Table: cloudflare_r2_object_data - Query Cloudflare R2 Objects using SQL
Cloudflare R2 is a storage service that offers a simple, scalable, and cost-effective way to store and retrieve any amount of data at any time. It is designed to deliver 99.999999999% durability, and scale past trillions of objects worldwide. Customers use R2 for backups, restores, and to serve user-generated content.
Table Usage Guide
The cloudflare_r2_object_data
table provides insights into the objects stored in Cloudflare R2 storage. As a data analyst or a DevOps engineer, you can explore object-specific details through this table, including object metadata, storage class, and associated data. Utilize it to uncover information about objects, such as their size, last modified date, and the storage class they belong to.
Important Notes
- You must specify both the
key
andbucket
in thewhere
clause to query this table. - Using this table adds to cost to your monthly bill from Cloudflare. Optimizations have been put in place to minimize the impact as much as possible. Please refer to Cloudflare R2 Pricing to understand the cost implications.
Examples
Basic info
Explore which types of content are stored in a specific Cloudflare account and bucket. This can be useful for understanding the structure and organization of your data, particularly for large-scale log management.
select key, bucket, content_typefrom cloudflare_r2_object_datawhere account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'logs' and key = 'logs/application_logs/2020/11/04/14/40/dashboard/db_logs.json.gz';
select key, bucket, content_typefrom cloudflare_r2_object_datawhere account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'logs' and key = 'logs/application_logs/2020/11/04/14/40/dashboard/db_logs.json.gz';
Parse object data into jsonb
Analyze the settings to understand the specific object data within a given Cloudflare account and bucket. This is particularly useful for exploring and understanding application log data.
select key, bucket, data :: jsonbfrom cloudflare_r2_object_datawhere account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'logs' and key = 'logs/application_logs/2020/11/04/14/40/dashboard/db_logs.json.gz';
select key, bucket, json(data)from cloudflare_r2_object_datawhere account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'logs' and key = 'logs/application_logs/2020/11/04/14/40/dashboard/db_logs.json.gz';
Process jsonb
data in objects
Determine the areas in which errors occur in your application by analyzing event data from your Cloudflare logs. This allows you to pinpoint specific instances of error levels, enhancing your ability to troubleshoot and improve your application's performance.
select event ->> 'level' as level, event ->> 'severity' as severity, event ->> 'message' as event_message, event ->> 'data' as event_data, event ->> 'timestamp' as timestampfrom cloudflare_r2_object_data, jsonb_array_elements((data :: jsonb) -> 'events') as eventwhere account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'logs' and key = 'logs/application_logs/2020/11/04/14/40/dashboard/auth_logs.json.gz' and event ->> 'level' = 'error';
select json_extract(event.value, '$.level') as level, json_extract(event.value, '$.severity') as severity, json_extract(event.value, '$.message') as event_message, json_extract(event.value, '$.data') as event_data, json_extract(event.value, '$.timestamp') as timestampfrom cloudflare_r2_object_data, json_each(json_extract(data, '$.events')) as eventwhere account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'logs' and key = 'logs/application_logs/2020/11/04/14/40/dashboard/auth_logs.json.gz' and json_extract(event.value, '$.level') = 'error';
Get the raw binary data
by converting back from base64
Discover the segments that enable the extraction of raw binary data from a specific user's uploaded files in a Cloudflare account. This might be used to analyze or manipulate the file data directly, bypassing the need for base64 encoding.
select decode(data, 'base64')from cloudflare_r2_object_datawhere account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'user_uploads' and key = 'avatar_9ac3097c-1e56-4108-b92e-226a3f4caeb8';
select decode(data, 'base64')from cloudflare_r2_object_datawhere account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'user_uploads' and key = 'avatar_9ac3097c-1e56-4108-b92e-226a3f4caeb8';
List the object data of those objects that are encrypted with SSE KMS key
Explore which objects within a specific account and bucket are encrypted using a KMS key. This is particularly useful for identifying and managing sensitive data that requires enhanced security measures.
select key, bucket, content_typefrom cloudflare_r2_object_datawhere sse_kms_key_id is not null and account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'logs' and key = 'logs/application_logs/2020/11/04/14/40/dashboard/db_logs.json.gz';
select key, bucket, content_typefrom cloudflare_r2_object_datawhere sse_kms_key_id is not null and account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'logs' and key = 'logs/application_logs/2020/11/04/14/40/dashboard/db_logs.json.gz';
List the object data of those objects that are expiring in the next 7 days
Determine the details of certain objects set to expire within the next week. This could be particularly useful for managing and prioritizing updates or renewals for those objects, especially within a large dataset.
select key, bucket, content_typefrom cloudflare_r2_object_datawhere expires >= now() + interval '7' day and account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'logs' and key = 'logs/application_logs/2020/11/04/14/40/dashboard/db_logs.json.gz';
select key, bucket, content_typefrom cloudflare_r2_object_datawhere expires >= datetime('now', '+7 days') and account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'logs' and key = 'logs/application_logs/2020/11/04/14/40/dashboard/db_logs.json.gz';
List the object data of those objects that are 'Delete Marker'
Determine the areas in which certain objects are marked for deletion within a specific account and bucket. This is particularly useful in identifying and managing potential data removals.
select key, bucket, content_typefrom cloudflare_r2_object_datawhere delete_marker and account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'logs' and key = 'logs/application_logs/2020/11/04/14/40/dashboard/db_logs.json.gz';
select key, bucket, content_typefrom cloudflare_r2_object_datawhere delete_marker and account_id = 'fb1696f453testaccount39e734f5f96e9' and bucket = 'logs' and key = 'logs/application_logs/2020/11/04/14/40/dashboard/db_logs.json.gz';
Schema for cloudflare_r2_object_data
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
accept_ranges | text | Indicates that a range of bytes was specified. | |
account_id | text | = | ID of the account. |
bucket | text | = | The name of the container bucket of the object. |
bucket_key_enabled | boolean | Indicates whether the object uses an S3 Bucket Key for server-side encryption with Amazon Web Services KMS (SSE-KMS). | |
cache_control | text | Specifies caching behavior along the request/reply chain. | |
checksum_crc32 | text | The base64-encoded, 32-bit CRC32 checksum of the object. This will only be present if it was uploaded with the object. With multipart uploads, this may not be a checksum value of the object. | |
checksum_crc32c | text | The base64-encoded, 32-bit CRC32C checksum of the object. This will only be present if it was uploaded with the object. With multipart uploads, this may not be a checksum value of the object. | |
checksum_sha1 | text | The base64-encoded, 160-bit SHA-1 digest of the object. This will only be present if it was uploaded with the object. With multipart uploads, this may not be a checksum value of the object. | |
checksum_sha256 | text | The base64-encoded, 256-bit SHA-256 digest of the object. This will only be present if it was uploaded with the object. With multipart uploads, this may not be a checksum value of the object. | |
content_disposition | text | Specifies presentational information for the object. | |
content_encoding | text | Specifies what content encodings have been applied to the object. | |
content_language | text | The language the content is in. | |
content_length | bigint | Size of the body in bytes. | |
content_range | text | The portion of the object returned in the response. | |
content_type | text | A standard MIME type describing the format of the object data. | |
data | text | The raw bytes of the object as a string. An UTF8 encoded string is sent, if the bytes entirely consists of valid UTF8 runes, an UTF8 is sent otherwise the bas64 encoding of the bytes is sent. | |
delete_marker | boolean | Specifies whether the object retrieved was (true) or was not (false) a Delete Marker. If false, this response header does not appear in the response. | |
etag | text | A a hash of the object. | |
expiration | text | If the object expiration is configured (see PUT Bucket lifecycle), the response includes this header. It includes the expiry-date and rule-id key-value pairs providing object expiration information. The value of the rule-id is URL-encoded. | |
expires | timestamp with time zone | The date and time at which the object is no longer cacheable. | |
key | text | = | The name assigned to an object. |
last_modified | timestamp with time zone | Specifies the time when the object is last modified. | |
metadata | jsonb | A map of metadata to store with the object in S3. | |
missing_meta | bigint | A map of metadata to store with the object in S3. | |
object_lock_legal_hold_status | jsonb | Indicates whether this object has an active legal hold. This field is only returned if you have permission to view an object's legal hold status. | |
object_lock_mode | jsonb | The Object Lock mode currently in place for this object. | |
object_lock_retain_until_date | jsonb | The date and time when this object's Object Lock will expire. | |
parts_count | bigint | The count of parts this object has. This value is only returned if you specify partNumber in your request and the object was uploaded as a multipart upload. | |
replication_status | jsonb | Amazon S3 can return this if your request involves a bucket that is either a source or destination in a replication rule. | |
request_charged | jsonb | If present, indicates that the requester was successfully charged for the request. | |
restore | text | Provides information about object restoration action and expiration time of the restored object copy. | |
result_metadata | jsonb | Metadata pertaining to the operation's result. | |
server_side_encryption | jsonb | The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms). | |
sse_customer_algorithm | text | If server-side encryption with a customer-provided encryption key was requested, the response will include this header confirming the encryption algorithm used. | |
sse_customer_key_md5 | text | If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide round-trip message integrity verification of the customer-provided encryption key. | |
sse_kms_key_id | text | If present, specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key that was used for the object. | |
storage_class | jsonb | Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects. | |
tag_count | bigint | The number of tags, if any, on the object. | |
title | text | Title of the resource. | |
version_id | text | Version of the object. | |
website_redirection_loaction | text | If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- cloudflare
You can pass the configuration to the command with the --config
argument:
steampipe_export_cloudflare --config '<your_config>' cloudflare_r2_object_data