Cloudflare Docs
Logs
Cloudflare Docs
Logs
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)
  1. Products
  2. Logs
  3. ...
  4. Enable destinations
  5. Enable Sumo Logic

Enable Logpush to Sumo Logic

Cloudflare Logpush supports pushing logs directly to Sumo Logic via the Cloudflare dashboard or via API.

​​ Manage via the Cloudflare dashboard

  1. Log in to the Cloudflare dashboard.

  2. Select the Enterprise account or domain (also known as zone) you want to use with Logpush. Depending on your choice, you have access to account-scoped datasets and zone-scoped datasets, respectively.

  3. Go to Analytics & Logs > Logpush.

  4. Select Create a Logpush job.

  1. In Select a destination, choose Sumo Logic.

  2. Enter the HTTP Source Address. To get the HTTP Source Address (URL) configure a Sumo Logic Hosted Collector with an HTTP Logs & Metrics Source. Note that the same collector can be used for multiple Logpush jobs, but each job must have a dedicated source. When you are done entering the destination details, select Continue.

  3. To prove ownership, Cloudflare will send a file to your designated destination. To find the token, select the Open button in the Overview tab of the ownership challenge file, then paste it into the Cloudflare dashboard to verify your access to the bucket. Enter the Ownership Token and select Continue.

  4. Select the dataset to push to the storage service.

  5. In the next step, you need to configure your logpush job:

    • Enter the Job name.
    • Under If logs match, you can select the events to include and/or remove from your logs. Refer to Filters for more information. Not all datasets have this option available.
    • In Send the following fields, you can choose to either push all logs to your storage destination or selectively choose which logs you want to push.

  6. In Advanced Options, you can:

    • Choose the format of timestamp fields in your logs (RFC3339(default),Unix, or UnixNano).
    • Select a sampling rate for your logs or push a randomly-sampled percentage of logs.
    • Enable redaction for CVE-2021-44228. This option will replace every occurrence of ${ with x{.

  7. Select Submit once you are done configuring your logpush job.

​​ Configure a Hosted Collector

Cloudflare can send logs to a Hosted Collector with HTTP Logs & Metrics as the source. Once you have set up a collector, you simply provide the HTTP Source Address (a unique URL) to which logs can be posted.

Ensure Log Share permissions are enabled, before attempting to read or configure a Logpush job. For more information refer to the Roles section.

To enable Logpush to Sumo Logic:

  1. Configure a Hosted Collector. Refer to instructions from Sumo Logic.

  2. Configure an HTTP Logs & Metrics Source. Refer to instructions from Sumo Logic. The last step indicates how to get the HTTP Source Address (URL).

  3. Provide the HTTP Source Address (URL) when prompted by the Logpush API or UI.