Filters
The following table represents the comparison operators that are supported and example values. Filters are added as escaped JSON strings formatted as {"key":"<field>","operator":"<comparison_operator>","value":"<value>"}.
Refer to the Log fields page for a list of fields related to each dataset.
Comparison operators define how values must relate to fields in the log line for an expression to return true.
Values represent the data associated with fields.
| Name | Operator Notation | Supported Field Types | |||||
|---|---|---|---|---|---|---|---|
| English | String | Int | Bool | Array | Object | Example (operator in bold) | |
| Equal | eq | ✅ | ✅ | ✅ | ❌ | ❌ | {\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"} |
| Not equal | !eq | ✅ | ✅ | ✅ | ❌ | ❌ | {\"key\":\"ClientCountry\",\"operator\":\"!eq\",\"value\":\"ca\"} |
| Less than | lt | ❌ | ✅ | ❌ | ❌ | ❌ | {\"key\":\"BotScore\",\"operator\":\"lt\",\"value\":\"30\"} |
| Less than or equal | lte | ❌ | ✅ | ❌ | ❌ | ❌ | {\"key\":\"BotScore\",\"operator\":\"lte\",\"value\":\"30\"} |
| Greater than | gt | ❌ | ✅ | ❌ | ❌ | ❌ | {\"key\":\"BotScore\",\"operator\":\"gt\",\"value\":\"30\"} |
| Greater than or equal | gte | ❌ | ✅ | ❌ | ❌ | ❌ | {\"key\":\"BotScore\",\"operator\":\"gte\",\"value\":\"30\"} |
| Starts with | startsWith | ✅ | ❌ | ❌ | ❌ | ❌ | {\"key\":\"ClientRequestPath\",\"operator\":\"startsWith\",\"value\":\"/foo\"} |
| Ends with | endsWith | ✅ | ❌ | ❌ | ❌ | ❌ | {\"key\":\"ClientRequestPath\",\"operator\":\"endsWith\",\"value\":\"/foo\"} |
| Does not start with | !startsWith | ✅ | ❌ | ❌ | ❌ | ❌ | {\"key\":\"ClientRequestPath\",\"operator\":\"!startsWith\",\"value\":\"/foo\"} |
| Does not end with | !endsWith | ✅ | ❌ | ❌ | ❌ | ❌ | {\"key\":\"ClientRequestPath\",\"operator\":\"!endsWith\",\"value\":\"/foo\"} |
| Contains | contains | ✅ | ❌ | ❌ | ✅ | ❌ | {\"key\":\"ClientRequestPath\",\"operator\":\"contains\",\"value\":\"/static\"} |
| Does not contain | !contains | ✅ | ❌ | ❌ | ✅ | ❌ | {\"key\":\"ClientRequestPath\",\"operator\":\"!contains\",\"value\":\"/static\"} |
| Value is in a set of values | in | ✅ | ✅ | ❌ | ✅ | ❌ | {\"key\":\"EdgeResponseStatus\",\"operator\":\"in\",\"value\":[200,201]} |
| Value is not in a set of values | !in | ✅ | ✅ | ❌ | ✅ | ❌ | {\"key\":\"EdgeResponseStatus\",\"operator\":\"!in\",\"value\":[200,201]} |
The filter field has limits of approximately 30 operators and 1000 bytes. Anything exceeding this value will return an error.
For the Firewall events dataset, the following fields are not supported: Kind, MatchIndex, Metadata, OriginatorRayID, RuleID, Source.
For the Gateway HTTP dataset, the following fields are not supported: Downloaded File Names, Uploaded File Names.
Logical Operators
Filters can be connected using
AND,ORlogical operators.Logical operators can be nested.
Here are some examples of how the logical operators can be implemented. X, Y and Z are used to represent filter criteria:
X AND Y AND Z -
{"where":{"and":[{X},{Y},{Z}]}}X OR Y OR Z -
{"where":{"or":[{X},{Y},{Z}]}}X AND (Y OR Z) -
{"where":{"and":[{X}, {"or":[{Y},{Z}]}]}}(X AND Y) OR Z -
{"where":{"or":[{"and": [{X},{Y}]},{Z}]}}
Example request using cURL:
curl -s -X POST https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/logpush/jobs/ \-H 'X-Auth-Key: <KEY>' \-H 'X-Auth-Email:<EMAIL>' \-H 'Content-Type: application/json' \-d '{"name":"example.com static assets","logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp×tamps=rfc3339&CVE-2021-44228=true","dataset": "http_requests","filter":"{\"where\":{\"and\":[{\"key\":\"ClientRequestPath\",\"operator\":\"contains\",\"value\":\"/static\"},{\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"}]}}","destination_conf": "s3://<BUCKET_PATH>?region=us-west-2/"}' | jq .