[Gateway] Logpush Resource Record fields (#17184)

Author: maxvp

src/content/docs/cloudflare-one/insights/logs/logpush.mdx

@@ -48,63 +48,30 @@ Refer to the Logpush documentation for a list of available fields.
 | [Device Posture](/logs/reference/log-fields/account/device_posture_results/)    | Device posture status from the WARP client                     |
 | [Session Logs](/logs/reference/log-fields/account/zero_trust_network_sessions/) | Network session logs for traffic proxied by Cloudflare Gateway |
 
-## Parse Logpush logs
+## Parse DNS logs
 
-Cloudflare Gateway logs DNS query information in [resource record format](https://datatracker.ietf.org/doc/html/rfc1035#section-4.1.3), a Base64-encoded binary format. The following resource record fields are available for each query:
+Logpush logs the following fields for each DNS query:
 
 - Query name
 - Query type
 - Query class
 - Response TTL
 - Response data
 
-To parse resource record logs from Logpush, run the following Python script with your desired samples:
-
-```python
-import dnslib
-import base64
-
-
-# The samples from your Logpush output
-samples = [
-   {"type":"1","data":"BnJlZGRpdANjb20AAAEAAQAAALwABJdlwYw="},
-   {"type":"5","data":"BnNlY3VyZQV3bHhycwNjb20AAAUAAQAADggAIgZzZWN1cmUEYmFzZQV3bHhycwNjb20GYWthZG5zA25ldAA="},
-   {"type":"28","data":"Bmdvb2dsZQNjb20AABwAAQAAAGkAECYH+LBAIxAJAAAAAAAAAGU="}]
-
-
-# Parse the Logpush RData.data field into Resource Records
-# See section "4.1.3. Resource record format" of https://www.ietf.org/rfc/rfc1035.txt
-# Includes Query Name, Query Type, Query Class, Response TTL, Response Data
-for sample in samples:
-   decoded = base64.b64decode(sample["data"])
-   buffer = dnslib.DNSBuffer(decoded)
-   r = dnslib.RR.parse(buffer)
-   print("== Print the full Resource Record ==")
-   print(r)
-   print("== Print individual components of the Resource Record ==")
-   query_name = r.rname
-   query_type = r.rtype
-   query_class = r.rclass
-   response_ttl = r.ttl
-   response_data = r.rdata
-   print(f"query name: {query_name} | query type: {query_type} | query class: {query_class} | ttl: {response_ttl} | rdata: {response_data}\n")
-```
-
-The script will print a list of your samples. For example:
-
-```txt
-== Print the full Resource Record ==
-reddit.com.             188     IN      A       151.101.193.140
-== Print individual components of the Resource Record ==
-query name: reddit.com. | query type: 1 | query class: 1 | ttl: 188 | rdata: 151.101.193.140
-
-== Print the full Resource Record ==
-secure.wlxrs.com.       3592    IN      CNAME   secure.base.wlxrs.com.akadns.net.
-== Print individual components of the Resource Record ==
-query name: secure.wlxrs.com. | query type: 5 | query class: 1 | ttl: 3592 | rdata: secure.base.wlxrs.com.akadns.net.
-
-== Print the full Resource Record ==
-google.com.             105     IN      AAAA    2607:f8b0:4023:1009::65
-== Print individual components of the Resource Record ==
-query name: google.com. | query type: 28 | query class: 1 | ttl: 105 | rdata: 2607:f8b0:4023:1009::65
+DNS query resource records are available in [Base64-encoded binary format](https://datatracker.ietf.org/doc/html/rfc1035#section-4.1.3) and JSON. For example:
+
+```json
+{
+	"ResourceRecords": [
+		{
+			"type": "5",
+			"data": "d3d3LmV4YW1wbGUuY29tAAABAAUAAABleGFtcGxlLmNvbQ=="
+		},
+		{
+			"type": "1",
+			"data": "ZXhhbXBsZS5jb20AAAEAAQAAAQIDBAUGBwgJ"
+		}
+	],
+	"ResourceRecordsJSON": "[{\"name\":\"www.example.com\",\"type\":\"CNAME\",\"class\":\"IN\",\"ttl\":300,\"rdata\":\"example.com.\"},{\"name\":\"example.com\",\"type\":\"A\",\"class\":\"IN\",\"ttl\":300,\"rdata\":\"203.0.113.0\"}]"
+}
 ```