cloudflare · angelampcosta · Jul 25, 2025 · Jul 25, 2025
@@ -956,7 +956,7 @@
 /load-balancing/local-traffic-management/ltm-magic-wan/ /load-balancing/private-network/magic-wan/ 301
 
 # logs
-/logs/log-fields/ /logs/reference/log-fields/ 301
+/logs/log-fields/ /logs/logpush/logpush-job/datasets/ 301
 /logs/logpull-api/ /logs/logpull/ 301
 /logs/logpull-api/requesting-logs/ /logs/logpull/requesting-logs/ 301
 /logs/logpush/aws-s3/ /logs/logpush/logpush-job/enable-destinations/aws-s3/ 301
@@ -2215,6 +2215,7 @@
 /fundamentals/setup/manage-domains/* /fundamentals/manage-domains/:splat 301
 /fundamentals/setup/manage-members/* /fundamentals/manage-members/:splat 301
 /logs/get-started/enable-destinations/* /logs/logpush/logpush-job/enable-destinations/:splat 301
+/logs/reference/log-fields/* /logs/logpush/logpush-job/datasets/:splat 301 
 
 # Cloudflare One / Zero Trust
 /cloudflare-one/connections/connect-networks/install-and-setup/tunnel-guide/local/as-a-service/* /cloudflare-one/connections/connect-networks/configure-tunnels/local-management/as-a-service/:splat 301

@@ -8,6 +8,6 @@ date: 2025-01-15
 Only available on Enterprise plans.
 :::
 
-Cloudflare now allows you to send SSH command logs to storage destinations configured in [Logpush](/logs/logpush/), including third-party destinations. Once exported, analyze and audit the data as best fits your organization! For a list of available data fields, refer to the [SSH logs dataset](/logs/reference/log-fields/account/ssh_logs/).
+Cloudflare now allows you to send SSH command logs to storage destinations configured in [Logpush](/logs/logpush/), including third-party destinations. Once exported, analyze and audit the data as best fits your organization! For a list of available data fields, refer to the [SSH logs dataset](/logs/logpush/logpush-job/datasets/account/ssh_logs/).
 
 To set up a Logpush job, refer to [Logpush integration](/cloudflare-one/insights/logs/logpush/).
@@ -4,7 +4,7 @@ description: User action logs for Remote Browser Isolation
 date: 2025-03-04
 ---
 
-We're excited to announce that new logging capabilities for [Remote Browser Isolation (RBI)](/cloudflare-one/policies/browser-isolation/) through [Logpush](/logs/reference/log-fields/account/) are available in Beta starting today!
+We're excited to announce that new logging capabilities for [Remote Browser Isolation (RBI)](/cloudflare-one/policies/browser-isolation/) through [Logpush](/logs/logpush/logpush-job/datasets/account/) are available in Beta starting today!
 
 With these enhanced logs, administrators can gain visibility into end user behavior in the remote browser and track blocked data extraction attempts, along with the websites that triggered them, in an isolated session.
 

@@ -9,7 +9,7 @@ date: 2025-04-07
 You can now capture a maximum of 256 KB of log events per Workers invocation, helping you gain better visibility into application behavior.
 
 All console.log() statements, exceptions, request metadata, and headers are automatically captured during the Worker invocation and emitted
-as [JSON object](/logs/reference/log-fields/account/workers_trace_events). [Workers Logs](/workers/observability/logs/workers-logs) deserializes
+as [JSON object](/logs/logpush/logpush-job/datasets/account/workers_trace_events). [Workers Logs](/workers/observability/logs/workers-logs) deserializes
 this object before indexing the fields and storing them. You can also capture, transform, and export the JSON object in a
 [Tail Worker](/workers/observability/logs/tail-workers).
 

@@ -9,8 +9,8 @@ date: 2025-04-09
 You can now observe and investigate the CPU time and Wall time for every Workers Invocations.
 
 - For [Workers Logs](/workers/observability/logs/workers-logs), CPU time and Wall time are surfaced in the [Invocation Log](/workers/observability/logs/workers-logs/#invocation-logs)..
-- For [Tail Workers](/workers/observability/logs/tail-workers), CPU time and Wall time are surfaced at the top level of the [Workers Trace Events object](/logs/reference/log-fields/account/workers_trace_events).
-- For [Workers Logpush](/workers/observability/logs/logpush), CPU and Wall time are surfaced at the top level of the [Workers Trace Events object](/logs/reference/log-fields/account/workers_trace_events). All new jobs will have these new fields included by default. Existing jobs need to be updated to include CPU time and Wall time.
+- For [Tail Workers](/workers/observability/logs/tail-workers), CPU time and Wall time are surfaced at the top level of the [Workers Trace Events object](/logs/logpush/logpush-job/datasets/account/workers_trace_events).
+- For [Workers Logpush](/workers/observability/logs/logpush), CPU and Wall time are surfaced at the top level of the [Workers Trace Events object](/logs/logpush/logpush-job/datasets/account/workers_trace_events). All new jobs will have these new fields included by default. Existing jobs need to be updated to include CPU time and Wall time.
 
 You can use a Workers Logs filter to search for logs where Wall time exceeds 100ms.
 

@@ -83,7 +83,7 @@ To get more information about potential bot requests, use these JA3 and JA4 fing
 - [Bot Analytics](/bots/bot-analytics/#enterprise-bot-management)
 - [Security Events](/waf/analytics/security-events/) and [Security Analytics](/waf/analytics/security-analytics/)
 - [Analytics GraphQL API](/analytics/graphql-api/), specifically the **HTTP Requests** dataset
-- [Logs](/logs/reference/log-fields/zone/http_requests/)
+- [Logs](/logs/logpush/logpush-job/datasets/zone/http_requests/)
 
 ## Actions
 

@@ -47,7 +47,7 @@ and cf.bot_management.score lt 30
 
 ## Log fields
 
-Once you enable Bot Management, Cloudflare also surfaces bot information in its [HTTP requests log fields](/logs/reference/log-fields/zone/http_requests/):
+Once you enable Bot Management, Cloudflare also surfaces bot information in its [HTTP requests log fields](/logs/logpush/logpush-job/datasets/zone/http_requests/):
 
 - BotDetectionIDs
 - BotScore

@@ -61,7 +61,7 @@ Not all assets are eligible for Cache Reserve. To be admitted into Cache Reserve
 
 Like the standard CDN, Cache Reserve also uses the `cf-cache-status` header to indicate cache statuses like `MISS`, `HIT`, and `REVALIDATED`. Cache Reserve cache misses and hits are factored into the dashboard's cache hit ratio.
 
-Individual sampled requests that filled or were served by Cache Reserve are viewable via the [CacheReserveUsed](/logs/reference/log-fields/zone/http_requests/) Logpush field.
+Individual sampled requests that filled or were served by Cache Reserve are viewable via the [CacheReserveUsed](/logs/logpush/logpush-job/datasets/zone/http_requests/) Logpush field.
 
 Cache Reserve monthly operations and storage usage are viewable in the dashboard.
 

@@ -48,6 +48,6 @@ Build custom dashboards to share this information by specifying an individual cu
 
 Using [filters](/logs/logpush/logpush-job/filters/), you can send set sample rates (or not include logs altogether) based on filter criteria. This flexibility allows you to maintain selective logs for custom hostnames without massively increasing your log volume.
 
-Filtering is available for [all Cloudflare datasets](/logs/reference/log-fields/zone/).
+Filtering is available for [all Cloudflare datasets](/logs/logpush/logpush-job/datasets/zone/).
 
 <Render file="filtering-limitations" product="logs" />
@@ -149,7 +149,7 @@ To manually retrieve logs:
 Only available on Enterprise plans.
 :::
 
-Cloudflare allows you to send SSH command logs to storage destinations configured in [Logpush](/logs/logpush/), including third-party destinations. For a list of available data fields, refer to the [SSH logs dataset](/logs/reference/log-fields/account/ssh_logs/).
+Cloudflare allows you to send SSH command logs to storage destinations configured in [Logpush](/logs/logpush/), including third-party destinations. For a list of available data fields, refer to the [SSH logs dataset](/logs/logpush/logpush-job/datasets/account/ssh_logs/).
 
 To set up the Logpush job, refer to [Logpush integration](/cloudflare-one/insights/logs/logpush/).
 

@@ -125,7 +125,7 @@ These settings will only apply to logs displayed in Zero Trust. Logpush data is
 :::caution[Failed connection logs]
 Gateway will only log TCP traffic with completed connections. If a connection is not complete (such as a TCP SYN with no SYN ACK), Gateway will not log this traffic in network logs.
 
-Gateway can log failed connections in [network session logs](/logs/reference/log-fields/account/zero_trust_network_sessions/). These logs are available for Enterprise users via [Logpush](/cloudflare-one/insights/logs/logpush/) or [GraphQL](/cloudflare-one/insights/analytics/gateway/#graphql-queries).
+Gateway can log failed connections in [network session logs](/logs/logpush/logpush-job/datasets/account/zero_trust_network_sessions/). These logs are available for Enterprise users via [Logpush](/cloudflare-one/insights/logs/logpush/) or [GraphQL](/cloudflare-one/insights/analytics/gateway/#graphql-queries).
 :::
 
 ### Explanation of the fields

@@ -35,21 +35,21 @@ You can configure multiple destinations and add additional fields to your logs b
 
 ## Zero Trust datasets
 
-Refer to [Logpush log fields](/logs/reference/log-fields/) for a list of all available fields.
+Refer to [Logpush datasets](/logs/logpush/logpush-job/datasets/) for a list of all available fields.
 
 | Dataset                                                                                            | Description                                                                                                                                                 |
 | -------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [Access Requests](/logs/reference/log-fields/account/access_requests/)                             | HTTP requests to sites protected by Cloudflare Access                                                                                                       |
-| [Audit Logs](/logs/reference/log-fields/account/audit_logs/)                                       | Authentication events through Cloudflare Access                                                                                                             |
-| [Browser Isolation User Actions](/logs/reference/log-fields/account/biso_user_actions/)                                       | Data transfer actions performed by a user in the remote browser                                                                                                            |
-| [CASB Findings](/logs/reference/log-fields/account/casb_findings/)                                 | Security issues detected by Cloudflare CASB                                                                                                                 |
-| [Device Posture Results](/logs/reference/log-fields/account/device_posture_results/)               | Device posture status from the WARP client                                                                                                                  |
-| [DLP Forensic Copies](/logs/reference/log-fields/account/dlp_forensic_copies/)                     | Entire HTTP requests or payloads of HTTP requests captured by [Cloudflare DLP](/cloudflare-one/policies/data-loss-prevention/dlp-policies/logging-options/) |
-| [Gateway DNS](/logs/reference/log-fields/account/gateway_dns/)                                     | DNS queries inspected by Cloudflare Gateway                                                                                                                 |
-| [Gateway HTTP](/logs/reference/log-fields/account/gateway_http/)                                   | HTTP requests inspected by Cloudflare Gateway                                                                                                               |
-| [Gateway Network](/logs/reference/log-fields/account/gateway_network/)                             | Network packets inspected by Cloudflare Gateway                                                                                                             |
-| [SSH Logs](/logs/reference/log-fields/account/ssh_logs/)                                           | SSH command logs for [Access for Infrastructure targets](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/)             |
-| [Zero Trust Network Session Logs](/logs/reference/log-fields/account/zero_trust_network_sessions/) | Network session logs for traffic proxied by Cloudflare Gateway                                                                                              |
+| [Access Requests](/logs/logpush/logpush-job/datasets/account/access_requests/)                             | HTTP requests to sites protected by Cloudflare Access                                                                                                       |
+| [Audit Logs](/logs/logpush/logpush-job/datasets/account/audit_logs/)                                       | Authentication events through Cloudflare Access                                                                                                             |
+| [Browser Isolation User Actions](/logs/logpush/logpush-job/datasets/account/biso_user_actions/)                                       | Data transfer actions performed by a user in the remote browser                                                                                                            |
+| [CASB Findings](/logs/logpush/logpush-job/datasets/account/casb_findings/)                                 | Security issues detected by Cloudflare CASB                                                                                                                 |
+| [Device Posture Results](/logs/logpush/logpush-job/datasets/account/device_posture_results/)               | Device posture status from the WARP client                                                                                                                  |
+| [DLP Forensic Copies](/logs/logpush/logpush-job/datasets/account/dlp_forensic_copies/)                     | Entire HTTP requests or payloads of HTTP requests captured by [Cloudflare DLP](/cloudflare-one/policies/data-loss-prevention/dlp-policies/logging-options/) |
+| [Gateway DNS](/logs/logpush/logpush-job/datasets/account/gateway_dns/)                                     | DNS queries inspected by Cloudflare Gateway                                                                                                                 |
+| [Gateway HTTP](/logs/logpush/logpush-job/datasets/account/gateway_http/)                                   | HTTP requests inspected by Cloudflare Gateway                                                                                                               |
+| [Gateway Network](/logs/logpush/logpush-job/datasets/account/gateway_network/)                             | Network packets inspected by Cloudflare Gateway                                                                                                             |
+| [SSH Logs](/logs/logpush/logpush-job/datasets/account/ssh_logs/)                                           | SSH command logs for [Access for Infrastructure targets](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/)             |
+| [Zero Trust Network Session Logs](/logs/logpush/logpush-job/datasets/account/zero_trust_network_sessions/) | Network session logs for traffic proxied by Cloudflare Gateway                                                                                              |
 
 ## Parse DNS logs
 

@@ -5,7 +5,7 @@ sidebar:
   order: 7
 ---
 
-Gateway does not inspect or log [WebSocket](https://datatracker.ietf.org/doc/html/rfc6455) traffic. Instead, Gateway will only log the HTTP details used to make the WebSocket connection, as well as [network session information](/logs/reference/log-fields/account/zero_trust_network_sessions/). To filter your WebSocket traffic, create a policy with the `101` HTTP response code.
+Gateway does not inspect or log [WebSocket](https://datatracker.ietf.org/doc/html/rfc6455) traffic. Instead, Gateway will only log the HTTP details used to make the WebSocket connection, as well as [network session information](/logs/logpush/logpush-job/datasets/account/zero_trust_network_sessions/). To filter your WebSocket traffic, create a policy with the `101` HTTP response code.
 
 | Selector      | Operator | Value                     | Action |
 | ------------- | -------- | ------------------------- | ------ |

@@ -62,6 +62,6 @@ Below you can find a breakdown of the different ways that you might configure Cl
 
 ## Customer Metadata Boundary
 
-Cloudflare for SaaS [Analytics](/cloudflare-for-platforms/cloudflare-for-saas/hostname-analytics/) based on [HTTP requests](/logs/reference/log-fields/zone/http_requests/) are fully supported by Customer Metadata Boundary.
+Cloudflare for SaaS [Analytics](/cloudflare-for-platforms/cloudflare-for-saas/hostname-analytics/) based on [HTTP requests](/logs/logpush/logpush-job/datasets/zone/http_requests/) are fully supported by Customer Metadata Boundary.
 
 Refer to [Cloudflare for SaaS documentation](/cloudflare-for-platforms/cloudflare-for-saas/) for more information.
@@ -44,7 +44,7 @@ Regional Services does not apply to [Subrequests](/workers/platform/limits/#subr
 
 There are certain limitations and caveats when using Customer Metadata Boundary.
 
-Specifically most of the Zone Analytics & Logs UI Tabs will be showing up as empty, when configuring Customer Metadata Boundary to EU only. It is recommended to use the UI [Security Analytics](/waf/analytics/security-analytics/) instead, or the [HTTP request](/logs/reference/log-fields/zone/http_requests/) logs via [Logpush](/logs/logpush/).
+Specifically most of the Zone Analytics & Logs UI Tabs will be showing up as empty, when configuring Customer Metadata Boundary to EU only. It is recommended to use the UI [Security Analytics](/waf/analytics/security-analytics/) instead, or the [HTTP request](/logs/logpush/logpush-job/datasets/zone/http_requests/) logs via [Logpush](/logs/logpush/).
 
 To configure Customer Metadata Boundary to EU only, you must disable Log Retention for all zones within your account. Log Retention is a legacy feature of [Logpull](/logs/logpull/).
 

@@ -5,7 +5,7 @@ sidebar:
   order: 4
 ---
 
-The table below lists the [Logpush datasets](/logs/reference/log-fields/) that support zones or accounts with Customer Metadata Boundary (CMB) enabled. The column **Respects CMB** indicates whether enabling CMB impacts the dataset (yes/no). The last two columns inform you if CMB is available with US and EU.
+The table below lists the [Logpush datasets](/logs/logpush/logpush-job/datasets/) that support zones or accounts with Customer Metadata Boundary (CMB) enabled. The column **Respects CMB** indicates whether enabling CMB impacts the dataset (yes/no). The last two columns inform you if CMB is available with US and EU.
 
 Be aware that if you enable CMB for a dataset that does not support your region, no data will be pushed to your destination.
 

@@ -13,4 +13,4 @@ import { GlossaryTooltip } from "~/components"
 
 Retrieve HTTP events using [Cloudflare Logs](/logs/) to integrate them into your <GlossaryTooltip term="SIEM">SIEM systems</GlossaryTooltip>.
 
-Additionally, if you are a Magic Transit or a Spectrum customer on an Enterprise plan, you can export L3/4 traffic and DDoS attack logs using the [Network Analytics logs](/logs/reference/log-fields/account/network_analytics_logs/).
+Additionally, if you are a Magic Transit or a Spectrum customer on an Enterprise plan, you can export L3/4 traffic and DDoS attack logs using the [Network Analytics logs](/logs/logpush/logpush-job/datasets/account/network_analytics_logs/).
Original file line number	Diff line number	Diff line change
Expand Up		@@ -13,4 +13,4 @@ import { GlossaryTooltip } from "~/components"

		Retrieve HTTP events using [Cloudflare Logs](/logs/) to integrate them into your <GlossaryTooltip term="SIEM">SIEM systems</GlossaryTooltip>.

		Additionally, if you are a Magic Transit or a Spectrum customer on an Enterprise plan, you can export L3/4 traffic and DDoS attack logs using the [Network Analytics logs](/logs/reference/log-fields/account/network_analytics_logs/).
		Additionally, if you are a Magic Transit or a Spectrum customer on an Enterprise plan, you can export L3/4 traffic and DDoS attack logs using the [Network Analytics logs](/logs/logpush/logpush-job/datasets/account/network_analytics_logs/).