diff --git a/src/content/docs/cloudflare-one/insights/logs/index.mdx b/src/content/docs/cloudflare-one/insights/logs/index.mdx
index c230f8e3aa57c7d..e5e9b5b450537eb 100644
--- a/src/content/docs/cloudflare-one/insights/logs/index.mdx
+++ b/src/content/docs/cloudflare-one/insights/logs/index.mdx
@@ -8,7 +8,7 @@ head:
content: Zero Trust logs
---
-import { DirectoryListing } from "~/components";
+import { DirectoryListing, Badge, Render } from "~/components";
Review detailed logs for your Zero Trust organization.
@@ -18,19 +18,25 @@ Review detailed logs for your Zero Trust organization.
Cloudflare Zero Trust logs are stored for a varying period of time based on the service used and plan type:
-| | Free | Standard | Access | Gateway | Enterprise |
-| ----| ------ | ------ | ------ | ------ | -------- |
-| **Admin logs** | 18 months | 18 months | 18 months | 18 months | 18 months | 18 months |
-| **Access logs** | 24 hours | 30 days | 30 days | 24 hours | 180 days |
-| **DNS logs** | 24 hours | 30 days | 24 hours | 30 days | 180 days1 |
-| **Network logs** | 24 hours | 30 days | 24 hours | 30 days | 30 days |
-| **HTTP logs** | 24 hours | 30 days | 24 hours | 30 days | 30 days |
-| **DEX logs** | 7 days | 7 days | 7 days | 7 days | 7 days |
-| **Device posture logs** | 30 days | 30 days | 30 days | 30 days | 30 days |
-
-1 Enterprise users on per query plans cannot store DNS logs via Cloudflare.
-You can still export logs via [Logpush](/cloudflare-one/insights/logs/logpush/).
-For more information, contact your account team.
+| | Free | Standard | Access | Gateway | Enterprise |
+| ----------------------- | --------- | --------- | --------- | --------- | ------------ |
+| **Admin logs** | 18 months | 18 months | 18 months | 18 months | 18 months |
+| **Access logs** | 24 hours | 30 days | 30 days | 24 hours | 180 days |
+| **DNS logs** | 24 hours | 30 days | 24 hours | 30 days | 180 days[^1] |
+| **Network logs** | 24 hours | 30 days | 24 hours | 30 days | 30 days |
+| **HTTP logs** | 24 hours | 30 days | 24 hours | 30 days | 30 days |
+| **DEX logs** | 7 days | 7 days | 7 days | 7 days | 7 days |
+| **Device posture logs** | 30 days | 30 days | 30 days | 30 days | 30 days |
+
+[^1]: Enterprise users on per query plans cannot store DNS logs via Cloudflare. You can still export logs via [Logpush](/cloudflare-one/insights/logs/logpush/). For more information, contact your account team.
+
+## Log Explorer
+
+Log Explorer users can store Zero Trust logs directly within Cloudflare in an [R2 bucket](/r2/) and access them with the dashboard or API. Log Explorer supports the following Zero Trust datasets:
+
+
+
+For more information, refer to [Log Explorer](/logs/log-explorer/).
## Customer Metadata Boundary
diff --git a/src/content/docs/cloudflare-one/insights/logs/logpush.mdx b/src/content/docs/cloudflare-one/insights/logs/logpush.mdx
index 53c456e24de49ac..273cf48119fc18d 100644
--- a/src/content/docs/cloudflare-one/insights/logs/logpush.mdx
+++ b/src/content/docs/cloudflare-one/insights/logs/logpush.mdx
@@ -35,19 +35,20 @@ You can configure multiple destinations and add additional fields to your logs b
## Zero Trust datasets
-Refer to the Logpush documentation for a list of available fields.
-
-| Dataset | Description |
-| ------------------------------------------------------------------------------- | -------------------------------------------------------------- |
-| [Gateway DNS](/logs/reference/log-fields/account/gateway_dns/) | DNS queries inspected by Cloudflare Gateway |
-| [Gateway HTTP](/logs/reference/log-fields/account/gateway_http/) | HTTP requests inspected by Cloudflare Gateway |
-| [Gateway Network](/logs/reference/log-fields/account/gateway_network/) | Network packets inspected by Cloudflare Gateway |
-| [Audit Logs](/logs/reference/log-fields/account/audit_logs/) | Authentication events through Cloudflare Access |
-| [Access Requests](/logs/reference/log-fields/account/access_requests/) | HTTP requests to sites protected by Cloudflare Access |
-| [CASB Findings](/logs/reference/log-fields/account/casb_findings/) | Security issues detected by Cloudflare CASB |
-| [Device Posture](/logs/reference/log-fields/account/device_posture_results/) | Device posture status from the WARP client |
-| [Session Logs](/logs/reference/log-fields/account/zero_trust_network_sessions/) | Network session logs for traffic proxied by Cloudflare Gateway |
-| [SSH Logs](/logs/reference/log-fields/account/ssh_logs/) | SSH command logs for [Access for Infrastructure targets](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) |
+Refer to [Logpush log fields](/logs/reference/log-fields/) for a list of all available fields.
+
+| Dataset | Description |
+| -------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [Access Requests](/logs/reference/log-fields/account/access_requests/) | HTTP requests to sites protected by Cloudflare Access |
+| [Audit Logs](/logs/reference/log-fields/account/audit_logs/) | Authentication events through Cloudflare Access |
+| [CASB Findings](/logs/reference/log-fields/account/casb_findings/) | Security issues detected by Cloudflare CASB |
+| [Device Posture Results](/logs/reference/log-fields/account/device_posture_results/) | Device posture status from the WARP client |
+| [DLP Forensic Copies](/logs/reference/log-fields/account/dlp_forensic_copies/) | Entire HTTP requests or payloads of HTTP requests captured by [Cloudflare DLP](/cloudflare-one/policies/data-loss-prevention/dlp-policies/logging-options/) |
+| [Gateway DNS](/logs/reference/log-fields/account/gateway_dns/) | DNS queries inspected by Cloudflare Gateway |
+| [Gateway HTTP](/logs/reference/log-fields/account/gateway_http/) | HTTP requests inspected by Cloudflare Gateway |
+| [Gateway Network](/logs/reference/log-fields/account/gateway_network/) | Network packets inspected by Cloudflare Gateway |
+| [SSH Logs](/logs/reference/log-fields/account/ssh_logs/) | SSH command logs for [Access for Infrastructure targets](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) |
+| [Zero Trust Network Session Logs](/logs/reference/log-fields/account/zero_trust_network_sessions/) | Network session logs for traffic proxied by Cloudflare Gateway |
## Parse DNS logs
diff --git a/src/content/docs/logs/log-explorer.mdx b/src/content/docs/logs/log-explorer.mdx
index b75cbc176159312..eb880f4b7c4ef4a 100644
--- a/src/content/docs/logs/log-explorer.mdx
+++ b/src/content/docs/logs/log-explorer.mdx
@@ -7,7 +7,7 @@ sidebar:
text: Beta
---
-import { TabItem, Tabs } from "~/components";
+import { TabItem, Tabs, Render } from "~/components";
Log Explorer enables you to store and explore your Cloudflare logs directly within the Cloudflare Dashboard or API. Giving you visibility into your logs without the need to forward them to third parties. Logs are stored on Cloudflare's global network using the R2 object storage platform and can be queried via the Dashboard or SQL API.
@@ -26,13 +26,7 @@ Log Explorer is available at the account and zone level. At the zone level, data
At the account level, the datasets available are:
-- [Access requests](/logs/reference/log-fields/account/access_requests/) (`FROM access_requests`)
-- [CASB Findings](/logs/reference/log-fields/account/casb_findings/) (`FROM casb_findings`)
-- [Device posture results](/logs/reference/log-fields/account/device_posture_results/) (`FROM device_posture_results`)
-- [Gateway DNS](/logs/reference/log-fields/account/gateway_dns/) (`FROM gateway_dns`)
-- [Gateway HTTP](/logs/reference/log-fields/account/gateway_http/) (`FROM gateway_http`)
-- [Gateway Network](/logs/reference/log-fields/account/gateway_network/) (`FROM gateway_network`)
-- [Zero Trust Network Session Logs](/logs/reference/log-fields/account/zero_trust_network_sessions/) (`FROM zero_trust_network_sessions`)
+
## Authentication
@@ -54,8 +48,6 @@ Authentication with the API can be done via an authentication header or API toke
- `Authorization: Bearer ` To create an appropriately scoped API token, refer to [Create API token](/fundamentals/api/get-started/create-token/) documentation. Copy and paste the token into the authorization parameter for your API call.
-
-
## Enable Log Explorer
In order for Log Explorer to begin storing logs, you need to enable the desired datasets. You can do this via the dashboard or the API.
@@ -150,18 +142,18 @@ Which returns the following HTTP request details:
```json
{
- "result": [
- {
- "clientrequestscheme": "https",
- "clientrequesthost": "example.com",
- "clientrequestmethod": "GET",
- "clientrequestuseragent": "curl/7.88.1",
- "edgeresponsestatus": 200
- }
- ],
- "success": true,
- "errors": [],
- "messages": []
+ "result": [
+ {
+ "clientrequestscheme": "https",
+ "clientrequesthost": "example.com",
+ "clientrequestmethod": "GET",
+ "clientrequestuseragent": "curl/7.88.1",
+ "edgeresponsestatus": 200
+ }
+ ],
+ "success": true,
+ "errors": [],
+ "messages": []
}
```
@@ -177,23 +169,23 @@ Which returns the following request details:
```json
{
- "result": [
- {
- "createdat": "2025-01-14T18:17:55Z",
- "appdomain": "example.com",
- "appuuid": "a66b4ab0-ccdf-4d60-a6d0-54a59a827d92",
- "action": "login",
- "allowed": true,
- "country": "us",
- "rayid": "90fbb07c0b316957",
- "email": "user@example.com",
- "ipaddress": "1.2.3.4",
- "useruid": "52859e81-711e-4de0-8b31-283336060e79"
- }
- ],
- "success": true,
- "errors": [],
- "messages": []
+ "result": [
+ {
+ "createdat": "2025-01-14T18:17:55Z",
+ "appdomain": "example.com",
+ "appuuid": "a66b4ab0-ccdf-4d60-a6d0-54a59a827d92",
+ "action": "login",
+ "allowed": true,
+ "country": "us",
+ "rayid": "90fbb07c0b316957",
+ "email": "user@example.com",
+ "ipaddress": "1.2.3.4",
+ "useruid": "52859e81-711e-4de0-8b31-283336060e79"
+ }
+ ],
+ "success": true,
+ "errors": [],
+ "messages": []
}
```
diff --git a/src/content/partials/logs/log-explorer-account-datasets.mdx b/src/content/partials/logs/log-explorer-account-datasets.mdx
new file mode 100644
index 000000000000000..7ea31e6c8d486cb
--- /dev/null
+++ b/src/content/partials/logs/log-explorer-account-datasets.mdx
@@ -0,0 +1,11 @@
+---
+{}
+---
+
+- [Access requests](/logs/reference/log-fields/account/access_requests/) (`FROM access_requests`)
+- [CASB Findings](/logs/reference/log-fields/account/casb_findings/) (`FROM casb_findings`)
+- [Device posture results](/logs/reference/log-fields/account/device_posture_results/) (`FROM device_posture_results`)
+- [Gateway DNS](/logs/reference/log-fields/account/gateway_dns/) (`FROM gateway_dns`)
+- [Gateway HTTP](/logs/reference/log-fields/account/gateway_http/) (`FROM gateway_http`)
+- [Gateway Network](/logs/reference/log-fields/account/gateway_network/) (`FROM gateway_network`)
+- [Zero Trust Network Session Logs](/logs/reference/log-fields/account/zero_trust_network_sessions/) (`FROM zero_trust_network_sessions`)