === 0 ? 0 : 1;
-      return current.toFixed(precision) + ' ' + units[unitIndex];
+      const digits = amount >= 10 || unitIndex === 0 ? 0 : 1;
+      return amount.toFixed(digits) + ' ' + units[unitIndex];
     }
 
-    function escapeHtml(value) {
-      return String(value ?? '').replace(/[&<>"']/g, character => ({'&':'&amp;','<':'&lt;','>':'&gt;','"':'&quot;',"'":'&#39;'}[character]));
-    }
-
-    function loadShowKnownBotsPreference() {
-      try {
-        const rawValue = window.localStorage.getItem(storageKeys.showKnownBots);
-        if (rawValue === null) {
-          return true;
-        }
-        return rawValue !== 'false';
-      } catch (_) {
-        return true;
+    function colorForSource(sourceName) {
+      const input = String(sourceName || 'unknown');
+      let hash = 0;
+      for (let index = 0; index < input.length; index += 1) {
+        hash = ((hash << 5) - hash) + input.charCodeAt(index);
+        hash |= 0;
       }
-    }
-
-    function saveShowKnownBotsPreference(value) {
-      try {
-        window.localStorage.setItem(storageKeys.showKnownBots, value ? 'true' : 'false');
-      } catch (_) {
-      }
-    }
-
-    function loadShowAllowedPreference() {
-      try {
-        const rawValue = window.localStorage.getItem(storageKeys.showAllowed);
-        if (rawValue === null) {
-          return true;
-        }
-        return rawValue !== 'false';
-      } catch (_) {
-        return true;
-      }
-    }
-
-    function saveShowAllowedPreference(value) {
-      try {
-        window.localStorage.setItem(storageKeys.showAllowed, value ? 'true' : 'false');
-      } catch (_) {
-      }
-    }
-
-    function loadShowReviewOnlyPreference() {
-      try {
-        const rawValue = window.localStorage.getItem(storageKeys.showReviewOnly);
-        if (rawValue === null) {
-          return false;
-        }
-        return rawValue === 'true';
-      } catch (_) {
-        return false;
-      }
-    }
-
-    function saveShowReviewOnlyPreference(value) {
-      try {
-        window.localStorage.setItem(storageKeys.showReviewOnly, value ? 'true' : 'false');
-      } catch (_) {
-      }
-    }
-
-    function loadSortPreference() {
-      const fallback = { key: 'events', direction: 'desc' };
-      try {
-        const key = window.localStorage.getItem(storageKeys.sortKey);
-        const direction = window.localStorage.getItem(storageKeys.sortDirection);
-        const validKeys = new Set(['ip', 'source', 'state', 'events', 'last_seen', 'reason']);
-        if (!validKeys.has(key || '')) {
-          return fallback;
-        }
-        if (direction !== 'asc' && direction !== 'desc') {
-          return fallback;
-        }
-        return { key, direction };
-      } catch (_) {
-        return fallback;
-      }
-    }
-
-    function saveSortPreference() {
-      try {
-        window.localStorage.setItem(storageKeys.sortKey, currentSort.key);
-        window.localStorage.setItem(storageKeys.sortDirection, currentSort.direction);
-      } catch (_) {
-      }
-    }
-
-    function formatDate(value) {
-      if (!value) {
-        return '—';
-      }
-      return new Date(value).toLocaleString();
-    }
-
-    function compareText(left, right) {
-      return String(left || '').localeCompare(String(right || ''), undefined, { sensitivity: 'base' });
-    }
-
-    function compareNumber(left, right) {
-      return Number(left || 0) - Number(right || 0);
-    }
-
-    function compareState(left, right) {
-      const leftRank = Object.prototype.hasOwnProperty.call(stateOrder, left) ? stateOrder[left] : 999;
-      const rightRank = Object.prototype.hasOwnProperty.call(stateOrder, right) ? stateOrder[right] : 999;
-      if (leftRank === rightRank) {
-        return compareText(left, right);
-      }
-      return leftRank - rightRank;
+      return sourcePalette[Math.abs(hash) % sourcePalette.length];
     }
 
     function botVisual(bot) {
@@ -725,13 +661,11 @@ const overviewHTML = `<!doctype html>
 
     function renderTopIPs(items, primaryMetric) {
       const visibleItems = Array.isArray(items) ? items : [];
-      if (visibleItems.length === 0) {
+      if (!visibleItems.length) {
         return '<div class="muted">No matching IP activity in the selected window.</div>';
       }
       return '<ol class="leader-list">' + visibleItems.map(item => {
-        const primaryValue = primaryMetric === 'traffic'
-          ? formatBytes(item.traffic_bytes)
-          : String(item.events || 0);
+        const primaryValue = primaryMetric === 'traffic' ? formatBytes(item.traffic_bytes) : String(item.events || 0);
         return [
           '<li class="leader-item">',
           '  <div class="leader-main">',
@@ -744,7 +678,7 @@ const overviewHTML = `<!doctype html>
     }
 
     function renderTopSources(items) {
-      if (!Array.isArray(items) || items.length === 0) {
+      if (!Array.isArray(items) || !items.length) {
         return '<div class="muted">No source activity in the selected window.</div>';
       }
       return '<ol class="leader-list">' + items.map(item => [
@@ -758,7 +692,7 @@ const overviewHTML = `<!doctype html>
     }
 
     function renderTopURLs(items) {
-      if (!Array.isArray(items) || items.length === 0) {
+      if (!Array.isArray(items) || !items.length) {
         return '<div class="muted">No URL activity in the selected window.</div>';
       }
       return '<ol class="leader-list">' + items.map(item => {
@@ -774,28 +708,29 @@ const overviewHTML = `<!doctype html>
       }).join('') + '</ol>';
     }
 
+    function renderStats(data) {
+      const cards = [
+        { className: 'total', label: 'Total events', value: data.total_events },
+        { className: 'tracked', label: 'Tracked IPs', value: data.total_ips },
+        { className: 'blocked', label: 'Blocked', value: data.blocked_ips },
+        { className: 'review', label: 'Review', value: data.review_ips },
+        { className: 'allowed', label: 'Allowed', value: data.allowed_ips },
+        { className: 'observed', label: 'Observed', value: data.observed_ips },
+      ];
+      document.getElementById('stats').innerHTML = cards.map(card => [
+        '<div class="card ' + escapeHtml(card.className) + '">',
+        '  <div class="muted">' + escapeHtml(card.label) + '</div>',
+        '  <div class="stat-value">' + escapeHtml(card.value ?? '0') + '</div>',
+        '</div>'
+      ].join('')).join('');
+    }
+
     function renderLeaderboards(data) {
       const cards = [
-        {
-          title: 'Top IPs by events',
-          subtitle: 'Last 24 hours',
-          body: renderTopIPs(data.top_ips_by_events, 'events'),
-        },
-        {
-          title: 'Top IPs by traffic',
-          subtitle: 'Last 24 hours',
-          body: renderTopIPs(data.top_ips_by_traffic, 'traffic'),
-        },
-        {
-          title: 'Top sources by events',
-          subtitle: 'Last 24 hours',
-          body: renderTopSources(data.top_sources),
-        },
-        {
-          title: 'Top URLs by events',
-          subtitle: 'Last 24 hours',
-          body: renderTopURLs(data.top_urls),
-        },
+        { title: 'Top IPs by events', subtitle: 'Last 24 hours', body: renderTopIPs(data.top_ips_by_events, 'events') },
+        { title: 'Top IPs by traffic', subtitle: 'Last 24 hours', body: renderTopIPs(data.top_ips_by_traffic, 'traffic') },
+        { title: 'Top sources by events', subtitle: 'Last 24 hours', body: renderTopSources(data.top_sources) },
+        { title: 'Top URLs by events', subtitle: 'Last 24 hours', body: renderTopURLs(data.top_urls) },
       ];
       document.getElementById('leaderboards').innerHTML = cards.map(card => [
         '<section class="leader-card">',
@@ -806,7 +741,114 @@ const overviewHTML = `<!doctype html>
       ].join('')).join('');
     }
 
-    function updateSortButtons() {
+    function formatBucketLabel(value) {
+      const date = new Date(value);
+      if (Number.isNaN(date.getTime())) {
+        return '—';
+      }
+      return date.toLocaleTimeString([], { hour: '2-digit', minute: '2-digit' });
+    }
+
+    function renderActivity(data) {
+      const buckets = Array.isArray(data.activity_buckets) ? data.activity_buckets : [];
+      const chart = document.getElementById('activity-chart');
+      const legend = document.getElementById('activity-legend');
+      if (!buckets.length) {
+        chart.className = 'chart-placeholder';
+        chart.innerHTML = 'No activity in the selected window.';
+        legend.innerHTML = '';
+        return;
+      }
+      const totalsBySource = new Map();
+      let maxTotal = 0;
+      for (const bucket of buckets) {
+        maxTotal = Math.max(maxTotal, Number(bucket.total_events || 0));
+        for (const source of Array.isArray(bucket.sources) ? bucket.sources : []) {
+          totalsBySource.set(source.source_name, (totalsBySource.get(source.source_name) || 0) + Number(source.events || 0));
+        }
+      }
+      const orderedSources = [...totalsBySource.entries()].sort((left, right) => right[1] - left[1] || left[0].localeCompare(right[0]));
+      legend.innerHTML = orderedSources.map(entry => '<span class="legend-chip"><span class="legend-dot" style="background:' + colorForSource(entry[0]) + '"></span>' + escapeHtml(entry[0]) + '</span>').join('');
+
+      const width = 1100;
+      const height = 260;
+      const chartHeight = 190;
+      const chartTop = 18;
+      const chartLeft = 18;
+      const chartWidth = width - (chartLeft * 2);
+      const step = chartWidth / Math.max(buckets.length, 1);
+      const barWidth = Math.max(2, step - 1);
+      const lines = [0.25, 0.5, 0.75, 1].map(fraction => {
+        const y = chartTop + chartHeight - (chartHeight * fraction);
+        return '<line class="activity-gridline" x1="' + chartLeft + '" y1="' + y + '" x2="' + (width - chartLeft) + '" y2="' + y + '"></line>';
+      }).join('');
+      const bars = buckets.map((bucket, index) => {
+        const x = chartLeft + (index * step);
+        let currentY = chartTop + chartHeight;
+        return (Array.isArray(bucket.sources) ? bucket.sources : []).map(source => {
+          const segmentHeight = maxTotal > 0 ? Math.max((Number(source.events || 0) / maxTotal) * chartHeight, 0) : 0;
+          currentY -= segmentHeight;
+          if (segmentHeight <= 0) {
+            return '';
+          }
+          return '<rect x="' + x.toFixed(2) + '" y="' + currentY.toFixed(2) + '" width="' + barWidth.toFixed(2) + '" height="' + segmentHeight.toFixed(2) + '" rx="1.5" fill="' + colorForSource(source.source_name) + '"><title>' + escapeHtml((source.source_name || 'unknown') + ': ' + source.events + ' request(s)') + '</title></rect>';
+        }).join('');
+      }).join('');
+      const tickStep = Math.max(1, Math.floor(buckets.length / 6));
+      const ticks = buckets.map((bucket, index) => {
+        if (index % tickStep !== 0 && index !== buckets.length - 1) {
+          return '';
+        }
+        const x = chartLeft + (index * step) + (barWidth / 2);
+        return '<text class="activity-axis" x="' + x.toFixed(2) + '" y="' + (height - 10) + '" text-anchor="middle">' + escapeHtml(formatBucketLabel(bucket.bucket_start)) + '</text>';
+      }).join('');
+      chart.className = 'activity-shell';
+      chart.innerHTML = '<svg viewBox="0 0 ' + width + ' ' + height + '" role="img" aria-label="Activity histogram">' + lines + bars + ticks + '</svg>';
+    }
+
+    function renderDonut(targetId, items, colors, totalLabel) {
+      const host = document.getElementById(targetId);
+      const visibleItems = (Array.isArray(items) ? items : []).filter(item => Number(item.events || 0) > 0);
+      if (!visibleItems.length) {
+        host.className = 'donut-shell chart-placeholder';
+        host.innerHTML = 'No matching requests in the selected window.';
+        return;
+      }
+      const total = visibleItems.reduce((sum, item) => sum + Number(item.events || 0), 0);
+      let offset = 0;
+      const gradientParts = visibleItems.map(item => {
+        const key = item.key || item.method;
+        const color = colors[key] || '#64748b';
+        const slice = total > 0 ? (Number(item.events || 0) / total) * 360 : 0;
+        const part = color + ' ' + offset + 'deg ' + (offset + slice) + 'deg';
+        offset += slice;
+        return part;
+      });
+      host.className = 'donut-shell';
+      host.innerHTML = [
+        '<div class="donut-grid">',
+        '  <div class="donut" style="background: conic-gradient(' + gradientParts.join(', ') + ')">',
+        '    <div class="donut-hole"><strong>' + escapeHtml(total) + '</strong><span>' + escapeHtml(totalLabel) + '</span></div>',
+        '  </div>',
+        '  <ul class="legend-list">',
+             visibleItems.map(item => '<li><span class="legend-label"><span class="legend-dot" style="background:' + (colors[item.key || item.method] || '#64748b') + '"></span><span>' + escapeHtml(item.label || item.method || item.key || 'Other') + '</span></span><span class="legend-value">' + escapeHtml(String(item.events || 0)) + '</span></li>').join(''),
+        '  </ul>',
+        '</div>'
+      ].join('');
+    }
+
+    function renderMethods(data) {
+      const colors = { GET: '#22c55e', POST: '#f59e0b', HEAD: '#38bdf8', PUT: '#a78bfa', DELETE: '#ef4444', PATCH: '#14b8a6', OPTIONS: '#f97316', OTHER: '#64748b' };
+      const items = (Array.isArray(data.methods) ? data.methods : []).map(item => ({ method: item.method || 'OTHER', label: item.method || 'OTHER', events: item.events || 0 }));
+      renderDonut('methods-chart', items, colors, 'requests');
+    }
+
+    function renderBots(data) {
+      const colors = { known: '#2563eb', possible: '#f59e0b', other: '#475569' };
+      renderDonut('bots-chart', Array.isArray(data.bots) ? data.bots : [], colors, 'requests');
+    }
+
+    function applyToggles() {
       const botsToggle = document.getElementById('show-bots-toggle');
       if (botsToggle) {
         botsToggle.checked = showKnownBots;
@@ -815,128 +857,278 @@ const overviewHTML = `<!doctype html>
       if (allowedToggle) {
         allowedToggle.checked = showAllowed;
       }
-      const reviewToggle = document.getElementById('show-review-toggle');
-      if (reviewToggle) {
-        reviewToggle.checked = showReviewOnly;
-      }
-      document.querySelectorAll('button[data-sort]').forEach(button => {
-        const key = button.dataset.sort;
-        const active = key === currentSort.key;
-        button.dataset.active = active ? 'true' : 'false';
-        button.textContent = sortLabels[key] + (active ? (currentSort.direction === 'asc' ? ' ↑' : ' ↓') : '');
-      });
-    }
-
-    function sortItems(items) {
-      return [...items].sort((left, right) => {
-        let result = 0;
-        switch (currentSort.key) {
-          case 'ip':
-            result = compareText(left.ip, right.ip);
-            break;
-          case 'source':
-            result = compareText(left.source_name, right.source_name);
-            break;
-          case 'state':
-            result = compareState(left.state, right.state);
-            break;
-          case 'events':
-            result = compareNumber(left.events, right.events);
-            break;
-          case 'last_seen':
-            result = compareNumber(left.last_seen_at ? Date.parse(left.last_seen_at) : 0, right.last_seen_at ? Date.parse(right.last_seen_at) : 0);
-            break;
-          case 'reason':
-            result = compareText(left.reason, right.reason);
-            break;
-        }
-        if (result === 0) {
-          result = compareText(left.ip, right.ip);
-        }
-        return currentSort.direction === 'asc' ? result : -result;
-      });
-    }
-
-    function renderActions(item) {
-      const actions = item.actions || {};
-      const buttons = [
-        '<a class="action-link" href="/ips/' + encodeURIComponent(item.ip) + '">Open</a>'
-      ];
-      if (actions.can_unblock) {
-        buttons.push('<button class="secondary" data-ip="' + escapeHtml(item.ip) + '" onclick="sendAction(this.dataset.ip, \'unblock\', \'Reason for manual unblock\')">Unblock</button>');
-      } else if (actions.can_block) {
-        buttons.push('<button class="danger" data-ip="' + escapeHtml(item.ip) + '" onclick="sendAction(this.dataset.ip, \'block\', \'Reason for manual block\')">Block</button>');
-      }
-      return '<div class="actions">' + buttons.join('') + '</div>';
-    }
-
-    function renderIPs(items) {
-      if (!Array.isArray(items)) {
-        document.getElementById('ips-body').innerHTML = '<tr><td colspan="7" class="muted">Loading recent IPs…</td></tr>';
-        return;
-      }
-      const filteredItems = items.filter(item => (showKnownBots || !item.bot) && (showAllowed || item.state !== 'allowed') && (!showReviewOnly || item.state === 'review'));
-      const rows = sortItems(filteredItems).map(item => [
-        '<tr>',
-        '  <td class="mono"><div class="ip-cell">' + renderBotChip(item.bot) + '<a href="/ips/' + encodeURIComponent(item.ip) + '">' + escapeHtml(item.ip) + '</a></div></td>',
-        '  <td>' + escapeHtml(item.source_name || '—') + '</td>',
-        '  <td><span class="status ' + escapeHtml(item.state) + '">' + escapeHtml(item.state) + '</span></td>',
-        '  <td>' + escapeHtml(item.events) + '</td>',
-        '  <td>' + escapeHtml(formatDate(item.last_seen_at)) + '</td>',
-        '  <td>' + escapeHtml(item.reason || '—') + '</td>',
-        '  <td>' + renderActions(item) + '</td>',
-        '</tr>'
-      ].join(''));
-      let emptyMessage = 'No IPs seen in the last 24 hours.';
-      if (showReviewOnly) {
-        emptyMessage = 'No review IPs match the current filters in the last 24 hours.';
-      } else if (!showKnownBots && !showAllowed) {
-        emptyMessage = 'No non-bot, non-allowed IPs seen in the last 24 hours.';
-      } else if (!showKnownBots) {
-        emptyMessage = 'No non-bot IPs seen in the last 24 hours.';
-      } else if (!showAllowed) {
-        emptyMessage = 'No non-allowed IPs seen in the last 24 hours.';
-      }
-      document.getElementById('ips-body').innerHTML = rows.length > 0 ? rows.join('') : '<tr><td colspan="7" class="muted">' + escapeHtml(emptyMessage) + '</td></tr>';
-    }
-
-    function render() {
-      updateSortButtons();
-      renderIPs(currentItems);
-    }
-
-    function setSort(key) {
-      if (currentSort.key === key) {
-        currentSort.direction = currentSort.direction === 'asc' ? 'desc' : 'asc';
-      } else {
-        currentSort.key = key;
-        currentSort.direction = (key === 'events' || key === 'last_seen') ? 'desc' : 'asc';
-      }
-      saveSortPreference();
-      render();
     }
 
     function toggleKnownBots() {
       const toggle = document.getElementById('show-bots-toggle');
       showKnownBots = !toggle || toggle.checked;
-      saveShowKnownBotsPreference(showKnownBots);
-      render();
-      refreshOverview();
+      saveBooleanPreference('cob.dashboard.showKnownBots', showKnownBots);
+      refresh();
     }
 
     function toggleAllowed() {
       const toggle = document.getElementById('show-allowed-toggle');
       showAllowed = !toggle || toggle.checked;
-      saveShowAllowedPreference(showAllowed);
-      render();
-      refreshOverview();
+      saveBooleanPreference('cob.dashboard.showAllowed', showAllowed);
+      refresh();
+    }
+
+    async function refresh() {
+      applyToggles();
+      const response = await fetch('/api/overview?hours=' + recentHours + '&limit=10&show_known_bots=' + (showKnownBots ? 'true' : 'false') + '&show_allowed=' + (showAllowed ? 'true' : 'false'));
+      const payload = await response.json().catch(() => ({}));
+      if (!response.ok) {
+        return;
+      }
+      renderStats(payload || {});
+      renderActivity(payload || {});
+      renderMethods(payload || {});
+      renderBots(payload || {});
+      renderLeaderboards(payload || {});
+    }
+
+    applyToggles();
+    refresh();
+    setInterval(refresh, 5000);
+  </script>
+</body>
+</html>`
+
+const queryLogHTML = `<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>{{ .Title }}</title>
+  <style>
+    :root { color-scheme: dark; }
+    body { font-family: system-ui, sans-serif; margin: 0; background: linear-gradient(180deg, #0f172a 0%, #020617 100%); color: #e2e8f0; }
+    header { padding: 1rem 1.5rem; border-bottom: 1px solid #334155; background: rgba(2, 6, 23, .92); }
+    .header-row { display: flex; justify-content: space-between; align-items: center; gap: 1rem; flex-wrap: wrap; }
+    .nav { display: inline-flex; gap: .5rem; flex-wrap: wrap; }
+    .nav-link { padding: .45rem .75rem; border-radius: 999px; border: 1px solid #334155; background: #111827; color: #cbd5e1; text-decoration: none; }
+    .nav-link.active { background: linear-gradient(135deg, #2563eb, #0f766e); color: white; border-color: transparent; }
+    main { padding: 1.5rem; display: grid; gap: 1rem; }
+    h1, h2 { margin: 0; }
+    a { color: #93c5fd; text-decoration: none; }
+    a:hover { text-decoration: underline; }
+    .muted { color: #94a3b8; }
+    .mono { font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace; }
+    .panel { background: #111827; border: 1px solid #334155; border-radius: .85rem; padding: 1rem; overflow: auto; }
+    .controls { display: flex; justify-content: space-between; align-items: center; gap: 1rem; flex-wrap: wrap; }
+    .controls-group { display: flex; align-items: center; gap: 1rem; flex-wrap: wrap; }
+    .toggle { display: inline-flex; align-items: center; gap: .45rem; font-size: .95rem; color: #cbd5e1; }
+    .toggle input { margin: 0; }
+    .toolbar { display: flex; justify-content: space-between; align-items: flex-start; gap: 1rem; margin-bottom: .75rem; flex-wrap: wrap; }
+    table { width: 100%; border-collapse: collapse; min-width: 1024px; }
+    th, td { padding: .6rem .65rem; border-bottom: 1px solid #1e293b; text-align: left; vertical-align: top; }
+    thead th { color: #93c5fd; white-space: nowrap; }
+    tbody tr:nth-child(even) { background: rgba(15, 23, 42, .55); }
+    .status { display: inline-block; padding: .15rem .45rem; border-radius: 999px; font-size: .8rem; background: #1e293b; }
+    .status.blocked { background: #7f1d1d; }
+    .status.review { background: #78350f; }
+    .status.allowed { background: #14532d; }
+    .status.observed { background: #1e293b; }
+    .method { display: inline-block; padding: .2rem .45rem; border-radius: 999px; font-size: .78rem; font-weight: 700; }
+    .method.get { background: #14532d; color: #dcfce7; }
+    .method.post { background: #78350f; color: #fef3c7; }
+    .method.head { background: #0c4a6e; color: #e0f2fe; }
+    .method.other { background: #334155; color: #e2e8f0; }
+    .actions { display: flex; gap: .35rem; flex-wrap: wrap; }
+    .action-link, button { display: inline-flex; align-items: center; justify-content: center; gap: .35rem; border-radius: .45rem; padding: .3rem .6rem; font-size: .9rem; }
+    .action-link { background: #1e293b; color: #e2e8f0; text-decoration: none; }
+    button { background: #2563eb; color: white; border: 0; cursor: pointer; }
+    button.secondary { background: #475569; }
+    button.danger { background: #dc2626; }
+    .ip-cell { display: flex; align-items: center; gap: .45rem; min-width: 0; }
+    .bot-chip { display: inline-flex; align-items: center; justify-content: center; width: 1.25rem; height: 1.25rem; border-radius: 999px; border: 1px solid #334155; background: #0f172a; color: #e2e8f0; font-size: .72rem; font-weight: 700; cursor: help; flex: 0 0 auto; }
+    .bot-chip.verified { border-color: #2563eb; }
+    .bot-chip.hint { border-style: dashed; }
+    .bot-chip.google { background: #2563eb; color: white; }
+    .bot-chip.bing { background: #0284c7; color: white; }
+    .bot-chip.apple { background: #475569; color: white; }
+    .bot-chip.meta { background: #2563eb; color: white; }
+    .bot-chip.duckduckgo { background: #ea580c; color: white; }
+    .bot-chip.openai { background: #059669; color: white; }
+    .bot-chip.anthropic { background: #b45309; color: white; }
+    .bot-chip.perplexity { background: #0f766e; color: white; }
+    .bot-chip.semrush { background: #db2777; color: white; }
+    .bot-chip.yandex { background: #dc2626; color: white; }
+    .bot-chip.baidu { background: #7c3aed; color: white; }
+    .bot-chip.bytespider { background: #111827; color: white; }
+    @media (max-width: 720px) {
+      header { padding: .9rem 1rem; }
+      main { padding: 1rem; }
+      .panel { padding: .85rem; }
+      .controls { align-items: flex-start; }
+      .controls-group { width: 100%; justify-content: flex-start; }
+    }
+  </style>
+</head>
+<body>
+  <header>
+    <div class="header-row">
+      <div>
+        <h1>{{ .Title }}</h1>
+        <div class="muted">Last 24 hours, newest first</div>
+      </div>
+      <nav class="nav">
+        <a class="nav-link" href="/">Dashboard</a>
+        <a class="nav-link active" href="/queries">Query Log</a>
+      </nav>
+    </div>
+  </header>
+  <main>
+    <section class="panel controls">
+      <div class="controls-group">
+        <label class="toggle"><input id="show-bots-toggle" type="checkbox" checked onchange="toggleKnownBots()">Show known bots</label>
+        <label class="toggle"><input id="show-allowed-toggle" type="checkbox" checked onchange="toggleAllowed()">Show allowed</label>
+        <label class="toggle"><input id="show-review-toggle" type="checkbox" onchange="toggleReviewOnly()">Review only</label>
+      </div>
+      <div class="muted">These filters affect the full Query Log.</div>
+    </section>
+    <section class="panel">
+      <div class="toolbar">
+        <div>
+          <h2>Recent requests</h2>
+          <div class="muted">Click an IP to open its detail page</div>
+        </div>
+      </div>
+      <table>
+        <thead>
+          <tr>
+            <th>Time</th>
+            <th>Source</th>
+            <th>IP</th>
+            <th>Method</th>
+            <th>Request</th>
+            <th>Status</th>
+            <th>State</th>
+            <th>Reason</th>
+            <th>Actions</th>
+          </tr>
+        </thead>
+        <tbody id="events-body">
+          <tr><td colspan="9" class="muted">Loading query log…</td></tr>
+        </tbody>
+      </table>
+    </section>
+  </main>
+  <script>
+    const recentHours = 24;
+    let showKnownBots = loadBooleanPreference('cob.dashboard.showKnownBots', true);
+    let showAllowed = loadBooleanPreference('cob.dashboard.showAllowed', true);
+    let showReviewOnly = loadBooleanPreference('cob.queryLog.showReviewOnly', false);
+
+    function loadBooleanPreference(key, fallback) {
+      try {
+        const raw = localStorage.getItem(key);
+        return raw === null ? fallback : raw === 'true';
+      } catch (error) {
+        return fallback;
+      }
+    }
+
+    function saveBooleanPreference(key, value) {
+      localStorage.setItem(key, value ? 'true' : 'false');
+    }
+
+    function escapeHtml(value) {
+      return String(value ?? '')
+        .replaceAll('&', '&amp;')
+        .replaceAll('<', '&lt;')
+        .replaceAll('>', '&gt;')
+        .replaceAll('"', '&quot;')
+        .replaceAll("'", '&#39;');
+    }
+
+    function formatDate(value) {
+      if (!value) {
+        return '—';
+      }
+      const date = new Date(value);
+      if (Number.isNaN(date.getTime())) {
+        return '—';
+      }
+      return date.toLocaleString();
+    }
+
+    function methodClass(method) {
+      const normalized = String(method || '').toLowerCase();
+      if (normalized === 'get' || normalized === 'post' || normalized === 'head') {
+        return normalized;
+      }
+      return 'other';
+    }
+
+    function botVisual(bot) {
+      const candidate = String((bot || {}).provider_id || (bot || {}).name || '').toLowerCase();
+      const catalog = [
+        { match: ['google'], short: 'G', className: 'google' },
+        { match: ['bing', 'microsoft'], short: 'B', className: 'bing' },
+        { match: ['apple'], short: 'A', className: 'apple' },
+        { match: ['facebook', 'meta'], short: 'M', className: 'meta' },
+        { match: ['duckduckgo', 'duckduckbot'], short: 'D', className: 'duckduckgo' },
+        { match: ['gptbot', 'openai'], short: 'O', className: 'openai' },
+        { match: ['claudebot', 'anthropic'], short: 'C', className: 'anthropic' },
+        { match: ['perplexity'], short: 'P', className: 'perplexity' },
+        { match: ['semrush'], short: 'S', className: 'semrush' },
+        { match: ['yandex'], short: 'Y', className: 'yandex' },
+        { match: ['baidu'], short: 'B', className: 'baidu' },
+        { match: ['bytespider', 'tiktok'], short: 'T', className: 'bytespider' },
+      ];
+      for (const entry of catalog) {
+        if (entry.match.some(fragment => candidate.includes(fragment))) {
+          return entry;
+        }
+      }
+      const name = String((bot || {}).name || '').trim();
+      return { short: (name[0] || '?').toUpperCase(), className: 'generic' };
+    }
+
+    function renderBotChip(bot) {
+      if (!bot) {
+        return '';
+      }
+      const visual = botVisual(bot);
+      const statusClass = bot.verified ? 'verified' : 'hint';
+      const title = (bot.name || 'Bot') + (bot.verified ? '' : ' (possible)');
+      return '<span class="bot-chip ' + escapeHtml(visual.className) + ' ' + statusClass + '" title="' + escapeHtml(title) + '">' + escapeHtml(visual.short) + '</span>';
+    }
+
+    function renderActions(item) {
+      const actions = item.actions || {};
+      const buttons = ['<a class="action-link" href="/ips/' + encodeURIComponent(item.client_ip) + '">Open</a>'];
+      if (actions.can_unblock) {
+        buttons.push('<button class="secondary" data-ip="' + escapeHtml(item.client_ip) + '" onclick="sendAction(this.dataset.ip, \'unblock\', \'Reason for manual unblock\')">Unblock</button>');
+      } else if (actions.can_block) {
+        buttons.push('<button class="danger" data-ip="' + escapeHtml(item.client_ip) + '" onclick="sendAction(this.dataset.ip, \'block\', \'Reason for manual block\')">Block</button>');
+      }
+      return '<div class="actions">' + buttons.join('') + '</div>';
+    }
+
+    function applyToggles() {
+      document.getElementById('show-bots-toggle').checked = showKnownBots;
+      document.getElementById('show-allowed-toggle').checked = showAllowed;
+      document.getElementById('show-review-toggle').checked = showReviewOnly;
+    }
+
+    function toggleKnownBots() {
+      showKnownBots = document.getElementById('show-bots-toggle').checked;
+      saveBooleanPreference('cob.dashboard.showKnownBots', showKnownBots);
+      refresh();
+    }
+
+    function toggleAllowed() {
+      showAllowed = document.getElementById('show-allowed-toggle').checked;
+      saveBooleanPreference('cob.dashboard.showAllowed', showAllowed);
+      refresh();
     }
 
     function toggleReviewOnly() {
-      const toggle = document.getElementById('show-review-toggle');
-      showReviewOnly = !!toggle && toggle.checked;
-      saveShowReviewOnlyPreference(showReviewOnly);
-      render();
+      showReviewOnly = document.getElementById('show-review-toggle').checked;
+      saveBooleanPreference('cob.queryLog.showReviewOnly', showReviewOnly);
+      refresh();
     }
 
     async function sendAction(ip, action, promptLabel) {
@@ -954,42 +1146,46 @@ const overviewHTML = `<!doctype html>
         window.alert(payload.error || 'Request failed');
         return;
       }
-      await refresh();
+      refresh();
     }
 
-    async function refreshOverview() {
-      const response = await fetch('/api/overview?hours=' + recentHours + '&limit=10&show_known_bots=' + (showKnownBots ? 'true' : 'false') + '&show_allowed=' + (showAllowed ? 'true' : 'false'));
-      const payload = await response.json().catch(() => ({}));
-      if (!response.ok) {
-        return;
-      }
-      window.__overviewPayload = payload || {};
-      renderStats(payload || {});
-      renderLeaderboards(payload || {});
+    function renderEvents(items) {
+      const rows = (Array.isArray(items) ? items : []).map(item => {
+        const requestLabel = ((item.host || '') ? (item.host + item.uri) : (item.uri || '—'));
+        return [
+          '<tr>',
+          '  <td>' + escapeHtml(formatDate(item.occurred_at)) + '</td>',
+          '  <td>' + escapeHtml(item.source_name || '—') + '</td>',
+          '  <td class="mono"><div class="ip-cell">' + renderBotChip(item.bot) + '<a href="/ips/' + encodeURIComponent(item.client_ip) + '">' + escapeHtml(item.client_ip || '—') + '</a></div></td>',
+          '  <td><span class="method ' + escapeHtml(methodClass(item.method)) + '">' + escapeHtml(item.method || 'OTHER') + '</span></td>',
+          '  <td class="mono">' + escapeHtml(requestLabel) + '</td>',
+          '  <td>' + escapeHtml(String(item.status || 0)) + '</td>',
+          '  <td><span class="status ' + escapeHtml(item.current_state || 'observed') + '">' + escapeHtml(item.current_state || 'observed') + '</span></td>',
+          '  <td>' + escapeHtml(item.decision_reason || '—') + '</td>',
+          '  <td>' + renderActions(item) + '</td>',
+          '</tr>'
+        ].join('');
+      });
+      document.getElementById('events-body').innerHTML = rows.length ? rows.join('') : '<tr><td colspan="9" class="muted">No requests match the current filters in the last 24 hours.</td></tr>';
     }
 
     async function refresh() {
-      const [_, recentResponse] = await Promise.all([
-        refreshOverview(),
-        fetch('/api/recent-ips?hours=' + recentHours + '&limit=250')
-      ]);
-      const recentPayload = await recentResponse.json().catch(() => []);
-      if (!recentResponse.ok) {
-        const message = Array.isArray(recentPayload) ? recentResponse.statusText : (recentPayload.error || recentResponse.statusText);
-        document.getElementById('ips-body').innerHTML = '<tr><td colspan="7" class="muted">' + escapeHtml(message) + '</td></tr>';
+      applyToggles();
+      const response = await fetch('/api/events?hours=' + recentHours + '&limit=250&show_known_bots=' + (showKnownBots ? 'true' : 'false') + '&show_allowed=' + (showAllowed ? 'true' : 'false') + '&review_only=' + (showReviewOnly ? 'true' : 'false'));
+      const payload = await response.json().catch(() => []);
+      if (!response.ok) {
+        document.getElementById('events-body').innerHTML = '<tr><td colspan="9" class="muted">' + escapeHtml(payload.error || response.statusText) + '</td></tr>';
         return;
       }
-      currentItems = Array.isArray(recentPayload) ? recentPayload : [];
-      render();
+      renderEvents(payload);
     }
 
-    render();
+    applyToggles();
     refresh();
-    setInterval(refresh, 2000);
+    setInterval(refresh, 5000);
   </script>
 </body>
 </html>`
-
 const ipDetailsHTML = `<!doctype html>
 <html lang="en">
 <head>
diff --git a/internal/web/handler_test.go b/internal/web/handler_test.go
index b3b37d1..91c45cf 100644
--- a/internal/web/handler_test.go
+++ b/internal/web/handler_test.go
@@ -56,6 +56,16 @@ func TestHandlerServesOverviewAndManualActions(t *testing.T) {
 		t.Fatalf("overview filter options were not forwarded correctly: %+v", app.lastOverviewOptions)
 	}
 
+	recorder = httptest.NewRecorder()
+	request = httptest.NewRequest(http.MethodGet, "/api/events?hours=24&limit=250&show_known_bots=false&show_allowed=false&review_only=true", nil)
+	handler.ServeHTTP(recorder, request)
+	if recorder.Code != http.StatusOK {
+		t.Fatalf("unexpected filtered events status: %d", recorder.Code)
+	}
+	if app.lastEventOptions.ShowKnownBots || app.lastEventOptions.ShowAllowed || !app.lastEventOptions.ReviewOnly {
+		t.Fatalf("event filter options were not forwarded correctly: %+v", app.lastEventOptions)
+	}
+
 	recorder = httptest.NewRecorder()
 	request = httptest.NewRequest(http.MethodPost, "/api/ips/203.0.113.10/block", strings.NewReader(`{"reason":"test reason","actor":"tester"}`))
 	request.Header.Set("Content-Type", "application/json")
@@ -84,12 +94,21 @@ func TestHandlerServesOverviewAndManualActions(t *testing.T) {
 	if !strings.Contains(recorder.Body.String(), "Local-only review and enforcement console") {
 		t.Fatalf("overview page did not render expected content")
 	}
-	if strings.Contains(recorder.Body.String(), "Recent events") {
-		t.Fatalf("overview page should no longer render recent events block")
-	}
 	if !strings.Contains(recorder.Body.String(), "Show known bots") {
 		t.Fatalf("overview page should expose the known bots toggle")
 	}
+	if !strings.Contains(recorder.Body.String(), "Query Log") {
+		t.Fatalf("overview page should link to the query log")
+	}
+	if !strings.Contains(recorder.Body.String(), "Activity") {
+		t.Fatalf("overview page should expose the activity chart")
+	}
+	if !strings.Contains(recorder.Body.String(), "Methods") {
+		t.Fatalf("overview page should expose the methods chart")
+	}
+	if !strings.Contains(recorder.Body.String(), "Bots") {
+		t.Fatalf("overview page should expose the bots chart")
+	}
 	if !strings.Contains(recorder.Body.String(), "Top IPs by events") {
 		t.Fatalf("overview page should expose the top IPs by events block")
 	}
@@ -105,7 +124,7 @@ func TestHandlerServesOverviewAndManualActions(t *testing.T) {
 	if !strings.Contains(recorder.Body.String(), "Loading…") {
 		t.Fatalf("overview page should render stable loading placeholders")
 	}
-	if !strings.Contains(recorder.Body.String(), "These two filters affect both the leaderboards and the Recent IPs list") {
+	if !strings.Contains(recorder.Body.String(), "These filters affect all dashboard charts and top lists") {
 		t.Fatalf("overview page should explain the scope of the shared filters")
 	}
 	if strings.Contains(recorder.Body.String(), "position: sticky") {
@@ -114,13 +133,30 @@ func TestHandlerServesOverviewAndManualActions(t *testing.T) {
 	if !strings.Contains(recorder.Body.String(), "Show allowed") {
 		t.Fatalf("overview page should expose the allowed toggle")
 	}
-	if !strings.Contains(recorder.Body.String(), "Review only") {
-		t.Fatalf("overview page should expose the review-only toggle")
+	if strings.Contains(recorder.Body.String(), "Review only") {
+		t.Fatalf("overview page should not expose the review-only toggle anymore")
 	}
 	if !strings.Contains(recorder.Body.String(), "localStorage") {
 		t.Fatalf("overview page should persist preferences in localStorage")
 	}
 
+	recorder = httptest.NewRecorder()
+	request = httptest.NewRequest(http.MethodGet, "/queries", nil)
+	handler.ServeHTTP(recorder, request)
+	if recorder.Code != http.StatusOK {
+		t.Fatalf("unexpected query log page status: %d", recorder.Code)
+	}
+	queryLogBody := recorder.Body.String()
+	if !strings.Contains(queryLogBody, "Review only") {
+		t.Fatalf("query log page should expose the review-only toggle")
+	}
+	if !strings.Contains(queryLogBody, "These filters affect the full Query Log") {
+		t.Fatalf("query log page should explain its filters")
+	}
+	if !strings.Contains(queryLogBody, "Request") {
+		t.Fatalf("query log page should render the request table")
+	}
+
 	recorder = httptest.NewRecorder()
 	request = httptest.NewRequest(http.MethodGet, "/ips/203.0.113.10", nil)
 	handler.ServeHTTP(recorder, request)
@@ -154,6 +190,7 @@ func TestHandlerServesOverviewAndManualActions(t *testing.T) {
 type stubApp struct {
 	lastAction          string
 	lastOverviewOptions model.OverviewOptions
+	lastEventOptions    model.EventListOptions
 }
 
 func (s *stubApp) GetOverview(_ context.Context, _ time.Time, _ int, options model.OverviewOptions) (model.Overview, error) {
@@ -163,17 +200,29 @@ func (s *stubApp) GetOverview(_ context.Context, _ time.Time, _ int, options mod
 		TotalEvents: 1,
 		TotalIPs:    1,
 		BlockedIPs:  1,
+		ActivityBuckets: []model.ActivityBucket{{
+			BucketStart: now.Add(-10 * time.Minute),
+			TotalEvents: 1,
+			Sources: []model.ActivitySourceCount{{
+				SourceName: "main",
+				Events:     1,
+			}},
+		}},
+		Methods: []model.MethodBreakdownRow{{Method: "GET", Events: 1}},
+		Bots:    []model.BotBreakdownRow{{Key: "non_bot", Label: "Non-bot", Events: 1}},
 		TopIPsByEvents: []model.TopIPRow{{
 			IP:           "203.0.113.10",
 			Events:       3,
 			TrafficBytes: 4096,
 			LastSeenAt:   now,
+			Bot:          &model.BotMatch{Name: "Googlebot", ProviderID: "google_official", Verified: true},
 		}},
 		TopIPsByTraffic: []model.TopIPRow{{
 			IP:           "203.0.113.10",
 			Events:       3,
 			TrafficBytes: 4096,
 			LastSeenAt:   now,
+			Bot:          &model.BotMatch{Name: "Googlebot", ProviderID: "google_official", Verified: true},
 		}},
 		TopSources: []model.TopSourceRow{{
 			SourceName:   "main",
@@ -196,17 +245,25 @@ func (s *stubApp) GetOverview(_ context.Context, _ time.Time, _ int, options mod
 			LastSeenAt:     now,
 		}},
 		RecentEvents: []model.Event{{
-			ID:           1,
-			SourceName:   "main",
-			ClientIP:     "203.0.113.10",
-			OccurredAt:   now,
-			Decision:     model.DecisionActionBlock,
-			CurrentState: model.IPStateBlocked,
+			ID:             1,
+			SourceName:     "main",
+			ClientIP:       "203.0.113.10",
+			OccurredAt:     now,
+			Method:         http.MethodGet,
+			URI:            "/wp-login.php",
+			Host:           "example.test",
+			Status:         http.StatusNotFound,
+			Decision:       model.DecisionActionBlock,
+			CurrentState:   model.IPStateBlocked,
+			DecisionReason: "php_path",
+			Actions:        model.ActionAvailability{CanUnblock: true},
+			Bot:            &model.BotMatch{Name: "Googlebot", ProviderID: "google_official", Verified: true},
 		}},
 	}, nil
 }
 
-func (s *stubApp) ListEvents(ctx context.Context, limit int) ([]model.Event, error) {
+func (s *stubApp) ListEvents(ctx context.Context, _ time.Time, limit int, options model.EventListOptions) ([]model.Event, error) {
+	s.lastEventOptions = options
 	overview, _ := s.GetOverview(ctx, time.Time{}, limit, model.OverviewOptions{ShowKnownBots: true, ShowAllowed: true})
 	return overview.RecentEvents, nil
 }