This section describes the fields in the expanded log table.

Clicking the + plus icon on the right of the logs table expands an individual log. This provides an in-depth view of the specific connection log or the HTTP request and response log.

The following are displayed in the expanded table:



End to End Timing

The bar is similar to the Analytics tab of the virtual service Details page, though it also contains arrows indicating the HTTP response code. This data is specific to this single connection or HTTP request, whereas the Analytics tab for the virtual service shows an aggregate of all connections or requests. If the arrow under Server RTT is a 0, then no response was received from the server. This could be due to an error such as a timed out server response, or because the request was served by the NSX Advanced Load Balancer, such as caching or a policy.

IP Addresses

Under End-to-End Timing, IP addresses and service ports indicate the client source address and port being used to initiate a transaction to the virtual service IP address and destination service port. The second address under the (LB) icon is the NSX Advanced Load Balancer source NAT (SNAT) address and source port that is used for communicating with the destination server’s pool, name, IP address and port.

Client data

The column under the Client icon displays the following client information:

  • Client IP: The source IP address and service port of the client.

  • Location: The country of origin for the IP address or Internal for private IP addresses. This field can also show custom IP group names.

  • Operating System: The OS of the connecting device. HTTP only.

  • Device: The type of connecting device, such as computer, table, or phone. HTTP only.

  • Browser: The web browser of the connecting device. HTTP only.

  • SSL Version: The negotiated version, such as SSL 3.0, TLS 1.0, TLS 1.1, or TLS 1.2. SSL terminated HTTP traffic only.

  • Certificate Type: RSA or Elliptic Curve (EC) certificate used for the connection. SSL terminated HTTP traffic only.

  • Perfect Forward Secrecy: Did the client negotiate a cipher which protects the connection from later decryption through hijacked keys. SSL terminated HTTP traffic only.

  • Start Time: The time the connection was established or the request was received.

LB data

The following information appears under the LB icon in the middle column:

  • Virtual Service IP: The listening virtual service’s IP and port.

  • Server Conn IP: The source IP address and port used as the source NAT address on the server side of the connection.

  • End time: When the log was generated. It normally occurs when the request or connection was completed. The logs are generated for currently active, long-lived connections. Logs generated during an open connection will be updated periodically or when the connection closes.

  • Service Engine: The SE and corresponding vCPU that was used to process the request or connection.

  • Persistent Session ID: Persistent Session ID for the request will be displayed even if persistence is not enabled.

  • Response Length: The size of the response, such as HTTP payload plus headers returned by the NSX Advanced Load Balancer to the client. This size may be different from the server Response Length in the server column due to SSL padding, Javascript insertion (when Client Insights is set to Active), compression, TCP maximum segment size differences, or a number of other features.

The following fields appear only if applicable:

  • Cache Hit: This is true if the HTTP request was served by the NSX Advanced Load Balancer cache. This field will not be shown if caching is disabled.

  • Compression: If the NSX Advanced Load Balancer compressed the response content, this will show the percent by which the content was able to be compressed.

  • Policy Rule: If a policy has been applied to the virtual service, any rules that were executed will be displayed. If the rule was created with the log checkbox enabled, the log will be generated even if the virtual service does not have full client logs enabled on the Analytics tab for the virtual service. These logs will still require Non-Significant Logs to be selected in order to be displayed (unless they qualify as Significant Logs).

  • Significance: If the connection or request is determined to be an error, it will be marked as Significant. This field provides a description of the issue (such as client terminated the connection or server returned 500 error).

Server and App data

The third column provides the following information on connection or request and response:

  • Server IP: Pool name, server name, and the server IP address and port.

  • Host: The HTTP Host header, such as or

  • Request: The HTTP method (such as GET), version (such as HTTP/1.1), and size of the request (such as 2 Kb).

  • URI: The HTTP path and query of the client request.

  • User Agent: The raw client HTTP User-Agent header (such as Mozilla/5.0, AppleWebKit/533, and so on).

  • Content Type: The HTML, images, Javascript, and so on returned to the client.

  • Response Length: The size of the HTTP header plus content returned from the server to theNSX Advanced Load Balancer. (This might be different from the size of the response length from the NSX Advanced Load Balancer to the client due to compression, inserting JavaScript, or other acceleration that might alter the content size before it is sent to the client.)

View All Headers

Expands the log display to show additional information for the transaction. View All Headers exist due to the following:

  • All Headers: On the Analytics tab for the virtual service, create a new filter with the All Headers option selected. This will cause the NSX Advanced Load Balancer to record all client request and server response headers. Custom headers, cache control, and other useful troubleshooting can be done by viewing full headers. Larger headers come at the cost of a significant resource hit to the SEs creating the logs and the Controller storing the larger logs. Recommendation is to turn this feature on selectively, such as for specific clients or for a shorter time duration.

  • DataScript Errors: Many DataScript errors are caught when attempting to save a new script. However, there are many scenarios when the script could fail when executing. When this happens, an error will be created in the logs, visible under View All Headers. The error and stack trace are included to help determine the cause of the error.

Significant Log Events

For more information on the types of significant log events, see Significant Log Events.