Cloudflare Docs
Analytics
Analytics
Visit Analytics on GitHub
Set theme to dark (⇧+D)

NAv1 to NAv2 schema map

The following table lists direct mappings between NAv1 and NAv2 fields, when available, and provides related fields when there is no direct mapping available.

ipFlows1mGroupsmagicTransitNetworkAnalytics-AdaptiveGroupsdosdNetworkAnalytics-AdaptiveGroupsdosdAttackAnalytics-GroupsflowtrackdNetworkAnalytics-AdaptiveGroupsmagicFirewallNetworkAnalytics-AdaptiveGroups
dateRelated fields:
datetime
datetimeTenSeconds
Related fields:
datetime
datetimeTenSeconds
Related fields:
datetime
datetimeTenSeconds
Related fields:
datetime
datetimeTenSeconds
datetimeMinutedatetimeMinutedatetimeMinutedatetimeMinutedatetimeMinute
datetimeFiveMinutesdatetimeFiveMinutesdatetimeFiveMinutesdatetimeFiveMinutesdatetimeFiveMinutes
datetimeFifteenMinutesdatetimeFifteenMinutesdatetimeFifteenMinutesdatetimeFifteenMinutesdatetimeFifteenMinutes
datetimeHourdatetimeHourdatetimeHourdatetimeHourdatetimeHour
attackId*attackId*attackId*
attackTypeattackType
attackMitigationTypemitigationType
sourceIPCountrysourceCountrysourceCountrysourceCountrysourceCountry
sourceIPAsnsourceAsnsourceAsnsourceAsnsourceAsn
sourceIPASNDescriptionRelated field:
sourceGeohash
Related field:
sourceGeohash
Related field:
sourceGeohash
Related field:
sourceGeohash
coloCodecoloCodecoloCodecoloCodecoloCode
coloCitycoloCitycoloCitycoloCitycoloCity
coloCountrycoloCountrycoloCountrycoloCountrycoloCountry
coloRegionRelated field:
coloGeohash
Related field:
coloGeohash
Related field:
coloGeohash
Related field:
coloGeohash
ipFlows1mGroupsmagicTransitNetworkAnalytics-AdaptiveGroupsdosdNetworkAnalytics-AdaptiveGroupsdosdAttackAnalytics-GroupsflowtrackdNetworkAnalytics-AdaptiveGroupsmagicFirewallNetworkAnalytics-AdaptiveGroups
ipVersionethertypeethertypeethertypeethertype
bitsipTotalLength
(bits divided by 8)
ipTotalLength
(bits divided by 8)
bitsipTotalLength
(bits divided by 8)
ipTotalLength
(bits divided by 8)
packetsn/an/apacketsn/an/a
ipProtocolipProtocolipProtocolipProtocolipProtocolipProtocol
sourceIPipSourceAddressipSourceAddresssourceIpipSourceAddressipSourceAddress
destinationIPipDestinationAddressipDestinationAddressdestinationIpipDestinationAddressipDestinationAddress
destinationIPv4Range24ipDestinationSubnetipDestinationSubnetipDestinationSubnetipDestinationSubnet
destinationIPv4Range23n/an/an/an/a
sourcePortsourcePortsourcePortsourcePortsourcePortsourcePort
destinationPortdestinationPortdestinationPortdestinationPortdestinationPortdestinationPort
tcpFlagstcpFlagstcpFlagstcpFlagstcpFlagstcpFlags

* The attackId field value may be different between NAv1 and NAv2 for the same attack.