After real-time log delivery is enabled, real-time logs are collected. The following table describes the fields in real-time log entries of different types.
Note
- The following table describes the fields in real-time logs. To reduce costs, we recommend that you select log fields that you want to deliver based on your business requirements.
- If real-time logs that you collect are of the same type, all log delivery tasksshare a set of fields. Field edits made for a task take effect globally. For example, the domain field is selected by default for user access logs. If a user removes the domain field for a task, the field will be immediately removed from other delivery tasks of access logs.
Fields in an access log
After access log delivery is enabled, access logs are collected. The following table describes the fields in access log entries.
| Field | Description | Log Service indexed | Used for built-in visualized analysis |
|---|---|---|---|
| unixtime | The timestamp of the request. | Yes | Yes |
| domain | The domain name to which the request was sent. | Yes | Yes |
| method | The request method. | Yes | Yes |
| scheme | The protocol over which the request was sent. | Yes | No |
| uri | The resource that was requested. | Yes | Yes |
| uri_param | The request parameters. | Yes | No |
| client_ip | The real IP address of the client that sent the request, which can be a public IP address or a private IP address. | Yes | Yes |
| proxy_ip | The IP address of the proxy. | Yes | No |
| remote_ip | The public IP address of the client that connected to the DCDN node. | Yes | No |
| remote_port | The port to which a DCDN node sends requests over the Internet. | Yes | No |
| refer_protocol | The protocol in the HTTP Referer. | Yes | No |
| refer_domain | The domain name in the HTTP Referer. | Yes | Yes |
| refer_uri | The URI in the HTTP Referer. | Yes | No |
| refer_param | The parameters in the HTTP Referer header. | Yes | No |
| request_size | The size of a request that includes the request body and the request header. | Yes | No |
| request_time | The response time. Unit: milliseconds. | Yes | Yes |
| response_size | The size of a response. Unit: bytes. | Yes | No |
| return_code | The HTTP status code that was returned. | Yes | Yes |
| sent_http_content_range | The value of the Range header in the response, which is configured on the origin server. Example: bytes=0-99/200. | Yes | No |
| server_addr | The IP address of the DCDN node that responded to the request. | Yes | No |
| server_port | The port on the DCDN node that responded to a request. | Yes | No |
| body_bytes_sent | The size of the request body. Unit: bytes. | Yes | No |
| content_type | The type of the requested resource. | Yes | No |
| hit_info |
The cache hit result. The cache hit results of requests for live streaming resources or dynamic content are not included. Valid values:
|
Yes | Yes |
| http_range | The value of the Range header in the request. Example: bytes=0-100. | Yes | No |
| user_agent | The information about the proxy of the client. | Yes | Yes |
| user_info | The information about the user. | Yes | No |
| uuid | The ID of the request. | Yes | No |
| via_info | The HTTP Via header. | Yes | No |
| xforwordfor | The value of the X-Forwarded-For header in the request. | Yes | No |
Fields in a back-to-origin routing log
After back-to-origin routing log delivery is enabled, back-to-origin routing logs are collected. The following table describes the fields in back-to-origin routing log entries.
| Field | Description | Log Service indexed | Used for built-in visualized analysis |
|---|---|---|---|
| clientip | The IP address of the edge node. | Yes | No |
| connect_time | The connection time with the origin server. | Yes | No |
| content_range | The value of the Content-Range field in the response header. | Yes | No |
| httpCode | The response status code. | Yes | Yes |
| http_range | The Range request header. | Yes | No |
| method | The protocol for back-to-origin routing. Valid values:
|
Yes | Yes |
| origin_ip | The origin IP address. | Yes | No |
| real_domain | The domain name requested by the user. | Yes | Yes |
| real_host | The origin host. | Yes | No |
| request_body_size | The size of the request body if the origin response to the POST request is not 200. Unit: bytes. | Yes | No |
| request_size | The size of the request. Unit: bytes. | Yes | No |
| ssl_session_reused | Whether the SSL handshake session is reused. Valid values:
|
Yes | No |
| unixtime | The timestamp of the request. | Yes | No |
| url | The URL of the request. | Yes | Yes |
| user_agent | The information about the proxy of the client. | Yes | No |
| user_info | The information about the user. | Yes | No |
| uuid | The ID of the request. | Yes | No |
| req_time | The response time. Unit: milliseconds. | Yes | Yes |
| origin_addr | The IP address or domain name of the origin server. | Yes | Yes |