Observability
  • Log Service
    • Overview
    • Real-time Logs
      • Real-time Logs Overview
      • Push to Tencent Cloud CLS
      • Push to AWS S3-Compatible COS
      • Push to HTTP Server
    • Offline Logs
    • Related References
      • Field description
        • L7 Access Logs
        • L4 Proxy Logs
      • Real-Time Log Push Filter Conditions
      • Custom Log Push Fields
  • Data Analysis
    • Overview
    • Traffic Analysis
    • Cache Analysis
    • Security Analysis
      • Site Security Overview
      • Web Security Analysis
    • L4 Proxy
    • DNS Resolution
    • Related References
      • How to use filter condition
      • How to Modify Query Time Range
      • How to Export Statistical Data and Reports
  • AlarmService
    • Custom Statistical Metrics

Custom Log Push Fields

If you need to push HTTP request headers, HTTP response headers, Cookie values, or certain field values in the HTTP request body, you can accurately record these information in the logs using the custom log field feature.

Use Restrictions

Currently, only real-time logs - site acceleration logs support adding custom fields;
In the same real-time log push task, custom field names must not be duplicated;
A maximum of 200 Custom Definition fields can be configured;
Field names are case-sensitive and must exactly match the original field names in HTTP actions;
When the field type is selected as request header, response header, or Cookie, the field name can be 1 to 100 characters long, starting with a letter, consisting of letters, digits, and hyphens (-), and ending with a letter or digit;
When the field type is selected as request body, you can use Google RE2 regular expressions to extract the specified content;
For a single request body type field, the maximum length of the regular expression is 4 KB;
For a single request body type field, the maximum length of the extracted content is 1,000 bytes. Contents exceeding this limit will be truncated and discarded;
Up to 5 request body type custom fields can be added for a single real-time log push task.

Example 1: Logging the value of a specified response header

Sample Scenario

In some business scenarios, understanding the size of the response body is crucial for monitoring network traffic and optimizing performance. To achieve this, custom definition log fields can be configured to record the value of the Content-Length header for each response.

Operation step

1. Access the EdgeOne console, locate the left-hand menu, and select the Site List. Within this listing, click on the Site requiring configuration.
2. On the Site Details Page, click Log Service > Real-time Logs.
3. On the Real-time Logs page, click Create shipping task.
4. On Select the log source Page, fill in the Task name, select the Log type Service area, the Domain name/Layer 4 Proxy Instance for which the logs need to be pushed, and click Next.
5. On the Define delivery content page, click Add custom field.
5.1 Select the field type as Response Header;
5.2 Enter the field name as Content-Length;
5.3 click Save.

6. After configuring the destination, click Ship, confirm the cost reminder in the pop-up, and click Confirm Creation to save the configuration.

Example 2: Logging Specified Content from the Request Body

Sample Scenario

Assume that you need to extract the account field from a POST request's request body JSON object for analyzing the access behaviors of different user accounts.

Operation Step

1. Log in to the EdgeOne console, and on the left sidebar, click Site List . In the site list, click the site to be configured.
2. On the Site Details page, click Log Service > Real-time Logs.
3. On the Real-time Logs page, click ++Create shipping task++.
4. On the Select the log source page, fill in the task name, select the log type, service area, and the domain name for which the logs to be pushed, and then click Next .
5. On the Define Push Content page, click Add custom field .
5.1 Select the field type as Request body.
5.2 Fill in the field name as "account": "(.*?)" .
5.3 Click Save .

6. After configuring the destination, click Push , confirm the fees in the pop-up window, and then click Confirm Creation to save the configuration.
7. Send a test request to check whether the log recording behavior meets expectations. The test command is as follows:
curl -X POST https://www.example.com -H "Content-Type: application/json" -d '{"account": "user123", "password": "pass456"}'
8. The received logs will include the RequestBodyCustom1 field, presented as a key-value pair in the example. If you add multiple request body type custom fields in a single real-time log push task, the received logs will sequentially include RequestBodyCustom1 , RequestBodyCustom2 , and so on.
{"RequestBodyCustom1":"\"account\": \"user123\""}

References

If you would like to understand the meanings of various HTTP request and response headers to decide whether to log them, please refer to HTTP Standard Header Explanation.