Filtering Log Data

Filter log data to only include relevant information and to reduce the amount of data being ingested. Filtering options vary by RTLD module.

Filter	RTLD CDN	RTLD WAF	RTLD Rate Limiting	RTLD Bot	RTLD Cloud Functions
Access Rule
Client IP
Country
Custom Rule
Enforcement Action
Hostname
Log Level
Managed Rule
Rate Rule
Request Method
Security Application configuration
Source
Status Code
User Agent
URL

An alternative method for reducing the amount of log data sent to your destination is downsampling. However, downsampling log data is indiscriminate, while filtering allows you to target the set of traffic that is most relevant to your business needs.

Filters

The Filters section allows you to define one or more filter(s). All filtering options, except for those that use regular expressions, allow you to choose between the following options:

Matches: Use this option when you want to filter log data to only include requests that satisfy at least one entry within this filtering condition.
Does Not Match: Use this option when you want to filter log data to exclude requests that satisfy at least one entry within this filtering condition.

All filtering options, except for those that use regular expressions, support multiple values. You may select or type each desired value. If you are typing the desired value, press ENTER to set it.

Filter log data by:

Access Rule: Set the Access Rule option to one or more access rule(s).
Client IP: Set the Filter by Client IP option to one or more IP addresses.
Country: Set the Countries option to the desired set of countries by selecting them.

Filter the list by typing the entire or partial country name. For example, typing un will filter the list to include all countries that contain un (e.g., United States and United Kingdom).
Custom Rule: Set the Custom Rule option to one or more custom rule(s) by selecting or typing each desired name.
Enforcement Action: Set the Action Type option to one or more enforcement action(s).
Hostname: Set the Hostnames option to the desired hostname(s).

Filter the list by typing the entire or partial hostname. For example, typing co will filter the list to include all hostnames that contain co (e.g., cdn.example.com and corp.example.org).
Log Level: Set the Log Level option to one or more log level(s) by selecting or typing their names.
Managed Rule: Set the Managed Rule option to one or more managed rule(s) by selecting or typing their names.
Rate Rule: Set the Action Limit ID option to one or more rate rule(s).
Request Method: Set the Request Method option to one or more request method(s).
Security Application Configuration: Set the Security Application Manager or the Scope Name option to one or more Security Application configuration(s).
Source: Set the Source option by selecting a source. This source identifies whether a log entry was generated due to a console message in the application or Deep Request Inspection.
Status Code: Set the Filter by Status Code option by selecting each status code class (e.g., 2xx or 3xx) for which log data will be delivered.
URL: Set the Filter By URL Regexp option to a RE2-compatible regular expression pattern that identifies the set of URLs by which log data will be filtered.
User Agent: Set the Filter by User Agent option to a RE2-compatible regular expression pattern that identifies the set of user agents by which log data will be filtered.

Clearing a Filter

Clear a filter by removing all of its entries. Remove an individual entry by clicking on its x.

Filters #

Clearing a Filter #

Filters

Clearing a Filter