[Logs] Update Logpush dataset fields (#29927)

Author: alyssamw

src/content/changelog/logs/2026-04-15-logpush-new-fields.mdx

@@ -0,0 +1,34 @@
+---
+title: New TenantID and Firewall for AI fields in Logpush datasets
+description: Logpush datasets now include TenantID and Firewall for AI fields for enhanced logging and security insights.
+date: 2026-04-15
+---
+
+Cloudflare has added new fields to multiple [Logpush datasets](/logs/logpush/logpush-job/datasets/):
+
+### TenantID field
+
+The following Gateway and Zero Trust datasets now include a `TenantID` field:
+
+- **[Gateway DNS](/logs/logpush/logpush-job/datasets/account/gateway_dns/#tenantid)**: Identifies the tenant ID of the DNS request, if it exists.
+- **[Gateway HTTP](/logs/logpush/logpush-job/datasets/account/gateway_http/#tenantid)**: Identifies the tenant ID of the HTTP request, if it exists.
+- **[Gateway Network](/logs/logpush/logpush-job/datasets/account/gateway_network/#tenantid)**: Identifies the tenant ID of the network session, if it exists.
+- **[Zero Trust Network Sessions](/logs/logpush/logpush-job/datasets/account/zero_trust_network_sessions/#tenantid)**: Identifies the tenant ID of the network session, if it exists.
+
+### Firewall for AI fields
+
+The following datasets now include [Firewall for AI](/api-shield/security/volumetric-abuse-detection/#firewall-for-ai) fields:
+
+- **[Firewall Events](/logs/logpush/logpush-job/datasets/zone/firewall_events/)**:
+  - `FirewallForAIInjectionScore`: The score indicating the likelihood of a prompt injection attack in the request.
+  - `FirewallForAIPIICategories`: List of PII categories detected in the request.
+  - `FirewallForAITokenCount`: The number of tokens in the request.
+  - `FirewallForAIUnsafeTopicCategories`: List of unsafe topic categories detected in the request.
+
+- **[HTTP Requests](/logs/logpush/logpush-job/datasets/zone/http_requests/)**:
+  - `FirewallForAIInjectionScore`: The score indicating the likelihood of a prompt injection attack in the request.
+  - `FirewallForAIPIICategories`: List of PII categories detected in the request.
+  - `FirewallForAITokenCount`: The number of tokens in the request.
+  - `FirewallForAIUnsafeTopicCategories`: List of unsafe topic categories detected in the request.
+
+For the complete field definitions for each dataset, refer to [Logpush datasets](/logs/logpush/logpush-job/datasets/).

src/content/docs/logs/logpush/logpush-job/datasets/account/gateway_dns.md

@@ -465,6 +465,12 @@ Type: `int`
 
 The port used by the client when they sent the DNS request (for example, 0).
 
+## TenantID
+
+Type: `string`
+
+The tenant ID of the DNS request, if exists.
+
 ## TimeZone
 
 Type: `string`

src/content/docs/logs/logpush/logpush-job/datasets/account/gateway_http.md

@@ -285,6 +285,12 @@ Type: `int`
 
 Source port of the request.
 
+## TenantID
+
+Type: `string`
+
+The tenant ID of the request, if exists.
+
 ## URL
 
 Type: `string`

src/content/docs/logs/logpush/logpush-job/datasets/account/gateway_network.md

@@ -177,6 +177,12 @@ Type: `int`
 
 Source port of the network session.
 
+## TenantID
+
+Type: `string`
+
+The tenant ID of the network session, if exists.
+
 ## Transport (deprecated)
 
 Type: `string`

src/content/docs/logs/logpush/logpush-job/datasets/account/zero_trust_network_sessions.md

@@ -249,6 +249,12 @@ Type: `int`
 
 Source port of the network session.
 
+## TenantID
+
+Type: `string`
+
+The tenant ID of the network session, if exists.
+
 ## UserID
 
 Type: `string`

src/content/docs/logs/logpush/logpush-job/datasets/zone/firewall_events.md

@@ -153,6 +153,30 @@ Type: `int`
 
 HTTP response status code returned to browser.
 
+## FirewallForAIInjectionScore
+
+Type: `int`
+
+The score indicating the likelihood of a prompt injection attack in the request, as determined by Firewall for AI.
+
+## FirewallForAIPIICategories
+
+Type: `array[string]`
+
+List of PII categories detected in the request by Firewall for AI.
+
+## FirewallForAITokenCount
+
+Type: `int`
+
+The number of tokens in the request, as counted by Firewall for AI.
+
+## FirewallForAIUnsafeTopicCategories
+
+Type: `array[string]`
+
+List of unsafe topic categories detected in the request by Firewall for AI.
+
 ## FraudUserID
 
 Type: `string`

src/content/docs/logs/logpush/logpush-job/datasets/zone/http_requests.md

@@ -345,6 +345,30 @@ Type: `int`
 
 Total view of Time To First Byte as measured at Cloudflare's edge. Starts after a TCP connection is established and ends when Cloudflare begins returning the first byte of a response to eyeballs. Includes TLS handshake time (for new connections) and origin response time.
 
+## FirewallForAIInjectionScore
+
+Type: `int`
+
+The score indicating the likelihood of a prompt injection attack in the request, as determined by Firewall for AI.
+
+## FirewallForAIPIICategories
+
+Type: `array[string]`
+
+List of PII categories detected in the request by Firewall for AI.
+
+## FirewallForAITokenCount
+
+Type: `int`
+
+The number of tokens in the request, as counted by Firewall for AI.
+
+## FirewallForAIUnsafeTopicCategories
+
+Type: `array[string]`
+
+List of unsafe topic categories detected in the request by Firewall for AI.
+
 ## FraudAttack
 
 Type: `string`
@@ -433,7 +457,7 @@ Number of bytes returned by the origin server.
 
 Type: `int`
 
-Upstream time to first byte, measured from the first datacenter that receives a request. Includes time taken by Argo Smart Routing and Tiered Cache, plus time to connect and receive the first byte of response from origin servers. This field replaces OriginResponseTime.
+Upstream response time, measured from the first datacenter that receives a request. Includes time taken by Argo Smart Routing and Tiered Cache, plus time to connect and receive a response from origin servers. This field replaces OriginResponseTime.
 
 ## OriginResponseHTTPExpires