Custom fields
The HTTP requests dataset includes most standard log information by default. However, if you need to capture additional request or response headers or cookies, you can use custom fields to tailor the logs to your specific needs
Custom fields are configured per zone and, once set up, are enabled for all Logpush jobs in that zone that use the HTTP requests dataset and include the request headers, response headers, or cookie fields. You can log these fields in their raw form or as transformed values.
This default behavior can be changed. You can configure either request or response headers to be logged as raw or transformed, depending on your needs - but not both for the same header.
Custom fields can be enabled via API or the Cloudflare dashboard.
Use the Rulesets API to create a rule that configures custom fields. For more information on concepts like phases, rulesets, and rules, as well as the available API operations, refer to the Ruleset Engine documentation.
To configure custom fields:
- Create a rule to configure the list of custom fields.
- Include the
Cookies,RequestHeaders, and/orResponseHeadersfields in your Logpush job.
Create a rule configuring the list of custom fields in the http_log_custom_fields phase at the zone level. Set the rule action to log_custom_field and the rule expression to true.
The action_parameters object that you must include in the rule that configures the list of custom fields should have the following structure:
"action_parameters": {//select raw (default) or transformed request header "request_fields": [ { "name": "<http_request_header_raw>" } ], "transformed_request_fields": [ { "name": "<http_request_header_transformed>" } ],//select raw or transformed (default) response header "response_fields": [ { "name": "<http_response_header_transformed>" } ], "raw_response_fields": [ { "name": "<http_response_header_raw>" } ], "cookie_fields": [ { "name": "<cookie_name>" } ]}Ensure that your rule definition complies with the following:
- You must include at least one of the following arrays in the
action_parametersobject:request_fields,transformed_request_fields,response_fields,raw_response_fields, andcookie_fields. - You must enter HTTP request and response header names in lower case.
- Cookie names are case sensitive — you must enter cookie names with the same capitalization they have in the HTTP request.
- You must set the rule expression to
true. - You can only log raw or transformed values for either request or response headers but not both for the same header.
Perform the following steps to create the rule:
-
Use the List existing rulesets operation to check if there is already a ruleset for the
http_log_custom_fieldsphase at the zone level (you can only have one zone ruleset per phase):Terminal window curl https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets \--header "X-Auth-Email: <EMAIL>" \--header "X-Auth-Key: <API_KEY>"If there is a ruleset for the
http_log_custom_fieldsphase at the zone level, take note of the ruleset ID. -
(Optional) If the response did not include a ruleset with
"kind": "zone"and"phase": "http_log_custom_fields", create the phase entry point ruleset using the Create ruleset operation:Terminal window curl https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets \--header "X-Auth-Email: <EMAIL>" \--header "X-Auth-Key: <API_KEY>" \--header "Content-Type: application/json" \--data '{"name": "Zone-level phase entry point","kind": "zone","description": "This ruleset configures custom log fields.","phase": "http_log_custom_fields"}'Take note of the ruleset ID included in the response.
-
Use the Update ruleset operation to define the rules of the entry point ruleset you found (or created in the previous step), adding a rule with the custom fields configuration. The rules you include in the request will replace all the rules in the ruleset.
The following example configures custom fields with the names of the HTTP request headers, HTTP response headers, and cookies you wish to include in Logpush logs:
Terminal window curl --request PUT \https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}} \--header "X-Auth-Email: <EMAIL>" \--header "X-Auth-Key: <API_KEY>" \--header "Content-Type: application/json" \--data '{"rules": [{"action": "log_custom_field","expression": "true","description": "Set Logpush custom fields for HTTP requests","action_parameters": {"request_fields": [{ "name": "content-type" },{ "name": "x-forwarded-for" }],"transformed_request_fields": [{"name": "host"}],"response_fields": [{ "name": "server" },{ "name": "content-type" }],"raw_response_fields": [{ "name": "allow" }],"cookie_fields": [{ "name": "__ga" },{ "name": "accountNumber" },{ "name": "__cfruid" }]}}]}'Example response:
{"result": {"id": "<RULESET_ID>","name": "Zone-level phase entry point","description": "This ruleset configures custom log fields.","kind": "zone","version": "2","rules": [{"id": "<RULE_ID_1>","version": "1","action": "log_custom_field","action_parameters": {"request_fields": [{ "name": "content-type" },{ "name": "x-forwarded-for" },"transformed_request_fields": [{ "name": "host" }],"response_fields": [{ "name": "server" },{ "name": "content-type" },"raw_response_fields": [{ "name": "allow" }],"cookie_fields": [{ "name": "__ga" },{ "name": "accountNumber" },{ "name": "__cfruid" }]},"expression": "true","description": "Set Logpush custom fields for HTTP requests","last_updated": "2021-11-21T11:02:08.769537Z","ref": "<RULE_REF_1>","enabled": true}],"last_updated": "2021-11-21T11:02:08.769537Z","phase": "http_log_custom_fields"},"success": true,"errors": [],"messages": []}
Next, include Cookies, RequestHeaders, and/or ResponseHeaders, depending on your custom field configuration, in the list of fields of the output_options job parameter when creating or updating a job. The logs will contain the configured custom fields and their values in the request/response.
For example, consider the following request that creates a job that includes custom fields:
curl https://api.cloudflare.com/client/v4/zones/{zone_id}/logpush/jobs \--header "X-Auth-Email: <EMAIL>" \--header "X-Auth-Key: <API_KEY>" \--header "Content-Type: application/json" \--data '{ "name": "<DOMAIN_NAME>", "destination_conf": "s3://<BUCKET_PATH>?region=us-west-2", "dataset": "http_requests", "output_options": { "field_names": ["RayID", "EdgeStartTimestamp", "Cookies", "RequestHeaders", "ResponseHeaders"], "timestamp_format": "rfc3339" }, "ownership_challenge": "<OWNERSHIP_CHALLENGE_TOKEN>"}'- Log in to the Cloudflare dashboard ↗ and select the domain you want to use.
- Go to Analytics & Logs > Logpush.
- In the Custom log fields section, select Edit Custom Fields.
- Select Set new Custom Field.
- From the Field Type dropdown, select Request Header, Response Header or Cookies and type the Field Name.
- When you are done, select Save.
- Custom fields allow 100 headers per field type — this applies separately to
request_fields,transformed_request_fields,response_fields,raw_response_fields, andcookie_fields. - For headers which may be included multiple times (for example, the
set-cookieresponse header), a custom field will only log the first instance of the header. Subsequent headers of the same type will be ignored. - The request header
Rangeis currently not supported by Custom Fields. - Transformed and raw values for request and response headers are available only via the API and cannot be set through the UI.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark