Log Analysis (Beta) is a native data visualization feature in EdgeOne designed for log query and analysis. It provides real-time visibility into website access patterns, security events, and performance metrics. By delivering EdgeOne logs to Log Analysis with low latency, logs can be queried, analyzed, and downloaded directly in the console, without the need for additional configuration or integration with external log services or third-party analytics tools.
Use cases:
Security analysis and source tracing: Combine Web Security blocked logs to quickly locate attack sources and affected requests.
Access trend insight: Monitor business peak time, regional distribution, status code distribution and other traffic characteristics.
Performance optimization troubleshooting: Use indicators like latency, cache hit rate, and request volume to identify potential performance bottlenecks.
Log audit and compliance: Store and analyze log data to meet security compliance audit requirements.
Note:
Log Analysis is in beta. If needed, please contact us.
Log Analysis (Beta) currently supports only Layer 7 access logs (including Web Security blocked logs), with logs retained for 31 days by default. Additional log types and custom retention will be supported in the future.
Quick Start
After enabling Log Analysis, create a Real-time Log Push task with EdgeOne Log Analysis as the destination. Once configured, you can view the delivered logs in the Log Analysis tab under Log Services. For detailed configuration steps, please refer to Push to EdgeOne Log Analysis.
Supported Capabilities
1. Log Time Range
Supports customizable query time range. You can query data for up to 31 days within the current retention period. For details, see How to Modify Log Analysis Query Time Range.
2. Add Filter
Supports filtering based on various fields such as status code, request path, country/region, user agent (UA), and referer. For details on filter logic and available fields, see How to Use Log Analysis Filter Conditions.
Note:
A single request may hit multiple rules. When filtering by Rule ID, logs of other rules hit at the same time will be shown.
3. Log Volume Trend Chart
Log Analysis provides a visual Log Volume Trend Chart, allowing you to track changes in log volume over time based on your selected filters and time range, with different time granularity (minute, hour, day), enabling quick observation of trends in request volume, security rule hits, and error distribution.
4. Display Specified Fields and Available Fields
Display specified fields
: By default, it displays the push fields defined in the current real-time log push task. You can modify the display content of log details on the right by hiding or adjusting fields in Log Detail.
Available fields: Show all fields supported by the current Layer 7 Access Logs. To add new push fields, please modify the existing task in Real-time Log Push.
5. Log Download
Click Download to export the query result under the current filter conditions and time range. After a successful download task creation, you can view the progress and details in Download Records. Once the file generation is complete, you can download the CSV file.
Note:
The download task cannot be created while log results are loading or when the query returns no data.
6. Log Detail
The Log Details section displays raw log entries that match the current filter conditions and time range. Logs can be sorted by time in ascending or descending order. Each row represents a single Layer 7 request log, containing two columns: Log Time and Log Data. The fields shown in the Log Data column are determined by the Display Specified Fields settings.
