This tutorial explains how to activate Cloudflare Bot Management and view related dashboards in the Elastic, Google Data Studio, Looker, Splunk, and Sumo Logic analytics platforms.
Bot Management is a Cloudflare Enterprise feature. To enable it, contact your Cloudflare Account Team.
If you haven’t used Cloudflare Logs before, visit our logs documentation for more details. Contact your Cloudflare Customer Account Team to enable logs for your account.
Before getting started, make sure that you:
You can also refer to our tutorials for enabling logs and dashboards for several analytics providers.
(bot score lt 30 and not verified_bot).
You can track bots in Cloudflare logs only when using the action Challenge (Captcha). Cloudflare plans to add support for the Log action in late 2019.
The following sub-sections describe how to identify bot requests and perform the correct calculations using data from your Cloudflare logs.
Combining the following two fields reveals if the request is a bot request:
EdgePathingSrc = 'filterBasedFirewall' AND EdgePathingStatus = 'captchaNew'
Valid requests are those for which the user can solve the CAPTCHA. In this case,
EdgePathingStatus = 'captchaSucc'.
The following combination of fields reveals which CAPTCHAs were solved:
EdgePathingSrc = 'filterBasedFirewall' AND EdgePathingStatus = 'captchaSucc'
To start, make sure to exclude solved CAPTCHAs from calculations:
Bad Bots = SUM(EdgePathingSrc = 'filterBasedFirewall' AND EdgePathingStatus = 'captchaNew') - SUM(EdgePathingSrc = 'filterBasedFirewall' AND EdgePathingStatus = 'captchaSucc' )
If you see a significant increase in CAPTCHA conversion rate, contact your Cloudflare Account Team for further investigation.
The Bot Management Dashboard consists of three columns to help you better understand and monitor traffic behavior. You can also analyze the ratio between all traffic and bot traffic.
The columns are:
Global Traffic - Shows all requests
Solved CAPTCHAs - Shows requests with solved CAPTCHAs
Bad Bots - Shows confirmed bad bot requests, which exclude solved CAPTCHAs
Limitations: To identify bot requests correctly, the associated Firewall rules can only be set to the action Challenge (Captcha). If you have more than one rule with this same action (and used for purposes other than bot management), such rule will interfere and you will see overlapping or conflicting metrics without the option to identify which Firewall rule triggered.
The following images demonstrate some of the dashboards available.
Elastic (Learn more)
Google Data Studio (Learn more)
Graylog (Learn more)
Looker (Learn more)
Splunk (Learn more)
Sumo Logic (Learn more)