Showing results for 
Show  only  | Search instead for 
Did you mean: 

Pro tip: Configure Cloudflare Logpush to Dynatrace

DynaMight Guru
DynaMight Guru

If you have a Cloudflare Enterprise plan, you can push logs from Cloudflare directly into Dynatrace.

To do that, you need the following data:

    An hexadecimal identifier available from Cloudflare.
  • <ENV-ID>
    Your Dynatrace tenant id
  • <TOKEN>
    An API token with the API v2 scope "Ingest logs"
  • <EMAIL>
    Your Cloudflare email account
  • <API_KEY>
    An API KEY from Cloudflare.
    An Authorization key from Cloudflare

To enable the Job that initiates the Logpush from the Cloudflare side, you should then execute:

$ curl -s$ZONE_TAG/logpush/jobs -X POST -d '
  "name": "dynatrace",
  "logpull_options": "fields=ClientIP,EdgeStartTimestamp,ClientRequestHost,ClientRequestMethod,ClientRequestPath&timestamps=rfc3339",
  "destination_conf": "https://<ENV-ID><TOKEN>&header_accept=application/json&header_content-type=application/json",
  "dataset": "http_requests",
  "enabled": true,
  "output_options": { "output_type": "ndjson", "batch_prefix": "[", "batch_suffix": "]", "record_delimiter": ","}
}' \
-H "X-Auth-Email: <EMAIL>" \
-H "X-Auth-Key: <API_KEY>" \
-H "Authorization: Bearer <BASIC AUTHORIZATION>"


The main trick, not explained in the Cloudflare documentation, is that Cloudflare, by default, seems to send the ndjson as text/plain. On the Dynatrace side, this is interpreted as a single log line, instead of being considered as JSON data. That's why in the above example, there is an additional header field passed as "header_content-type=application/json", so that Cloudflare sends an appropriate Content-type header to Dynatrace.

After the configuration above, you should start seeing your Cloudflare logs flowing into Dynatrace :dynaspin:

Other information can be configured to be pushed to Dynatrace.  For more information on the Cloudflare side, check the Cloudflare Docs.

Antonio Sousa

Featured Posts