Enable Logpush to New Relic
Cloudflare Logpush supports pushing logs directly to New Relic via the Cloudflare dashboard or via API.
Manage via the Cloudflare dashboard
Log in to the Cloudflare dashboard.
Select the Enterprise account or domain (also known as zone) you want to use with Logpush. Depending on your choice, you have access to account-scoped datasets and zone-scoped datasets, respectively.
Go to Analytics & Logs > Logpush.
Select Create a Logpush job.
In Select a destination, choose New Relic.
Enter the New Relic Logs Endpoint:
"https://log-api.newrelic.com/log/v1?Api-Key=<NR_LICENSE_KEY>&format=cloudflare"
"https://log-api.eu.newrelic.com/log/v1?Api-Key=<NR_LICENSE_KEY>&format=cloudflare"
Use the region that matches the one that has been set on your New Relic account. The License key field can be found on the New Relic dashboard. It can be retrieved by following these steps.
When you are done entering the destination details, select Continue.
Select the dataset to push to the storage service.
In the next step, you need to configure your logpush job:
- Enter the Job name.
- Under If logs match, you can select the events to include and/or remove from your logs. Refer to Filters for more information. Not all datasets have this option available.
- In Send the following fields, you can choose to either push all logs to your storage destination or selectively choose which logs you want to push.
In Advanced Options, you can:
- Choose the format of timestamp fields in your logs (
RFC3339(default),Unix, orUnixNano). - Select a sampling rate for your logs or push a randomly-sampled percentage of logs.
- Enable redaction for
CVE-2021-44228. This option will replace every occurrence of${withx{.
- Choose the format of timestamp fields in your logs (
Select Submit once you are done configuring your logpush job.
Manage via API
Ensure Log Share permissions are enabled, before attempting to read or configure a Logpush job. For more information refer to the Roles section. 1. Create a job
To create a job, make a POST request to the Logpush jobs endpoint with the following fields:
name (optional) - Use your domain name as the job name.
output_options (optional) - To configure fields, sample rate, and timestamp format, refer to Log Output Options.
destination_conf - A log destination consisting of an endpoint URL, a license key and a format in the string format below.
<NR_ENDPOINT_URL>: The New Relic HTTP logs intake endpoint, which ishttps://log-api.newrelic.com/log/v1for US orhttps://log-api.eu.newrelic.com/log/v1for the EU, depending on the region that has been set on your New Relic account.<NR_LICENSE_KEY>: This key can be found on the New Relic dashboard and it can be retrieved by following these steps.format: The format iscloudflare.US:
"https://log-api.newrelic.com/log/v1?Api-Key=<NR_LICENSE_KEY>&format=cloudflare"EU:
"https://log-api.eu.newrelic.com/log/v1?Api-Key=<NR_LICENSE_KEY>&format=cloudflare"
max_upload_records (optional) - The maximum number of log lines per batch. This must be at least 1,000 lines or more. Note that there is no way to specify a minimum number of log lines per batch. This means that log files may contain many fewer lines than specified.
max_upload_bytes (optional) - The maximum uncompressed file size of a batch of logs. This must be at least 5 MB. Note that there is no way to set a minimum file size. This means that log files may be much smaller than this batch size. Nevertheless, it is recommended to set this parameter to 5,000,000.
dataset - The category of logs you want to receive. Refer to Log fields for the full list of supported datasets.
Example request using cURL:
curl -s https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/logpush/jobs -X POST -d '{ "name": "<DOMAIN_NAME>", "output_options": { "field_names": ["ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp","EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"], "timestamp_format": "unix" }, "destination_conf": "https://log-api.newrelic.com/log/v1?Api-Key=<NR_LICENSE_KEY>&format=cloudflare", "max_upload_bytes": 5000000, "dataset": "http_requests", "enabled": true}' \
-H "X-Auth-Email: <EMAIL>" \
-H "X-Auth-Key: <API_KEY>" | jq .
Response:
{ "errors" : [], "messages" : [], "result" : { "dataset" : "http_requests", "destination_conf" : "https://log-api.newrelic.com/log/v1?Api-Key=<NR_LICENSE_KEY>&format=cloudflare", "enabled" : true, "error_message" : null, "frequency" : "high", "id" : 100, "kind" : "", "last_complete" : null, "last_error" : null, "output_options": { "field_names": ["ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp","EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"], "timestamp_format": "unix" }, "logstream" : true, "max_upload_bytes" : 5000000, "name" : "<DOMAIN_NAME>" }, "success" : true
}
2. Enable (update) a job
To enable a job, make a PUT request to the Logpush jobs endpoint. You will use the job ID returned from the previous step in the URL and send {"enabled": true} in the request body.
Example request using cURL:
curl -s -X PUT \https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/logpush/jobs/100 -d'{"enabled":true}' \
-H "X-Auth-Email: <EMAIL>" \
-H "X-Auth-Key: <API_KEY>" | jq .
Response:
{ "errors" : [], "messages" : [], "result" : { "dataset" : "http_requests", "destination_conf" : "https://log-api.newrelic.com/log/v1?Api-Key=<NR_LICENSE_KEY>&format=cloudflare", "enabled" : true, "error_message" : null, "frequency" : "high", "id" : 100, "kind" : "", "last_complete" : "null", "last_error" : null, "output_options": { "field_names": ["ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp","EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"], "timestamp_format": "unix" }, "logstream" : true, "max_upload_bytes" : 5000000, "name" : "<DOMAIN_NAME>" }, "success" : true
}