Data set parameters

Each stream type can collect different sets of data. A data set lets you define the format of the data received by your origin server, giving you the ability to choose or ignore specific parameters and their elements from log data fields.

In fields with whitespace and other non-printable or non-US ASCII characters (for example, octets outside of the range from 0x21 to 0x7E), these characters are hex-encoded as per RFC-1738 URL encoding.

Cache data

Select the Cache status log data field to get information about the edge cache.

Data elementExamplesDescription
Cache status 0

1

Returns 1 if the request was served from the edge cache, or 0 if forwarded to parent or origin.

EdgeWorkers information

Choose from these data fields to log EdgeWorkers data, if enabled in your property. This includes adding the EdgeWorkers behavior for each of the properties you want to monitor.

Data element

Examples

Description

EdgeWorkers usage

//4380/4.0/1/-/0/4/#
1,2//4380/4.0/4/-/0/4/#0,0//4380/
4.0/5/-/1/1/#0,0

Provides information about the EdgeWorkers ID, version, event
 handler, reasons for turning EdgeWorker off, returned errors and metrics
 such as heap usage, CPU, and wall time. The field returns the data in
 the //[EdgeWorker-Id]/[Version]/[Event Handler]/[Off Reason]/[Logic Executed]/[Status]/#[Metrics] format.

See DataStream reports in the EdgeWorkers guide for more details.

EdgeWorkers execution

c:4380:7:161:162:161:n:::
12473:200|C:4380:3:0:4:0:n:::
6967:200|R:4380:20:99:99:1:n:::35982:200

Provides EdgeWorkers execution information, including the stage of execution, the EdgeWorker ID, process, total and total stage time (in milliseconds), used memory (in kilobytes), ghost flow, error code, HTTP status change when the response is generated using the API, CPU flits consumed during processing, tier ID for the request, indirect CPU time (in milliseconds) and ghost error code.

See DataStream reports in the EdgeWorkers guide for more details.

Geo data

Choose from these fields to get geolocation data about the requests, such as its country and city of origin.

Data elementExamplesDescription
Billing region 8The Akamai geographical price zone from where the request was served.
Country/region USThe ISO code of the country or region where the request originated.
Edge IP 23.50.51.173The IP address of the edge server that served the response to the client. This field returns data that may be useful while resolving issues with your account representative.

To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the Edge Server IP field. See Log custom parameters.

Server country/region USThe ISO code of the country or region from where the request was served.
State New%20HampshireThe URI-encoded name of the state where the request originated.
City BangaloreThe city where the request originated.

Log information

Choose from these log data fields to get customer and request identification data, including the request timestamp.

Data elementExamplesDescription
CP code 2097150The Content Provider code associated with the request that identifies a particular subset of traffic and content for billing, reporting, and monitoring served on the Akamai platform.
Request ID 2256a92The identifier of the request assigned by the server. See Akamai Pragma headers for details.
Request time 1612215703.120The Unix epoch time in seconds when the request when the edge server accepted the request from the client.

Message exchange data

Choose from these fields to get log data gathered along the request-response cycle, including client information, request and response details, and bytes count.

If the origin provides an uncompressed object, but the edge server provides the object to the client as compressed, it's reported and billed as compressed. See the Bytes and Total bytes fields.

🚧

Using stream data for billing

We recommend using raw log data for basic traffic analysis and monitoring CDN health.

You should take these limitations into account before using data served on your stream for audit, compliance, or billing purposes. See DataStream use cases.


Data elementExamplesDescription
Breadcrumbs //BC/%5Ba=23.33.41.20
,c=g,k=0,l=1,m=1%5D
Returns additional breadcrumbs data about the HTTP request-response cycle for improved visibility into the Akamai platform. This field is available only for Adaptive Media Delivery, Download Delivery, and Object Delivery products.

a – the component IP of the node or host processing the request, such as the edge or origin host
c – the letter identifier for the ​Akamai​ network component that as involved during that phase of the request (c - cache parent, g - edge host, p - peer host, o - origin, or w - Cloud Wrapper)
j (optional) – forward list
k – the request end time (in milliseconds) between when the edge host accepts the connection and receives the request header, including initial metadata parsing time and SSL overhead
l – the turnaround time (in milliseconds) between receiving the end of the request headers and gathering the breadcrumb, including fetching the object from another server in case of a miss, or synchronous validation of cached object’s freshness, fetching the object from the disk, performing ESI processing, and computing response headers
m – the DNS lookup time (in milliseconds) as the delta between the start of the request and the completion of the DNS lookup
Bytes 0
14995
The content bytes served in the response body, excluding HTTP headers. For HTTP/2, this includes overhead bytes.
Client IP 198.18.77.18
2001:0db8:85a3:<>0000:0000:8a2e:0370:7334
The IPv4 or IPv6 address of the requesting client. See IPv6 in RFC 5952.
Cookie country=AU;%20sessionId=12a8f83bThis field contains cookies received in the HTTP request headers from the client.

This field is RFC-1738 escaped, replacing spaces and other special characters, and separated by the ; character. See the note on hex-encoding above the table.

To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the Set-Cookie header. See Log custom parameters.

HTTP status codes 0
200
206
404
The HTTP status code sent in the response. Returns 0 if the TCP connection to the client ended before the server sent a response.
Object size -1
0
1
2
The size of the object matching the Content-Length response header, excluding HTTP response headers. Range requests don’t affect this field’s value. Returns the download object size if the header is not present, or -1 if not downloaded fully from the origin.
Overhead bytes 400TCP/IP/ETH overhead in bytes for the request and response, without HTTP or UDP overhead.
Protocol type HTTP/1.1
HTTPS/1.1
HTTP/2
HTTP3
The protocol of the response-request cycle.
Query string q=foo&submit=trueThe query string in the incoming URI from the client. To monitor this parameter in your logs, you need to update your stream's property configuration to set the Cache Key Query Parameters behavior to include all parameters. See Cache Key Query Parameters.
Request host splat-traffic.205400.akamai.comThe value of the Host header in the request with the domain name of the server and the TCP port number on which the server is listening. If no port is included, the default port for the service requested is implied. For example, 443 for an HTTPS URL, and 80 for an HTTP URL.

A Host header must be present in HTTP/1.1 requests. If a request lacks this header or has more than one, the server may respond with a 400 status code. See Host in RFC 7230.

Request method GET
POST
PUT
OPTIONS
The HTTP method of the request.
Request path path1/path2/file.extThe path to a resource in the incoming URI without query parameters. See the Query string field.
Request port 80
443
The client TCP port number of the requested service.
Response Content-Length -1
0
5000
The size of object data returned to the client without HTTP response headers. The Akamai Edge logs the object size even if there is no Content-Length header. Returns -1 if the size can’t be determined—for example, when the connection ended before the edge server received the complete object from the origin.
Response Content-Type text-plain
text-html
The value of the Content-Type header in the response with the media type of the returned content. Returns - if unknown or not set. The 304 Not Modified response usually does not return this header.

See:
Content-Type in RFC 7231
Partial Content in RFC 7233
Media types

TLS overhead time -
3
The elapsed time in milliseconds between when the edge server accepts the connection and the completion of the TLS handshake. Returns a number for SSL connections, and - for non-SSL connections.
TLS version -
TLSv1.3
QUIC
The protocol of the TLS handshake. Returns - for non-TLS connections.
Total bytes 839
9376
The bytes served in the response including the content, protocol overheads, and request body bytes. Protocol overheads include HTTP headers and UDP/TCP/IP/ETH overheads.
Uncompressed size 46251The size (in bytes) of the uncompressed object, if compressed before sending to the client.
User-Agent Mozilla%2F5.0+%28Macintosh
%3B+Intel+Mac+OS+X+10_14_3%29
The URI-encoded value of the User-Agent header in the request. It lets edge servers identify the application, operating system, vendor, or version of the requesting user agent.

This field is RFC-1738 escaped. See the note on hex-encoding above the table, User-Agent in RFC 7231 and RFC 2616.

To monitor this parameter in your logs, you need to update your stream's property configuration to include a User Agent behavior that logs this header. See Log custom parameters.

Request header data

Choose from these fields to extract data coming from the incoming requests' headers, such as the referrer URLs or byte ranges.

Data elementExamplesDescription
Accept-Language en
en-US
en-US,en;q=0.9
zh-CHS,%20en-us
The value of the Accept-Language header in the request with a list of acceptable human languages for response. Returns - if this field is not enabled or the client didn’t send the header. See Accept-Language in RFC 7231.

To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the Accept-Language header. See Log custom parameters.

Max age 300The time in seconds that the object is valid for positive cache responses.
Range 37334-42356
1024-1024
0-50,100-150,300-
Provides a single byte range or a comma-separated list of byte ranges. Bytes are numbered from 0.

Returns - if not a request range.

See Range in RFC 7233.

Referer https://example.com/search?q=jobsThe URL of the resource from which the requested URI was followed. This field is RFC-1738 escaped.

See the note on hex-encoding above the table and Referer in RFC 7231.

To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the Referer header. See Log custom parameters.

X-Forwarded-For 8.47.28.38
203.0.113.195,%2070.41.3.18
2001:db8:85a3:8d3:1319:8a2e:370:7348
Returns the contents of the X-Forwarded-For header, including the last IP address of a client connecting to a web server through an HTTP proxy or load balancer. It helps to debug, gather statistics, and generate location-dependent content and by design exposes privacy sensitive information, such as the IP address of the client.

See Forwarded For in RFC 7239.

To monitor this parameter in your logs, you need to update your stream's property configuration to include a Log Request Details behavior that logs the X-Forwarded-For header. See Log custom parameters.

Network performance data

Choose from these fields to get data on the edge server and client performance, and error codes when serving the requests for troubleshooting.

Data elementExamplesDescription
DNS lookup time 3The elapsed time in milliseconds between the start of the request and the completion of the DNS lookup in a multi-domain config, if one was required. For cached IP addresses, this value is 0.
Error code ERR_ACCESS_DENIED|fwd_aclA string describing the problem with serving the request.
Last byte 1The last byte of the object that was served in this response. 0 indicates a part of a byte-range response. This field is available only for Download Delivery products.
Request end time 0
1
3
The elapsed time in milliseconds it takes the edge server to fully read the request.
Turnaround time 16The elapsed time in milliseconds between when the last request header is received and the first byte of the reply is written to the client socket.
Transfer time 0
1
125
The time in milliseconds from when the edge server is ready to send the first byte of the response to when the last byte reaches the kernel.

Web security

Select the Security rules field to log the Web Application Firewall (WAF) end user's activity data, including the security policy ID, non-deny, and deny rules.

Data element

Examples

Description

Security rules

ULnR_28976|3900000:3900001:3900005:3900006:BOT-ANOMALY-HEADER

This field returns data when the request triggers any configured WAF or Bot Manager rules in the Security policy ID | Non-deny rules separated by : | Deny rule format.

To monitor this parameter in your logs, you need to update your stream's property configuration to include a Web Application Firewall (WAF) behavior or add the hostnames using Security Configurations.

Midgress traffic

When you Create a stream or Edit a stream, you can choose to log midgress traffic within the Akamai network, such as between two edge servers. This feature also requires enabling the Collect midgress traffic option in the DataStream behavior for your property in Property Manager. As a result, the second place in the log line contains a numeric value:

  • 0, if the request was processed between the client device and edge server (CLIENT_REQ), and isn't logged as midgress traffic
  • 1, if the request was processed by an edge server within the region (PEER_REQ), and is logged as midgress traffic
  • 2, if the request was processed by a parent Akamai edge server in the parent-child hierarchy (CHILD_REQ), and is logged as midgress traffic​

If logging midgress traffic is not enabled on your contract, contact the Akamai support team.

Custom fields

If you want your stream to collect other custom data fields, specify them in the Log Request Details behavior of your property. See Log custom parameters.


Did this page help you?