Request logging overview

Media CDN logs each HTTP request to Cloud Logging. These requests include client requests to the EdgeCacheService resource and requests from the EdgeCacheOrigin resource to the configured origin for cache fills. Logs are typically delivered in near real time. This includes being queryable in Logging and exportable to Cloud Storage and Pub/Sub.

Log entries contain the following types of information:

General information shown in most Google Cloud logs, such as severity, the project ID, the project number, and the timestamp.
HttpRequest log fields.
Additional metadata about the request within the structPayload, including the following:
- Client ASN
- Client location data
- ID (city) of the caches used to fulfill the response
- Time to first byte (TTFB) and time to last byte (TTLB), in milliseconds, for the HTTP-level response
- TLS SNI hostname
- TLS version used
- Common Media Client Data (CMCD) information

Cache-specific fields

The jsonPayload object of a Media CDN log contains metadata specific to how Media CDN serves an object, whether the object was cached, and any error states encountered.

These fields, as well as example values, are shown in the following table.

Field	Example value	Details
backendInitialLatency	0.126644940s	The Duration it takes the backend to initially respond to a request. Measured from when the CDN has finished proxying the request to the origin until the CDN begins receiving response bytes from the origin. This field only appears in logs for cache fill from an `EdgeCacheOrigin` resource.
backendLatency	0.126666342s	The Duration it takes the backend to fully respond to a request. Measured from when the CDN has finished proxying the request to the origin until the CDN has received the complete response from the backend. This field appears only in logs for cache fill from an `EdgeCacheOrigin` resource.
cacheId	`maa-123456`	The IATA (airport) code of the city nearest the cache and an opaque identifier of the cache instance. If multiple tiers of caching are required to serve the request due to a full or partial cache miss, the chain of cache locations is provided—for example, `del-234567, bom-345678, sin-456789`, where the rightmost cache is the closest to the user.
cacheKeyFingerprint	f63925711b0dd8a9ff861cd303774e6e	An opaque fingerprint of the cache key. Requests that map to the same cache key—for example, requests where query parameters are not included, or where the host is not included—should have the same fingerprint. If your total number of requests is similar to the total number of unique fingerprints, it might indicate that your cache keys are too specific.
cacheMode	USE_ORIGIN_HEADERS	The `cdnPolicy.cacheMode` configured on the route that matched this request.
cacheStatus	Cache hit: `hit` Full cache miss: `fetch, miss, miss`	The cache status at each cache node between the user and the origin shield, where the rightmost value represents the cache closest to the user. For more information about how to interpret this field, see Cache status values.
clientAsn		The ASN (Autonomous System Number), based on the connecting client's IP address.
clientCity	Mountain View	Name of the city from which the request originated—for example, Mountain View, California. This can also be added to both request and response headers and mirrors the `client_city` header variable.
clientRegionCode	US	The country (or region) associated with the client's IP address. This is a Unicode CLDR region code, such as US or FR. For most countries, these codes correspond directly to ISO-3166-2 codes. This can also be added to both request and response headers and mirrors the `client_region` header variable.
cmcd		The CMCD keys in the client request that help inform the client-side quality of service. Media CDN supports data transmitted through HTTP request headers or query parameters and does not log values for the following keys: `dl` (deadline), `nor` (next object request), `nrr` (next range request), `ot` (object type), `rtp` (requested maximum throughput), `sf` (streaming format), `su` (startup), `tb` (top bitrate), or `v` (CMCD version).
enforcedSecurityPolicy		The Google Cloud Armor edge security policy that applies to the client's request. This includes additional information about the policy name, priority, and action taken.
httpTtfb	0.157228207s	The Duration from when the proxy begins receiving request bytes until the first byte of the response is sent (not received).
latency	0.157415635s	The Duration from when the proxy begins receiving request bytes until it has finished writing the response to the client.
location		The `Location` header in the response.
metroIataCode	MAA	The IATA (airport) code of the city nearest the proxy.
origin		The `EdgeCacheOrigin` resource from which the response was proxied.
originalRequestId	19d92668-3948-49d8-9244-25f8252043e4	The unique identifier assigned to the request that originally generated this response. Populated only if this is different than `request_id` for cached responses.
originIp		The IP address used to contact the `EdgeCacheOrigin` resource from which the response was proxied.
proxyRegionCode	US	The country (or region) that the proxy is located in. This is a Unicode CLDR region code, such as US or FR. For most countries, these codes correspond directly to ISO-3166-2 codes.
proxyStatus		A list of intermediary HTTP proxies in the response path. The value is defined by RFC 9209. This corresponds to the `proxy_status` dynamic header variable.
rangeHeader		The `Range` header in the request.
requestId	4bde6381-cd17-47e1-8c2a-1aaa424a1156	The unique identifier assigned to the request by the proxy.
tlsCipherSuite	009C	The cipher suite negotiated during the TLS handshake. The value is four hex digits defined by the IANA TLS Cipher Suite Registry—for example, 009C for TLS_RSA_WITH_AES_128_GCM_SHA256. This value is empty for unencrypted client connections.
tlsSniHostname		Server name indication (as defined in RFC 6066), if provided by the client during the TLS or QUIC handshake. The hostname is converted to lowercase and any trailing dot is removed.
tlsVersion	TLS 1.3	TLS version negotiated between the client and the CDN during the SSL handshake. Possible values include TLS 1, TLS 1.1, TLS 1.2, and TLS 1.3.

Example log entry

The following provides an example log entry for a response served from cache:

{
  "insertId": "617fa16e-0000-2ac9-9993-d4f547fe67d4@a1",
  "jsonPayload": {
    "@type": "type.googleapis.com/google.cloud.edgecache.v1.EdgeCacheLogEntry",
    "tlsVersion": "TLS 1.3",
    "tlsCipherSuite": "009C", // hex digits for the cipher negotiated
    "cacheId": "maa-132eed13faa13",
    "clientAsn": "9299", // AS the client is associated with
    "origin": "example_origin",
    "clientRegionCode": "IN",
    "metroIataCode": "bom",
    "clientCity": "Mumbai", // City name, in English
    "latency": "0.005105200s",
    "proxyStatus": "Google-Edge-Cache",
    "httpTtfb": "0.005056080s",
    "cacheMode": "FORCE_CACHE_ALL",
    "cacheKeyFingerprint": "c360ac18849b6336",
    "cacheStatus": "hit,stale",
    "enforcedSecurityPolicy": {
      "outcome": "ACCEPT",
      "configuredAction": "ACCEPT",
      "name": "example_policy",
      "priority": 1000
    },
    "originalRequestId": "19d92668-3948-49d8-9244-25f8252043e5",
    "proxyRegionCode": "IN",
    "requestId": "4bde6381-cd17-47e1-8c2a-1aaa424a1156",
    "originIp": "74.125.128.128"
  },
  "httpRequest": {
    "requestMethod": "GET",
    "requestUrl": "https://example.com/image.jpg",
    "requestSize": "3545",
    "status": 200,
    "responseSize": "3716",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
    "remoteIp": "62.36.0.43",
    "protocol": "HTTP/2"
  },
  "resource": {
    "type": "edgecache.googleapis.com/EdgeCacheRouteRule",
    "labels": {
      "matched_path": "/",
      "path_matcher_name": "routes",
      "service_name": "example_service",
      "resource_container": "projects/123456789",
      "location": "global",
      "route_destination": "projects/123456789/locations/global/edgeCacheOrigins/example_origin",
      "route_type": "ORIGIN"
    }
  },
  "timestamp": "2022-11-19T00:24:13.695328200Z",
  "logName": "projects/my-project/logs/edgecache.googleapis.com%2Fedge_cache_request",
  "receiveTimestamp": "2022-11-19T00:24:16.715871645Z"
}

You can configure request logging in a few ways. To reduce log volume and overall Logging charges, logs can optionally be sampled or filtered as needed.

You can also route logs to Pub/Sub, Cloud Storage, or BigQuery for analysis in Google Cloud or your existing log analysis tools.

Retention policies

Logging supports setting custom retention policies, including on a per-sink basis.

What's next

To understand more about how to set up logs-based metrics to define your own metrics values based on logged requests, see the Log-based metrics overview.
To learn more about the pricing for Logging, see Google Cloud Observability pricing.
To read about how audit logging works and how to enable and configure audit logs for admin activity, see the Cloud Audit Logs documentation.