How to use Log Analysis filter condition
EdgeOne Log Analysis supports three types of filters:
1. Log Source (Required): View log data for the selected log type (Layer 7 access logs or managed rule logs) and the selected availability zone..
2. Time Range (Required): View data within the selected time range. For details, see How to Modify Log Analysis Query Time Range.
3. Other Filter Conditions: Filter logs based on supported filter items. Supported filter items vary by log type and are described in the following sections.
Relationship Between Filters
Multiple filters are combined using AND logic. Multiple values within the same filter are combined using OR logic.
For example, if the following filters are added at the same time:
ClientRegion is in Singapore;Thailand and EdgeResponseStatusCodeis in 404, the query returns requests from clients in Singapore or Thailand and an edge response status code of 404.Supported Filters
Layer 7 Access Logs
When the log type is Layer 7 Access Logs, the following filter conditions are supported. For detailed descriptions and values of each field, see Layer 7 Access Logs.
General Information
Filter Name | Data Type | Operator |
LogTime | Equal to | |
RequestID | String | Equal to, Not equal to |
ContentID | String | Equal to, Not equal to |
EdgeEndTime | Equal to, Greater than | |
EdgeFunctionSubrequest | Integer | Equal to, Not equal to |
ParentRequestID | String | Equal to, Not equal to |
Request Information
Filter Name | Data Type | Operator |
RequestHost | String | Equal to |
RequestMethod | String | Equal to, Not equal to |
RequestTime | Equal to | |
RequestUrl | String | Equal to, Not equal to |
RequestUrlQueryString | String | Equal to, Not equal to |
RequestReferer | String | Equal to, Not equal to |
RequestUA | String | Equal to, Not equal to |
RequestProtocol | String | Equal to, Not equal to |
RequestScheme | String | Equal to, Not equal to |
RequestSSLProtocol | String | Equal to, Not equal to |
RequestStatus | String | Equal to, Not equal to |
RequestRange | String | Equal to |
RequestBytes | Integer | Equal to, Greater than |
RequestBodyBytes | Integer | Equal to, Greater than |
RemotePort | Integer | Equal to, Not equal to |
Client Information
Filter Name | Data Type | Operator |
ClientIP | String | Equal to, Not equal to |
ClientRegion | String | Equal to, Not equal to |
ClientState | String | Equal to, Not equal to |
ClientISP | String | Equal to, Not equal to |
ClientDeviceType | String | Equal to, Not equal to |
ClientPort | Integer | Equal to, Not equal to |
ClientConnectionID | String | Equal to, Not equal to |
Response Information
Filter Name | Data Type | Operator |
EdgeCacheStatus | String | Equal to, Not equal to |
EdgeResponseStatusCode | Integer | Equal to, Not equal to |
EdgeResponseBytes | Integer | Equal to, Greater than |
EdgeResponseBodyBytes | Integer | Equal to, Greater than |
EdgeInternalTime | Integer | Equal to, Greater than |
EdgeResponseTime | Integer | Equal to, Greater than |
Edge Server Information
Filter Name | Data Type | Operator |
EdgeServerID | String | Equal to, Not equal to |
EdgeServerIP | String | Equal to, Not equal to |
EdgeServerRegion | String | Equal to, Not equal to |
EdgeServerRegionTopDivision | String | Equal to, Not equal to |
EdgeException | String | Equal to, Not equal to |
Origin Server Information
Filter Name | Data Type | Operator |
OriginDNSResponseDuration | Double | Equal to, Greater than |
OriginIP | String | Equal to, Not equal to |
OriginRequestHeaderSendDuration | Double | Equal to, Greater than |
OriginResponseHeaderDuration | Double | Equal to, Greater than |
OriginResponseStatusCode | Integer | Equal to, Not equal to |
OriginSSLProtocol | String | Equal to, Not equal to |
OriginTCPHandshakeDuration | Double | Equal to, Greater than |
OriginTLSHandshakeDuration | Double | Equal to, Greater than |
Security Information
Filter Name | Data Type | Operator |
SecurityAction | String | Equal to, Not equal to |
SecurityRuleID | String | Equal to, Not equal to |
SecurityModule | String | Equal to, Not equal to |
BotCharacteristic | String | Equal to, Not equal to |
BotClassAttacker | String | Equal to, Not equal to |
BotClassMaliciousBot | String | Equal to, Not equal to |
BotClassProxy | String | Equal to, Not equal to |
BotClassScanner | String | Equal to, Not equal to |
BotClassAccountTakeOver | String | Equal to, Not equal to |
BotTag | String | Equal to, Not equal to |
JA3Hash | String | Equal to, Not equal to |
Managed Rule Logs
When the log type is Managed Rule Logs, the following filter conditions are supported. For detailed descriptions and values of each field, see Managed Rule Logs.
Request Information
Filter Name | Data Type | Operator |
RequestHost | String | Equal to, Not equal to |
RequestID | String | Equal to, Not equal to |
RequestTime | Integer | Equal to |
RequestMethod | String | Equal to, Not equal to |
RequestUA | String | Equal to, Not equal to |
RequestURI | String | Equal to, Not equal to |
RequestBody | String | Equal to, Not equal to |
Client Information
Filter Name | Data Type | Operator |
ClientIP | String | Equal to, Not equal to |
ClientCountry | String | Equal to, Not equal to |
Security Information
Filter Name | Data Type | Operator |
SecurityRuleID | String | Equal to, Not equal to |
SecurityModule | String | Equal to, Not equal to |
SecurityAction | String | Equal to, Not equal to |
SecurityMatchingField | String | Equal to, Not equal to |
SecurityMatchingPosition | String | Equal to, Not equal to |