Data set parameters
In DataStream 2, you can log different sets of data for your property. For steps to select data to log, see Choose data parameters.
Edge DNS and GTM logs
With the recent General Availability (GA) release of DataStream 2.1, you can now create streams for Edge DNS and Global Traffic Management as data sources.
For fields you can log in these streams, see Data set parameters in the DataStream 2.1 guide.
The data set fields are divided into groups based on the type of data they collect and return in the log file. You can choose fields and parameters related to the request-response cycle, caching, geolocation, request header and message exchange data, network performance, web security, custom log fields, and Reporting metrics and dimensions.
In fields with whitespace and other non-printable or non-US ASCII characters (for example, octets outside of the range from 0x21 to 0x7E), these characters are hex-encoded as per RFC-1738 URL encoding. In JSON logs, fields reported as - or null are omitted by default.
If you're looking for sample logs (JSON and structured) with data, see Log format.
Data set support
Some data sets may not be available for logging depending on the product enabled for the property you want to monitor. For example, Web security and EdgeWorkers information data set fields are not supported for the Cloud Wrapper products.
Cache data
Select the fields from this group to get information about the edge cache, and additional breadcrumbs data about the HTTP request-response cycle.
| Data element | JSON key | Examples | Description |
|---|---|---|---|
| Breadcrumbs | breadcrumbs | //BC/%5Ba=23.33.41.20,c=g,k=0,l=1,m=1%5D | Returns additional breadcrumbs data about the HTTP request-response cycle for improved visibility into the Akamai platform. This field is available only for Adaptive Media Delivery, Download Delivery, Object Delivery, Dynamic Site Accelerator, Ion, and API Acceleration products.
a – the component IP of the node or host processing the request, such as the edge or origin host c – the letter identifier for the Akamai network component that as involved during that phase of the request (c - cache parent, g - edge host, p - peer host, o - origin, or w - Cloud Wrapper) j (optional) – forward list k – the request end time (in milliseconds) between when the edge host accepts the connection and receives the request header, including initial metadata parsing time and SSL overhead l – the turnaround time (in milliseconds) between receiving the end of the request headers and gathering the breadcrumb, including fetching the object from another server in case of a miss, or synchronous validation of cached object’s freshness, fetching the object from the disk, performing ESI processing, and computing response headers m – the DNS lookup time (in milliseconds) as the delta between the start of the request and the completion of the DNS lookup To log this parameter, you need to enable the Breadcrumbs behavior in your property. |
| Cacheable | cacheable |
01 |
Returns 1 if the object is cacheable based on response headers and metadata.
If you want to check the caching hierarchy for cacheable objects, use the Cache status and Breadcrumbs fields. If cache status returns 1, the request was served from the edge cache. If 0, see the c value of the Breadcrumbs field to check who served the request.
|
| Cache status | cacheStatus |
01 | Returns 0 if there was no object in the cache, and 1 if the object was present in the cache.
In the event of negatively cached errors or stale content, the object is served from upstream even if cached. |
Content protection
To log fields in the Content protection data set, you need to enable the Enhanced Proxy Detection with GeoGuard behavior on your property.
| Data element | JSON key | Examples | Description |
|---|---|---|---|
| Content protection information | contentProtectionInfo | =//epd@feature-override/v1/or/epd@geoguard/v1/dp/2 | Returns Enhanced Proxy Detection metrics for media delivery and proxy protection reports, including the EPD action on the request. See Reporting metrics and dimensions for details. |
Using the Content protection information field, you can get or calculate the media delivery and proxy protection reporting metrics listed in Reporting metrics and dimensions.
EdgeWorkers information
Choose from these data fields to log EdgeWorkers data, if enabled in your property. This includes adding the EdgeWorkers behavior for each of the properties you want to monitor. This data set is not supported for the Cloud Wrapper products.
| Data element | JSON key | Examples | Description |
|---|---|---|---|
| EdgeWorkers usage | ewUsageInfo | //4380/4.0/1/-/0/4/#1,2\//4380/4.0<<LB>>/4/-/0/4/#0,0\//4380/4.0/5/-/1/1/#0,0 | Provides information about the EdgeWorkers ID, version, event
handler, reasons for turning EdgeWorker off, returned errors and metrics
such as heap usage, CPU, and wall time. The field returns the data in
the //[EdgeWorker-Id]/[Version]/[Event Handler]/[Off
Reason]/[Logic Executed]/[Status]/#[Metrics]
format.See DataStream reports in the EdgeWorkers guide for more details. |
| EdgeWorkers execution | ewExecutionInfo | c:4380:7:161:162:161:n:::12473:200|C:4380<<LB>>:3:0:4:0:n:::6967:200|R:4380:20:99<<LB>>:99:1:n:::35982:200 | Provides EdgeWorkers execution information, including the stage of execution, the EdgeWorker ID, process, total and total stage time (in milliseconds), used memory (in kilobytes), ghost flow, error code, HTTP status change when the response is generated using the API, CPU flits consumed during processing, tier ID for the request, indirect CPU time (in milliseconds) and ghost error code. See DataStream reports in the EdgeWorkers guide for more details. |
Geo data
Choose from these fields to get geolocation data about the requests, such as its country and city of origin.
| Data element | JSON key | Examples | Description |
|---|---|---|---|
| Billing region | billingRegion | 8 | The Akamai geographical price zone from where the request was served. |
| Country/region | country | US | The ISO code of the country or region where the request originated. |
| Edge IP | edgeIP | 23.50.51.173 | The IP address of the edge server that served the response to the client. This field returns data that may be useful while resolving issues with your account representative.
To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the Edge Server IP field. See Log custom parameters. |
| Server country/region | serverCountry | SG | The ISO code of the country or region from where the request was served. |
| State | state | New%20Hampshire | The URI-encoded name of the state where the request originated. |
| City | city | Bangalore | The city where the request originated. |
Log information
Choose from these log data fields to get customer and request identification data, including the request timestamp.
| Data element | JSON key | Examples | Description |
|---|---|---|---|
| CP code | cp | 2097150 | The Content Provider code associated with the request that identifies a particular subset of traffic and content for billing, reporting, and monitoring served on the Akamai platform. |
| Edge attempts | edgeAttempts | 3 | The number of attempts to download the content from the edge in a specific time interval, based on the number of total manifest requests received. |
| GeoDelivery Request Status | deliveryPolicyReqStatus |
01234 | Returns values (0-4) that indicate which GeoDelivery server sent the client request, and which GeoX policy was active:
0 - The request was served from a GeoX server with the default Global policy active or with no policy.1 - The request was served from a GeoX server with active Opt-Inside GeoX policy.2 - The request was served from a GeoY server with active Opt-Inside GeoX policy. It can indicate a traffic error.3 - The request was served from a premium GeoX server with active Premium Opt-Inside GeoX policy.4 - The request was served from a premium GeoX server for a hostname without a Premium Opt-Inside for GeoX policy. It can indicate a traffic error.This field is available only for Adaptive Media Delivery, Download Delivery, Object Delivery, Dynamic Site Accelerator, Ion Standard, and API Acceleration products. |
| GeoDelivery Policy ID | deliveryPolicyId | 035109 | The ID of the GeoX policy active when serving the client request. Returns 0 for the default global policy, or a specific policy ID mapped to the hostname.This field is available only for Adaptive Media Delivery, Download Delivery, Object Delivery, Dynamic Site Accelerator, Ion Standard, and API Acceleration products. |
| Request ID | reqID | 2256a92 | The identifier of the request assigned by the server. See Akamai Pragma headers for details. |
| Request time | reqTimeSec | 1573840000 | The Unix epoch time in miliseconds when the edge server accepted the request from the client. |
| Stream ID | streamId | 58736 | The unique identifier of the stream that logged the request data. You can log this field to troubleshoot and group logs between different streams. |
Media
Use the Media data set group to log data on media delivery, including the standardized Common Media Client Data from media traffic for log analysis, QoS monitoring, and media delivery optimization.
| Data element | JSON key | Examples | Description |
|---|---|---|---|
| CMCD | cmcd | //1.0@V/bl=21600,br=1426,<<LB>>cid=%22akam-email%22,<<LB>>d=6006,mtp=11100,ot=m,sf=h,<<LB>>sid=%229f36f5c9-d6a2-497b-8c73-4b8f694eab749f36f5c9-d6a2-497b-8c73%22,<<LB>>tb=1426,dl=18500,nor=%22..<<LB>>/300kbps/track.m4v%22,nrr=%2212323-48763%22,su,bs,<<LB>>rtp=12000,pr=1.08,sf=d,st=v%22 | This URL-encoded field returns a Common Media Client Data payload for media traffic: v – CMCD version, e. g. 1.0 bl – the buffer length (in milliseconds) associated with the media object being requested rounded to the nearest 100 ms br – encoded bitrate (in kbps) of the object cid – an unique ID for the current content d – the object playback duration (in milliseconds) of the requested object mtp – the throughput (in kbps) between client and server, as measured by the client, and rounded to the nearest 100 kbps ot – object type (audio only, video only, muxed audio & video, etc.) sid – an unique GUID for the current streaming session tb – the highest (top) bitrate (in kbps) rendition that the client is allowed to play nor – the relative path of the next object to be requested nrr – the next request object (nor) will be a partial object request, this field returns the byte range to be requested su – the startup field returns without value if the object is needed urgently due to startup, seeking or recovery after a buffer-empty event everything bs – the buffer starvation field returns without value if the buffer was starved between the prior request and this object request, resulting in the player rebuffering state and the video or audio playback stopped rtp – the requested maximum throughput (in kbps) for the client to deliver the content, rounded to the nearest 100 kbps sf – the streaming format, such as MPEG Dash, HLS or Smooth Streaming st – stream type, either v (VOD) or l (live stream)pr – the playback rate field returns, 2 if double speed, 0 if not playing, in some cases 1 if real-time playback (usually omitted)The CMCD field is available only for the Adaptive Media Delivery product. See the CMCD specification on the Consumer Technology Association website for details on specific fields. |
| Delivery format | deliveryFormat | 01234 | Reports the logged data's media delivery format, such as HDS and HLS fragmentation, HDS and HLS stream packaging, Dynamic Adaptive Streaming over HTTP (DASH), Microsoft Smooth streaming etc., including the default format:4 - DASH3 - SILVERLIGHT2 - ZERI1 - IPHONE0 - default format |
| Delivery type | deliveryType | 0123 | Limits logged data to a specific media delivery type, such as live, VOD (video on demand), or default:3 - Download Delivery2 -Adaptive Media Delivery VOD1 -Adaptive Media Delivery Live0 - default type |
| Media encryption | mediaEncryption | 01 | Returns 1 if media encryption is enabled for the content delivered from the edge to the client. |
Message exchange data
Choose from these fields to get log data gathered along the request-response cycle, including client information, request and response details, and bytes count.
If the origin provides an uncompressed object, but the edge server provides the object to the client as compressed, it's reported and billed as compressed. See the Bytes and Total bytes fields.
Using stream data for billing
We recommend using raw log data for basic traffic analysis and monitoring CDN health.
You should take these limitations into account before using data served on your stream for audit, compliance, or billing purposes. See DataStream use cases.
| Data element | JSON key | Examples | Description |
|---|---|---|---|
| Brotli status | brotliStatus | baC | This field reports the status when serving a Brotli-compressed object:
a – the client accepts Brotli, and the request passes the status value in the Accept-Encoding header |
| Bytes | bytes | 4995 | The content bytes served in the response body. For HTTP/2, this includes framing overhead bytes used when multiplexing multiple responses on one connection. |
| Client IP | cliIP | 198.18.77.18 | The IPv4 or IPv6 address of the requesting client. See IPv6 in RFC 5952. |
| Download Completed | downloadsCompleted | 3 | The number of complete successful downloads in a specific time interval. |
| Download Initiated | downloadInitiated | 1 | The number of successful download initiations in a specific time interval. |
| Early hints | earlyHints | 7|937|0|00|0|0|0 | Returns the Early Hints response details in sub-fields delimited with the | character, in the Number of user-configured URLs or hints | Size of user-configured hints in bytes | Number of Akamai-generated URLs or hints | Size of Akamai-generated hints in bytes format.
|
| Edge IP Binding status | edgeIPBinding | 01 | Returns 1 for Edge IP Binding (EIPB) requests received through an Anycast IP, or 0 for non-EIPB requests served directly from the edge server.
|
| File size bucket | fileSizeBucket | 1KB-10KB | This field groups the response content into different buckets by size in kilobytes, megabytes and gigabytes. |
| HTTP status codes | statusCode | 0200206404 | The HTTP status code sent in the response. Returns 0 if the TCP connection to the client ended before the server sent a response. |
| Object size | objSize | -1012 | The size of the object matching the Content-Length response header, excluding HTTP response headers. Range requests don’t affect this field’s value.
Returns the download object size if the header is not present, or |
| Origin Content-Length | originContentLen | 10282 | The compressible Content-Length object value (in bytes) in the response header from the origin. This field is available only for Ion Standard, Ion Premier and Ion Media Advanced products. |
| Overhead bytes | overheadBytes | 232 | TCP overhead in bytes for the request and response, without HTTP or UDP overhead. |
| Protocol type | proto | HTTP/1.1HTTPS/1.1HTTP/2HTTP3 | The protocol of the response-request cycle. |
| Query string | queryStr | q=foo&submit=true | The query string in the incoming URI from the client.
To monitor this parameter in your logs, you need to update your stream's property configuration to set the Cache Key Query Parameters behavior to include all parameters. See Cache Key Query Parameters. |
| Request host | reqHost | splat-traffic.205400.akamai.com | The value of the Host header in the request with the domain name of the server and the TCP port number on which the server is listening. If no port is included, the default port for the service requested is implied. For example, 443 for an HTTPS URL, and 80 for an HTTP URL.
A |
| Request method | reqMethod | GETPOSTPUTOPTIONS | The HTTP method of the request. |
| Request path | reqPath | path1/path2/file.ext | The path to a resource in the incoming URI without query parameters. See the Query string field. |
| Response Content-Length | rspContentLen | -105000 | The size of object data returned to the client without HTTP response headers.
The Akamai Edge logs the object size even if there is no |
| Response Content-Type | rcpContentType | text-plaintext-html | The value of the Content-Type header in the response with the media type of the returned content. Returns - if unknown or not set. The 304 Not Modified response usually does not return this header.
See: |
| TLS early data | tlsEarlyData | 13 | Returns values (1-6) that indicate handling client requests with early data (also referred to as zero round-trip time or 0-RTT):
1 – Edge server accepted early data from the client as part of the TLS connection. Additionally, values from 2 to 6 indicate the first 1-RTT request of the TLS connection. This data set field is available for Adaptive Media Delivery, Download Delivery, Object Delivery, Ion Standard, Ion Premier, API Acceleration, Dynamic Site Accelerator, and Dynamic Site Delivery. DataStream supports this field only for TLS 1.3 version or higher. |
| TLS overhead time | tlsOverheadTimeMSec | -3 | The elapsed time in milliseconds between when the edge server accepts the connection and the completion of the TLS handshake. Returns a number for SSL connections, and - for non-SSL connections. |
| TLS version | tlsVersion | -TLSv1.3QUIC | The protocol of the TLS handshake. Returns - for non-TLS connections. |
| Total bytes | totalBytes | 12456 | The total bytes served in the HTTP response (headers and content) including any protocol framing (HTTP2/TCP/UDP/IP/Ethernet) overhead, plus the HTTP request bytes for PUT and POST requests if those HTTP methods were used. When Akamai compresses customer content, the equivalent uncompressed bytes are used for the content bytes. |
| TLS version | tlsVersion | -TLSv1.3QUIC | The protocol of the TLS handshake. Returns - for non-TLS connections. |
| Uncompressed size | uncompressedSize | 46251 | The size (in bytes) of the uncompressed object, if compressed before sending to the client. |
| User-Agent | UA | Mozilla%2F5.0+%28Macintosh | The URI-encoded value of the User-Agent header in the request. It lets edge servers identify the application, operating system, vendor, or version of the requesting user agent.
This field is RFC-1738 escaped. See the note on hex-encoding above the table, User-Agent in RFC 7231 and RFC 2616. To monitor this parameter in your logs, you need to update your stream's property configuration to include a User Agent behavior that logs this header. See Log custom parameters. |
Network performance data
Choose from these fields to get data on the edge server and client performance, and error codes when serving the requests for troubleshooting.
| Data element | JSON key | Examples | Description |
|---|---|---|---|
| Asnum | asn | 64496 | Returns a string with a single Autonomous System Number (ASN) or a colon-separated list of integers, if multiple ASNs are returned for the request's IP address. |
| DNS lookup time | dnsLookupTimeMSec | 50 | The elapsed time in milliseconds between the start of the request and the completion of the DNS lookup in a multi-domain config, if one was required. |
| Download time | downloadTime | 12001 | The time taken to download the object in milliseconds. |
| Error code | errorCode | ERR_ACCESS_DENIED|fwd_acl | A string describing the problem with serving the request. |
| Last byte | lastByte | 1 | The last byte of the object that was served in this response. 0 indicates a part of a byte-range response. This field is now available for all products supported by DataStream 2. |
| Prefetch midgress hits | prefetchMidgressHits | 1 | Set to 1 if the request is for a prefetched object, and prefetch request is from a cache hierarchy child. For example, if an edge server issues a prefetch request, this field is set to 1 in the log line from the parent server, but 0 in the log line from the edge server. |
| Request end time | reqEndTimeMSec | 013 | The elapsed time in milliseconds it takes the edge server to fully read the request. |
| Startup errors | startupError | 3 | The number of download initiation failures in a specific time interval. |
| Throughput | throughput | 500 | The byte transfer rate for the selected time interval in kilobits per second. |
| Time to first byte | timeToFirstByte | 500 | The time taken to download the first byte of the received content in milliseconds. |
| Turnaround time | turnAroundTimeMSec | 11 | The elapsed time in milliseconds between when the last request header is received and the first byte of the reply is written to the client socket. |
| Transfer time | transferTimeMSec | 125 | The time in milliseconds from when the edge server is ready to send the first byte of the response to when the last byte reaches the kernel. |
Reporting metrics and dimensions
For the Reporting metrics and dimensions you can log using DataStream 2 data fields, see Reporting metrics and dimensions
Request header data
Choose from these fields to extract data coming from the incoming requests' headers, such as the referrer URLs or byte ranges.
| Data element | JSON key | Examples | Description |
|---|---|---|---|
| Accept-Language | accLang | zh-CHS,%20en-us | The value of the Accept-Language header in the request with a list of acceptable human languages for response. Returns - if this field is not enabled or the client didn’t send the header. See Accept-Language in RFC 7231.
To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the Accept-Language header. See Log custom parameters. |
| Cookie | cookie | country=AU;%20sessionId=12a8f83b | This field contains cookies received in the HTTP request headers from the client.
This field is RFC-1738 escaped, replacing spaces and other special characters, and separated by the To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the Set-Cookie header. See Log custom parameters. |
| Max age | maxAgeSec | 3600 | The time in seconds that the object is valid for positive cache responses. |
| Range | range | 37334-423560-50,100-150,300- | Provides a single byte range or a comma-separated list of byte ranges. Bytes are numbered from 0.
Returns See Range in RFC 7233. |
| Referer | referer | https://example.com/search?q=jobs | The URL of the resource from which the requested URI was followed.
This field is RFC-1738 escaped. See the note on hex-encoding above the table and Referer in RFC 7231. To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the Referer header. See Log custom parameters. |
| X-Forwarded-For | xForwardedFor | 8.47.28.38203.0.113.195,%2070.41.3.182001:db8:85a3:8d3:1319:8a2e:370:7348 | Returns the contents of the X-Forwarded-For header, including the last IP address of a client connecting to a web server through an HTTP proxy or load balancer. It helps to debug, gather statistics, and generate location-dependent content and by design exposes privacy sensitive information, such as the IP address of the client.
See Forwarded For in RFC 7239. To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the X-Forwarded-For header. See Log custom parameters. |
Web security
Select the Security rules field to log the Web Application Firewall (WAF) end user's activity data, including the security policy ID, non-deny, and deny rules. This data set is not supported for the Cloud Wrapper products.
| Data element | JSON key | Examples | Description |
|---|---|---|---|
| Security rules | securityRules | ULnR_28976|3900000:3900001:3900005:3900006:BOT-ANOMALY-HEADER | This field returns data when the request triggers any configured Security Protections rule (IP/Geo, DoS Protection, Custom Rules, Web Application Firewall, or Bot Management)rules in the Security policy ID | Non-deny rules separated by : | Deny rule format. To check the list of IDs, see Bot detection methods and rule IDs.To monitor this parameter in your logs, you need to update your stream's property configuration to include a Web Application Firewall (WAF) behavior or add the hostnames using Security Configurations. |
Midgress traffic
When you Create a stream or Edit a stream, you can choose to log midgress traffic within the Akamai network, such as between two edge servers. This feature also requires enabling the Collect midgress traffic option in the DataStream behavior for your property in Property Manager. As a result, the second slot in the log line returns a numeric value:
0, if the request was processed between the client device and edge server (CLIENT_REQ), and isn't logged as midgress traffic1, if the request was processed by an edge server within the region (PEER_REQ), and is logged as midgress traffic2, if the request was processed by a parent Akamai edge server in the parent-child hierarchy (CHILD_REQ), and is logged as midgress traffic
If logging midgress traffic is not enabled on your contract, contact the Akamai support team.
Midgress traffic log data
When you enable logging midgress traffic in your Property Manager configuration without choosing the Midgress traffic field in your stream, you will get log data without clear indication whether it's midgress or egress traffic.
Choose the Midgress traffic field in the DataStream configuration to get the flag value that shows if the data comes from midgress (
1,2) or egress (0) traffic.
Custom fields
If you want your stream to collect other custom data fields, specify them in the Log Request Details behavior of your property. See Log custom parameters.
Updated 3 days ago