diff --git a/src/content/docs/logs/reference/log-fields/account/access_requests.mdx b/src/content/docs/logs/reference/log-fields/account/access_requests.md
similarity index 76%
rename from src/content/docs/logs/reference/log-fields/account/access_requests.mdx
rename to src/content/docs/logs/reference/log-fields/account/access_requests.md
index 7d308dd4b61156f..58ba033a4d9f2b4 100644
--- a/src/content/docs/logs/reference/log-fields/account/access_requests.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/access_requests.md
@@ -1,99 +1,100 @@
---
+# Code generator. DO NOT EDIT.
+
title: Access requests
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `access_requests`.
## Action
-Type: string
+Type: `string`
-What type of record is this. login | logout.
+What type of record is this. login \| logout.
## Allowed
-Type: bool
+Type: `bool`
If request was allowed or denied.
## AppDomain
-Type: string
+Type: `string`
The domain of the Application that Access is protecting.
## AppUUID
-Type: string
+Type: `string`
Access Application UUID.
## Connection
-Type: string
+Type: `string`
Identity provider used for the login.
## Country
-Type: string
+Type: `string`
Request's country of origin.
## CreatedAt
-Type: int or string
+Type: `int or string`
The date and time the corresponding access request was made (for example, '2021-07-27T00:01:07Z').
## Email
-Type: string
+Type: `string`
Email of the user who logged in.
## IPAddress
-Type: string
+Type: `string`
The IP address of the client.
## PurposeJustificationPrompt
-Type: string
+Type: `string`
Message prompted to the client when accessing the application.
## PurposeJustificationResponse
-Type: string
+Type: `string`
Justification given by the client when accessing the application.
## RayID
-Type: string
+Type: `string`
Identifier of the request.
## TemporaryAccessApprovers
-Type: array\[string]
+Type: `array[string]`
List of approvers for this access request.
## TemporaryAccessDuration
-Type: int
+Type: `int`
Approved duration for this access request.
## UserUID
-Type: string
+Type: `string`
The uid of the user who logged in.
diff --git a/src/content/docs/logs/reference/log-fields/account/audit_logs.mdx b/src/content/docs/logs/reference/log-fields/account/audit_logs.md
similarity index 81%
rename from src/content/docs/logs/reference/log-fields/account/audit_logs.mdx
rename to src/content/docs/logs/reference/log-fields/account/audit_logs.md
index 86a53825ee78aa7..b9bda23486c07e2 100644
--- a/src/content/docs/logs/reference/log-fields/account/audit_logs.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/audit_logs.md
@@ -1,99 +1,100 @@
---
+# Code generator. DO NOT EDIT.
+
title: Audit logs
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `audit_logs`.
## ActionResult
-Type: bool
+Type: `bool`
Whether the action was successful.
## ActionType
-Type: string
+Type: `string`
Type of action taken.
## ActorEmail
-Type: string
+Type: `string`
Email of the actor.
## ActorID
-Type: string
+Type: `string`
Unique identifier of the actor in Cloudflare's system.
## ActorIP
-Type: string
+Type: `string`
Physical network address of the actor.
## ActorType
-Type: string
+Type: `string`
Type of user that started the audit trail.
## ID
-Type: string
+Type: `string`
Unique identifier of an audit log.
## Interface
-Type: string
+Type: `string`
Entry point or interface of the audit log.
## Metadata
-Type: object
+Type: `object`
Additional audit log-specific information. Metadata is organized in key:value pairs. Key and Value formats can vary by ResourceType.
## NewValue
-Type: object
+Type: `object`
Contains the new value for the audited item.
## OldValue
-Type: object
+Type: `object`
Contains the old value for the audited item.
## OwnerID
-Type: string
+Type: `string`
The identifier of the user that was acting or was acted on behalf of. If a user did the action themselves, this value will be the same as the ActorID.
## ResourceID
-Type: string
+Type: `string`
Unique identifier of the resource within Cloudflare's system.
## ResourceType
-Type: string
+Type: `string`
The type of resource that was changed.
## When
-Type: int or string
+Type: `int or string`
When the change happened.
diff --git a/src/content/docs/logs/reference/log-fields/account/casb_findings.mdx b/src/content/docs/logs/reference/log-fields/account/casb_findings.md
similarity index 85%
rename from src/content/docs/logs/reference/log-fields/account/casb_findings.mdx
rename to src/content/docs/logs/reference/log-fields/account/casb_findings.md
index b09981e70e51016..43ec4c9c0d86ccc 100644
--- a/src/content/docs/logs/reference/log-fields/account/casb_findings.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/casb_findings.md
@@ -1,81 +1,82 @@
---
+# Code generator. DO NOT EDIT.
+
title: CASB Findings
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `casb_findings`.
## AssetDisplayName
-Type: string
+Type: `string`
Asset display name (for example, 'My File Name.docx').
## AssetExternalID
-Type: string
+Type: `string`
Unique identifier for an asset of this type. Format will vary by policy vendor.
## AssetLink
-Type: string
+Type: `string`
URL to the asset. This may not be available for some policy vendors and asset types.
## AssetMetadata
-Type: object
+Type: `object`
Metadata associated with the asset. Structure will vary by policy vendor.
## DetectedTimestamp
-Type: int or string
+Type: `int or string`
Date and time the finding was first identified (for example, '2021-07-27T00:01:07Z').
## FindingTypeDisplayName
-Type: string
+Type: `string`
Human-readable name of the finding type (for example, 'File Publicly Accessible Read Only').
## FindingTypeID
-Type: string
+Type: `string`
UUID of the finding type in Cloudflare's system.
## FindingTypeSeverity
-Type: string
+Type: `string`
Severity of the finding type (for example, 'High').
## InstanceID
-Type: string
+Type: `string`
UUID of the finding in Cloudflare's system.
## IntegrationDisplayName
-Type: string
+Type: `string`
Human-readable name of the integration (for example, 'My Google Workspace Integration').
## IntegrationID
-Type: string
+Type: `string`
UUID of the integration in Cloudflare's system.
## IntegrationPolicyVendor
-Type: string
+Type: `string`
Human-readable vendor name of the integration's policy (for example, 'Google Workspace Standard Policy').
diff --git a/src/content/docs/logs/reference/log-fields/account/device_posture_results.mdx b/src/content/docs/logs/reference/log-fields/account/device_posture_results.md
similarity index 86%
rename from src/content/docs/logs/reference/log-fields/account/device_posture_results.mdx
rename to src/content/docs/logs/reference/log-fields/account/device_posture_results.md
index 494f00c675eb470..f1139413cc450b5 100644
--- a/src/content/docs/logs/reference/log-fields/account/device_posture_results.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/device_posture_results.md
@@ -1,111 +1,112 @@
---
+# Code generator. DO NOT EDIT.
+
title: Device posture results
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `device_posture_results`.
## ClientVersion
-Type: string
+Type: `string`
The Zero Trust client version at the time of upload.
## DeviceID
-Type: string
+Type: `string`
The device ID that performed the posture upload.
## DeviceManufacturer
-Type: string
+Type: `string`
The manufacturer of the device that the Zero Trust client is running on.
## DeviceModel
-Type: string
+Type: `string`
The model of the device that the Zero Trust client is running on.
## DeviceName
-Type: string
+Type: `string`
The name of the device that the Zero Trust client is running on.
## DeviceSerialNumber
-Type: string
+Type: `string`
The serial number of the device that the Zero Trust client is running on.
## DeviceType
-Type: string
+Type: `string`
The Zero Trust client operating system type.
## Email
-Type: string
+Type: `string`
The email used to register the device with the Zero Trust client.
## OSVersion
-Type: string
+Type: `string`
The operating system version at the time of upload.
## PolicyID
-Type: string
+Type: `string`
The posture check ID associated with this device posture result.
## PostureCheckName
-Type: string
+Type: `string`
The name of the posture check associated with this device posture result.
## PostureCheckType
-Type: string
+Type: `string`
The type of the Zero Trust client check or service provider check.
## PostureEvaluatedResult
-Type: bool
+Type: `bool`
Whether this posture upload passes the associated posture check, given the requirements posture check at the time of the timestamp.
## PostureExpectedJSON
-Type: object
+Type: `object`
JSON object of what the posture check expects from the Zero Trust client.
## PostureReceivedJSON
-Type: object
+Type: `object`
JSON object of what the Zero Trust client actually uploads.
## Timestamp
-Type: int or string
+Type: `int or string`
The date and time the corresponding device posture upload was performed (for example, '2021-07-27T00:01:07Z'). To specify the timestamp format, refer to [Output types](/logs/reference/log-output-options/#output-types).
## UserUID
-Type: string
+Type: `string`
The uid of the user who registered the device.
diff --git a/src/content/docs/logs/reference/log-fields/account/dlp_forensic_copies.md b/src/content/docs/logs/reference/log-fields/account/dlp_forensic_copies.md
new file mode 100644
index 000000000000000..fa526c2b0ff470e
--- /dev/null
+++ b/src/content/docs/logs/reference/log-fields/account/dlp_forensic_copies.md
@@ -0,0 +1,58 @@
+---
+# Code generator. DO NOT EDIT.
+
+title: DLP Forensic Copies
+pcx_content_type: configuration
+sidebar:
+ order: 21
+---
+
+The descriptions below detail the fields available for `dlp_forensic_copies`.
+
+## AccountID
+
+Type: `string`
+
+Cloudflare account ID.
+
+## Datetime
+
+Type: `int or string`
+
+The date and time the corresponding HTTP request was made.
+
+## ForensicCopyID
+
+Type: `string`
+
+The unique ID for this particular forensic copy.
+
+## GatewayRequestID
+
+Type: `string`
+
+Cloudflare request ID, as found in Gateway logs.
+
+## Headers
+
+Type: `object`
+
+String key-value pairs for a selection of HTTP headers on the associated request/response.
+
+## Payload
+
+Type: `string`
+
+Captured request/response data, base64-encoded.
+
+## Phase
+
+Type: `string`
+
+Phase of the HTTP request this forensic copy was captured from (i.e. "request" or "response").
+
+## TriggeredRuleID
+
+Type: `string`
+
+The ID of the Gateway firewall rule that triggered this forensic copy.
diff --git a/src/content/docs/logs/reference/log-fields/account/dns_firewall_logs.mdx b/src/content/docs/logs/reference/log-fields/account/dns_firewall_logs.md
similarity index 75%
rename from src/content/docs/logs/reference/log-fields/account/dns_firewall_logs.mdx
rename to src/content/docs/logs/reference/log-fields/account/dns_firewall_logs.md
index 005d80f704d27b8..23fec511275337f 100644
--- a/src/content/docs/logs/reference/log-fields/account/dns_firewall_logs.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/dns_firewall_logs.md
@@ -1,123 +1,124 @@
---
+# Code generator. DO NOT EDIT.
+
title: DNS Firewall Logs
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `dns_firewall_logs`.
## ClientResponseCode
-Type: int
+Type: `int`
Integer value of the response code Cloudflare presents to the client. Response code follows [IANA parameters](https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6).
## ClusterID
-Type: string
+Type: `string`
The ID of the cluster which handled this request.
## ColoCode
-Type: string
+Type: `string`
IATA airport code of data center that received the request.
## EDNSSubnet
-Type: string
+Type: `string`
-IPv4 or IPv6 address information corresponding to the EDNS Client Subnet (ECS) forwarded by recursive resolvers. Not all resolvers send this information.
+IPv4 or IPv6 address information corresponding to the [EDNS Client Subnet (ECS)](/glossary/?term=ecs) forwarded by recursive resolvers. Not all resolvers send this information.
## EDNSSubnetLength
-Type: int
+Type: `int`
-Size of the EDNS Client Subnet (ECS) in bits. For example, if the last octet of an IPv4 address is omitted (`192.0.2.x.`), the subnet length will be 24.
+Size of the [EDNS Client Subnet (ECS)](/glossary/?term=ecs) in bits. For example, if the last octet of an IPv4 address is omitted (`192.0.2.x.`), the subnet length will be 24.
## QueryDO
-Type: bool
+Type: `bool`
Indicates if the client is capable of handling a signed response (DNSSEC answer OK).
## QueryName
-Type: string
+Type: `string`
Name of the query that was sent.
## QueryRD
-Type: bool
+Type: `bool`
Indicates if the client means a recursive query (Recursion Desired).
## QuerySize
-Type: int
+Type: `int`
The size of the query sent from the client in bytes.
## QueryTCP
-Type: bool
+Type: `bool`
Indicates if the query from the client was made via TCP (if false, then UDP).
## QueryType
-Type: int
+Type: `int`
Integer value of query type. For more information refer to [Query type](https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4).
## ResponseCached
-Type: bool
+Type: `bool`
Whether the response was cached or not.
## ResponseCachedStale
-Type: bool
+Type: `bool`
Whether the response was cached stale. In other words, the TTL had expired and the upstream nameserver was not reachable.
## ResponseReason
-Type: string
+Type: `string`
Short descriptions with more context around the final DNS Firewall response. Refer to [response reasons](/dns/dns-firewall/analytics/) for more information.
## SourceIP
-Type: string
+Type: `string`
IP address of the client (IPv4 or IPv6).
## Timestamp
-Type: int or string
+Type: `int or string`
Timestamp at which the query occurred.
## UpstreamIP
-Type: string
+Type: `string`
IP of the upstream nameserver (IPv4 or IPv6).
## UpstreamResponseCode
-Type: int
+Type: `int`
Integer value of the response code from the upstream nameserver. Response code follows [IANA parameters](https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6)
## UpstreamResponseTimeMs
-Type: int
+Type: `int`
Upstream response time in milliseconds.
diff --git a/src/content/docs/logs/reference/log-fields/account/gateway_dns.mdx b/src/content/docs/logs/reference/log-fields/account/gateway_dns.md
similarity index 68%
rename from src/content/docs/logs/reference/log-fields/account/gateway_dns.mdx
rename to src/content/docs/logs/reference/log-fields/account/gateway_dns.md
index bf17ab52f8bf187..313b3131a5159b2 100644
--- a/src/content/docs/logs/reference/log-fields/account/gateway_dns.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/gateway_dns.md
@@ -1,395 +1,394 @@
---
+# Code generator. DO NOT EDIT.
+
title: Gateway DNS
pcx_content_type: configuration
sidebar:
order: 21
-
---
-# Gateway DNS
-
The descriptions below detail the fields available for `gateway_dns`.
## AccountID
-Type: string
+Type: `string`
Cloudflare account ID.
## ApplicationID
-Type: int
+Type: `int`
ID of the application the domain belongs to (for example, 1, 2). Set to 0 when no ApplicationID is matched.
## ApplicationName
-Type: string
+Type: `string`
Name of the application the domain belongs to (for example, 'Cloudflare Dashboard').
## AuthoritativeNameServerIPs
-Type: array\[string]
+Type: `array[string]`
-The IPs of the authoritative nameservers that provided the answers, if any (for example \['203.0.113.1', '203.0.113.2']).
+The IPs of the authoritative nameservers that provided the answers, if any (for example ['203.0.113.1', '203.0.113.2']).
## CNAMECategoryIDs
-Type: array\[int]
+Type: `array[int]`
-ID or IDs of category that the intermediate cname domains belongs to (for example, \[7,12,28,122,129,163]).
+ID or IDs of category that the intermediate cname domains belongs to (for example, [7,12,28,122,129,163]).
## CNAMECategoryNames
-Type: array\[string]
+Type: `array[string]`
-Name or names of category that the intermediate cname domains belongs to (for example, \['Photography', 'Weather']).
+Name or names of category that the intermediate cname domains belongs to (for example, ['Photography', 'Weather']).
## CNAMEs
-Type: array\[string]
+Type: `array[string]`
-Resolved intermediate cname domains (for example, \['alias.example.com']).
+Resolved intermediate cname domains (for example, ['alias.example.com']).
## CNAMEsReversed
-Type: array\[string]
+Type: `array[string]`
-Resolved intermediate cname domains in reverse (for example, \['com.example.alias']).
+Resolved intermediate cname domains in reverse (for example, ['com.example.alias']).
## ColoCode
-Type: string
+Type: `string`
The name of the colo that received the DNS query (for example, 'SJC', 'MIA', 'IAD').
## ColoID
-Type: int
+Type: `int`
The ID of the colo that received the DNS query (for example, 46, 72, 397).
## CustomResolveDurationMs
-Type: int
+Type: `int`
The time it took for the custom resolver to respond.
## CustomResolverAddress
-Type: string
+Type: `string`
IP and port combo used to resolve the custom dns resolver query, if any.
## CustomResolverPolicyID
-Type: string
+Type: `string`
Custom resolver policy UUID, if matched.
## CustomResolverPolicyName
-Type: string
+Type: `string`
Custom resolver policy name, if matched.
## CustomResolverResponse
-Type: string
+Type: `string`
Status of the custom resolver response.
## Datetime
-Type: int or string
+Type: `int or string`
The date and time the corresponding DNS request was made (for example, '2021-07-27T00:01:07Z').
## DeviceID
-Type: string
+Type: `string`
UUID of the device where the HTTP request originated from (for example, 'dad71818-0429-11ec-a0dc-000000000000').
## DeviceName
-Type: string
+Type: `string`
The name of the device where the HTTP request originated from (for example, 'Laptop MB810').
## DoHSubdomain
-Type: string
+Type: `string`
The destination DoH subdomain the DNS query was made to.
## DoTSubdomain
-Type: string
+Type: `string`
The destination DoT subdomain the DNS query was made to.
## DstIP
-Type: string
+Type: `string`
The destination IP address the DNS query was made to (for example, '104.16.132.2290').
## DstPort
-Type: int
+Type: `int`
The destination port used at the edge. The port changes based on the protocol used by the DNS query (for example, 0).
## EDEErrors
-Type: array\[int]
+Type: `array[int]`
-List of returned Extended DNS Error Codes (for example, \[2, 3]).
+List of returned Extended DNS Error Codes (for example, [2, 3]).
## Email
-Type: string
+Type: `string`
-Email used to authenticate the client (for example, '[user@test.com](mailto:user@test.com)').
+Email used to authenticate the client (for example, 'user@test.com').
## InitialCategoryIDs
-Type: array\[int]
+Type: `array[int]`
-ID or IDs of category that the queried domains belongs to (for example, \[7,12,28,122,129,163]).
+ID or IDs of category that the queried domains belongs to (for example, [7,12,28,122,129,163]).
## InitialCategoryNames
-Type: array\[string]
+Type: `array[string]`
-Name or names of category that the queried domains belongs to (for example, \['Photography', 'Weather']).
+Name or names of category that the queried domains belongs to (for example, ['Photography', 'Weather']).
## IsResponseCached
-Type: bool
+Type: `bool`
Response comes from cache or not.
## Location
-Type: string
+Type: `string`
Name of the location the DNS request is coming from. Location is created by the customer (for example, 'Office NYC').
## LocationID
-Type: string
+Type: `string`
UUID of the location the DNS request is coming from. Location is created by the customer (for example, '7bdc7a9c-81d3-4816-8e56-000000000000').
## MatchedCategoryIDs
-Type: array\[int]
+Type: `array[int]`
-ID or IDs of category that the domain was matched with the policy (for example, \[7,12,28,122,129,163]).
+ID or IDs of category that the domain was matched with the policy (for example, [7,12,28,122,129,163]).
## MatchedCategoryNames
-Type: array\[string]
+Type: `array[string]`
-Name or names of category that the domain was matched with the policy (for example, \['Photography', 'Weather']).
+Name or names of category that the domain was matched with the policy (for example, ['Photography', 'Weather']).
## MatchedIndicatorFeedIDs
-Type: array\[int]
+Type: `array[int]`
-ID or IDs of indicator feed(s) that the domain was matched with the policy (for example, \[7,12]).
+ID or IDs of indicator feed(s) that the domain was matched with the policy (for example, [7,12]).
## MatchedIndicatorFeedNames
-Type: array\[string]
+Type: `array[string]`
-Name or names of indicator feed(s) that the domain was matched with the policy (for example, \['Vendor Malware Feed', 'Vendor CoC Feed']).
+Name or names of indicator feed(s) that the domain was matched with the policy (for example, ['Vendor Malware Feed', 'Vendor CoC Feed']).
## Policy (deprecated)
-Type: string
+Type: `string`
Name of the policy that was applied (if any) (for example, '7bdc7a9c-81d3-4816-8e56-de1acad3dec5').
## PolicyID
-Type: string
+Type: `string`
ID of the policy/rule that was applied (if any).
## PolicyName
-Type: string
+Type: `string`
Name of the policy that was applied (if any).
## Protocol
-Type: string
+Type: `string`
The protocol used for the DNS query by the client (for example, 'udp').
## QueryCategoryIDs
-Type: array\[int]
+Type: `array[int]`
Union of all categories; Initial categories + Resolved IP categories + Cname intermediate categories
## QueryCategoryNames
-Type: array\[string]
+Type: `array[string]`
Union of all category names; Initial categories + Resolved IP categories + Cname intermediate categories
## QueryID
-Type: string
+Type: `string`
Globally unique identifier of the query.
## QueryIndicatorFeedIDs
-Type: array\[int]
+Type: `array[int]`
-ID or IDs of indicator feed(s) that the domain belongs to (for example, \[7,12,28]).
+ID or IDs of indicator feed(s) that the domain belongs to (for example, [7,12,28]).
## QueryIndicatorFeedNames
-Type: array\[string]
+Type: `array[string]`
-Name or names of indicator feed(s) that the domain belongs to (for example, \['Vendor Malware Feed', 'Vendor CoC Feed', 'Vendor Phishing Feed']).
+Name or names of indicator feed(s) that the domain belongs to (for example, ['Vendor Malware Feed', 'Vendor CoC Feed', 'Vendor Phishing Feed']).
## QueryName
-Type: string
+Type: `string`
The query name (for example, 'example.com'). Cloudflare will surface '.' for root server queries in your logs.
## QueryNameReversed
-Type: string
+Type: `string`
Query name in reverse (for example, 'com.example'). Cloudflare will surface '.' for root server queries in your logs.
## QuerySize
-Type: int
+Type: `int`
The size of the DNS request in bytes (for example, 151).
## QueryType
-Type: int
+Type: `int`
The type of DNS query (for example, 1, 28, 15, or 16).
## QueryTypeName
-Type: string
+Type: `string`
The type of DNS query (for example, 'A', 'AAAA', 'MX', or 'TXT').
## RCode
-Type: int
+Type: `int`
The return code sent back by the DNS resolver.
## RData (deprecated)
-Type: array\[object]
+Type: `array[object]`
-The rdata objects (for example, `[{"type":"5","data":"dns-packet-placeholder..."}]`).
+The rdata objects (for example, [{"type":"5","data":"dns-packet-placeholder..."}]).
## ResolvedIPCategoryIDs
-Type: array\[int]
+Type: `array[int]`
-ID or IDs of category that the ips in the response belongs to (for example, \[7,12,28,122,129,163]).
+ID or IDs of category that the ips in the response belongs to (for example, [7,12,28,122,129,163]).
## ResolvedIPCategoryNames
-Type: array\[string]
+Type: `array[string]`
-Name or names of category that the ips in the response belongs to (for example, \['Photography', 'Weather']).
+Name or names of category that the ips in the response belongs to (for example, ['Photography', 'Weather']).
## ResolvedIPContinentCodes
-Type: array\[string]
+Type: `array[string]`
-Continent code of each resolved IP, if any (for example \['NA', 'EU']).
+Continent code of each resolved IP, if any (for example ['NA', 'EU']).
## ResolvedIPCountryCodes
-Type: array\[string]
+Type: `array[string]`
-Country code of each resolved IP, if any (for example \['US', 'PT']).
+Country code of each resolved IP, if any (for example ['US', 'PT']).
## ResolvedIPs
-Type: array\[string]
+Type: `array[string]`
-The resolved IPs in the response, if any (for example \['203.0.113.1', '203.0.113.2']).
+The resolved IPs in the response, if any (for example ['203.0.113.1', '203.0.113.2']).
## ResolverDecision
-Type: string
+Type: `string`
Result of the DNS query (for example, 'overrideForSafeSearch').
## ResourceRecords
-Type: array\[object]
+Type: `array[object]`
-The rdata objects (for example, `[{"type":"5","data":"dns-packet-placeholder..."}]`).
+The rdata objects (for example, [{"type":"5","data":"dns-packet-placeholder..."}]).
## ResourceRecordsJSON
-Type: string
+Type: `string`
-String that represents the JSON array with the returned resource records (for example, "\[\{\\"name\\": \\"example.com\\", \\"type\\": \\"CNAME\\", \\"class\\": \\"IN\\", \\"ttl\\": 3600, \\"rdata\\": \\"cname.example.com.\\"}]").
+String that represents the JSON array with the returned resource records (for example, "[{\"name\": \"example.com\", \"type\": \"CNAME\", \"class\": \"IN\", \"ttl\": 3600, \"rdata\": \"cname.example.com.\"}]").
## SrcIP
-Type: string
+Type: `string`
The source IP address making the DNS query (for example, '104.16.132.229').
## SrcIPContinentCode
-Type: string
+Type: `string`
Continent code of the source IP address making the DNS query (for example, 'NA').
## SrcIPCountryCode
-Type: string
+Type: `string`
Country code of the source IP address making the DNS query (for example, 'US').
## SrcPort
-Type: int
+Type: `int`
The port used by the client when they sent the DNS request (for example, 0).
## TimeZone
-Type: string
+Type: `string`
Time zone used to calculate the current time, if a matched rule was scheduled with it.
## TimeZoneInferredMethod
-Type: string
+Type: `string`
Method used to pick the time zone for the schedule (from rule/ from user ip/ from local time).
## UserID
-Type: string
+Type: `string`
User identity where the HTTP request originated from (for example, '00000000-0000-0000-0000-000000000000').
diff --git a/src/content/docs/logs/reference/log-fields/account/gateway_http.mdx b/src/content/docs/logs/reference/log-fields/account/gateway_http.md
similarity index 72%
rename from src/content/docs/logs/reference/log-fields/account/gateway_http.mdx
rename to src/content/docs/logs/reference/log-fields/account/gateway_http.md
index 2ba31b7cbebf97c..54d6b4b6d2d746b 100644
--- a/src/content/docs/logs/reference/log-fields/account/gateway_http.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/gateway_http.md
@@ -1,357 +1,316 @@
---
+# Code generator. DO NOT EDIT.
+
title: Gateway HTTP
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `gateway_http`.
## AccountID
-Type: string
+Type: `string`
Cloudflare account tag.
## Action
-Type: string
+Type: `string`
Action performed by gateway on the HTTP request.
## ApplicationIDs
-Type: array\[int]
+Type: `array[int]`
IDs of the applications that matched the HTTP request parameters.
## ApplicationNames
-Type: array\[string]
+Type: `array[string]`
Names of the applications that matched the HTTP request parameters.
## BlockedFileHash
-Type: string
+Type: `string`
Hash of the file blocked in the response, if any.
## BlockedFileName
-Type: string
+Type: `string`
File name blocked in the request, if any.
## BlockedFileReason
-Type: string
+Type: `string`
Reason file was blocked in the response, if any.
## BlockedFileSize
-Type: string
+Type: `string`
File size(bytes) blocked in the response, if any.
## BlockedFileType
-Type: string
+Type: `string`
File type blocked in the response eg. exe, bin, if any.
## CategoryIDs
-Type: array\[int]
+Type: `array[int]`
IDs of the categories that matched the HTTP request parameters.
## CategoryNames
-Type: array\[string]
+Type: `array[string]`
Names of the categories that matched the HTTP request parameters.
## Datetime
-Type: int or string
+Type: `int or string`
The date and time the corresponding HTTP request was made.
## DestinationIP
-Type: string
+Type: `string`
Destination ip of the request.
## DestinationIPContinentCode
-Type: string
+Type: `string`
Continent code of the destination IP of the HTTP request (for example, 'NA').
## DestinationIPCountryCode
-Type: string
+Type: `string`
Country code of the destination IP of the HTTP request (for example, 'US').
## DestinationPort
-Type: string
+Type: `string`
Destination port of the request.
## DeviceID
-Type: string
+Type: `string`
UUID of the device where the HTTP request originated from.
## DeviceName
-Type: string
+Type: `string`
The name of the device where the HTTP request originated from (for example, 'Laptop MB810').
## DownloadMatchedDlpProfileEntries
-Type: array\[string]
+Type: `array[string]`
List of matched DLP entries in the HTTP request.
## DownloadMatchedDlpProfiles
-Type: array\[string]
+Type: `array[string]`
List of matched DLP profiles in the HTTP request.
## DownloadedFileNames
-Type: array\[string]
+Type: `array[string]`
List of files downloaded in the HTTP request.
## Email
-Type: string
+Type: `string`
Email used to authenticate the client.
## FileInfo
-Type: object
-
-Information about files detected within the HTTP request. The following data is available for each file.
-
-### action
-
-Type: string
-
-Action taken. Possible values are none, allow and block.
-
-### content_type
-
-Type: string
-
-The file's content type (as read from headers), if applicable.
-
-### direction
-
-Type: string
-
-Possible values are upload and download.
+Type: `object`
-### file_name
-
-Type: string
-
-The file's name, if known.
-
-### file_hash
-
-Type: string
-
-The file's sha256 hash as a hex string, if known.
-
-### file_size
-
-Type: int
-
-The file's size, in bytes.
-
-### file_type
-
-Type: string
-
-The file's type (as detected by signatures), if known.
+Information about files detected within the HTTP request.
## ForensicCopyStatus
-Type: string
+Type: `string`
Status of any associated forensic copies that may have been captured during the request.
## HTTPHost
-Type: string
+Type: `string`
Content of the host header in the HTTP request.
## HTTPMethod
-Type: string
+Type: `string`
HTTP request method.
## HTTPStatusCode
-Type: int
+Type: `int`
HTTP status code gateway returned to the user. Zero if nothing was returned (for example, client disconnected).
## HTTPVersion
-Type: string
+Type: `string`
Version name for the HTTP request.
## IsIsolated
-Type: bool
+Type: `bool`
If the requested was isolated with Cloudflare Browser Isolation or not.
## PolicyID
-Type: string
+Type: `string`
The gateway policy UUID applied to the request, if any.
## PolicyName
-Type: string
+Type: `string`
The name of the gateway policy applied to the request, if any.
## PrivateAppAUD
-Type: string
+Type: `string`
The private app AUD, if any.
## ProxyEndpoint
-Type: string
+Type: ``
+
-The proxy endpoint used on the HTTP request, if any.
## Quarantined
-Type: bool
+Type: `bool`
If the request content was quarantined.
## Referer
-Type: string
+Type: `string`
Contents of the referer header in the HTTP request.
## RequestID
-Type: string
+Type: `string`
Cloudflare request ID. This might be empty on bypass action.
## SessionID
-Type: string
+Type: `string`
Network session ID.
## SourceIP
-Type: string
+Type: `string`
Source ip of the request.
## SourceIPContinentCode
-Type: string
+Type: `string`
Continent code of the source IP of the request (for example, 'NA').
## SourceIPCountryCode
-Type: string
+Type: `string`
Country code of the source IP of the request (for example, 'US').
## SourceInternalIP
-Type: string
+Type: `string`
Local LAN IP of the device. Only available when connected via a GRE/IPsec tunnel on-ramp.
## SourcePort
-Type: string
+Type: `string`
Source port of the request.
## URL
-Type: string
+Type: `string`
HTTP request URL.
## UntrustedCertificateAction
-Type: string
+Type: `string`
-Action taken when an untrusted origin certificate error occurs (for example, expired certificate, mismatched common name, invalid certificate chain, signed by non-public CA). One of none | block | error | passThrough.
+Action taken when an untrusted origin certificate error occurs (for example, expired certificate, mismatched common name, invalid certificate chain, signed by non-public CA). One of none \| block \| error \| passThrough.
## UploadMatchedDlpProfileEntries
-Type: array\[string]
+Type: `array[string]`
List of matched DLP entries in the HTTP request.
## UploadMatchedDlpProfiles
-Type: array\[string]
+Type: `array[string]`
List of matched DLP profiles in the HTTP request.
## UploadedFileNames
-Type: array\[string]
+Type: `array[string]`
List of files uploaded in the HTTP request.
## UserAgent
-Type: string
+Type: `string`
Contents of the user agent header in the HTTP request.
## UserID
-Type: string
+Type: `string`
User identity where the HTTP request originated from.
## VirtualNetworkID
-Type: string
+Type: `string`
The identifier of the virtual network the device was connected to, if any.
## VirtualNetworkName
-Type: string
+Type: `string`
-The name of the virtual network the device was connected to, if any.
\ No newline at end of file
+The name of the virtual network the device was connected to, if any.
diff --git a/src/content/docs/logs/reference/log-fields/account/gateway_network.mdx b/src/content/docs/logs/reference/log-fields/account/gateway_network.md
similarity index 79%
rename from src/content/docs/logs/reference/log-fields/account/gateway_network.mdx
rename to src/content/docs/logs/reference/log-fields/account/gateway_network.md
index 9efe6e40765cd1e..6a65be237229ffb 100644
--- a/src/content/docs/logs/reference/log-fields/account/gateway_network.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/gateway_network.md
@@ -1,189 +1,202 @@
---
+# Code generator. DO NOT EDIT.
+
title: Gateway Network
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `gateway_network`.
## AccountID
-Type: string
+Type: `string`
Cloudflare account tag.
## Action
-Type: string
+Type: `string`
Action performed by gateway on the session.
## ApplicationIDs
-Type: array\[int]
+Type: `array[int]`
IDs of the applications that matched the session parameters.
## ApplicationNames
-Type: array\[string]
+Type: `array[string]`
Names of the applications that matched the session parameters.
+## CategoryIDs
+
+Type: `array[int]`
+
+IDs of the categories that matched the session parameters.
+
+## CategoryNames
+
+Type: `array[string]`
+
+Names of the categories that matched the session parameters.
+
## Datetime
-Type: int or string
+Type: `int or string`
The date and time the corresponding network session was made (for example, '2021-07-27T00:01:07Z').
## DestinationIP
-Type: string
+Type: `string`
Destination IP of the network session.
## DestinationIPContinentCode
-Type: string
+Type: `string`
Continent code of the destination IP of the network session (for example, 'NA').
## DestinationIPCountryCode
-Type: string
+Type: `string`
Country code of the destination IP of the network session (for example, 'US').
## DestinationPort
-Type: int
+Type: `int`
Destination port of the network session.
## DetectedProtocol
-Type: string
+Type: `string`
Detected traffic protocol of the network session.
## DeviceID
-Type: string
+Type: `string`
UUID of the device where the network session originated from.
## DeviceName
-Type: string
+Type: `string`
The name of the device where the HTTP request originated from (for example, 'Laptop MB810').
## Email
-Type: string
+Type: `string`
Email associated with the user identity where the network session originated from.
## OverrideIP
-Type: string
+Type: `string`
Overridden IP of the network session, if any.
## OverridePort
-Type: int
+Type: `int`
Overridden port of the network session, if any.
## PolicyID
-Type: string
+Type: `string`
Identifier of the policy/rule that was applied, if any.
## PolicyName
-Type: string
+Type: `string`
The name of the gateway policy applied to the request, if any.
## ProxyEndpoint
-Type: string
+Type: `string`
The proxy endpoint used on this network session, if any.
## SNI
-Type: string
+Type: `string`
Content of the SNI for the TLS network session, if any.
## SessionID
-Type: string
+Type: `string`
The session identifier of this network session.
## SourceIP
-Type: string
+Type: `string`
Source IP of the network session.
## SourceIPContinentCode
-Type: string
+Type: `string`
Continent code of the source IP of the network session (for example, 'NA').
## SourceIPCountryCode
-Type: string
+Type: `string`
Country code of the source IP of the network session (for example, 'US').
## SourceInternalIP
-Type: string
+Type: `string`
Local LAN IP of the device. Only available when connected via a GRE/IPsec tunnel on-ramp.
## SourcePort
-Type: int
+Type: `int`
Source port of the network session.
## Transport (deprecated)
-Type: string
+Type: `string`
Transport protocol used for this session.
Possible values are tcp \| quic \| udp. Deprecated, please use TransportProtocol instead.
## TransportProtocol
-Type: string
+Type: `string`
Transport protocol used for this session.
Possible values are tcp \| quic \| udp.
## UserID
-Type: string
+Type: `string`
User identity where the network session originated from.
## VirtualNetworkID
-Type: string
+Type: `string`
The identifier of the virtual network the device was connected to, if any.
## VirtualNetworkName
-Type: string
+Type: `string`
-The name of the virtual network the device was connected to, if any.
\ No newline at end of file
+The name of the virtual network the device was connected to, if any.
diff --git a/src/content/docs/logs/reference/log-fields/account/magic_ids_detections.mdx b/src/content/docs/logs/reference/log-fields/account/magic_ids_detections.md
similarity index 75%
rename from src/content/docs/logs/reference/log-fields/account/magic_ids_detections.mdx
rename to src/content/docs/logs/reference/log-fields/account/magic_ids_detections.md
index 2134a5d730b4196..c02ba58e2d34f53 100644
--- a/src/content/docs/logs/reference/log-fields/account/magic_ids_detections.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/magic_ids_detections.md
@@ -1,81 +1,82 @@
---
+# Code generator. DO NOT EDIT.
+
title: Magic IDS Detections
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `magic_ids_detections`.
## Action
-Type: string
+Type: `string`
-What action was taken on the packet. Possible values are pass | block.
+What action was taken on the packet. Possible values are pass \| block.
## ColoCity
-Type: string
+Type: `string`
The city where the detection occurred.
## ColoCode
-Type: string
+Type: `string`
The IATA airport code corresponding to where the detection occurred.
## DestinationIP
-Type: string
+Type: `string`
The destination IP of the packet which triggered the detection.
## DestinationPort
-Type: int
+Type: `int`
The destination port of the packet which triggered the detection. It is set to 0 if the protocol field is set to any.
## Protocol
-Type: string
+Type: `string`
-The layer 4 protocol of the packet which triggered the detection. Possible values are tcp | udp | any. Variant any means a detection occurred at a lower layer (such as IP).
+The layer 4 protocol of the packet which triggered the detection. Possible values are tcp \| udp \| any. Variant any means a detection occurred at a lower layer (such as IP).
## SignatureID
-Type: int
+Type: `int`
The signature ID of the detection.
## SignatureMessage
-Type: string
+Type: `string`
The signature message of the detection. Describes what the packet is attempting to do.
## SignatureRevision
-Type: int
+Type: `int`
The signature revision of the detection.
## SourceIP
-Type: string
+Type: `string`
The source IP of packet which triggered the detection.
## SourcePort
-Type: int
+Type: `int`
The source port of the packet which triggered the detection. It is set to 0 if the protocol field is set to any.
## Timestamp
-Type: int or string
+Type: `int or string`
A timestamp of when the detection occurred.
diff --git a/src/content/docs/logs/reference/log-fields/account/network_analytics_logs.mdx b/src/content/docs/logs/reference/log-fields/account/network_analytics_logs.md
similarity index 80%
rename from src/content/docs/logs/reference/log-fields/account/network_analytics_logs.mdx
rename to src/content/docs/logs/reference/log-fields/account/network_analytics_logs.md
index 3922b831cd5687a..19d1ef6b7d6c515 100644
--- a/src/content/docs/logs/reference/log-fields/account/network_analytics_logs.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/network_analytics_logs.md
@@ -1,495 +1,496 @@
---
+# Code generator. DO NOT EDIT.
+
title: Network Analytics Logs
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `network_analytics_logs`.
## AttackCampaignID
-Type: string
+Type: `string`
Unique identifier of the attack campaign that this packet was a part of, if any.
## AttackID
-Type: string
+Type: `string`
Unique identifier of the mitigation that matched the packet, if any.
## AttackVector
-Type: string
+Type: `string`
Descriptive name of the type of attack that this packet was a part of, if any. Only for packets matching rules contained within the Cloudflare L3/4 managed ruleset.
## ColoCity
-Type: string
+Type: `string`
The city where the Cloudflare datacenter that received the packet is located.
## ColoCode
-Type: string
+Type: `string`
The Cloudflare datacenter that received the packet (nearest IATA airport code).
## ColoCountry
-Type: string
+Type: `string`
The country where the Cloudflare datacenter that received the packet is located (ISO 3166-1 alpha-2).
## ColoGeoHash
-Type: string
+Type: `string`
The latitude and longitude where the colo that received the packet is located (Geohash encoding).
## ColoName
-Type: string
+Type: `string`
The unique site identifier of the Cloudflare datacenter that received the packet (for example, 'ams01', 'sjc01', 'lhr01').
## Datetime
-Type: int or string
+Type: `int or string`
The date and time the event occurred at the edge.
## DestinationASN
-Type: int
+Type: `int`
The ASN associated with the destination IP of the packet.
## DestinationASNName
-Type: string
+Type: `string`
The name of the ASN associated with the destination IP of the packet.
## DestinationCountry
-Type: string
+Type: `string`
The country where the destination IP of the packet is located (ISO 3166-1 alpha-2).
## DestinationGeoHash
-Type: string
+Type: `string`
The latitude and longitude where the destination IP of the packet is located (Geohash encoding).
## DestinationPort
-Type: int
+Type: `int`
Value of the Destination Port header field in the TCP or UDP packet.
## Direction
-Type: string
+Type: `string`
-The direction in relation to customer network.
Possible values are ingress | egress.
+The direction in relation to customer network.
Possible values are ingress \| egress.
## GREChecksum
-Type: int
+Type: `int`
Value of the Checksum header field in the GRE packet.
## GREEtherType
-Type: int
+Type: `int`
Value of the EtherType header field in the GRE packet.
## GREHeaderLength
-Type: int
+Type: `int`
Length of the GRE packet header, in bytes.
## GREKey
-Type: int
+Type: `int`
Value of the Key header field in the GRE packet.
## GRESequenceNumber
-Type: int
+Type: `int`
Value of the Sequence Number header field in the GRE packet.
## GREVersion
-Type: int
+Type: `int`
Value of the Version header field in the GRE packet.
## ICMPChecksum
-Type: int
+Type: `int`
Value of the Checksum header field in the ICMP packet.
## ICMPCode
-Type: int
+Type: `int`
Value of the Code header field in the ICMP packet.
## ICMPType
-Type: int
+Type: `int`
Value of the Type header field in the ICMP packet.
## IPDestinationAddress
-Type: string
+Type: `string`
Value of the Destination Address header field in the IPv4 or IPv6 packet.
## IPDestinationSubnet
-Type: string
+Type: `string`
Computed subnet of the Destination Address header field in the IPv4 or IPv6 packet (/24 for IPv4; /64 for IPv6).
## IPFragmentOffset
-Type: int
+Type: `int`
Value of the Fragment Offset header field in the IPv4 or IPv6 packet.
## IPHeaderLength
-Type: int
+Type: `int`
Length of the IPv4 or IPv6 packet header, in bytes.
## IPMoreFragments
-Type: int
+Type: `int`
Value of the More Fragments header field in the IPv4 or IPv6 packet.
## IPProtocol
-Type: int
+Type: `int`
Value of the Protocol header field in the IPv4 or IPv6 packet.
## IPProtocolName
-Type: string
+Type: `string`
Name of the protocol specified by the Protocol header field in the IPv4 or IPv6 packet.
## IPSourceAddress
-Type: string
+Type: `string`
Value of the Source Address header field in the IPv4 or IPv6 packet.
## IPSourceSubnet
-Type: string
+Type: `string`
Computed subnet of the Source Address header field in the IPv4 or IPv6 packet (/24 for IPv4; /64 for IPv6).
## IPTTL
-Type: int
+Type: `int`
Value of the TTL header field in the IPv4 packet or the Hop Limit header field in the IPv6 packet.
## IPTTLBuckets
-Type: int
+Type: `int`
Value of the TTL header field in the IPv4 packet or the Hop Limit header field in the IPv6 packet, with the last digit truncated.
## IPTotalLength
-Type: int
+Type: `int`
Total length of the IPv4 or IPv6 packet, in bytes.
## IPTotalLengthBuckets
-Type: int
+Type: `int`
Total length of the IPv4 or IPv6 packet, in bytes, with the last two digits truncated.
## IPv4Checksum
-Type: int
+Type: `int`
Value of the Checksum header field in the IPv4 packet.
## IPv4DSCP
-Type: int
+Type: `int`
Value of the Differentiated Services Code Point header field in the IPv4 packet.
## IPv4DontFragment
-Type: int
+Type: `int`
Value of the Don't Fragment header field in the IPv4 packet.
## IPv4ECN
-Type: int
+Type: `int`
Value of the Explicit Congestion Notification header field in the IPv4 packet.
## IPv4Identification
-Type: int
+Type: `int`
Value of the Identification header field in the IPv4 packet.
## IPv4Options
-Type: string
+Type: `string`
List of Options numbers included in the IPv4 packet header.
## IPv6DSCP
-Type: int
+Type: `int`
Value of the Differentiated Services Code Point header field in the IPv6 packet.
## IPv6ECN
-Type: int
+Type: `int`
Value of the Explicit Congestion Notification header field in the IPv6 packet.
## IPv6ExtensionHeaders
-Type: string
+Type: `string`
List of Extension Header numbers included in the IPv6 packet header.
## IPv6FlowLabel
-Type: int
+Type: `int`
Value of the Flow Label header field in the IPv6 packet.
## IPv6Identification
-Type: int
+Type: `int`
Value of the Identification extension header field in the IPv6 packet.
## MitigationReason
-Type: string
+Type: `string`
-Reason for applying a mitigation to the packet, if any.
Possible values are BLOCKED | RATE\_LIMITED |UNEXPECTED | CHALLENGE\_NEEDED | CHALLENGE\_PASSED | NOT\_FOUND | OUT\_OF\_SEQUENCE | ALREADY\_CLOSED.
+Reason for applying a mitigation to the packet, if any.
Possible values are BLOCKED \| RATE_LIMITED \|UNEXPECTED \| CHALLENGE_NEEDED \| CHALLENGE_PASSED \| NOT_FOUND \| OUT_OF_SEQUENCE \| ALREADY_CLOSED.
## MitigationScope
-Type: string
+Type: `string`
-Whether the packet matched a local or global mitigation, if any.
Possible values are local | global.
+Whether the packet matched a local or global mitigation, if any.
Possible values are local \| global.
## MitigationSystem
-Type: string
+Type: `string`
-Which Cloudflare system sampled the packet.
Possible values are dosd | flowtrackd | magic-firewall.
+Which Cloudflare system sampled the packet.
Possible values are dosd \| flowtrackd \| magic-firewall.
## Outcome
-Type: string
+Type: `string`
-The action that Cloudflare systems took on the packet.
Possible values are pass | drop.
+The action that Cloudflare systems took on the packet.
Possible values are pass \| drop.
## ProtocolState
-Type: string
+Type: `string`
-State of the packet in the context of the protocol, if any.
Possible values are OPEN | NEW | CLOSING | CLOSED.
+State of the packet in the context of the protocol, if any.
Possible values are OPEN \| NEW \| CLOSING \| CLOSED.
## RuleID
-Type: string
+Type: `string`
Unique identifier of the rule contained within the Cloudflare L3/4 managed ruleset that this packet matched, if any.
## RuleName
-Type: string
+Type: `string`
Human-readable name of the rule contained within the Cloudflare L3/4 managed ruleset that this packet matched, if any.
## RulesetID
-Type: string
+Type: `string`
Unique identifier of the Cloudflare L3/4 managed ruleset containing the rule that this packet matched, if any.
Possible values are 3b64149bfa6e4220bbbc2bd6db589552.
## RulesetOverrideID
-Type: string
+Type: `string`
-Unique identifier of the rule within the accounts root ddos\_l4 phase ruleset which resulted in an override of the default sensitivity or action being applied/evaluated, if any.
+Unique identifier of the rule within the accounts root ddos_l4 phase ruleset which resulted in an override of the default sensitivity or action being applied/evaluated, if any.
## SampleInterval
-Type: int
+Type: `int`
The sample interval is the inverse of the sample rate. For example, a sample interval of 1000 means that this packet was randomly sampled from 1 in 1000 packets. Sample rates are dynamic and based on the volume of traffic.
## SourceASN
-Type: int
+Type: `int`
The ASN associated with the source IP of the packet.
## SourceASNName
-Type: string
+Type: `string`
The name of the ASN associated with the source IP of the packet.
## SourceCountry
-Type: string
+Type: `string`
The country where the source IP of the packet is located (ISO 3166-1 alpha-2).
## SourceGeoHash
-Type: string
+Type: `string`
The latitude and longitude where the source IP of the packet is located (Geohash encoding).
## SourcePort
-Type: int
+Type: `int`
Value of the Source Port header field in the TCP or UDP packet.
## TCPAcknowledgementNumber
-Type: int
+Type: `int`
Value of the Acknowledgement Number header field in the TCP packet.
## TCPChecksum
-Type: int
+Type: `int`
Value of the Checksum header field in the TCP packet.
## TCPDataOffset
-Type: int
+Type: `int`
Value of the Data Offset header field in the TCP packet.
## TCPFlags
-Type: int
+Type: `int`
Value of the Flags header field in the TCP packet.
## TCPFlagsString
-Type: string
+Type: `string`
Human-readable string representation of the Flags header field in the TCP packet.
## TCPMSS
-Type: int
+Type: `int`
Value of the MSS option header field in the TCP packet.
## TCPOptions
-Type: string
+Type: `string`
List of Options numbers included in the TCP packet header.
## TCPSACKBlocks
-Type: string
+Type: `string`
List of the SACK Blocks option header in the TCP packet.
## TCPSACKPermitted
-Type: int
+Type: `int`
Value of the SACK Permitted option header in the TCP packet.
## TCPSequenceNumber
-Type: int
+Type: `int`
Value of the Sequence Number header field in the TCP packet.
## TCPTimestampECR
-Type: int
+Type: `int`
Value of the Timestamp Echo Reply option header in the TCP packet.
## TCPTimestampValue
-Type: int
+Type: `int`
Value of the Timestamp option header in the TCP packet.
## TCPUrgentPointer
-Type: int
+Type: `int`
Value of the Urgent Pointer header field in the TCP packet.
## TCPWindowScale
-Type: int
+Type: `int`
Value of the Window Scale option header in the TCP packet.
## TCPWindowSize
-Type: int
+Type: `int`
Value of the Window Size header field in the TCP packet.
## UDPChecksum
-Type: int
+Type: `int`
Value of the Checksum header field in the UDP packet.
## UDPPayloadLength
-Type: int
+Type: `int`
Value of the Payload Length header field in the UDP packet.
## Verdict
-Type: string
+Type: `string`
-The action that Cloudflare systems think should be taken on the packet.
Possible values are pass | drop.
+The action that Cloudflare systems think should be taken on the packet.
Possible values are pass \| drop.
diff --git a/src/content/docs/logs/reference/log-fields/account/sinkhole_http_logs.mdx b/src/content/docs/logs/reference/log-fields/account/sinkhole_http_logs.md
similarity index 80%
rename from src/content/docs/logs/reference/log-fields/account/sinkhole_http_logs.mdx
rename to src/content/docs/logs/reference/log-fields/account/sinkhole_http_logs.md
index 1752b5034422514..c12a87c022a52c5 100644
--- a/src/content/docs/logs/reference/log-fields/account/sinkhole_http_logs.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/sinkhole_http_logs.md
@@ -1,111 +1,112 @@
---
+# Code generator. DO NOT EDIT.
+
title: Sinkhole HTTP Logs
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `sinkhole_http_logs`.
## AccountID
-Type: string
+Type: `string`
The Account ID.
## Body
-Type: string
+Type: `string`
The request body.
## BodyLength
-Type: int
+Type: `int`
The length of request body.
## DestAddr
-Type: string
+Type: `string`
The destination IP address of the request.
## Headers
-Type: string
+Type: `string`
The request headers. If a header has multiple values, the values are comma separated. Each header is separated by the escaped newline character (\n).
## Host
-Type: string
+Type: `string`
The host the request was sent to.
## Method
-Type: string
+Type: `string`
The request method.
## Password
-Type: string
+Type: `string`
The request password.
## R2Path
-Type: string
+Type: `string`
The path to the object within the R2 bucket linked to this sinkhole that stores overflow body and header data. Blank if neither headers nor body was larger than 256 bytes.
## Referrer
-Type: string
+Type: `string`
The referrer of the request.
## SinkholeID
-Type: string
+Type: `string`
The ID of the Sinkhole that logged the HTTP Request.
## SrcAddr
-Type: string
+Type: `string`
The sender's IP address.
## Timestamp
-Type: int or string
+Type: `int or string`
The date and time the sinkhole HTTP request was logged.
## URI
-Type: string
+Type: `string`
The request Uniform Resource Identifier.
## URL
-Type: string
+Type: `string`
The request Uniform Resource Locator.
## UserAgent
-Type: string
+Type: `string`
The request user agent.
## Username
-Type: string
+Type: `string`
The request username.
diff --git a/src/content/docs/logs/reference/log-fields/account/workers_trace_events.mdx b/src/content/docs/logs/reference/log-fields/account/workers_trace_events.md
similarity index 78%
rename from src/content/docs/logs/reference/log-fields/account/workers_trace_events.mdx
rename to src/content/docs/logs/reference/log-fields/account/workers_trace_events.md
index f929ce7d46542e6..b7a9cf32c03c8ab 100644
--- a/src/content/docs/logs/reference/log-fields/account/workers_trace_events.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/workers_trace_events.md
@@ -1,75 +1,76 @@
---
+# Code generator. DO NOT EDIT.
+
title: Workers Trace Events
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `workers_trace_events`.
## DispatchNamespace
-Type: string
+Type: `string`
The Cloudflare Worker dispatch namespace.
## Entrypoint
-Type: string
+Type: `string`
The name of the entrypoint class in which the Worker began execution.
## Event
-Type: object
+Type: `object`
Details about the source event.
## EventTimestampMs
-Type: int
+Type: `int`
The timestamp of when the event was received, in milliseconds.
## EventType
-Type: string
+Type: `string`
The event type that triggered the invocation.
Possible values are fetch.
## Exceptions
-Type: array\[object]
+Type: `array[object]`
List of uncaught exceptions during the invocation.
## Logs
-Type: array\[object]
+Type: `array[object]`
List of console messages emitted during the invocation.
## Outcome
-Type: string
+Type: `string`
-The outcome of the worker script invocation.
Possible values are ok | exception.
+The outcome of the worker script invocation.
Possible values are ok \| exception.
## ScriptName
-Type: string
+Type: `string`
The Cloudflare Worker script name.
## ScriptTags
-Type: array\[string]
+Type: `array[string]`
A list of user-defined tags used to categorize the Worker.
## ScriptVersion
-Type: object
+Type: `object`
The version of the script that was invoked.
diff --git a/src/content/docs/logs/reference/log-fields/account/zero_trust_network_sessions.mdx b/src/content/docs/logs/reference/log-fields/account/zero_trust_network_sessions.md
similarity index 72%
rename from src/content/docs/logs/reference/log-fields/account/zero_trust_network_sessions.mdx
rename to src/content/docs/logs/reference/log-fields/account/zero_trust_network_sessions.md
index c1d74e228585546..0045a9c3470755b 100644
--- a/src/content/docs/logs/reference/log-fields/account/zero_trust_network_sessions.mdx
+++ b/src/content/docs/logs/reference/log-fields/account/zero_trust_network_sessions.md
@@ -1,237 +1,238 @@
---
+# Code generator. DO NOT EDIT.
+
title: Zero Trust Network Session Logs
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `zero_trust_network_sessions`.
## AccountID
-Type: string
+Type: `string`
Cloudflare account ID.
## BytesReceived
-Type: int
+Type: `int`
The number of bytes sent from the origin to the client during the network session.
## BytesSent
-Type: int
+Type: `int`
The number of bytes sent from the client to the origin during the network session.
## ClientTCPHandshakeDurationMs
-Type: int
+Type: `int`
Duration of handshaking the TCP connection between the client and Cloudflare in milliseconds.
## ClientTLSCipher
-Type: string
+Type: `string`
TLS cipher suite used in the connection between the client and Cloudflare.
## ClientTLSHandshakeDurationMs
-Type: int
+Type: `int`
Duration of handshaking the TLS connection between the client and Cloudflare in milliseconds.
## ClientTLSVersion
-Type: string
+Type: `string`
TLS protocol version used in the connection between the client and Cloudflare.
## ConnectionCloseReason
-Type: string
+Type: `string`
-The reason for closing the connection, only applicable for TCP.
Possible values are CLIENT\_CLOSED | CLIENT\_IDLE\_TIMEOUT | CLIENT\_TLS\_ERROR | CLIENT\_ERROR | ORIGIN\_CLOSED | ORIGIN\_TLS\_ERROR | ORIGIN\_ERROR | ORIGIN\_UNREACHABLE | ORIGIN\_UNROUTABLE | PROXY\_CONN\_REFUSED | UNKNOWN | MISMATCHED\_IP\_VERSIONS | TOO\_MANY\_ACTIVE\_SESSIONS\_FOR\_ACCOUNT | TOO\_MANY\_ACTIVE\_SESSIONS\_FOR\_USER | TOO\_MANY\_NEW\_SESSIONS\_FOR\_ACCOUNT | TOO\_MANY\_NEW\_SESSIONS\_FOR\_USER.
+The reason for closing the connection, only applicable for TCP.
Possible values are CLIENT_CLOSED \| CLIENT_IDLE_TIMEOUT \| CLIENT_TLS_ERROR \| CLIENT_ERROR \| ORIGIN_CLOSED \| ORIGIN_TLS_ERROR \| ORIGIN_ERROR \| ORIGIN_UNREACHABLE \| ORIGIN_UNROUTABLE \| PROXY_CONN_REFUSED \| UNKNOWN \| MISMATCHED_IP_VERSIONS \| TOO_MANY_ACTIVE_SESSIONS_FOR_ACCOUNT \| TOO_MANY_ACTIVE_SESSIONS_FOR_USER \| TOO_MANY_NEW_SESSIONS_FOR_ACCOUNT \| TOO_MANY_NEW_SESSIONS_FOR_USER.
## ConnectionReuse
-Type: bool
+Type: `bool`
Whether the TCP connection was reused for multiple HTTP requests.
## DestinationTunnelID
-Type: string
+Type: `string`
Identifier of the Cloudflare One connector to which the network session was routed to, if any, such as Cloudflare Tunnel or WARP device.
## DetectedProtocol
-Type: string
+Type: `string`
Detected traffic protocol of the network session.
## DeviceID
-Type: string
+Type: `string`
Identifier of the client device which initiated the network session, if applicable, (for example, WARP Device ID).
## DeviceName
-Type: string
+Type: `string`
Name of the client device which initiated the network session, if applicable, (for example, WARP Device ID).
## EgressColoName
-Type: string
+Type: `string`
The name of the Cloudflare colo from which traffic egressed to the origin.
## EgressIP
-Type: string
+Type: `string`
Source IP used when egressing traffic from Cloudflare to the origin.
## EgressPort
-Type: int
+Type: `int`
Source port used when egressing traffic from Cloudflare to the origin.
## EgressRuleID
-Type: string
+Type: `string`
Identifier of the egress rule that was applied by the Secure Web Gateway, if any.
## EgressRuleName
-Type: string
+Type: `string`
The name of the egress rule that was applied by the Secure Web Gateway, if any.
## Email
-Type: string
+Type: `string`
Email address associated with the user identity which initiated the network session.
## IngressColoName
-Type: string
+Type: `string`
The name of the Cloudflare colo to which traffic ingressed.
## Offramp
-Type: string
+Type: `string`
-The type of destination to which the network session was routed.
Possible values are INTERNET | MAGIC | CFD\_TUNNEL | WARP.
+The type of destination to which the network session was routed.
Possible values are INTERNET \| MAGIC \| CFD_TUNNEL \| WARP.
## OriginIP
-Type: string
+Type: `string`
The IP of the destination ("origin") for the network session.
## OriginPort
-Type: int
+Type: `int`
The port of the destination origin for the network session.
## OriginTLSCertificateIssuer
-Type: string
+Type: `string`
The issuer of the origin TLS certificate.
## OriginTLSCertificateValidationResult
-Type: string
+Type: `string`
-The result of validating the TLS certificate of the origin.
Possible values are VALID | EXPIRED | REVOKED | HOSTNAME\_MISMATCH | NONE | UNKNOWN.
+The result of validating the TLS certificate of the origin.
Possible values are VALID \| EXPIRED \| REVOKED \| HOSTNAME_MISMATCH \| NONE \| UNKNOWN.
## OriginTLSCipher
-Type: string
+Type: `string`
TLS cipher suite used in the connection between Cloudflare and the origin.
## OriginTLSHandshakeDurationMs
-Type: int
+Type: `int`
Duration of handshaking the TLS connection between Cloudflare and the origin in milliseconds.
## OriginTLSVersion
-Type: string
+Type: `string`
TLS protocol version used in the connection between Cloudflare and the origin.
## Protocol
-Type: string
+Type: `string`
-Network protocol used for this network session.
Possible values are TCP | UDP | ICMP | ICMPV6.
+Network protocol used for this network session.
Possible values are TCP \| UDP \| ICMP \| ICMPV6.
## RuleEvaluationDurationMs
-Type: int
+Type: `int`
The duration taken by Secure Web Gateway applying applicable Network, HTTP, and Egress rules to the network session in milliseconds.
## SessionEndTime
-Type: int or string
+Type: `int or string`
The network session end timestamp with nanosecond precision.
## SessionID
-Type: string
+Type: `string`
The identifier of this network session.
## SessionStartTime
-Type: int or string
+Type: `int or string`
The network session start timestamp with nanosecond precision.
## SourceIP
-Type: string
+Type: `string`
Source IP of the network session.
## SourceInternalIP
-Type: string
+Type: `string`
Local LAN IP of the device. Only available when connected via a GRE/IPsec tunnel on-ramp.
## SourcePort
-Type: int
+Type: `int`
Source port of the network session.
## UserID
-Type: string
+Type: `string`
User identity where the network session originated from. Only applicable for WARP device clients.
## VirtualNetworkID
-Type: string
+Type: `string`
Identifier of the virtual network configured for the client.
diff --git a/src/content/docs/logs/reference/log-fields/zone/dns_logs.mdx b/src/content/docs/logs/reference/log-fields/zone/dns_logs.md
similarity index 88%
rename from src/content/docs/logs/reference/log-fields/zone/dns_logs.mdx
rename to src/content/docs/logs/reference/log-fields/zone/dns_logs.md
index d2d43298048b709..9c06af1b8c03e14 100644
--- a/src/content/docs/logs/reference/log-fields/zone/dns_logs.mdx
+++ b/src/content/docs/logs/reference/log-fields/zone/dns_logs.md
@@ -1,63 +1,64 @@
---
+# Code generator. DO NOT EDIT.
+
title: DNS logs
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `dns_logs`.
## ColoCode
-Type: string
+Type: `string`
IATA airport code of data center that received the request.
## EDNSSubnet
-Type: string
+Type: `string`
IPv4 or IPv6 address information corresponding to the [EDNS Client Subnet (ECS)](/glossary/?term=ecs) forwarded by recursive resolvers. Not all resolvers send this information.
## EDNSSubnetLength
-Type: int
+Type: `int`
Size of the [EDNS Client Subnet (ECS)](/glossary/?term=ecs) in bits. For example, if the last octet of an IPv4 address is omitted (`192.0.2.x.`), the subnet length will be 24.
## QueryName
-Type: string
+Type: `string`
Name of the query that was sent.
## QueryType
-Type: int
+Type: `int`
Integer value of query type. For more information refer to [Query type](https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4).
## ResponseCached
-Type: bool
+Type: `bool`
Whether the response was cached or not.
## ResponseCode
-Type: int
+Type: `int`
Integer value of response code. For more information refer to [Response code](https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6).
## SourceIP
-Type: string
+Type: `string`
IP address of the client (IPv4 or IPv6).
## Timestamp
-Type: int or string
+Type: `int or string`
Timestamp at which the query occurred.
diff --git a/src/content/docs/logs/reference/log-fields/zone/firewall_events.mdx b/src/content/docs/logs/reference/log-fields/zone/firewall_events.md
similarity index 61%
rename from src/content/docs/logs/reference/log-fields/zone/firewall_events.mdx
rename to src/content/docs/logs/reference/log-fields/zone/firewall_events.md
index dfd007e4811b144..c3be63c9c168b4f 100644
--- a/src/content/docs/logs/reference/log-fields/zone/firewall_events.mdx
+++ b/src/content/docs/logs/reference/log-fields/zone/firewall_events.md
@@ -1,213 +1,214 @@
---
+# Code generator. DO NOT EDIT.
+
title: Firewall events
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `firewall_events`.
## Action
-Type: string
+Type: `string`
-The code of the first-class action the Cloudflare Firewall took on this request.
Possible actions are unknown | allow | block | challenge | jschallenge | log | connectionclose | challengesolved | challengefailed | challengebypassed | jschallengesolved | jschallengefailed | jschallengebypassed | bypass | managedchallenge | managedchallengeskipped | managedchallengenoninteractivesolved | managedchallengeinteractivesolved | managedchallengebypassed.
+The code of the first-class action the Cloudflare Firewall took on this request.
Possible actions are unknown \| allow \| block \| challenge \| jschallenge \| log \| connectionclose \| challengesolved \| challengefailed \| challengebypassed \| jschallengesolved \| jschallengefailed \| jschallengebypassed \| bypass \| managedchallenge \| managedchallengeskipped \| managedchallengenoninteractivesolved \| managedchallengeinteractivesolved \| managedchallengebypassed.
## ClientASN
-Type: int
+Type: `int`
The ASN number of the visitor.
## ClientASNDescription
-Type: string
+Type: `string`
The ASN of the visitor as string.
## ClientCountry
-Type: string
+Type: `string`
Country from which request originated.
## ClientIP
-Type: string
+Type: `string`
The visitor's IP address (IPv4 or IPv6).
## ClientIPClass
-Type: string
+Type: `string`
-The classification of the visitor's IP address, possible values are: unknown | badHost | searchEngine | allowlist | monitoringService | noRecord | scan | tor.
+The classification of the visitor's IP address, possible values are: unknown \| badHost \| searchEngine \| allowlist \| monitoringService \| noRecord \| scan \| tor.
## ClientRefererHost
-Type: string
+Type: `string`
The referer host.
## ClientRefererPath
-Type: string
+Type: `string`
The referer path requested by visitor.
## ClientRefererQuery
-Type: string
+Type: `string`
The referer query-string was requested by the visitor.
## ClientRefererScheme
-Type: string
+Type: `string`
The referer URL scheme requested by the visitor.
## ClientRequestHost
-Type: string
+Type: `string`
The HTTP hostname requested by the visitor.
## ClientRequestMethod
-Type: string
+Type: `string`
The HTTP method used by the visitor.
## ClientRequestPath
-Type: string
+Type: `string`
The path requested by visitor.
## ClientRequestProtocol
-Type: string
+Type: `string`
The version of HTTP protocol requested by the visitor.
## ClientRequestQuery
-Type: string
+Type: `string`
The query-string was requested by the visitor.
## ClientRequestScheme
-Type: string
+Type: `string`
The URL scheme requested by the visitor.
## ClientRequestUserAgent
-Type: string
+Type: `string`
Visitor's user-agent string.
## ContentScanObjResults
-Type: array\[string]
+Type: `array[string]`
List of content scan results.
## ContentScanObjSizes
-Type: array\[int]
+Type: `array[int]`
List of content object sizes.
## ContentScanObjTypes
-Type: array\[string]
+Type: `array[string]`
List of content types.
## Datetime
-Type: int or string
+Type: `int or string`
The date and time the event occurred at the edge.
## Description
-Type: string
+Type: `string`
The description of the rule triggered by this request.
## EdgeColoCode
-Type: string
+Type: `string`
The airport code of the Cloudflare datacenter that served this request.
## EdgeResponseStatus
-Type: int
+Type: `int`
HTTP response status code returned to browser.
## Kind
-Type: string
+Type: `string`
The kind of event, currently only possible values are: firewall.
## LeakedCredentialCheckResult
-Type: string
+Type: `string`
Result of the check for leaked credentials.
## MatchIndex
-Type: int
+Type: `int`
Rules match index in the chain. The last matching rule will have MatchIndex 0. If another rule matched before the last one, it will have MatchIndex 1. The same applies to any other matching rules, which will have a MatchIndex value of 2, 3, and so on.
## Metadata
-Type: object
+Type: `object`
Additional product-specific information. Metadata is organized in key:value pairs. Key and Value formats can vary by Cloudflare security product and can change over time.
## OriginResponseStatus
-Type: int
+Type: `int`
HTTP origin response status code returned to browser.
## OriginatorRayID
-Type: string
+Type: `string`
The RayID of the request that issued the challenge/jschallenge.
## RayID
-Type: string
+Type: `string`
The RayID of the request.
## Ref
-Type: string
+Type: `string`
The user-defined identifier for the rule triggered by this request. Use refs to label your rules individually alongside the Cloudflare-provided RuleID. You can set refs via the [Rulesets API](/ruleset-engine/rulesets-api/) for some security products.
## RuleID
-Type: string
+Type: `string`
The Cloudflare security product-specific RuleID triggered by this request.
## Source
-Type: string
+Type: `string`
-The Cloudflare security product triggered by this request.
Possible sources are unknown | asn | country | ip | iprange | securitylevel | zonelockdown | waf | firewallrules | uablock | ratelimit | bic | hot | l7ddos | validation | botfight | apishield | botmanagement | dlp | firewallmanaged | firewallcustom | apishieldschemavalidation | apishieldtokenvalidation | apishieldsequencemitigation.
+The Cloudflare security product triggered by this request.
Possible sources are unknown \| asn \| country \| ip \| iprange \| securitylevel \| zonelockdown \| waf \| firewallrules \| uablock \| ratelimit \| bic \| hot \| l7ddos \| validation \| botfight \| apishield \| botmanagement \| dlp \| firewallmanaged \| firewallcustom \| apishieldschemavalidation \| apishieldtokenvalidation \| apishieldsequencemitigation.
diff --git a/src/content/docs/logs/reference/log-fields/zone/http_requests.mdx b/src/content/docs/logs/reference/log-fields/zone/http_requests.md
similarity index 73%
rename from src/content/docs/logs/reference/log-fields/zone/http_requests.mdx
rename to src/content/docs/logs/reference/log-fields/zone/http_requests.md
index 358cbddb290ed89..e013f1008316269 100644
--- a/src/content/docs/logs/reference/log-fields/zone/http_requests.mdx
+++ b/src/content/docs/logs/reference/log-fields/zone/http_requests.md
@@ -1,573 +1,592 @@
---
+# Code generator. DO NOT EDIT.
+
title: HTTP requests
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `http_requests`.
## BotDetectionIDs
-Type: array\[int]
+Type: `array[int]`
List of IDs that correlate to the Bot Management Heuristic detections made on a request. Available only for Bot Management customers. To enable this feature, contact your account team.
## BotDetectionTags
-Type: array\[string]
+Type: `array[string]`
List of tags that correlate to the Bot Management Heuristic detections made on a request. Available only for Bot Management customers. To enable this feature, contact your account team.
## BotScore
-Type: int
+Type: `int`
Cloudflare Bot Score. Scores below 30 are commonly associated with automated traffic. Available only for Bot Management customers. To enable this feature, contact your account team.
## BotScoreSrc
-Type: string
+Type: `string`
-Detection engine responsible for generating the Bot Score.
Possible values are Not Computed | Heuristics | Machine Learning | Behavioral Analysis | Verified Bot | JS Fingerprinting | Cloudflare Service. Available only for Bot Management customers. To enable this feature, contact your account team.
+Detection engine responsible for generating the Bot Score.
Possible values are Not Computed \| Heuristics \| Machine Learning \| Behavioral Analysis \| Verified Bot \| JS Fingerprinting \| Cloudflare Service. Available only for Bot Management customers. To enable this feature, contact your account team.
## BotTags
-Type: array\[string]
+Type: `array[string]`
Type of bot traffic (if available). Refer to [Bot Tags](/bots/concepts/cloudflare-bot-tags/) for the list of potential values. Available only for Bot Management customers. To enable this feature, contact your account team.
## CacheCacheStatus
-Type: string
+Type: `string`
-Cache status.
Possible values are unknown | miss | expired | updating | stale | hit | ignored | bypass | revalidated | dynamic | stream\_hit | deferred
"dynamic" means that a request is not eligible for cache. This can mean, for example that it was blocked by the firewall. Refer to [Cloudflare cache responses](/cache/concepts/cache-responses/) for more details.
+Cache status.
Possible values are unknown \| miss \| expired \| updating \| stale \| hit \| ignored \| bypass \| revalidated \| dynamic \| stream_hit \| deferred
"dynamic" means that a request is not eligible for cache. This can mean, for example that it was blocked by the firewall. Refer to [Cloudflare cache responses](/cache/concepts/cache-responses/) for more details.
## CacheReserveUsed
-Type: bool
+Type: `bool`
Cache Reserve was used to serve this request.
## CacheResponseBytes
-Type: int
+Type: `int`
Number of bytes returned by the cache.
## CacheResponseStatus (deprecated)
-Type: int
+Type: `int`
HTTP status code returned by the cache to the edge. All requests (including non-cacheable ones) go through the cache. Refer also to CacheCacheStatus field.
## CacheTieredFill
-Type: bool
+Type: `bool`
Tiered Cache was used to serve this request.
## ClientASN
-Type: int
+Type: `int`
Client AS number.
+## ClientCity
+
+Type: `string`
+
+Approximate city of the client.
+
## ClientCountry
-Type: string
+Type: `string`
2-letter ISO-3166 country code of the client IP address.
## ClientDeviceType
-Type: string
+Type: `string`
Client device type.
## ClientIP
-Type: string
+Type: `string`
IP address of the client.
## ClientIPClass
-Type: string
+Type: `string`
+
+Client IP class.
Possible values are unknown \| badHost \| searchEngine \| allowlist \| monitoringService \| noRecord \| scan \| tor.
+
+## ClientLatitude
+
+Type: `string`
+
+Approximate latitude of the client.
+
+## ClientLongitude
+
+Type: `string`
-Client IP class.
Possible values are unknown | badHost | searchEngine | allowlist | monitoringService | noRecord | scan | tor.
+Approximate longitude of the client.
## ClientMTLSAuthCertFingerprint
-Type: string
+Type: `string`
The SHA256 fingerprint of the certificate presented by the client during mTLS authentication. Only populated on the first request on an mTLS connection.
## ClientMTLSAuthStatus
-Type: string
+Type: `string`
-The status of mTLS authentication. Only populated on the first request on an mTLS connection.
Possible values are unknown | ok | absent | untrusted | notyetvalid | expired.
+The status of mTLS authentication. Only populated on the first request on an mTLS connection.
Possible values are unknown \| ok \| absent \| untrusted \| notyetvalid \| expired.
## ClientRegionCode
-Type: string
+Type: `string`
The ISO-3166-2 region code of the client IP address.
## ClientRequestBytes
-Type: int
+Type: `int`
Number of bytes in the client request.
## ClientRequestHost
-Type: string
+Type: `string`
Host requested by the client.
## ClientRequestMethod
-Type: string
+Type: `string`
HTTP method of client request.
## ClientRequestPath
-Type: string
+Type: `string`
URI path requested by the client.
## ClientRequestProtocol
-Type: string
+Type: `string`
HTTP protocol of client request.
## ClientRequestReferer
-Type: string
+Type: `string`
HTTP request referrer.
## ClientRequestScheme
-Type: string
+Type: `string`
The URL scheme requested by the visitor.
## ClientRequestSource
-Type: string
+Type: `string`
Identifies requests as coming from an external source or another service within Cloudflare. Refer to [ClientRequestSource field](/logs/reference/clientrequestsource/) for the list of potential values.
## ClientRequestURI
-Type: string
+Type: `string`
URI requested by the client.
## ClientRequestUserAgent
-Type: string
+Type: `string`
User agent reported by the client.
## ClientSSLCipher
-Type: string
+Type: `string`
Client SSL cipher.
## ClientSSLProtocol
-Type: string
+Type: `string`
Client SSL (TLS) protocol. The value "none" means that SSL was not used.
## ClientSrcPort
-Type: int
+Type: `int`
Client source port.
## ClientTCPRTTMs
-Type: int
+Type: `int`
The smoothed average of TCP round-trip time (SRTT). For the initial request on a connection, this is measured only during connection setup. For a subsequent request on the same connection, it is measured over the entire connection lifetime up until the time that request is received.
## ClientXRequestedWith
-Type: string
+Type: `string`
X-Requested-With HTTP header.
## ContentScanObjResults
-Type: array\[string]
+Type: `array[string]`
List of content scan results.
## ContentScanObjSizes
-Type: array\[int]
+Type: `array[int]`
List of content object sizes.
## ContentScanObjTypes
-Type: array\[string]
+Type: `array[string]`
List of content types.
## Cookies
-Type: object
+Type: `object`
String key-value pairs for Cookies. This field is populated based on [Logpush Custom fields](/logs/reference/custom-fields/), which need to be configured.
## EdgeCFConnectingO2O
-Type: bool
+Type: `bool`
True if the request looped through multiple zones on the Cloudflare edge. This is considered an orange to orange (o2o) request.
## EdgeColoCode
-Type: string
+Type: `string`
IATA airport code of data center that received the request.
## EdgeColoID
-Type: int
+Type: `int`
Cloudflare edge colo id.
## EdgeEndTimestamp
-Type: int or string
+Type: `int or string`
Timestamp at which the edge finished sending response to the client.
## EdgePathingOp
-Type: string
+Type: `string`
Indicates what type of response was issued for this request (unknown = no specific action).
## EdgePathingSrc
-Type: string
+Type: `string`
Details how the request was classified based on security checks (unknown = no specific classification).
## EdgePathingStatus
-Type: string
+Type: `string`
Indicates what data was used to determine the handling of this request (unknown = no data).
## EdgeRequestHost
-Type: string
+Type: `string`
Host header on the request from the edge to the origin.
## EdgeResponseBodyBytes
-Type: int
+Type: `int`
Size of the HTTP response body returned to clients.
## EdgeResponseBytes
-Type: int
+Type: `int`
Number of bytes returned by the edge to the client.
## EdgeResponseCompressionRatio
-Type: float
+Type: `float`
The edge response compression ratio is calculated as the ratio between the sizes of the original and compressed responses.
## EdgeResponseContentType
-Type: string
+Type: `string`
Edge response Content-Type header value.
## EdgeResponseStatus
-Type: int
+Type: `int`
HTTP status code returned by Cloudflare to the client.
## EdgeServerIP
-Type: string
+Type: `string`
IP of the edge server making a request to the origin. Possible responses are string in IPv4 or IPv6 format, or empty string. Empty string means that there was no request made to the origin server.
## EdgeStartTimestamp
-Type: int or string
+Type: `int or string`
Timestamp at which the edge received request from the client.
## EdgeTimeToFirstByteMs
-Type: int
+Type: `int`
Total view of Time To First Byte as measured at Cloudflare's edge. Starts after a TCP connection is established and ends when Cloudflare begins returning the first byte of a response to eyeballs. Includes TLS handshake time (for new connections) and origin response time.
## JA3Hash
-Type: string
+Type: `string`
The MD5 hash of the JA3 fingerprint used to profile SSL/TLS clients. Available only for Bot Management customers. To enable this feature, contact your account team.
## JA4
-Type: string
+Type: `string`
The JA4 fingerprint used to profile SSL/TLS clients. Available only for Bot Management customers. To enable this feature, contact your account team.
## JA4Signals
-Type: object
+Type: `object`
Inter-request statistics computed for this JA4 fingerprint. JA4Signals field is organized in key:value pairs, where values are numbers. Available only for Bot Management customers. To enable this feature, contact your account team.
## LeakedCredentialCheckResult
-Type: string
+Type: `string`
Result of the check for leaked credentials.
## OriginDNSResponseTimeMs
-Type: int
+Type: `int`
Time taken to receive a DNS response for an origin name. Usually takes a few milliseconds, but may be longer if a CNAME record is used.
## OriginIP
-Type: string
+Type: `string`
IP of the origin server.
## OriginRequestHeaderSendDurationMs
-Type: int
+Type: `int`
Time taken to send request headers to origin after establishing a connection. Note that this value is usually 0.
## OriginResponseBytes (deprecated)
-Type: int
+Type: `int`
Number of bytes returned by the origin server.
## OriginResponseDurationMs
-Type: int
+Type: `int`
Upstream response time, measured from the first datacenter that receives a request. Includes time taken by Argo Smart Routing and Tiered Cache, plus time to connect and receive a response from origin servers. This field replaces OriginResponseTime.
## OriginResponseHTTPExpires
-Type: string
+Type: `string`
Value of the origin 'expires' header in RFC1123 format.
## OriginResponseHTTPLastModified
-Type: string
+Type: `string`
Value of the origin 'last-modified' header in RFC1123 format.
## OriginResponseHeaderReceiveDurationMs
-Type: int
+Type: `int`
Time taken for origin to return response headers after Cloudflare finishes sending request headers.
## OriginResponseStatus
-Type: int
+Type: `int`
Status returned by the upstream server. The value 0 means that there was no request made to the origin server and the response was served by Cloudflare's Edge. However, if the zone has a Worker running on it, the value 0 could be the result of a Workers subrequest made to the origin.
## OriginResponseTime (deprecated)
-Type: int
+Type: `int`
Number of nanoseconds it took the origin to return the response to edge.
## OriginSSLProtocol
-Type: string
+Type: `string`
SSL (TLS) protocol used to connect to the origin.
## OriginTCPHandshakeDurationMs
-Type: int
+Type: `int`
Time taken to complete TCP handshake with origin. This will be 0 if an origin connection is reused.
## OriginTLSHandshakeDurationMs
-Type: int
+Type: `int`
Time taken to complete TLS handshake with origin. This will be 0 if an origin connection is reused.
## ParentRayID
-Type: string
+Type: `string`
Ray ID of the parent request if this request was made using a Worker script.
## RayID
-Type: string
+Type: `string`
ID of the request.
## RequestHeaders
-Type: object
+Type: `object`
String key-value pairs for RequestHeaders. This field is populated based on [Logpush Custom fields](/logs/reference/custom-fields/), which need to be configured.
## ResponseHeaders
-Type: object
+Type: `object`
String key-value pairs for ResponseHeaders. This field is populated based on [Logpush Custom fields](/logs/reference/custom-fields/), which need to be configured.
## SecurityAction
-Type: string
+Type: `string`
Action of the security rule that triggered a terminating action, if any.
## SecurityActions
-Type: array\[string]
+Type: `array[string]`
-Array of actions the Cloudflare security products performed on this request. The individual security products associated with this action be found in SecuritySources and their respective rule Ids can be found in SecurityRuleIDs. The length of the array is the same as SecurityRuleIDs and SecuritySources.
Possible actions are unknown | allow | block | challenge | jschallenge | log | connectionClose | challengeSolved | challengeFailed | challengeBypassed | jschallengeSolved | jschallengeFailed | jschallengeBypassed | bypass | managedChallenge | managedChallengeSkipped | managedChallengeNonInteractiveSolved | managedChallengeInteractiveSolved | managedChallengeBypassed | rewrite | forceConnectionClose | skip | managedChallengeFailed.
+Array of actions the Cloudflare security products performed on this request. The individual security products associated with this action be found in SecuritySources and their respective rule Ids can be found in SecurityRuleIDs. The length of the array is the same as SecurityRuleIDs and SecuritySources.
Possible actions are unknown \| allow \| block \| challenge \| jschallenge \| log \| connectionClose \| challengeSolved \| challengeFailed \| challengeBypassed \| jschallengeSolved \| jschallengeFailed \| jschallengeBypassed \| bypass \| managedChallenge \| managedChallengeSkipped \| managedChallengeNonInteractiveSolved \| managedChallengeInteractiveSolved \| managedChallengeBypassed \| rewrite \| forceConnectionClose \| skip \| managedChallengeFailed.
## SecurityRuleDescription
-Type: string
+Type: `string`
Description of the security rule that triggered a terminating action, if any.
## SecurityRuleID
-Type: string
+Type: `string`
Rule ID of the security rule that triggered a terminating action, if any.
## SecurityRuleIDs
-Type: array\[string]
+Type: `array[string]`
Array of rule IDs of the security product that matched the request. The security product associated with the rule ID can be found in SecuritySources. The length of the array is the same as SecurityActions and SecuritySources.
## SecuritySources
-Type: array\[string]
+Type: `array[string]`
-Array of security products that matched the request. The same product can appear multiple times, which indicates different rules or actions that were activated. The rule IDs can be found in SecurityRuleIDs, and the actions can be found in SecurityActions. The length of the array is the same as SecurityRuleIDs and SecurityActions.
Possible sources are unknown | asn | country | ip | ipRange | securityLevel | zoneLockdown | waf | firewallRules | uaBlock | rateLimit | bic | hot | l7ddos | validation | botFight | apiShield | botManagement | dlp | firewallManaged | firewallCustom | apiShieldSchemaValidation | apiShieldTokenValidation | apiShieldSequenceMitigation.
+Array of security products that matched the request. The same product can appear multiple times, which indicates different rules or actions that were activated. The rule IDs can be found in SecurityRuleIDs, and the actions can be found in SecurityActions. The length of the array is the same as SecurityRuleIDs and SecurityActions.
Possible sources are unknown \| asn \| country \| ip \| ipRange \| securityLevel \| zoneLockdown \| waf \| firewallRules \| uaBlock \| rateLimit \| bic \| hot \| l7ddos \| validation \| botFight \| apiShield \| botManagement \| dlp \| firewallManaged \| firewallCustom \| apiShieldSchemaValidation \| apiShieldTokenValidation \| apiShieldSequenceMitigation.
## SmartRouteColoID
-Type: int
+Type: `int`
The Cloudflare datacenter used to connect to the origin server if Argo Smart Routing is used.
## UpperTierColoID
-Type: int
+Type: `int`
The "upper tier" datacenter that was checked for a cached copy if Tiered Cache is used.
## WAFAttackScore
-Type: int
+Type: `int`
Overall request score generated by the WAF detection module.
## WAFFlags (deprecated)
-Type: string
+Type: `string`
-Additional configuration flags: simulate (0x1) | null.
+Additional configuration flags: simulate (0x1) \| null.
## WAFMatchedVar (deprecated)
-Type: string
+Type: `string`
The full name of the most-recently matched variable.
## WAFRCEAttackScore
-Type: int
+Type: `int`
WAF score for an RCE attack.
## WAFSQLiAttackScore
-Type: int
+Type: `int`
WAF score for an SQLi attack.
## WAFXSSAttackScore
-Type: int
+Type: `int`
WAF score for an XSS attack.
## WorkerCPUTime
-Type: int
+Type: `int`
Amount of time in microseconds spent executing a worker, if any.
## WorkerStatus
-Type: string
+Type: `string`
Status returned from worker daemon.
## WorkerSubrequest
-Type: bool
+Type: `bool`
Whether or not this request was a worker subrequest.
## WorkerSubrequestCount
-Type: int
+Type: `int`
Number of subrequests issued by a worker when handling this request.
## WorkerWallTimeUs
-Type: int
+Type: `int`
The elapsed time in microseconds between the start of a Worker invocation, and when the Workers Runtime determines that no more JavaScript needs to run. Specifically, this measures the wall-clock time that the JavaScript context remained open. For example, when returning a response with a large body, the Workers runtime can, in some cases, determine that no more JavaScript needs to run, and closes the JS context before all the bytes have passed through and been sent. Alternatively, if you use the `waitUntil()` API to perform work without blocking the return of a response, this work may continue executing after the response has been returned, and will be included in `WorkerWallTimeUs`.
## ZoneName
-Type: string
+Type: `string`
The human-readable name of the zone (e.g. 'cloudflare.com').
diff --git a/src/content/docs/logs/reference/log-fields/zone/nel_reports.mdx b/src/content/docs/logs/reference/log-fields/zone/nel_reports.md
similarity index 62%
rename from src/content/docs/logs/reference/log-fields/zone/nel_reports.mdx
rename to src/content/docs/logs/reference/log-fields/zone/nel_reports.md
index 455194e163547ec..624aacd917f2afc 100644
--- a/src/content/docs/logs/reference/log-fields/zone/nel_reports.mdx
+++ b/src/content/docs/logs/reference/log-fields/zone/nel_reports.md
@@ -1,51 +1,52 @@
---
+# Code generator. DO NOT EDIT.
+
title: NEL reports
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `nel_reports`.
## ClientIPASN
-Type: int
+Type: `int`
Client ASN.
## ClientIPASNDescription
-Type: string
+Type: `string`
Client ASN description.
## ClientIPCountry
-Type: string
+Type: `string`
Client country.
## LastKnownGoodColoCode
-Type: string
+Type: `string`
IATA airport code of colo client connected to.
## Phase
-Type: string
+Type: `string`
-The phase of connection the error occurred in; dns | connection | application | unknown.
+The phase of connection the error occurred in; dns \| connection \| application \| unknown.
## Timestamp
-Type: int or string
+Type: `int or string`
Timestamp for error report.
## Type
-Type: string
+Type: `string`
The type of error in the phase.
diff --git a/src/content/docs/logs/reference/log-fields/zone/page_shield_events.mdx b/src/content/docs/logs/reference/log-fields/zone/page_shield_events.md
similarity index 75%
rename from src/content/docs/logs/reference/log-fields/zone/page_shield_events.mdx
rename to src/content/docs/logs/reference/log-fields/zone/page_shield_events.md
index ad383d237a2c56d..126d776efcac47e 100644
--- a/src/content/docs/logs/reference/log-fields/zone/page_shield_events.mdx
+++ b/src/content/docs/logs/reference/log-fields/zone/page_shield_events.md
@@ -1,57 +1,58 @@
---
+# Code generator. DO NOT EDIT.
+
title: Page Shield events
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `page_shield_events`.
## Action
-Type: string
+Type: `string`
-The action which was taken against the violation.
Possible values are log | allow.
+The action which was taken against the violation.
Possible values are log \| allow.
## Host
-Type: string
+Type: `string`
The host where the resource was seen on.
## PageURL
-Type: string
+Type: `string`
The page URL the violation was seen on.
## PolicyID
-Type: string
+Type: `string`
The ID of the policy which was violated.
## Timestamp
-Type: int or string
+Type: `int or string`
The timestamp of when the report was received.
## URL
-Type: string
+Type: `string`
The resource URL.
## URLContainsCDNCGIPath
-Type: bool
+Type: `bool`
Whether the resource URL contains the CDN-CGI path.
## URLHost
-Type: string
+Type: `string`
The domain host of the URL.
diff --git a/src/content/docs/logs/reference/log-fields/zone/spectrum_events.mdx b/src/content/docs/logs/reference/log-fields/zone/spectrum_events.md
similarity index 58%
rename from src/content/docs/logs/reference/log-fields/zone/spectrum_events.mdx
rename to src/content/docs/logs/reference/log-fields/zone/spectrum_events.md
index 9d59fd059ff7d82..74f1c2a53306cce 100644
--- a/src/content/docs/logs/reference/log-fields/zone/spectrum_events.mdx
+++ b/src/content/docs/logs/reference/log-fields/zone/spectrum_events.md
@@ -1,195 +1,196 @@
---
+# Code generator. DO NOT EDIT.
+
title: Spectrum events
pcx_content_type: configuration
sidebar:
order: 21
-
---
The descriptions below detail the fields available for `spectrum_events`.
## Application
-Type: string
+Type: `string`
The unique public ID of the application on which the event occurred.
## ClientAsn
-Type: int
+Type: `int`
Client AS number.
## ClientBytes
-Type: int
+Type: `int`
The number of bytes read from the client by the Spectrum service.
## ClientCountry
-Type: string
+Type: `string`
Country of the client IP address.
## ClientIP
-Type: string
+Type: `string`
Client IP address.
## ClientMatchedIpFirewall
-Type: string
+Type: `string`
-Whether the connection matched any IP Firewall rules. UNKNOWN = No match or Firewall not enabled for spectrum; UNKNOWN | ALLOW | BLOCK\_ERROR | BLOCK\_IP | BLOCK\_COUNTRY | BLOCK\_ASN | WHITELIST\_IP | WHITELIST\_COUNTRY | WHITELIST\_ASN.
+Whether the connection matched any IP Firewall rules. UNKNOWN = No match or Firewall not enabled for spectrum; UNKNOWN \| ALLOW \| BLOCK_ERROR \| BLOCK_IP \| BLOCK_COUNTRY \| BLOCK_ASN \| WHITELIST_IP \| WHITELIST_COUNTRY \| WHITELIST_ASN.
## ClientPort
-Type: int
+Type: `int`
Client port.
## ClientProto
-Type: string
+Type: `string`
-Transport protocol used by client; tcp | udp | unix.
+Transport protocol used by client; tcp \| udp \| unix.
## ClientTcpRtt
-Type: int
+Type: `int`
The TCP round-trip time in nanoseconds between the client and Spectrum.
## ClientTlsCipher
-Type: string
+Type: `string`
The cipher negotiated between the client and Spectrum. An unknown cipher is returned as "UNK."
## ClientTlsClientHelloServerName
-Type: string
+Type: `string`
The server name in the Client Hello message from client to Spectrum.
## ClientTlsProtocol
-Type: string
+Type: `string`
-The TLS version negotiated between the client and Spectrum; unknown | none | SSLv3 | TLSv1 | TLSv1.1 | TLSv1.2 | TLSv1.3.
+The TLS version negotiated between the client and Spectrum; unknown \| none \| SSLv3 \| TLSv1 \| TLSv1.1 \| TLSv1.2 \| TLSv1.3.
## ClientTlsStatus
-Type: string
+Type: `string`
-Indicates state of TLS session from the client to Spectrum; UNKNOWN | OK | INTERNAL\_ERROR | INVALID\_CONFIG | INVALID\_SNI | HANDSHAKE\_FAILED | KEYLESS\_RPC.
+Indicates state of TLS session from the client to Spectrum; UNKNOWN \| OK \| INTERNAL_ERROR \| INVALID_CONFIG \| INVALID_SNI \| HANDSHAKE_FAILED \| KEYLESS_RPC.
## ColoCode
-Type: string
+Type: `string`
IATA airport code of data center that received the request.
## ConnectTimestamp
-Type: int or string
+Type: `int or string`
Timestamp at which both legs of the connection (client/edge, edge/origin or nexthop) were established.
## DisconnectTimestamp
-Type: int or string
+Type: `int or string`
Timestamp at which the connection was closed.
## Event
-Type: string
+Type: `string`
-connect | disconnect | clientFiltered | tlsError | resolveOrigin | originError.
+connect \| disconnect \| clientFiltered \| tlsError \| resolveOrigin \| originError.
## IpFirewall
-Type: bool
+Type: `bool`
Whether IP Firewall was enabled at time of connection.
## OriginBytes
-Type: int
+Type: `int`
The number of bytes read from the origin by Spectrum.
## OriginIP
-Type: string
+Type: `string`
Origin IP address.
## OriginPort
-Type: int
+Type: `int`
Origin port.
## OriginProto
-Type: string
+Type: `string`
-Transport protocol used by origin; tcp | udp | unix.
+Transport protocol used by origin; tcp \| udp \| unix.
## OriginTcpRtt
-Type: int
+Type: `int`
The TCP round-trip time in nanoseconds between Spectrum and the origin.
## OriginTlsCipher
-Type: string
+Type: `string`
The cipher negotiated between Spectrum and the origin. An unknown cipher is returned as "UNK."
## OriginTlsFingerprint
-Type: string
+Type: `string`
SHA256 hash of origin certificate. An unknown SHA256 hash is returned as an empty string.
## OriginTlsMode
-Type: string
+Type: `string`
-If and how the upstream connection is encrypted; unknown | off | flexible | full | strict.
+If and how the upstream connection is encrypted; unknown \| off \| flexible \| full \| strict.
## OriginTlsProtocol
-Type: string
+Type: `string`
-The TLS version negotiated between Spectrum and the origin; unknown | none | SSLv3 | TLSv1 | TLSv1.1 | TLSv1.2 | TLSv1.3.
+The TLS version negotiated between Spectrum and the origin; unknown \| none \| SSLv3 \| TLSv1 \| TLSv1.1 \| TLSv1.2 \| TLSv1.3.
## OriginTlsStatus
-Type: string
+Type: `string`
-The state of the TLS session from Spectrum to the origin; UNKNOWN | OK | INTERNAL\_ERROR | INVALID\_CONFIG | INVALID\_SNI | HANDSHAKE\_FAILED | KEYLESS\_RPC.
+The state of the TLS session from Spectrum to the origin; UNKNOWN \| OK \| INTERNAL_ERROR \| INVALID_CONFIG \| INVALID_SNI \| HANDSHAKE_FAILED \| KEYLESS_RPC.
## ProxyProtocol
-Type: string
+Type: `string`
-Which form of proxy protocol is applied to the given connection; off | v1 | v2 | simple.
+Which form of proxy protocol is applied to the given connection; off \| v1 \| v2 \| simple.
## Status
-Type: int
+Type: `int`
A code indicating reason for connection closure.
## Timestamp
-Type: int or string
+Type: `int or string`
Timestamp at which the event took place.