From 0679407605cc30ed0f494cc1615409b9ecc9e85c Mon Sep 17 00:00:00 2001
From: Sohei Okamoto <sohei@cloudflare.com>
Date: Thu, 29 Oct 2020 17:15:39 -0700
Subject: [PATCH] Update Logs docs Logs fields page

This updates Logs docs Logs fields page.
---
 products/logs/src/content/log-fields/index.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/products/logs/src/content/log-fields/index.md b/products/logs/src/content/log-fields/index.md
index 819c4cf97f366a..19e7c8135612f8 100644
--- a/products/logs/src/content/log-fields/index.md
+++ b/products/logs/src/content/log-fields/index.md
@@ -13,7 +13,7 @@ The tables below describe the fields available by log category. The list of fiel
 <TableWrap>
 
 | Field | Value | Type |
-|---|---|---|
+| -- | -- | -- |
 | BotScore | Cloudflare Bot Score (available for Bot Management customers; please contact your account team to enable) | int |
 | BotScoreSrc | Underlying detection engine or <em>source</em> on where a Bot Score is calculated.<br /> Possible values are <em>Not Computed</em> \| <em>Heuristics</em> \| <em>Machine Learning</em> \| <em>Behavioral Analysis</em> \| <em>Verified Bot</em> | string |
 | CacheCacheStatus | <em>unknown</em> \| <em>miss</em> \| <em>expired</em> \| <em>updating</em> \| <em>stale</em> \| <em>hit</em> \| <em>ignored</em> \| <em>bypass</em> \| <em>revalidated</em> | string |
@@ -52,9 +52,9 @@ The tables below describe the fields available by log category. The list of fiel
 | EdgeResponseStatus | HTTP status code returned by Cloudflare to the client | int |
 | EdgeServerIP | IP of the edge server making a request to the origin | string |
 | EdgeStartTimestamp | Timestamp at which the edge received request from the client | int or string |
-| FirewallMatchesActions | Array of actions the Cloudflare firewall products performed on this request. The individual firewall products associated with this action be found in FirewallMatchesSources and their respective RuleIds can be found in FirewallMatchesRuleIDs. The length of the array is the same as FirewallMatchesRuleIDs and FirewallMatchesSources.<br /> Possible actions are <em>allow</em> \| <em>log</em> \| <em>simulate</em> \| <em>drop</em> \| <em>challenge</em> \| <em>jschallenge</em> \| <em>connectionClose</em> \| <em>bypass</em> | array of actions (strings) |
-| FirewallMatchesRuleIDs | Array of RuleIDs of the firewall product that has matched the request. The firewall product associated with the RuleID can be found in FirewallMatchesSources. The length of the array is the same as FirewallMatchesActions and FirewallMatchesSources. | array of RuleIDs (strings) |
-| FirewallMatchesSources | The firewall products that matched the request. The same product can appear multiple times, which indicates different rules or actions that were activated. The RuleIDs can be found in FirewallMatchesRuleIDs, the actions can be found in FirewallMatchesActions. The length of the array is the same as FirewallMatchesRuleIDs and FirewallMatchesActions.<br /> Possible sources are <em>asn</em> \| <em>country</em> \| <em>ip</em> \| <em>ipRange</em> \| <em>securityLevel</em> \| <em>zoneLockdown</em> \| <em>waf</em> \| <em>firewallRules</em> \| <em>uaBlock</em> \| <em>rateLimit</em> \| <em>bic</em> \| <em>hot</em> \| <em>l7ddos</em> \| <em>sanitycheck</em> \| <em>protect</em> | array of product names (strings) |
+| FirewallMatchesActions | Array of actions the Cloudflare firewall products performed on this request. The individual firewall products associated with this action be found in FirewallMatchesSources and their respective RuleIds can be found in FirewallMatchesRuleIDs. The length of the array is the same as FirewallMatchesRuleIDs and FirewallMatchesSources.<br /> Possible actions are <em>allow</em> \| <em>log</em> \| <em>simulate</em> \| <em>drop</em> \| <em>challenge</em> \| <em>jschallenge</em> \| <em>connectionClose</em> \| <em>bypass</em> | array[string] |
+| FirewallMatchesRuleIDs | Array of RuleIDs of the firewall product that has matched the request. The firewall product associated with the RuleID can be found in FirewallMatchesSources. The length of the array is the same as FirewallMatchesActions and FirewallMatchesSources. | array[string] |
+| FirewallMatchesSources | The firewall products that matched the request. The same product can appear multiple times, which indicates different rules or actions that were activated. The RuleIDs can be found in FirewallMatchesRuleIDs, the actions can be found in FirewallMatchesActions. The length of the array is the same as FirewallMatchesRuleIDs and FirewallMatchesActions.<br /> Possible sources are <em>asn</em> \| <em>country</em> \| <em>ip</em> \| <em>ipRange</em> \| <em>securityLevel</em> \| <em>zoneLockdown</em> \| <em>waf</em> \| <em>firewallRules</em> \| <em>uaBlock</em> \| <em>rateLimit</em> \| <em>bic</em> \| <em>hot</em> \| <em>l7ddos</em> \| <em>sanitycheck</em> \| <em>protect</em> | array[string] |
 | OriginIP | IP of the origin server | string |
 | OriginResponseBytes (deprecated) | Number of bytes returned by the origin server | int |
 | OriginResponseHTTPExpires | Value of the origin 'expires' header in RFC1123 format | string |
@@ -64,7 +64,7 @@ The tables below describe the fields available by log category. The list of fiel
 | OriginSSLProtocol | SSL (TLS) protocol used to connect to the origin | string |
 | ParentRayID | Ray ID of the parent request if this request was made using a Worker script | string |
 | RayID | ID of the request | string |
-| SecurityLevel | The security level configured at the time of this request. This is used to determine the sensitivity of the IP Reputation system | string |
+| SecurityLevel | The security level configured at the time of this request. This is used to determine the sensitivity of the IP Reputation system. | string |
 | WAFAction | Action taken by the WAF, if triggered | string |
 | WAFFlags | Additional configuration flags: <em>simulate (0x1)</em> \| <em>null</em> | string |
 | WAFMatchedVar | The full name of the most-recently matched variable | string |
@@ -85,7 +85,7 @@ The tables below describe the fields available by log category. The list of fiel
 <TableWrap>
 
 | Field | Value | Type |
-|---|---|---|
+| -- | -- | -- |
 | Application | The unique public ID of the application on which the event occurred | string |
 | ClientAsn | Client AS number | int |
 | ClientBytes | The number of bytes read from the client by the Spectrum service | int |
@@ -116,7 +116,7 @@ The tables below describe the fields available by log category. The list of fiel
 | OriginTlsStatus | The state of the TLS session from Spectrum to the origin; <em>UNKNOWN</em> \| <em>OK</em> \| <em>INTERNAL_ERROR</em> \| <em>INVALID_CONFIG</em> \| <em>INVALID_SNI</em> \| <em>HANDSHAKE_FAILED</em> \| <em>KEYLESS_RPC</em> | string |
 | ProxyProtocol | Which form of proxy protocol is applied to the given connection; <em>off</em> \| <em>v1</em> \| <em>v2</em> \| <em>simple</em> | string |
 | Status | A code indicating reason for connection closure | int |
-| Timestamp | Timestamp at which the event took place | string |
+| Timestamp | Timestamp at which the event took place | int or string |
 
 </TableWrap>
 
@@ -126,7 +126,7 @@ The tables below describe the fields available by log category. The list of fiel
 <TableWrap>
 
 | Field | Value | Type |
-|---|---|---|
+| -- | -- | -- |
 | Action | The code of the first-class action the Cloudflare Firewall took on this request | string |
 | ClientASN | The ASN number of the visitor | int |
 | ClientASNDescription | The ASN of the visitor as string | string |