The Edgio platform exposes three types of logs to users:
  • Build logs capture all the build output from your Edgio deploys.
  • Server logs capture your Edgio serverless console output at real time.
  • Access logs capture information about all the requests served by Edgio.

Build Logs

Each time you deploy to Edgio using the 0 deploy command, information about the deployment is logged, including the output of the 0 deploy command itself. You can view these logs in real-time by viewing your deployment on app.layer0.co.

Server Logs

All messages logged using console.log, console.warn, console.error, etc… within your application can be viewed in real time from the “Server” tab on any deployment:
Here you can limit the output to only those statements coming from your IP address, or filter by regex. This can use useful when trying to sift through noisy logs on high-traffic sites.

Deep Request Inspection

By enabling Deep Request Inspection in your environment, you can also see the headers and body of every request and response served by your application via the Edgio serverless cloud. You can also see each upstream API request made by your application. To enable Deep Request Inspection, navigate to the environment in the Edgio Developer Console, select the configuration tab, click “Edit” and enable “Deep Request Inspection” in the Debugging section.
Deep Request Inspection
Finally, activate the new environment configuration and tail the server logs on any deployment to see detailed information about every request served by that deployment.

Setting up Log Aggregation Tools

Edgio saves its logs to Amazon S3. Most log aggregation tools are able to ingest logs from S3. We attempt to link to the docs that explain how to ingest logs from S3 for each popular log aggregation tool below. Even if your tool is not listed, there’s a good chance it can ingest logs from S3.

Access Logs

Edgio Enterprise tier customers can receive streaming access logs that capture information about each request served by Edgio. To do so refer to the “Access Logs” tab:
Note that if you are not an Enterprise tier customer you will see a message to contact support to upgrade your account.
Access logs contain the following fields:

timestamp (number)

Millisecond resolution of the request start time in UNIX epoch.

bld (string)

The application’s build number processing this request. Example ‘1021’.

eid (string)

The active environment ID in Edgio.
Available since Edgio v2.9.0.

ev (number)

The active environment version number. Example 95 (number).

ip (string)

IP of the most downstream client, determined either through XFF or by reading socket information.

met (string)

HTTP method.

hh (string)

Host header as received from the downstream.

url (string)

HTTP path.

h2 (string)

Flag indicating whether downstream connection is http/2 or not. Can be ‘0’ or ‘1’.

psh (number)

Flag indicating whether this request is an http/2 server-side push or not. Can be 0 or 1.

code (string)

HTTP response status code.

ic (integer)

Flag indicating whether this request was cacheable even in theory. Can be 0 or 1.

cc (string)

Country code per geo-location.

s_rq (number)

Size of the request in bytes.

s_rs (number)

Size of the response in bytes.

ds (string)

Destination, determined by split testing rules, if any; if no rules, the value is left as the default router.

be (string)

Backend, determined by the routing rules. The names come from the backends structure exported from your layer0.config.js file.

bk (string)

Split testing bucket cookie value.

zip (string)

Flag indicating whether the response is compressed or not. Can be ‘0’ or ‘1’.

rid (string)

Unique request ID.

waf (string)

WAF security state: geo for geo blocking, bl for block list, dl-{list name} for dynamic lists if the request was blocked; wl for allow list, by for bypass if the request was passed.

sh (number)

Flag indicating whether the request was shielded. Can be 0 or 1.

dv (string)

Device type desktop, smartphone, tablet, mobile.

vn (string)

Vendor: apple, microsoft, android.

br (string)

Browser: chrome, safari, firefox.

bot (number)

Flag indicating whether the request was made by a bot. Can be 0 or 1.

er (number)

Flag indicating whether the request was responded from edge (not true for cache hits, just for synthetic requests). Can be 0 or 1.

clv (number)

Cache level on which the request was responded or 0 if it was a miss. Possible values are 0 - miss, 1 - Level 1 hit (edge), 2 - level 2 hit (global).

stl (number)

Indicates if the response was stale or not. Can be 0 or 1.

done (string)

Flag indicating if the response has completed (analogous to 499 in Nginx). ‘0’ or ‘1’.

cs (string)

Caching status (why something was or wasn’t cached).

ct (string)

Response content type.

xmr (string)

Request header x-0-matched-routes, logs all routes matched and is required to order the routes table in caching metrics.

rfr (string)

Referrer request header (note the misspelling per HTTP standard).

ua (string)

User agent.

xmt (string)

Response x-0-t header with different critical path timings. Example: ‘eh=4,ect=2,ecc=hit’.

xut (string)

Response x-0-user-t header with different user performance metrics. Example: fetch:/path=123

xms (string)

Response x-0-status header with different critical path status codes. Example: ‘eh=200,ed=200,gh=200,gd=200,p=200,w=200’.

pre (number or not present)

If layer0_prefetch parameter was specified value of 1, otherwise not present.

uv (string)

Upstream response’s vary header value.

bip (string)

IP of the backend that responded to the request.

hrid (string)

Request ID of the response hit in the cache. Corresponds to x-0-hit-request-id response header.

ac (string)

Accept-Encoding header value. Example: ‘gzip’.

asn (string)

The ASN for the (Autonomous System Number) for this IP. Example: ‘20940’.

ce (string)

The normalized value of content encoding header as used by edge. Example: ‘gzip’.

ckh (string)

Cache key hash.

cv (string)

Edgio edge compiler version. Example ‘1.7.3’.

cy (string)

City name per geo-location. Example: ‘new york’.

jwt (string)

Value of the recommended action per JWT parsing. Can be one of "", “blocked”, “permit”, “redirect”.

lo (string)

Geographical longitude per geo-location. Example ‘-73.98’.

lt (string)

Geographical latitude per geo-location. Example ‘40.76’.

lp (number)

Flag indicating if loading page was served during incremental static rendering. Can be 0 or 1 (number).

pc (string)

Postal code per geo-location. Example: ‘10020’

prl (number)

Flag indicating if this was a preload request. Can be 0 or 1.

prod (number)

Indicates whether this request belongs to the production environment. Can be 0 or 1 (number).

sc (string)

State code as per geo-location Example: ‘NY’

sec (string)

Security - set to “ip_block_list” if blocked by IP or “country_block_list” if blocked by country code on the edge.

ssl (number)

A flag that indicates whether the request was done on HTTPS protocol. Can be 0 or 1.

t (string)

Same as xmt.

v (string)

Layer0/Edgio platform version. Example: ‘4.19.3’

wafv (string)

Version of the WAF. Can be an empty string if WAF was not enabled, otherwise the version of the WAF (like ‘WAF-1,2’).

xff (string)

The value of the header ‘x-forwarded-for’.