| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Column | Clickhouse Data Type | ELS /received field | Description | |||||||||||||||||||||
2 | date | Date | EdgeStartTimestamp | The date is taken at the start of the request | |||||||||||||||||||||
3 | datetime | DateTime | EdgeStartTimestamp | The datetime is taken at the start of the request | |||||||||||||||||||||
4 | zoneId | UInt32 | ZoneID | Internal Zone ID | |||||||||||||||||||||
5 | zonePlan | Enum8 | - | Internal Zone plan, e.g. BIZ | |||||||||||||||||||||
6 | ownerId | UInt32 | - | Internal Owner ID (formerly User ID) | |||||||||||||||||||||
7 | hosterId | UInt32 | - | Internal Hoster ID | |||||||||||||||||||||
8 | brandId | UInt32 | - | Internal Brand ID | |||||||||||||||||||||
9 | securityLevel | Enum8 | SecurityLevel | Security level configured for this zone | |||||||||||||||||||||
10 | flags | UInt32 | - | Flags | |||||||||||||||||||||
11 | clientIPv6 | FixedString(16) | ClientIP | IP address of client connecting to CloudFlare edge server, version 6 | |||||||||||||||||||||
12 | clientIPv4 | UInt32 | ClientIP | IP address of client connecting to CloudFlare edge server, version 4 | |||||||||||||||||||||
13 | clientIPClass | Enum8 | ClientIPClass | IP classification, e.g. clean, searchEngine, tor | |||||||||||||||||||||
14 | clientCountry | UInt16 | ClientCountry | Country associated with client's IP | |||||||||||||||||||||
15 | clientSSLProtocol | Enum8 | ClientSSLProtocol | SSL protocol (if any) used by the client, e.g. TLSv1.3 | |||||||||||||||||||||
16 | clientSSLCipher | UInt8 | ClientSSLCipher | SSL cipher selected by the server | |||||||||||||||||||||
17 | clientSSLFlags | UInt32 | - | SSL flags | |||||||||||||||||||||
18 | clientCFDUID | FixedString(43) | - | Value of the __cfduid (session) cookie assigned to this client. | |||||||||||||||||||||
19 | clientGeneratedCFDUID | UInt8 | - | True if we set the __cfduid cookie in the response headers. If the client didn't provide cfuid cookie, we generated new one. | |||||||||||||||||||||
20 | clientRequestBytes | UInt64 | ClientRequestBytes | Total number of HTTP request bytes sent by client | |||||||||||||||||||||
21 | clientRequestBodyBytes | UInt64 | - | Total number of HTTP request body bytes sent by client | |||||||||||||||||||||
22 | clientRequestHTTPHost | String | ClientRequestHost | Host header sent by client, http://nginx.org/en/docs/http/ngx_http_core_module.html#var_host | |||||||||||||||||||||
23 | clientRequestHTTPMethod | UInt8 | ClientRequestMethod | HTTP method, e.g. GET, http://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_method | |||||||||||||||||||||
24 | clientRequestPath | String | ClientRequestURI | path of URI requested by the client | |||||||||||||||||||||
25 | clientRequestQuery | String | ClientRequestURI | query of URI requested by the client | |||||||||||||||||||||
26 | clientRequestHTTPProtocol | Enum8 | ClientRequestProtocol | e.g. HTTP/1.x, SPDY/3.x | |||||||||||||||||||||
27 | clientRefererScheme | Enum8 | ClientRequestReferer | ||||||||||||||||||||||
28 | clientRefererHost | String | ClientRequestReferer | ||||||||||||||||||||||
29 | clientRefererPath | String | ClientRequestReferer | ||||||||||||||||||||||
30 | clientRefererQuery | String | ClientRequestReferer | ||||||||||||||||||||||
31 | clientRequestFlags | UInt32 | - | ||||||||||||||||||||||
32 | clientRequestAccept | String | - | ||||||||||||||||||||||
33 | clientRequestDnt | Enum8 | - | ||||||||||||||||||||||
34 | clientRequestScheme | Enum8 | - | URI scheme (http/https) | |||||||||||||||||||||
35 | clientRequestSignature | String | - | HTTP request signature, used by gatebot for attack mitigation. | |||||||||||||||||||||
36 | clientRequestSignatureHlist | String | - | HTTP request signature with headers list sorted alphabetically | |||||||||||||||||||||
37 | clientRequestFingerprintId | FixedString(16) | - | Id of the HTTP fingerprint that was matched on the request | |||||||||||||||||||||
38 | edgeIPv6 | FixedString(16) | - | FL Server IP that request was received on | |||||||||||||||||||||
39 | edgeIPv4 | UInt32 | - | ||||||||||||||||||||||
40 | edgePort | UInt16 | - | FL Server port that request was received on | |||||||||||||||||||||
41 | edgeTimeMs | UInt32 | - | Represents full time to satisfy the HTTP transaction on our edge. That it includes time for the client to issue full request, slow client will contribute to a larger number here. | |||||||||||||||||||||
42 | edgeColoId | UInt16 | EdgeColoID | Colo ID, one of Cloudflare's 120+ data centers | |||||||||||||||||||||
43 | edgeMetalId | UInt16 | - | ||||||||||||||||||||||
44 | edgeEnabledFlags | UInt32 | - | Features enabled | |||||||||||||||||||||
45 | edgeUsedFlags | UInt32 | - | Features used | |||||||||||||||||||||
46 | edgePathingOp | Enum8 | EdgePathingOp | Pathing records the outcome of the request from fl perspective. Operation is the outcome. | |||||||||||||||||||||
47 | edgePathingSrc | Enum8 | EdgePathingSrc | source is what caused the outcome | |||||||||||||||||||||
48 | edgePathingStatus | UInt8 | EdgePathingStatus | status explains the mechanism | |||||||||||||||||||||
49 | edgeLBEnabled | UInt8 | - | If the request is served by a IP resolved by LB | |||||||||||||||||||||
50 | edgeRequestBytes | UInt64 | - | Total number of HTTP request bytes sent by FL to cache | |||||||||||||||||||||
51 | edgeRequestHTTPMethod | UInt8 | - | HTTP Method. ESC can change this. | |||||||||||||||||||||
52 | edgeRequestKeepAliveStatus | Enum8 | - | Keepalive info between FL and cache box | |||||||||||||||||||||
53 | edgeResponseStatus | UInt16 | EdgeResponseStatus | HTTP status code of response | |||||||||||||||||||||
54 | edgeResponseBytes | UInt64 | EdgeResponseBytes | Number of bytes sent to client, http://nginx.org/en/docs/http/ngx_http_core_module.html#var_bytes_sent | |||||||||||||||||||||
55 | edgeResponseBodyBytes | UInt64 | - | Number of bytes sent to a client, not counting the response header, http://nginx.org/en/docs/http/ngx_http_core_module.html#var_body_bytes_sent | |||||||||||||||||||||
56 | edgeResponseCompressionRatio | Float32 | EdgeResponseCompressionRatio | How well did the response data compress | |||||||||||||||||||||
57 | edgeResponseContentType | UInt32 | - | Content-Type response from edge | |||||||||||||||||||||
58 | edgeWAFTimeMs | UInt16 | - | Difference between when WAF starts processing and when WAF has finished processing | |||||||||||||||||||||
59 | edgeWAFRuleId | String | WAFRuleID | Which WAF rule is triggered | |||||||||||||||||||||
60 | edgeWAFAction | Enum8 | WAFAction | WAF action that is taken | |||||||||||||||||||||
61 | edgeDNSResponseError | Enum8 | - | Internal DNS lookup info error | |||||||||||||||||||||
62 | edgeDNSResponseCached | UInt8 | - | If the response is from local cache | |||||||||||||||||||||
63 | edgeDNSResponseTimeMs | UInt16 | - | Time spent on DNS lookup | |||||||||||||||||||||
64 | cacheTimeMs | UInt16 | - | This represents TTFB from nginx-cache's point of view, including the impact of Tiered Caching and Smart Routing. | |||||||||||||||||||||
65 | cacheBckType | Enum8 | - | Backend that returned the data | |||||||||||||||||||||
66 | cacheStatus | Enum8 | CacheCacheStatus | Did it hit in the cache - unknown | miss | expired | updating | stale | hit | ignored | bypass | revalidated | |||||||||||||||||||||
67 | cacheMetalId | UInt16 | - | Cache server that fl connected to | |||||||||||||||||||||
68 | cacheExternalPort | UInt16 | - | Port used for connection between cache and origin | |||||||||||||||||||||
69 | cacheTieredFill | UInt8 | - | 1: content is pulled from another colo, 0: pulled from origin or pulled from this colo | |||||||||||||||||||||
70 | cacheRequestKeepAliveStatus | Enum8 | - | Did origin connection go over a keepalive connection | |||||||||||||||||||||
71 | cacheResponseStatus | UInt16 | CacheResponseStatus | HTTP status code of response | |||||||||||||||||||||
72 | cacheResponseBytes | UInt64 | CacheResponseBytes | Number of bytes sent to edge, http://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_response_length | |||||||||||||||||||||
73 | cacheResponseRetriedStatus | UInt16 | - | If this request was retried from edge to cache, contains the status code of the first response from cache. | |||||||||||||||||||||
74 | originResponseStatus | UInt16 | OriginResponseStatus | HTTP status code of response | |||||||||||||||||||||
75 | originResponseContentEncoding | Enum8 | - | HTTP content-encoding header | |||||||||||||||||||||
76 | originIPv6 | FixedString(16) | OriginIP | IP we actually talk to, version 6 | |||||||||||||||||||||
77 | originIPv4 | UInt32 | OriginIP | IP we actually talk to, version 4 | |||||||||||||||||||||
78 | originPort | UInt16 | - | Origin port we connected to | |||||||||||||||||||||
79 | backendZoneIdUsed | UInt8 | - | 1 if Zone ID used to lookup data-plane control information. | |||||||||||||||||||||
80 | backendViewIdUsed | UInt8 | - | 1 if View ID used to lookup data-plane control information. | |||||||||||||||||||||
81 | backendOriginIPUsed | UInt8 | - | 1 if Origin IP used to lookup data-plane control information. | |||||||||||||||||||||
82 | backendHostUsed | UInt8 | - | 1 if HTTP Host used to lookup data-plane control information. | |||||||||||||||||||||
83 | backendOriginReached | UInt8 | - | 1 if HTTP response is from origin server. | |||||||||||||||||||||
84 | backendViewId | UInt16 | - | Value of View ID (Baidu named group of subnets) found for Origin IP. | |||||||||||||||||||||
85 | backendFailoverCount | UInt8 | - | Number of times nginx-be failed over to alternate network path. | |||||||||||||||||||||
86 | backendProxyTimeoutCount | UInt8 | - | Number of times network path failed due to proxy -> proxy connection timeout. | |||||||||||||||||||||
87 | backendOriginTimeoutCount | UInt8 | - | Number of times network path failed due to origin server timeout. | |||||||||||||||||||||
88 | userAgent | String | ClientRequestUserAgent | HTTP User-Agent header | |||||||||||||||||||||
89 | uaDeviceType | Enum8 | ClientRequestUserAgent | User-agent device type | |||||||||||||||||||||
90 | uaDeviceFamily | UInt8 | ClientRequestUserAgent | User-agent device family | |||||||||||||||||||||
91 | uaOSFamily | UInt8 | ClientRequestUserAgent | User-agent OS | |||||||||||||||||||||
92 | uaBrowserFamily | UInt8 | ClientRequestUserAgent | User-agent browser family | |||||||||||||||||||||
93 | xRequestedWith | String | - | X-Requested-With HTTP header | |||||||||||||||||||||
94 | ratelimitRuleId | UInt64 | - | Internal rule id that blocked, or simulated blocking, the request. | |||||||||||||||||||||
95 | railgunUsed | UInt8 | - | 1 if Railgun was used | |||||||||||||||||||||
96 | threatScore | UInt8 | - | Threat score used for routing this request | |||||||||||||||||||||
97 | threatScoreSource | FixedString(8) | - | Log threat score for the request and source of threat score data | |||||||||||||||||||||
98 | upperTierColoId | UInt16 | - | Argo upper tier colo ID | |||||||||||||||||||||
99 | upperTierCacheTimeMs | UInt16 | - | Argo upper tier cache time | |||||||||||||||||||||
100 | smartRouteColoId | UInt16 | - | Argo Smart Routing proxy colo, only populated if a request was Smart Routed |