Data set parameters

Each stream type can collect different sets of data. A data set lets you define the format of the data received by your origin server, giving you the ability to selectively choose or ignore specific parameters and their elements from log data fields.

Note: DataStream 2 provides log data in structured (CSV) or JSON format.

In fields with whitespace and other non-printable or non-US ASCII characters (for example, octets outside of the range from 0x21 to 0x7E), these characters are hex-encoded as per RFC-1738 URL encoding.

Raw logs set parameters
Group Data element Description Examples
Cache data Cache status Returns 1 if the request was served from the edge cache, or 0 if forwarded to parent or origin. 0

1
Geo data City The city from which the request originated. Bangalore
Country/Region The ISO code for the country or region from where the request originated. IN
State The URI-encoded state name from where the request originated. Delhi

New%20York
Log information CP code The Content Provider code associated with the request that identifies a particular subset of traffic and content for billing, reporting, and monitoring served on the Akamai platform. 2097150
Request ID The identifier of the request assigned by the server. See the Akamai headers for details. 2256a92
Request time The Unix epoch time in seconds when the request when the edge server accepted the request from the client. 1612215703.120
Message exchange data Bytes The content bytes served in the response body, excluding HTTP headers. For HTTP/2, this includes overhead bytes.
Note: If the origin provides an uncompressed object, but the edge server provides the object to the client as compressed, it's reported and billed as delivered compressed.
 0

14995
Client IP The IPv4 or IPv6 address of the requesting client. See IPv6 in RFC 5952. 198.18.77.18

2001:0db8:85a3:0000:0000:8a2e:0370:7334
Cookie

This field contains cookies received in the HTTP request headers from the client or -.

The cookies are RFC-1738 escaped, replacing spaces and other special characters, and separated by the ;character. See the note on hex-encoding above the table.

Note: To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the Set-Cookie header. See Enable logging custom parameters.
 ^

-

country=AU;%20sessionId=12a8f83b
HTTP status codes The HTTP status code sent in the response. Returns zero if the TCP connection to the client ended before the server sent a response. 0

200

404

206
Object size The size of the object matching the Content-Length response header, excluding HTTP response headers. Range requests don’t affect this field’s value.

Returns the download object size if the header is not present, or -1 if not downloaded fully from the origin.

 -1

0

1

2
Overhead bytes TCP/IP/ETH overhead in bytes for the request and response, without HTTP or UDP overhead. ^

400
Protocol type The protocol of the response-request cycle. HTTP/1.1

HTTPS/1.1

HTTP/2

HTTP3
Query string The query string in the incoming URI from the client.
Note: To monitor this parameter in your logs, you need to update your stream's property configuration to set the Cache Key Query Parameters behavior to include all parameters. See Cache Key Query Parameters.
 -

^

q=foo&submit=true
Request host The value of the Host header in the request. It specifies the domain name of the server and the TCP port number on which the server is listening. If no port is included, the default port for the service requested is implied. For example, 443 for an HTTPS URL, and 80 for an HTTP URL.

A Host header must be present in HTTP/1.1 requests. If a request lacks a Host header or has more than one, a server may respond with a 400 status code.

See Host in RFC 7230.

 splat-traffic.205400.akamai.com
Request method The HTTP method of the request. GET

PUT

POST

OPTIONS
Request path The path to a resource in the incoming URI without query parameters. See the Query string field. path1/path2/file.ext
Request port The client TCP port number of the requested service. 80

443
Response Content-Length The size of object data returned to the client without HTTP response headers.

The Akamai Edge logs the object size even if there is no Content-Length header. Returns -1 if the size can’t be determined—for example, when the connection ended before the edge server received the complete object from the origin.

 -1

0

5000
Response Content-Type The value of the Content-Type header in the response. It informs about the media type of the returned content.

Returns - if unknown or not set. The 304 Not Modified response usually does not return this header.

See:
 -

text-plain

text-html
TLS overhead time The elapsed time in milliseconds between when the edge server accepts the connection and the completion of the TLS handshake. This field returns a number for SSL requests and - for non-SSL requests. -

0

3
TLS version The protocol of the TLS handshake. Returns - for non-TLS requests. -

TLSv1.3

QUIC
Total bytes The bytes served in the response including the content, protocol overheads, and request body bytes.

Protocol overheads include HTTP headers and UDP/TCP/IP/ETH overheads.

Note: If the origin provides an uncompressed object, but the edge server provides the object to the client as compressed, it's reported and billed as delivered compressed.
839

9376
Uncompressed size The size (in bytes) of the uncompressed object, if compressed before sending to the client. -

46251
User-Agent The URI-encoded value of the User-Agent header in the request. It lets edge servers identify the application, operating system, vendor, or version of the requesting user agent.

This field is RFC-1738 escaped. See the note on hex-encoding above the table.

Note: To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the User-Agent header. See Enable logging custom parameters.
See:
 Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_3%29
Request header data Accept-Language The value of the Accept-Language header in the request. It provides a list of acceptable human languages for response.

Returns - if this field is not enabled or the client didn’t send the header.

Note: To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the Accept-Language header. See Enable logging custom parameters.

See Accept-Language in RFC 7231.

 ^

-

en

en-US

en-US,en;q=0.9

zh-CHS,%20en-us
Max age The time in seconds that the object is valid for positive cache responses. ^

300
Range Provides a single byte range or a comma-sepated list of byte ranges. Bytes are numbered from 0.

Returns - if not a request range.

See Range in RFC 7233.

 ^

-

37334-42356

1024-1024

0-50,100-150,300-
Referer The URL of the resource from which the requested URI was followed.

This field is RFC-1738 escaped. See the note on hex-encoding above the table.

Note: To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the Referer header. See Enable logging custom parameters.

See Referer in RFC 7231.

 ^

-

https://example.com/search?q=jobs
X-Forwarded-For Returns the contents of the X-Forwarded-For header, including the last IP address of a client connecting to a web server through an HTTP proxy or load balancer. It helps to debug, gather statistics, and generate location-dependent content and by design exposes privacy sensitive information, such as the IP address of the client.
Note: To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the X-Forwarded-For header. See Enable logging custom parameters.

See Forwarded For in RFC 7239.

 -

8.47.28.38

203.0.113.195,%2070.41.3.18

2001:db8:85a3:8d3:1319:8a2e:370:7348
Network performance data DNS lookup time The elapsed time in milliseconds between the start of the request and the completion of the DNS lookup in a multi-domain config, if one was required. For cached IP addresses, this value is 0. ^

-

3
Error code A string describing the problem with serving the request. -

ERR_ACCESS_DENIED|fwd_acl
Request end time The elapsed time in milliseconds it takes the edge server to fully read the request. 0

1

3
Turnaround time The elapsed time in milliseconds between the last request header is received, and the first byte of the reply is written to the client socket. 11

12

16
Transfer time The time in milliseconds from when the edge server is ready to send the first byte of the response to when the last byte reaches the kernel. 0

1

125
Web security Security rules The Web Application Firewall (WAF) end user's activity data, including the security policy ID, non-deny, and deny rules. This field returns data when the request triggers any configured WAF or Bot Manager rules in the <Security policy ID>|<Non-deny rules separated by :>|<Deny rule>| format.
Note: To monitor this parameter in your logs, you need to update your stream's property configuration to include a Web Application Firewall (WAF) behavior or add the hostnames using Security Configurations.
 ULnR_28976|3900000:3900001:3900005:3900006:BOT-ANOMALY-HEADER
Other Custom field The data you want to receive from the Custom Log Field that you specified in the Log Request Details behavior of your property. See Enable logging custom parameters.

This field is RFC-1738 escaped. See the note on hex-encoding above the table.