Answer from @keen is using {request>remote_ip}, but it's not the actual client's IP address when caddy is working with trusted_proxies, where caddy is behind with reverse proxies or CDN like CloudFront/Cloudflare.

Alternative approach is using {request>client_ip}, in which trusted_proxies will update client_ip according to trusted_proxies. Then we can use it afterwards:

format transform `{request>client_ip} - {request>user_id} [{ts}] "{request>method} {request>uri} {request>proto}" {status} {size} "{request>headers>Referer>[0]}" "{request>headers>User-Agent>[0]}" "host:{request>host}"` {
        time_format "02/Jan/2006:15:04:05 -0700"
}