Hello @真 川崎 ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
Azure CDN from Microsoft Service currently provides Raw logs and it is called AzureCdnAccessLog.
As mentioned in the Azure CDN monitoring document,
Raw logs include logs generated from both CDN edge (child POP) and origin shield. Origin shield refers to parent nodes that are strategically located across the globe. These nodes communicate with origin servers and reduce the traffic load on origin.
For every request that goes to origin shield, there are two log entries:
- One for edge nodes
- One for origin shield
isReceivedFromClient value:
- If true, it means that the request came from the client.
- If false, the request is a miss in the edge (child POP) and is responded from origin shield (parent POP).
To differentiate the egress or responses from the edge nodes vs. origin shield, you can use the field isReceivedFromClient to get the correct data.
You can use the below Kusto query sample to exclude logs generated on origin shield in Log Analytics.
AzureDiagnostics
| where Resource == toupper(resourceName) and Category == "AzureCdnAccessLog"
| where requestUri_s !contains "string representing the media"
| where isReceivedFromClient == true
| order by TimeGenerated asc
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.