If you have a Cloudflare Enterprise plan, you can push logs from Cloudflare directly into Dynatrace.
To do that, you need the following data:
- $ZONE_TAG
An hexadecimal identifier available from Cloudflare. - <ENV-ID>
Your Dynatrace tenant id - <TOKEN>
An API token with the API v2 scope "Ingest logs" - <EMAIL>
Your Cloudflare email account - <API_KEY>
An API KEY from Cloudflare. - <BASIC AUTHORIZATION>
An Authorization key from Cloudflare
To enable the Job that initiates the Logpush from the Cloudflare side, you should then execute:
$ curl -s https://api.cloudflare.com/client/v4/zones/$ZONE_TAG/logpush/jobs -X POST -d '
{
"name": "dynatrace",
"logpull_options": "fields=ClientIP,EdgeStartTimestamp,ClientRequestHost,ClientRequestMethod,ClientRequestPath×tamps=rfc3339",
"destination_conf": "https://<ENV-ID>.live.dynatrace.com/api/v2/logs/ingest?header_Authorization=Api-Token%20<TOKEN>&header_accept=application/json&header_content-type=application/json",
"dataset": "http_requests",
"enabled": true,
"output_options": { "output_type": "ndjson", "batch_prefix": "[", "batch_suffix": "]", "record_delimiter": ","}
}' \
-H "X-Auth-Email: <EMAIL>" \
-H "X-Auth-Key: <API_KEY>" \
-H "Authorization: Bearer <BASIC AUTHORIZATION>"
The main trick, not explained in the Cloudflare documentation, is that Cloudflare, by default, seems to send the ndjson as text/plain. On the Dynatrace side, this is interpreted as a single log line, instead of being considered as JSON data. That's why in the above example, there is an additional header field passed as "header_content-type=application/json", so that Cloudflare sends an appropriate Content-type header to Dynatrace.
After the configuration above, you should start seeing your Cloudflare logs flowing into Dynatrace 
Other information can be configured to be pushed to Dynatrace. For more information on the Cloudflare side, check the Cloudflare Docs.
Featured Posts
