Skip to main content
Sumo Logic

Collect Logs for Cloudflare

This page provides instructions for setting up a Hosted Collector and specifying a Sumo Logic Source.

This page shows you how to set up a Hosted Collector and specify a Sumo Logic Source. Click a link to jump to a topic:

Set up a Hosted Collector and specify a Sumo Logic Source

This section provides instructions for setting up a Hosted Collector and specify a Sumo Logic Source.

Prerequisite

To send Cloudflare logs to Sumo Logic, you must first configure Cloudflare Logs to send logs to AWS S3 using Logpush or Logpull.

To set up a Hosted Collector and specify a Sumo Logic Source, do the following:
  1. Follow the instructions for Configuring a Hosted Collector in Sumo Logic to start collecting logs.
  2. Follow the instructions for Configure an Amazon S3 Source in Sumo Logic. When setting up an S3 Source, it's important to specify the correct timestamp field. Follow the next steps to do so.
  3. Click Advanced, if the settings are not already shown.
  4. For Timestamp Format, select Specify a format and enter the following:

    Format: yyyy-MM-dd'T'HH:mm:ss'Z'

    Timestamp Locator: \"EdgeStartTimestamp\"\s*:\s*\"(.*)\"

    Cloudflare_Source-timestamp-format.png

  5. Click Test. A Test Timestamp Parsing dialog appears.
  6. Enter a sample log message in the Test Timestamp Parsing dialog, such as the following, and then click Test:
    "EdgeStartTimestamp":"2018-12-19T23:38:10Z"
    A dialog confirming that your timestamp format matched should appear.

    Cloudflare_TestTimestampParsing-Dialog.png
  7. Click Done and then click Save to save the timestamp parsing to the source.

Sample Log Message

{
"ClientIP": "89.163.242.206",
"ClientRequestHost": "www.theburritobot.com",
"ClientRequestMethod": "GET",
"ClientRequestURI": "/static/img/testimonial-hipster.png",
"EdgeEndTimestamp": 2018-12-15T02:20:57Z,
"EdgeResponseBytes": 69045,
"EdgeResponseStatus": 200,
"EdgeStartTimestamp": 2018-12-15T02:20:57Z,
"RayID": "3a6050bcbe121a87"
}

Query Sample

The following log query is from the ‘Total Number of Requests’ panel in the ‘Cloudflare - Snapshot’ dashboard.

ClientCountry*
| json "EdgePathingSrc", "EdgePathingOp","EdgePathingStatus", "ClientCountry", 
"ClientIP", "ClientDeviceType", "ClientRequestHost", "ClientRequestUserAgent", 
"ClientRequestURI", "OriginResponseStatus", "EdgeResponseStatus", "OriginIP", 
"ClientIPClass" as edge_pathing_src, edge_pathing_op, edge_pathing_status, client_country, 
client_ip, client_device_type, client_request_host, client_request_user_agent, 
client_request_uri, origin_response_status, edge_response_status, origin_ip, client_ip_class
| count