Example SQL queries
The following examples show practical SQL queries you can use with the http_requests dataset in Log Explorer. For the full list of supported SQL syntax, refer to SQL queries supported.
Adjust the date ranges in each example to match the time period you want to query.
Get a high-level summary of total requests and data transfer for a specific time period. Results include total bytes transferred and conversions to megabytes and gigabytes.
SELECT COUNT(*) AS total_requests, SUM(EdgeResponseBytes) AS total_data_transfer, SUM(EdgeResponseBytes) / (1024.0 * 1024.0 * 1024.0) AS total_data_transfer_gb, SUM(EdgeResponseBytes) / (1024.0 * 1024.0) AS total_data_transfer_mbFROM http_requestsWHERE {{ timeFilter }}Understand how security actions, such as blocks and challenges, are distributed across your traffic and identify the most common security responses applied to requests.
SELECT SecurityAction, COUNT(*) AS ActionCountFROM http_requestsWHERE SecurityAction != 'unknown' AND SecurityAction IS NOT NULLGROUP BY SecurityActionORDER BY ActionCount DESCIdentify the top client IP addresses and request URIs that triggered managed, JavaScript, or interactive challenges to investigate potential bot activity or targeted attacks.
SELECT ClientIP, ClientRequestURI, SecurityActions, COUNT(*) AS CountFROM http_requestsWHERE {{ timeFilter }} AND ( ARRAY_CONTAINS(SecurityActions, 'challenge') OR ARRAY_CONTAINS(SecurityActions, 'managedChallenge') OR ARRAY_CONTAINS(SecurityActions, 'jsChallenge') OR ARRAY_CONTAINS(SecurityActions, 'challengeSolved') )GROUP BY ClientIP, ClientRequestURI, SecurityActionsORDER BY Count DESCLIMIT 20Identify which request URIs consume the most bandwidth to pinpoint large assets or endpoints that drive the most data transfer.
SELECT ClientRequestURI, SUM(EdgeResponseBytes) / (1024 * 1024) AS MegabytesTransferredFROM http_requestsWHERE {{ timeFilter }}GROUP BY ClientRequestURIORDER BY MegabytesTransferred DESCLIMIT 10Analyze client TCP round-trip time (RTT) across different countries to identify regions with high latency that might benefit from additional optimization.
SELECT ClientCountry, COUNT(*) AS requests, AVG(ClientTCPRttMs) AS avg_rtt, MIN(ClientTCPRttMs) AS min_rtt, MAX(ClientTCPRttMs) AS max_rttFROM http_requestsWHERE {{ timeFilter }}GROUP BY ClientCountryORDER BY avg_rtt DESCLIMIT 20Break down traffic by cache status and measure the average time to first byte (TTFB) for each status to evaluate cache effectiveness and identify opportunities to improve cache hit ratios.
SELECT CacheCacheStatus, COUNT(*) AS requests, SUM(EdgeResponseBytes) AS total_bytes, AVG(EdgeTimeToFirstByteMs) AS avg_ttfbFROM http_requestsWHERE {{ timeFilter }}GROUP BY CacheCacheStatusORDER BY requests DESCFind request paths with the highest average time to first byte (TTFB), along with request counts and server error counts toidentify slow endpoints that may need optimization.
SELECT ClientRequestPath, AVG(EdgeTimeToFirstByteMs) AS avg_ttfb, COUNT(*) AS requests, SUM(CASE WHEN EdgeResponseStatus >= 500 THEN 1 ELSE 0 END) AS errorsFROM http_requestsWHERE {{ timeFilter }}ORDER BY avg_ttfb DESCLIMIT 10