Cloudflare

Cloudflare

Crawler Crawler

Overview

Connect Datadog with your Cloudflare account to see your web traffic and DNS metrics.

Setup

Before you begin, you need a Datadog account, with an API key, and access to Cloudflare Logpush, which requires an Enterprise account plan.

When using a Cloudflare API token, ensure it has the Zone > Zone > Read and Zone > Analytics > Read permissions.

Installation

Install the integration with the Datadog Cloudflare integration tile.

Configuration

  1. Go to the Configuration tab inside the Datadog Cloudflare integration tile.
  2. Enter the email addresses and API keys or token of the accounts you want to monitor. Your Cloudflare API key and API token are available in your Cloudflare account under My profile > Api Tokens.
  3. Add a name for the account. This name is arbitrary and used in the account tag on your metrics.

Log collection

Cloudflare allows customers to push logs directly into Datadog using Cloudflare Logpush. You can manage the Logpush job with the Cloudflare API or with the Cloudflare dashboard.

Cloudflare API

  1. Create a Logpush job by making a POST request to the Logpush jobs endpoint. Include the following fields:

    • name (optional): Use your domain name as the job name.
    • destination_conf: A log destination consisting of the following parameters:
      • <DATADOG_ENDPOINT_URL>: The Datadog HTTP logs intake endpoint. Your endpoint is http-intake.logs./v1/input
      • <DATADOG_API_KEY>: Your Datadog API key.
      • ddsource: Set to cloudflare.
      • service (optional): Specify service name.
      • host (optional): Specify host name.
      • ddtags (optional): Specify tags.
    • dataset: The category of logs you want to receive. See the Cloudflare Log fields for a list of supported datasets.
    • logpull_options (optional): To configure fields, sample rate, and timestamp format, see the Logpush API options.

    Example request:

    curl -s -X POST 'https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/logpush/jobs' \
    --header 'X-Auth-Key: <CLOUDFLARE_AUTH_KEY>' \
    --header 'X-Auth-Email: <CLOUDFLARE_AUTH_EMAIL>' \
    --header 'Content-Type: application/json' \
    --data-raw '{
       "name": "<NAME>",
       "destination_conf": "datadog://<DATADOG_ENDPOINT_URL>?header_DD-API-KEY=<DATADOG_API_KEY>&ddsource=cloudflare&service=cloudflare&ddtags=env:dev",
       "logpull_options": "fields=RayID,EdgeStartTimestamp&timestamps=rfc3339",
       "dataset": "http_requests"
    }'
    

    Example response:

    {
     "errors": [],
     "messages": [],
     "result": {
       "id": 100,
       "dataset": "http_requests",
       "enabled": false,
       "name": "<DOMAIN_NAME>",
       "logpull_options": "fields=RayID,EdgeStartTimestamp&timestamps=rfc3339",
       "destination_conf": "datadog://http-intake.logs./v1/input?header_DD-API-KEY=<DD-API-KEY>&ddsource=cloudflare&service=cloudflare&ddtags=env:dev",
       "last_complete": null,
       "last_error": null,
       "error_message": null
     },
     "success": true
    }
    

    Take note of the value of id. In the example above, it is 100.

  2. Enable the job. Use the job ID returned in the response and send {"enabled": true} in the request body.

    Example request:

    curl -s -X PUT \
    https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/logpush/jobs/<JOB_ID> -d'{"enabled":true}' | jq .
    

    Example response:

    {
      "errors": [],
      "messages": [],
      "result": {
        "id": 100,
        "dataset": "http_requests",
        "enabled": true,
        "name": "<DOMAIN_NAME>",
        "logpull_options": "fields=RayID,EdgeStartTimestamp&timestamps=rfc3339",
        "destination_conf": "datadog://?header_DD-API-KEY=<DATADOG-API-KEY>",
        "last_complete": null,
        "last_error": null,
        "error_message": null
      },
      "success": true
    }
    

Cloudflare dashboard

  1. Once you have Connected a service with the Logpush section of the Cloudflare dashboard, select the dataset, select data fields, and then, under select destination, choose Datadog.

  2. Under Enter destination information, enter the Datadog URL Endpoint:

    http-intake.logs./v1/input?ddsource=cloudflare
    

    Note: ddsource=cloudflare is required. To differentiate between logs, you can also add the optional parameters of service, host, and ddtags.

    Example:

    http-intake.logs./v1/input?service=<SERVICE>&host=<HOST>&ddsource=cloudflare
    
  3. Enter the Datadog API key you used to set-up your Datadog Cloudflare integration tile.

  4. After validating access, you should see “Ready to push!” under Prove ownership. Click Push to complete.

Data Collected

Metrics

cloudflare.requests.all
(count)
Total request count
Shown as request
cloudflare.requests.cached
(count)
Cached requests count
Shown as request
cloudflare.requests.uncached
(count)
Uncached requests count
Shown as request
cloudflare.requests.ssl.encrypted
(count)
SSL encrypted requests count
Shown as request
cloudflare.requests.ssl.unencrypted
(count)
Unencrypted requests count
Shown as request
cloudflare.requests.country
(count)
Request count, tagged by IATA country code
Shown as request
cloudflare.requests.status
(count)
Request count, tagged by HTTP response code
Shown as request
cloudflare.requests.content_type
(count)
Request count, tagged by Content-Type
Shown as request
cloudflare.requests.ip_class
(count)
Request count, tagged by IP class
Shown as request
cloudflare.bandwidth.all
(count)
Total bandwidth
Shown as byte
cloudflare.bandwidth.cached
(count)
Cached bandwidth
Shown as byte
cloudflare.bandwidth.uncached
(count)
Uncached bandwidth
Shown as byte
cloudflare.bandwidth.ssl.encrypted
(count)
SSL encrypted bandwidth
Shown as byte
cloudflare.bandwidth.ssl.unencrypted
(count)
Unencrypted bandwidth
Shown as byte
cloudflare.bandwidth.country
(count)
Bandwidth tagged by IATA country code
Shown as byte
cloudflare.bandwidth.content_type
(count)
Bandwidth tagged by Content-Type
Shown as byte
cloudflare.threats.all
(count)
Total threats
Shown as operation
cloudflare.threats.type
(count)
Threats tagged by type
Shown as operation
cloudflare.threats.country
(count)
Threats tagged by IATA country code
Shown as operation
cloudflare.pageviews.all
(count)
Total page views
Shown as page
cloudflare.pageviews.search_engine
(count)
Page views tagged by search engine
Shown as page
cloudflare.uniques.all
(count)
Unique visitors count
Shown as connection
cloudflare.dns.query.all
(count)
DNS query count
Shown as request
cloudflare.dns.query.uncached
(count)
Uncached DNS query count
Shown as request
cloudflare.dns.query.stale
(count)
Stale DNS query count
Shown as request
cloudflare.dns.response_time.avg
(gauge)
DNS query average response time
Shown as millisecond
cloudflare.dns.response_time.median
(gauge)
DNS query median response time
Shown as millisecond
cloudflare.dns.response_time.90p
(gauge)
DNS query response time to the 90th percentile
Shown as millisecond
cloudflare.dns.response_time.99p
(gauge)
DNS query response time to the 99th percentile
Shown as millisecond
cloudflare.workers.requests.all
(count)
The request count to the worker script (metrics may not show without enabled API Key permissions)
Shown as request
cloudflare.workers.requests.errors
(count)
The error count to the worker script (metrics may not show without enabled API Key permissions)
Shown as request
cloudflare.workers.requests.subrequests
(count)
The subrequest count to the worker script (metrics may not show without enabled API Key permissions)
Shown as request
cloudflare.workers.response_time.75p
(gauge)
The worker response time to the 75th percentile (metrics may not show without enabled API Key permissions)
Shown as millisecond
cloudflare.workers.response_time.99p
(gauge)
The worker response time to the 99th percentile (metrics may not show without enabled API Key permissions)
Shown as millisecond
cloudflare.load_balancer.pool.round_trip_time.average
(gauge)
The average round trip time to reach the load balancer pool
Shown as millisecond
cloudflare.load_balancer.pool.health.status
(count)
The load balancer pool health status
Shown as request

Permissions

Verify your Cloudflare API token has these permissions enabled:

Scope Permission Status
Account Account Analytics Read
Account Account Setting Read
Account Worker Scripts Read
Zone Zone Read
Zone Analytics Read
Zone Worker Routes Read
Zone Load Balancers Read

Events

The Cloudflare integration does not include any events.

Service Checks

The Cloudflare integration does not include any service checks.

Troubleshooting

Need help? Contact Datadog support.