Option | Description |
---|---|
type | OPTIONAL; Type of Logs Requested; 0: Connection Logs, 1: Application Logs, 2: Event Logs; DEFAULT=Automatically detected based on the VS's app profile |
query_id | REQUIRED; Unique ID for each query; DEFAULT=0 |
virtualservice | REQUIRED; Specify VS ID for scoping the results |
start | OPTIONAL; start time stamp in ISO8601 format; DEFAULT=zero |
end | OPTIONAL; end time stamp in ISO8601 format; DEFAULT=current time |
duration | OPTIONAL; if start time is not specified (or set to zero), this field, specified in seconds, determines the duration from end for which logs are returned. DEFAULT=zero(no limit) |
page_size | OPTIONAL; maximum number of records to return; DEFAULT=10 |
adf | OPTIONAL; search logs matching Avi Defined (Significant) Filters; DEFAULT=True |
udf | OPTIONAL; search through logs meeting User Defined Filters; DEFAULT=False |
nf | OPTIONAL; search through the rest of the logs (i.e., logs that match neither ADF nor UDF); DEFAULT=False |
format | OPTIONAL: choose a format for the data; Options={'json','csv','txt'}; DEFAULT='json' |
page | OPTIONAL; For pagination support; DEFAULT=1 |
filter | OPTIONAL; Format: OPERATOR(field,value); Can be specified multiple times; DEFAULT=None See more information about filters here. |
cols | OPTIONAL; A comma separated list of fields to include in the results; When groupby is specified, sum/avg/max/min functions can be used with field names (e.g., sum(tx_bytes) in L4 case, or sum(response_length+request_length) in L7); you can order on the first custom column by specifying orderby=col0; DEFAULT=All when groupby is not specified and is sum(1) otherwise |
groupby | OPTIONAL; Specify a field name to group the results on; DEFAULT=None |
orderby | OPTIONAL; Specify a field name to sort the results on; Prepend with '-' to sort in reverse order; DEFAULT=-report_timestamp when groupby is not specified and descending order on count of items in each group (-count) when groupby is specified |
step | OPTIONAL; Specify step values for each groupby fieldresults; This outputs a JSON object, by default, with counts of logs that fall in each step, along with the timestamp of the end of the step; TBD: Summarization functions for other columns DEFAULT=0 |
expstep | OPTIONAL; If set to true, then instead of default linear increases by 'step', we use an exponentially increasing steps; e.g., if step=2 and expstep=True, then the intervals in the responses will be of form: 0-1, 1-2, 2-4, 4-8, 8-16, and so on.; DEFAULT=False |
timeout | OPTIONAL; Specify the timeout (in seconds) for this query; DEFAULT=5 |
download | OPTIONAL; Boolean; If set to true, then the results in the requested format will be downloaded as file. Also, the defaults for other options will be set as follows: format is set to CSV; timeout is set to 10 seconds; page is set to 1; page_size is set to 10000; DEFAULT=False |
debug | OPTIONAL; Boolean; If set to true, then we include extra debugging info in the responses; DEFAULT=False |
js_compat | OPTIONAL: Boolean; If set to true, then we will convert uint64 numbers to string in log query response. |
Filters are specified in
Refer to the following for the set of fields and their types for each log type:
Field Type | Operator | Description |
---|---|---|
String | eq | == |
sw | starts with | |
ne | != | |
co | contains keyword | |
nc | not contains keyword | |
Integer | eq | == |
lt | < | |
le | <= | |
gt | > | |
ge | >= | |
ne | != | |
IP Address | eq | == |
sw | starts with | |
ne | != | |
Boolean | eq | == |
ne | != | |
Enumeration String | eq | == |
lt | < | |
le | <= | |
gt | > | |
ge | >= | |
ne | != | |
Message | eq | == |
lt | < | |
le | <= | |
gt | > | |
ge | >= | |
ne | != |
Field Name | Field Type | Supported Operators | Field Description |
---|---|---|---|
adf | Boolean | eq,ne | |
significant | Integer | eq,lt,le,gt,ge,ne | |
significance | String | eq,sw,ne,co,nc | |
udf | Boolean | eq,ne | |
virtualservice | String | eq,sw,ne,co,nc | |
report_timestamp | Integer | eq,lt,le,gt,ge,ne | |
service_engine | String | eq,sw,ne,co,nc | |
vcpu_id | Integer | eq,lt,le,gt,ge,ne | |
log_id | Integer | eq,lt,le,gt,ge,ne | |
client_ip | IP Address | eq,sw,ne | IPv4 address of the client. When true client IP feature is enabled, this will be derived from the header configured in the true client IP feature, if present in the request |
client_location | String | eq,sw,ne,co,nc | |
client_src_port | Integer | eq,lt,le,gt,ge,ne | |
client_dest_port | Integer | eq,lt,le,gt,ge,ne | |
client_rtt | Integer | eq,lt,le,gt,ge,ne | |
ssl_session_id | String | eq,sw,ne,co,nc | |
ssl_version | String | eq,sw,ne,co,nc | |
ssl_cipher | String | eq,sw,ne,co,nc | |
sni_hostname | String | eq,sw,ne,co,nc | |
http_version | String | eq,sw,ne,co,nc | |
method | String | eq,sw,ne,co,nc | |
uri_path | String | eq,sw,ne,co,nc | |
rewritten_uri_path | String | eq,sw,ne,co,nc | |
uri_query | String | eq,sw,ne,co,nc | |
rewritten_uri_query | String | eq,sw,ne,co,nc | |
redirected_uri | String | eq,sw,ne,co,nc | |
server_side_redirect_uri | String | eq,sw,ne,co,nc | |
referer | String | eq,sw,ne,co,nc | |
user_agent | String | eq,sw,ne,co,nc | |
client_device | String | eq,sw,ne,co,nc | |
client_browser | String | eq,sw,ne,co,nc | |
client_os | String | eq,sw,ne,co,nc | |
xff | String | eq,sw,ne,co,nc | |
persistence_used | Boolean | eq,ne | |
host | String | eq,sw,ne,co,nc | |
etag | String | eq,sw,ne,co,nc | |
persistent_session_id | Integer | eq,lt,le,gt,ge,ne | |
request_content_type | String | eq,sw,ne,co,nc | |
response_content_type | String | eq,sw,ne,co,nc | |
request_length | Integer | eq,lt,le,gt,ge,ne | |
cache_hit | Boolean | eq,ne | |
cacheable | Boolean | eq,ne | |
network_security_policy_rule_name | String | eq,sw,ne,co,nc | |
http_security_policy_rule_name | String | eq,sw,ne,co,nc | |
http_request_policy_rule_name | String | eq,sw,ne,co,nc | |
http_response_policy_rule_name | String | eq,sw,ne,co,nc | |
pool | String | eq,sw,ne,co,nc | |
pool_name | String | eq,sw,ne,co,nc | |
server_ip | IP Address | eq,sw,ne | |
server_name | String | eq,sw,ne,co,nc | |
server_conn_src_ip | IP Address | eq,sw,ne | |
server_dest_port | Integer | eq,lt,le,gt,ge,ne | |
server_src_port | Integer | eq,lt,le,gt,ge,ne | |
server_rtt | Integer | eq,lt,le,gt,ge,ne | |
server_response_length | Integer | eq,lt,le,gt,ge,ne | |
server_response_code | Integer | eq,lt,le,gt,ge,ne | |
server_response_time_first_byte | Integer | eq,lt,le,gt,ge,ne | |
server_response_time_last_byte | Integer | eq,lt,le,gt,ge,ne | |
app_response_time | Integer | eq,lt,le,gt,ge,ne | |
data_transfer_time | Integer | eq,lt,le,gt,ge,ne | |
total_time | Integer | eq,lt,le,gt,ge,ne | |
response_length | Integer | eq,lt,le,gt,ge,ne | |
response_code | Integer | eq,lt,le,gt,ge,ne | |
response_time_first_byte | Integer | eq,lt,le,gt,ge,ne | |
response_time_last_byte | Integer | eq,lt,le,gt,ge,ne | |
compression_percentage | Integer | eq,lt,le,gt,ge,ne | |
compression | Enumeration String | eq,lt,le,gt,ge,ne | |
client_insights | Enumeration String | eq,lt,le,gt,ge,ne | |
connection_error_info | Message | eq,lt,le,gt,ge,ne | |
spdy_version | String | eq,sw,ne,co,nc | |
request_headers | Integer | eq,lt,le,gt,ge,ne | |
response_headers | Integer | eq,lt,le,gt,ge,ne | |
request_state | Enumeration String | eq,lt,le,gt,ge,ne | |
datascript_error_trace | Message | eq,lt,le,gt,ge,ne | |
all_request_headers | String | eq,sw,ne,co,nc | |
all_response_headers | String | eq,sw,ne,co,nc | |
user_id | String | eq,sw,ne,co,nc | |
significant_log | Enumeration String | eq,lt,le,gt,ge,ne | List of enums which indicate why a log is significant |
datascript_log | String | eq,sw,ne,co,nc | Log created by the invocations of the DataScript api avi.vs.log() |
microservice | String | eq,sw,ne,co,nc | |
microservice_name | String | eq,sw,ne,co,nc | |
headers_sent_to_server | String | eq,sw,ne,co,nc | Request headers sent to backend server |
headers_received_from_server | String | eq,sw,ne,co,nc | Response headers received from backend server |
server_ssl_session_id | String | eq,sw,ne,co,nc | SSL session id for the backend connection. |
server_connection_reused | Boolean | eq,ne | Flag to indicate if connection from the connection pool was reused |
server_ssl_session_reused | Boolean | eq,ne | Flag to indicate if SSL session was reused. |
vs_ip | IP Address | eq,sw,ne | |
body_updated | Enumeration String | eq,lt,le,gt,ge,ne | |
waf_log | Message | eq,lt,le,gt,ge,ne | Presence of waf_log indicates that atleast 1 WAF rule was hit for the transaction |
client_ip6 | String | eq,sw,ne,co,nc | IPv6 address of the client. |
vs_ip6 | String | eq,sw,ne,co,nc | Virtual IPv6 address of the VS. |
server_ip6 | String | eq,sw,ne,co,nc | IPv6 address of the Server. |
server_conn_src_ip6 | String | eq,sw,ne,co,nc | IPv6 address used to connect to Server. |
request_id | String | eq,sw,ne,co,nc | Unique HTTP Request ID |
request_served_locally_remote_site_down | Boolean | eq,ne | Flag to indicate if request was served locally because the remote site was down |
http2_stream_id | Integer | eq,lt,le,gt,ge,ne | Stream identifier corresponding to an HTTP2 request. |
cipher_bytes | String | eq,sw,ne,co,nc | Byte stream of client cipher list sent on SSL_R_NO_SHARED_CIPHER error.This byte stream is used to generate client_cipher_list. |
client_cipher_list | Message | eq,lt,le,gt,ge,ne | List of ciphers sent by client in TLS Client Hello. This field is only generated when TLS handshake fails due to no shared cipher. |
client_log_filter_name | String | eq,sw,ne,co,nc | Name of the Client Log Filter applied |
saml_authentication_used | Boolean | eq,ne | SAML authentication is used. |
saml_session_cookie_valid | Boolean | eq,ne | SAML authentication session cookie is valid. |
saml_auth_request_generated | Boolean | eq,ne | SAML authentication request is generated. |
saml_auth_response_received | Boolean | eq,ne | SAML authentication response is received. |
saml_auth_session_id | Integer | eq,lt,le,gt,ge,ne | SAML authentication session ID. |
servers_tried | Integer | eq,lt,le,gt,ge,ne | Number of servers tried during server reselect before the response is sent back. |
paa_log | Message | eq,lt,le,gt,ge,ne | Logs for the PingAccess authentication process. |
cache_disabled_by_ds | Boolean | eq,ne | Cache fetch and store is disabled by the Datascript policies. |
grpc_status | Integer | eq,lt,le,gt,ge,ne | GRPC response status sent in the GRPC trailer. |
ocsp_status_resp_sent | Boolean | eq,ne | OCSP Certificate Status response sent in the SSL/TLS connection handshake. |
critical_error_encountered | Boolean | eq,ne | Critical error encountered during request processing. |
grpc_service_name | String | eq,sw,ne,co,nc | The service called by the gRPC request. |
grpc_method_name | String | eq,sw,ne,co,nc | The method called by the gRPC request. |
grpc_status_reason_phrase | Enumeration String | eq,lt,le,gt,ge,ne | The reason phrase corresponding to the gRPC status code. |
icap_log | Message | eq,lt,le,gt,ge,ne | Log for the ICAP processing. |
saml_log | Message | eq,lt,le,gt,ge,ne | Logs for the SAML authentication/authorization process. |
jwt_log | Message | eq,lt,le,gt,ge,ne | Logs for the JWT Validation process. |
ntlm_log | Message | eq,lt,le,gt,ge,ne | NTLM auto-detection logs. |
oob_log | Message | eq,lt,le,gt,ge,ne | Logs for HTTP Out-Of-Band Requests |
session_id | String | eq,sw,ne,co,nc | Field set by datascript using avi.vs.set_session_id(). |
bot_management_log | Message | eq,lt,le,gt,ge,ne | Logs related to Bot detection. |
max_ingress_latency_fe | Integer | eq,lt,le,gt,ge,ne | Maximum packet processing latency for the frontend flow. |
avg_ingress_latency_fe | Integer | eq,lt,le,gt,ge,ne | Average packet processing latency for the frontend flow. |
conn_est_time_fe | Integer | eq,lt,le,gt,ge,ne | TCP connection establishment time for the frontend flow. |
max_ingress_latency_be | Integer | eq,lt,le,gt,ge,ne | Maximum packet processing latency for the backend flow. |
avg_ingress_latency_be | Integer | eq,lt,le,gt,ge,ne | Average packet processing latency for the backend flow. |
conn_est_time_be | Integer | eq,lt,le,gt,ge,ne | TCP connection establishment time for the backend flow. |
source_ip | IP Address | eq,sw,ne | Source IP of the client connection to the VS. This can be different from client IP when true client IP feature is enabled. |
source_ip6 | String | eq,sw,ne,co,nc | IPv6 address of the source of the client connection to the VS. This can be different from client IPv6 address when true client IP feature is enabled. |
oauth_log | Message | eq,lt,le,gt,ge,ne | Logs related to OAuth requests. |
auth_status | Enumeration String | eq,lt,le,gt,ge,ne | Set the Session Authentication Status. |
client_fingerprints | Message | eq,lt,le,gt,ge,ne | The fingerprints for this client. |
server_push_initiated | Boolean | eq,ne | Request which initiates Server Push |
server_pushed_request | Boolean | eq,ne | Requests served via Server Push |
vh_match_rule | String | eq,sw,ne,co,nc | EVH rule matching the request. |
Field Name | Field Type | Supported Operators | Field Description |
---|---|---|---|
adf | Boolean | eq,ne | |
significant | Integer | eq,lt,le,gt,ge,ne | |
significance | String | eq,sw,ne,co,nc | |
udf | Boolean | eq,ne | |
virtualservice | String | eq,sw,ne,co,nc | |
vs_ip | IP Address | eq,sw,ne | |
client_ip | IP Address | eq,sw,ne | |
client_location | String | eq,sw,ne,co,nc | |
client_src_port | Integer | eq,lt,le,gt,ge,ne | |
client_dest_port | Integer | eq,lt,le,gt,ge,ne | |
start_timestamp | Integer | eq,lt,le,gt,ge,ne | |
report_timestamp | Integer | eq,lt,le,gt,ge,ne | |
total_time | Integer | eq,lt,le,gt,ge,ne | |
connection_ended | Boolean | eq,ne | |
client_rtt | Integer | eq,lt,le,gt,ge,ne | |
mss | Integer | eq,lt,le,gt,ge,ne | |
rx_bytes | Integer | eq,lt,le,gt,ge,ne | |
tx_bytes | Integer | eq,lt,le,gt,ge,ne | |
total_bytes | Integer | eq,lt,le,gt,ge,ne | |
rx_pkts | Integer | eq,lt,le,gt,ge,ne | |
tx_pkts | Integer | eq,lt,le,gt,ge,ne | |
total_pkts | Integer | eq,lt,le,gt,ge,ne | |
out_of_orders | Integer | eq,lt,le,gt,ge,ne | |
retransmits | Integer | eq,lt,le,gt,ge,ne | |
timeouts | Integer | eq,lt,le,gt,ge,ne | |
zero_window_size_events | Integer | eq,lt,le,gt,ge,ne | |
service_engine | String | eq,sw,ne,co,nc | |
vcpu_id | Integer | eq,lt,le,gt,ge,ne | |
log_id | Integer | eq,lt,le,gt,ge,ne | |
network_security_policy_rule_name | String | eq,sw,ne,co,nc | |
pool | String | eq,sw,ne,co,nc | |
pool_name | String | eq,sw,ne,co,nc | |
server_ip | IP Address | eq,sw,ne | |
server_name | String | eq,sw,ne,co,nc | |
server_conn_src_ip | IP Address | eq,sw,ne | |
server_dest_port | Integer | eq,lt,le,gt,ge,ne | |
server_src_port | Integer | eq,lt,le,gt,ge,ne | |
server_rtt | Integer | eq,lt,le,gt,ge,ne | |
server_total_bytes | Integer | eq,lt,le,gt,ge,ne | |
server_rx_bytes | Integer | eq,lt,le,gt,ge,ne | |
server_tx_bytes | Integer | eq,lt,le,gt,ge,ne | |
server_total_pkts | Integer | eq,lt,le,gt,ge,ne | |
server_rx_pkts | Integer | eq,lt,le,gt,ge,ne | |
server_tx_pkts | Integer | eq,lt,le,gt,ge,ne | |
server_out_of_orders | Integer | eq,lt,le,gt,ge,ne | |
server_retransmits | Integer | eq,lt,le,gt,ge,ne | |
server_timeouts | Integer | eq,lt,le,gt,ge,ne | |
server_zero_window_size_events | Integer | eq,lt,le,gt,ge,ne | |
significant_log | Enumeration String | eq,lt,le,gt,ge,ne | List of enums which indicate why a log is significant |
num_transaction | Integer | eq,lt,le,gt,ge,ne | |
average_turntime | Integer | eq,lt,le,gt,ge,ne | |
num_window_shrink | Integer | eq,lt,le,gt,ge,ne | |
server_num_window_shrink | Integer | eq,lt,le,gt,ge,ne | |
num_syn_retransmit | Integer | eq,lt,le,gt,ge,ne | |
microservice | String | eq,sw,ne,co,nc | |
microservice_name | String | eq,sw,ne,co,nc | |
proxy_protocol | Enumeration String | eq,lt,le,gt,ge,ne | Version of proxy protocol used to convey client connection information to the back-end servers. A value of 0 indicates that proxy protocol is not used. A value of 1 or 2 indicates the version of proxy protocol used. |
ssl_session_id | String | eq,sw,ne,co,nc | |
ssl_version | String | eq,sw,ne,co,nc | |
ssl_cipher | String | eq,sw,ne,co,nc | |
dns_fqdn | String | eq,sw,ne,co,nc | |
dns_ips | IP Address | eq,sw,ne | |
dns_qtype | Enumeration String | eq,lt,le,gt,ge,ne | |
gslbservice | String | eq,sw,ne,co,nc | |
gslbservice_name | String | eq,sw,ne,co,nc | |
gslbpool_name | String | eq,sw,ne,co,nc | |
dns_response | Message | eq,lt,le,gt,ge,ne | |
dns_etype | Enumeration String | eq,lt,le,gt,ge,ne | |
protocol | Enumeration String | eq,lt,le,gt,ge,ne | |
dns_request | Message | eq,lt,le,gt,ge,ne | |
client_ip6 | String | eq,sw,ne,co,nc | IPv6 address of the client. |
vs_ip6 | String | eq,sw,ne,co,nc | IPv6 address of the VIP of the VS. |
server_ip6 | String | eq,sw,ne,co,nc | IPv6 address of the Backend Server. |
server_conn_src_ip6 | String | eq,sw,ne,co,nc | IPv6 address used to connect to Backend Server. |
sni_hostname | String | eq,sw,ne,co,nc | |
sip_log | Message | eq,lt,le,gt,ge,ne | SIP related logging information |
client_log_filter_name | String | eq,sw,ne,co,nc | Name of the Client Log Filter applied |
ds_log | String | eq,sw,ne,co,nc | Datascript Log |
persistence_used | Boolean | eq,ne | Persistence applied during server selection |
ocsp_status_resp_sent | Boolean | eq,ne | OCSP Response sent in the SSL/TLS connection Handshake. |
max_ingress_latency_fe | Integer | eq,lt,le,gt,ge,ne | Maximum packet processing latency for the frontend flow. |
avg_ingress_latency_fe | Integer | eq,lt,le,gt,ge,ne | Average packet processing latency for the frontend flow. |
conn_est_time_fe | Integer | eq,lt,le,gt,ge,ne | TCP connection establishment time for the frontend flow. |
max_ingress_latency_be | Integer | eq,lt,le,gt,ge,ne | Maximum packet processing latency for the backend flow. |
avg_ingress_latency_be | Integer | eq,lt,le,gt,ge,ne | Average packet processing latency for the backend flow. |
conn_est_time_be | Integer | eq,lt,le,gt,ge,ne | TCP connection establishment time for the backend flow. |
dns_tcp_conn_close_from_se | Boolean | eq,ne | Service engine closed the TCP connection after the first DNS response. |
Field Name | Field Type | Supported Operators | Field Description |
---|---|---|---|
report_timestamp | Integer | eq,lt,le,gt,ge,ne | |
obj_type | Enumeration String | eq,lt,le,gt,ge,ne | |
event_id | Enumeration String | eq,lt,le,gt,ge,ne | |
module | Enumeration String | eq,lt,le,gt,ge,ne | |
internal | Enumeration String | eq,lt,le,gt,ge,ne | |
context | Enumeration String | eq,lt,le,gt,ge,ne | |
obj_uuid | String | eq,sw,ne,co,nc | |
obj_name | String | eq,sw,ne,co,nc | |
reason_code | Enumeration String | eq,lt,le,gt,ge,ne | Reason code for generating the event. This would be added to the alert where it would say alert generated on event with reason |
event_details | Message | eq,lt,le,gt,ge,ne | |
details_summary | String | eq,sw,ne,co,nc | Summary of event details |
related_uuids | String | eq,sw,ne,co,nc | related objects corresponding to the events |
event_description | String | eq,sw,ne,co,nc | Event Description for each Event in the table view |
event_pages | String | eq,sw,ne,co,nc | Pages in which event should come up |
ignore_event_details_display | Boolean | eq,ne | |
is_security_event | Boolean | eq,ne | |
tenant_name | String | eq,sw,ne,co,nc | |
tenant | String | eq,sw,ne,co,nc |