Service Mesh Envoy access logs

Applications (Envoy sidecars) that generate audit logs on the service mesh upon receiving requests have the following log format.

JSON representation

{
  "bytes_sent": string,
  "x_forwarded_for": string,
  "severity_text": string,
  "observed_time_unix_nano": integer,
  "user_agent": string,
  "x_request_id": string,
  "start_time": string,
  "upstream_local_address": string,
  "connection_termination_details": string,
  "severity_number": integer,
  "resource": {
    object
  },
  "x_envoy_upstream_service_time": string,
  "response_code_details": string,
  "upstream_host": string,
  "duration": string,
  "upstream_cluster": string,
  "upstream_transport_failure_reason": string,
  "authority": string,
  "username": string,
  "protocol": string,
  "route_name": string,
  "requested_server_name": string,
  "method": string,
  "time_unix_nano": integer,
  "bytes_received": string,
  "path": string,
  "response_flags": string,
  "x_goog_api_client": string,
  "body": {
    object
  },
  "downstream_local_address": string,
  "downstream_remote_address": string,
  "response_code": string
}

Fields
`bytes_sent`	`string` The bytes sent in the body. For a websocket connection, it also includes the bytes sent in the response header. For example, `"46259"`
`x_forwarded_for`	`string` The IP addresses visited by a request from the client to the server. For example, `"10.200.0.1"`
`severity_text`	`string` Information about the severity level of the log entry. It might be an empty value.
`observed_time_unix_nano`	`integer` The UNIX epoch time in nanoseconds of the log entry collection. For example, `1668556781041333000`
`user_agent`	`string` The name of the software that retrieves, renders, and facilitates end-user interaction with the web content. It also refers to the user interface implemented using web technologies. For example, `"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"`
`x_request_id`	`string` The unique ID of a single request. For example, `"a4cadca4-662f-4a9c-af63-39a5b3275d8b"`
`start_time`	`string` The start time of the request up to milliseconds. For example, `"2022-11-15T23:59:41.041Z"`
`upstream_local_address`	`string` The local address of the upstream connection. If it is an IP address, it includes the address and the port. For example, `"127.0.0.6:42179"`
`connection_termination_details`	`string` Additional information about why Envoy terminated the connection. It might be an empty value.
`severity_number`	`integer` The severity level of the log entry. For example, `0`
`resource`	`object` The attributes of the Envoy resource that produced the log entry. These attributes are in key-value pairs in the object. For example, { "log_name": string, "cluster_name": string, "node_name": string, "zone_name": string }
`x_envoy_upstream_service_time`	`string` The time in milliseconds that the upstream host spent processing the request. For example, `"0"`
`response_code_details`	`string` Additional information about the response code, such as who set it (the upstream or Envoy) and why. For example, `"via_upstream"`
`upstream_host`	`string` The URL of the upstream host. For example, `"10.253.132.163:80"`
`duration`	`string` Total duration in milliseconds of the request from the start time to the last byte out. For example, `"4"`
`upstream_cluster`	`string` The cluster to which the upstream host belongs. For example, `"inbound\|80\|\|"`
`upstream_transport_failure_reason`	`string` If the upstream connection fails due to a transport socket, it provides the failure reason from the transport socket. The format of this field depends on the configured upstream transport socket. For example, `"SSLV3_ALERT_CERTIFICATE_EXPIRED"`
`authority`	`string` The host and port information from the target URI. For example, `"console.zone1.google.gdch.test"`
`username`	`string` The user identity that initiated the request. For example, `"fop-cluster-admin@example.com"`
`protocol`	`string` The protocol type of the request. For example, `"HTTP/1.1"`
`route_name`	`string` The name of the route. For example, `"default"`
`requested_server_name`	`string` The value set on the SSL connection socket for Server Name Indication (SNI). For example, `"outbound_.80_._.fleet-admin-platform-admin-ui.gpc-system.svc.cluster.local"`
`method`	`string` The name of the method. For example, `"GET"`
`time_unix_nano`	`integer` The UNIX epoch time in nanoseconds of the log entry collection. For example, `1668556781041333000`
`bytes_received`	`string` The bytes received in the body. For example, `"0"`
`path`	`string` The path of the HTTP request. For example, `"/metrics"`
`response_flags`	`string` Additional details about the response or connection, if any. For example, `"UH (no healthy upstream hosts)"`
`x_goog_api_client`	`string` The API client identification. It might be an empty value.
`body`	`object` The request body. It might be an empty value.
`downstream_local_address`	`string` The local address of the downstream connection. If it is an IP address, it includes the address and the port. For example, `"10.253.132.163:80"`
`downstream_remote_address`	`string` The remote address of the downstream connection. If it is an IP address, it includes the address and the port. For example, `"10.200.0.1:0"`
`response_code`	`string` The HTTP response code. Possible values: `"200"` (Success) `"403"` (Forbidden request) `"500"` (Error)