> ## Documentation Index
> Fetch the complete documentation index at: https://bunnynet-cb9733c2-onclientmiddleware.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Query CDN access logs for a pull zone.

> Authenticate with either an `Authorization` bearer JWT or an `AccessKey` header.
Filter pushdown happens in ClickHouse where possible; `country` and free-text
`search` are applied in-process after fetch.



## OpenAPI

````yaml https://logging.bunnycdn.com/docs/all/swagger.json get /v2/pullzones/{pullZoneId}/logs
openapi: 3.0.4
info:
  title: bunny.net CDN Logging
  description: >-
    Access raw request logs via API with up to 3 days retention. Two API
    versions are available: v1 (legacy pipe-delimited) and v2 (structured JSON
    with rich filtering and pagination).
  version: v2
servers: []
security: []
tags:
  - name: Logging v1
  - name: Logging v2
paths:
  /v2/pullzones/{pullZoneId}/logs:
    get:
      tags:
        - Logging v2
      summary: Query CDN access logs for a pull zone.
      description: >-
        Authenticate with either an `Authorization` bearer JWT or an `AccessKey`
        header.

        Filter pushdown happens in ClickHouse where possible; `country` and
        free-text

        `search` are applied in-process after fetch.
      parameters:
        - name: pullZoneId
          in: path
          required: true
          schema:
            type: integer
            format: int64
        - name: from
          in: query
          description: |-
            Inclusive start of the time range (UTC). Defaults to `To - 24h`.
            Must fall within the 3-day log retention window. The total range
            (`To - From`) cannot exceed 3 days.
          schema:
            type: string
            format: date-time
        - name: to
          in: query
          description: Exclusive end of the time range (UTC). Defaults to `now`.
          schema:
            type: string
            format: date-time
        - name: status
          in: query
          description: >-
            Comma-separated list of HTTP status filters. Each entry can be an
            exact

            code (e.g. `200`, `404`) or a status class (e.g. `2xx`, `5xx`).

            Multiple entries are combined with OR.
          schema:
            type: string
        - name: cacheStatus
          in: query
          description: >-
            Comma-separated list of cache statuses to match exactly (e.g.
            `HIT,MISS,EXPIRED`).
          schema:
            type: string
        - name: country
          in: query
          description: >-
            ISO 3166 alpha-2 country code (e.g. `EE`). Multiple values can be
            comma-separated.
          schema:
            type: string
        - name: edgeLocation
          in: query
          description: Edge location / server zone (exact match).
          schema:
            type: string
        - name: remoteIp
          in: query
          description: >-
            Client IP address filter (IPv4 or IPv6). The match width adapts to
            the zone's

            IP anonymization setting so the filter can never reveal information
            beyond

            what the API returns: exact match when anonymization is disabled,
            /24 (IPv4)

            or /64 (IPv6) when last-octet anonymization is enabled, and ignored
            when full

            anonymization is enabled.
          schema:
            type: string
        - name: urlContains
          in: query
          description: >-
            Case-insensitive substring match against the request URL (host +
            path).
          schema:
            type: string
        - name: userAgentContains
          in: query
          description: Case-insensitive substring match against the User-Agent header.
          schema:
            type: string
        - name: refererContains
          in: query
          description: Case-insensitive substring match against the Referer header.
          schema:
            type: string
        - name: search
          in: query
          description: >-
            Free-text, case-insensitive token search. Tokens are
            space-separated; a row

            matches if ANY token appears in ANY of the searched columns: cache
            status,

            request ID, edge location, host, path, user agent, referer, and (for
            zones

            with extended logging) content range. Remote IP, country code, and
            the

            authorization header are not searched. use the dedicated filters for
            those,

            or note that the authorization header is encrypted at rest. Limited
            to 16

            tokens of at most 128 characters each.
          schema:
            type: string
        - name: requestId
          in: query
          description: Exact request ID (UUID) to look up a single log entry.
          schema:
            type: string
        - name: includeOriginShield
          in: query
          description: >-
            Include origin-shield (edge → shield) requests. Defaults to `false`
            to match v1.
          schema:
            type: boolean
        - name: limit
          in: query
          description: Maximum entries to return. Defaults to 100. Capped at 10000.
          schema:
            type: integer
            format: int32
        - name: offset
          in: query
          description: Number of entries to skip. Defaults to 0.
          schema:
            type: integer
            format: int64
        - name: order
          in: query
          description: 'Sort order by timestamp: `asc` or `desc` (default).'
          schema:
            type: string
      responses:
        '200':
          description: Successful query with paginated results.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/LogQueryResponse'
        '400':
          description: Invalid request parameters.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '401':
          description: Authentication credentials missing.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: Authentication failed or pull zone not accessible.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '404':
          description: Logging is not enabled for the pull zone.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '429':
          description: Rate limit exceeded for the pull zone.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '500':
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
components:
  schemas:
    LogQueryResponse:
      required:
        - data
        - pagination
        - query
      type: object
      properties:
        data:
          type: array
          items:
            $ref: '#/components/schemas/LogEntry'
          description: Log entries matching the query, in the requested sort order.
          nullable: true
        pagination:
          $ref: '#/components/schemas/PaginationInfo'
        query:
          $ref: '#/components/schemas/QuerySummary'
      additionalProperties: false
      description: Paginated response wrapper for log queries.
    ErrorResponse:
      required:
        - error
      type: object
      properties:
        error:
          $ref: '#/components/schemas/ErrorBody'
      additionalProperties: false
      description: Structured error envelope returned by v2 endpoints.
    LogEntry:
      required:
        - bytesSent
        - cacheStatus
        - edgeLocation
        - host
        - path
        - pullZoneId
        - requestId
        - scheme
        - statusCode
        - timestamp
        - url
      type: object
      properties:
        timestamp:
          type: string
          description: >-
            Time the request was received at the edge (UTC, millisecond
            precision).
          format: date-time
        pullZoneId:
          type: integer
          description: Pull zone identifier the request was served from.
          format: int64
        requestId:
          type: string
          description: Unique identifier for the request (32-char hex).
          nullable: true
        cacheStatus:
          type: string
          description: >-
            Cache status reported by the edge (e.g. "HIT", "MISS", "EXPIRED",
            "STALE").
          nullable: true
        statusCode:
          type: integer
          description: HTTP response status code.
          format: int32
        bytesSent:
          type: integer
          description: Total bytes sent in the response (headers + body).
          format: int64
        remoteIp:
          type: string
          description: >-
            Client IP address. May be anonymized (last octet zeroed or set to
            all-zeros)

            when IP anonymization is enabled. `null` when no IP was recorded.
          nullable: true
        countryCode:
          type: string
          description: >-
            ISO 3166 alpha-2 country code derived from the client IP. `null` if
            unknown.
          nullable: true
        edgeLocation:
          type: string
          description: Edge location/server zone that handled the request.
          nullable: true
        scheme:
          type: string
          description: Request scheme (http or https).
          nullable: true
        host:
          type: string
          description: Request Host header.
          nullable: true
        path:
          type: string
          description: Request URI path with query string.
          nullable: true
        url:
          type: string
          description: Fully composed URL (`{scheme}://{host}{path}`).
          nullable: true
        userAgent:
          type: string
          description: HTTP User-Agent header. `null` when absent.
          nullable: true
        referer:
          type: string
          description: HTTP Referer header. `null` when absent.
          nullable: true
        bodyBytesSent:
          type: integer
          description: Body-only bytes sent (extended logging only).
          format: int64
          nullable: true
        contentRange:
          type: string
          description: >-
            HTTP Content-Range header (extended logging only). `null` when
            absent or extended logging disabled.
          nullable: true
        authorizationHeader:
          type: string
          description: >-
            Decrypted HTTP Authorization header (extended logging only). `null`
            when absent or extended logging disabled.
          nullable: true
        ja4Fingerprint:
          type: string
          description: JA4 TLS client fingerprint. `null` when absent.
          nullable: true
        asn:
          type: integer
          description: >-
            Autonomous System Number derived from the client IP. `null` if
            unknown.
          format: int32
          nullable: true
        asnOrganization:
          type: string
          description: Name of the organization that owns the AS. `null` if unknown.
          nullable: true
      additionalProperties: false
      description: >-
        A single CDN access log entry. Field nullability mirrors the underlying
        data:

        fields sourced from optional HTTP headers (Referer, User-Agent,
        Content-Range,

        Authorization) are `null` when the header was absent. Extended fields

        (BodyBytesSent, ContentRange, AuthorizationHeader) are only populated
        when

        extended logging is enabled for the pull zone.
    PaginationInfo:
      required:
        - hasMore
        - limit
        - offset
        - returned
      type: object
      properties:
        offset:
          type: integer
          description: Offset that was applied to this query.
          format: int64
        limit:
          type: integer
          description: Limit that was applied to this query.
          format: int32
        returned:
          type: integer
          description: >-
            Number of entries actually returned (≤
            bunnynet_cdn_log_api.Models.V2.PaginationInfo.Limit).
          format: int32
        hasMore:
          type: boolean
          description: True if more results are available beyond this page.
      additionalProperties: false
    QuerySummary:
      required:
        - from
        - order
        - pullZoneId
        - to
      type: object
      properties:
        pullZoneId:
          type: integer
          format: int64
        from:
          type: string
          format: date-time
        to:
          type: string
          format: date-time
        order:
          type: string
          nullable: true
      additionalProperties: false
    ErrorBody:
      required:
        - code
        - message
      type: object
      properties:
        code:
          type: string
          description: Machine-readable error code (snake_case).
          nullable: true
        message:
          type: string
          description: Human-readable message describing the error.
          nullable: true
        details:
          type: array
          items:
            type: string
          description: Optional per-field validation messages.
          nullable: true
      additionalProperties: false

````