How to use Log Analysis filter condition

EdgeOne log analysis support is divided into three types:
1. Data availability zone (required): View log data for the selected availability zone.
2. Time filtering condition (required): View data within the selected time range. For details, see how to modify log analysis query time range.
3. Other filtering criteria: Customize filters for required log data based on supported filter options. The following context provides a detailed explanation for this part.
Supported Filter Options
Field Name
Filter Option
Data Type
Operator
ClientConnectionID
Client Connection ID
String
Equal to
LogTime
Log Time
String
Equal to
RequestHost
Request Domain
String
Equal to
BotCharacteristic
Bot intelligent analysis features
String
Equal to Not equal to
BotClassAttacker
Network attack risk level
String
Equal to Not equal to
BotClassMaliciousBot
Malicious Bot risk level
String
Equal to Not equal to
BotClassProxy
Network proxy risk level
String
Equal to Not equal to
BotClassScanner
Vulnerability scanner risk level
String
Equal to Not equal to
ClientDeviceType
Device type.
String
Equal to Not equal to
ClientISP
Client ISP
String
Equal to Not equal to
ClientRegion
Client country/region
String
Equal to Not equal to
ClientState
Client administrative district (Chinese mainland)
String
Equal to Not equal to
ContentID
Content identifier
String
Equal to Not equal to
EdgeCacheStatus
Cache status
String
Equal to Not equal to
EdgeFunctionSubrequest
edge function subrequest
Integer
Equal to Not equal to
EdgeResponseStatusCode
response status code
Integer
Equal to Not equal to
EdgeServerID
Edge Server ID
String
Equal to Not equal to
EdgeServerRegionTopDivision
Edge Node Administrative District (Chinese Mainland)
String
Equal to Not equal to
EdgeServerRegion
Edge Node Countries/Regions
String
Equal to Not equal to
JA3Hash
JA3 fingerprint
String
Equal to Not equal to
OriginResponseStatusCode
origin server response status code
Integer
Equal to Not equal to
OriginSSLProtocol
Origin TLS Version
String
Equal to Not equal to
ParentRequestID
edge function parent request ID
String
Equal to Not equal to
RequestBody
Request body content (first 10KB)
String
Equal to Not equal to
RequestID
Request ID.
String
Equal to Not equal to
RequestLog
Request header logs
String
Equal to Not equal to
RequestMethod
Request method
String
Equal to Not equal to
RequestProtocol
HTTP protocol
String
Equal to Not equal to
RequestScheme
HTTP/HTTPS
String
Equal to Not equal to
RequestSSLProtocol
TLS version
String
Equal to Not equal to
RequestUA
User-Agent
String
Equal to Not equal to
RequestUrl
request URL
String
Equal to Not equal to
RequestUrlQueryString
request URL parameters
String
Equal to Not equal to
SecurityRuleID
Rule ID
String
Equal to Not equal to
EdgeEndTime
Completion time
String
Equal to, larger than
EdgeInternalTime
Internal processing time (ms)
Integer
Equal to, larger than
EdgeResponseBodyBytes
Response body length (byte)
Integer
Equal to, larger than
EdgeResponseBytes
Response total length (byte)
Integer
Equal to, larger than
EdgeResponseTime
Overall response duration (ms)
Integer
Equal to, larger than
OriginDNSResponseDuration
Back-to-origin resolution duration (ms)
Double
Equal to, larger than
OriginRequestHeaderSendDuration
Origin-Pull Request Header duration (ms)
Double
Equal to, larger than
OriginResponseHeaderDuration
Origin-Pull Response Header waiting duration (ms)
Double
Equal to, larger than
OriginTCPHandshakeDuration
Origin-Pull TCP handshake time (ms)
Double
Equal to, larger than
OriginTLSHandshakeDuration
Origin-Pull TLS handshake time (ms)
Double
Equal to, larger than
RequestBodyBytes
Request body length (byte)
Integer
Equal to, larger than
RequestBytes
Request length (byte)
Integer
Equal to, larger than
RequestRange
Request scope
String
Equal to
RequestTime
Request time
String
Equal to
BotTag
Bot Tag
String
Equal to Not equal to
ClientIP
Client IP
String
Equal to Not equal to
ClientPort
Client Port
Integer
Equal to Not equal to
EdgeException
Edge exception message
String
Equal to Not equal to
EdgeServerIP
Edge Server IP
String
Equal to Not equal to
OriginIP
Origin Server IP
String
Equal to Not equal to
RemotePort
Edge Node Port
Integer
Equal to Not equal to
RequestReferer
Referer
String
Equal to Not equal to
RequestStatus
Request status
String
Equal to Not equal to
SecurityAction
handling method
String
Equal to Not equal to
SecurityModule
Rule category
String
Equal to Not equal to
SecurityRiskLevel
Security risk level
String
Equal to Not equal to
For detailed field description and parameter values, please refer to Layer 7 Access Logs.
Relationship between Multiple Filter Conditions
The relationship between multiple filter conditions is "AND", while the relationship between multiple values within the same filter condition is "OR".
For example: Add filter conditions simultaneously Country/Region=Singapore;Thailand and Status Code=404, which means querying data that meets access from clients in Singapore or Thailand and edge response status code is 404.

Supported Filter Options
Relationship between Multiple Filter Conditions

Field Name	Filter Option	Data Type	Operator
ClientConnectionID	Client Connection ID	String	Equal to
LogTime	Log Time	String	Equal to
RequestHost	Request Domain	String	Equal to
BotCharacteristic	Bot intelligent analysis features	String	Equal to Not equal to
BotClassAttacker	Network attack risk level	String	Equal to Not equal to
BotClassMaliciousBot	Malicious Bot risk level	String	Equal to Not equal to
BotClassProxy	Network proxy risk level	String	Equal to Not equal to
BotClassScanner	Vulnerability scanner risk level	String	Equal to Not equal to
ClientDeviceType	Device type.	String	Equal to Not equal to
ClientISP	Client ISP	String	Equal to Not equal to
ClientRegion	Client country/region	String	Equal to Not equal to
ClientState	Client administrative district (Chinese mainland)	String	Equal to Not equal to
ContentID	Content identifier	String	Equal to Not equal to
EdgeCacheStatus	Cache status	String	Equal to Not equal to
EdgeFunctionSubrequest	edge function subrequest	Integer	Equal to Not equal to
EdgeResponseStatusCode	response status code	Integer	Equal to Not equal to
EdgeServerID	Edge Server ID	String	Equal to Not equal to
EdgeServerRegionTopDivision	Edge Node Administrative District (Chinese Mainland)	String	Equal to Not equal to
EdgeServerRegion	Edge Node Countries/Regions	String	Equal to Not equal to
JA3Hash	JA3 fingerprint	String	Equal to Not equal to
OriginResponseStatusCode	origin server response status code	Integer	Equal to Not equal to
OriginSSLProtocol	Origin TLS Version	String	Equal to Not equal to
ParentRequestID	edge function parent request ID	String	Equal to Not equal to
RequestBody	Request body content (first 10KB)	String	Equal to Not equal to
RequestID	Request ID.	String	Equal to Not equal to
RequestLog	Request header logs	String	Equal to Not equal to
RequestMethod	Request method	String	Equal to Not equal to
RequestProtocol	HTTP protocol	String	Equal to Not equal to
RequestScheme	HTTP/HTTPS	String	Equal to Not equal to
RequestSSLProtocol	TLS version	String	Equal to Not equal to
RequestUA	User-Agent	String	Equal to Not equal to
RequestUrl	request URL	String	Equal to Not equal to
RequestUrlQueryString	request URL parameters	String	Equal to Not equal to
SecurityRuleID	Rule ID	String	Equal to Not equal to
EdgeEndTime	Completion time	String	Equal to, larger than
EdgeInternalTime	Internal processing time (ms)	Integer	Equal to, larger than
EdgeResponseBodyBytes	Response body length (byte)	Integer	Equal to, larger than
EdgeResponseBytes	Response total length (byte)	Integer	Equal to, larger than
EdgeResponseTime	Overall response duration (ms)	Integer	Equal to, larger than
OriginDNSResponseDuration	Back-to-origin resolution duration (ms)	Double	Equal to, larger than
OriginRequestHeaderSendDuration	Origin-Pull Request Header duration (ms)	Double	Equal to, larger than
OriginResponseHeaderDuration	Origin-Pull Response Header waiting duration (ms)	Double	Equal to, larger than
OriginTCPHandshakeDuration	Origin-Pull TCP handshake time (ms)	Double	Equal to, larger than
OriginTLSHandshakeDuration	Origin-Pull TLS handshake time (ms)	Double	Equal to, larger than
RequestBodyBytes	Request body length (byte)	Integer	Equal to, larger than
RequestBytes	Request length (byte)	Integer	Equal to, larger than
RequestRange	Request scope	String	Equal to
RequestTime	Request time	String	Equal to
BotTag	Bot Tag	String	Equal to Not equal to
ClientIP	Client IP	String	Equal to Not equal to
ClientPort	Client Port	Integer	Equal to Not equal to
EdgeException	Edge exception message	String	Equal to Not equal to
EdgeServerIP	Edge Server IP	String	Equal to Not equal to
OriginIP	Origin Server IP	String	Equal to Not equal to
RemotePort	Edge Node Port	Integer	Equal to Not equal to
RequestReferer	Referer	String	Equal to Not equal to
RequestStatus	Request status	String	Equal to Not equal to
SecurityAction	handling method	String	Equal to Not equal to
SecurityModule	Rule category	String	Equal to Not equal to
SecurityRiskLevel	Security risk level	String	Equal to Not equal to