Enable Sumo Logic

Cloudflare Logpush supports pushing logs directly to Sumo Logic via the Cloudflare dashboard or via API.

Manage via the Cloudflare dashboard

1. Log in to the Cloudflare dashboard ↗.

2. Select the Enterprise account or domain (also known as zone) you want to use with Logpush. Depending on your choice, you have access to account-scoped datasets and zone-scoped datasets, respectively.

3. Go to Analytics & Logs > Logpush.

4. Select Create a Logpush job.

5. In Select a destination, choose Sumo Logic.

6. Enter the HTTP Source Address. To get the HTTP Source Address (URL) configure a Sumo Logic Hosted Collector ↗ with an HTTP Logs & Metrics Source ↗. Note that the same collector can be used for multiple Logpush jobs, but each job must have a dedicated source. When you are done entering the destination details, select Continue.

7. Select the dataset to push to the storage service.

8. In the next step, you need to configure your logpush job:

   • Enter the Job name.
   • Under If logs match, you can select the events to include and/or remove from your logs. Refer to Filters for more information. Not all datasets have this option available.
   • In Send the following fields, you can choose to either push all logs to your storage destination or selectively choose which logs you want to push.

9. In Advanced Options, you can:

   • Choose the format of timestamp fields in your logs (RFC3339(default),Unix, or UnixNano).
   • Select a sampling rate for your logs or push a randomly-sampled percentage of logs.
   • Enable redaction for CVE-2021-44228. This option will replace every occurrence of ${ with x{.

10. Select Submit once you are done configuring your logpush job.

Configure a Hosted Collector

Cloudflare can send logs to a Hosted Collector with HTTP Logs & Metrics as the source. Once you have set up a collector, you simply provide the HTTP Source Address (a unique URL) to which logs can be posted.

Ensure Log Share permissions are enabled, before attempting to read or configure a Logpush job. For more information refer to the Roles section.

To enable Logpush to Sumo Logic:

1. Configure a Hosted Collector. Refer to instructions from Sumo Logic ↗.

2. Configure an HTTP Logs & Metrics Source. Refer to instructions from Sumo Logic ↗. The last step indicates how to get the HTTP Source Address (URL).

3. Provide the HTTP Source Address (URL) when prompted by the Logpush API or UI.

Notes

• Logpush will stop working if you regenerate the HTTP Source Address (URL). Refer to generate a new URL for an HTTP Source from Sumo Logic ↗. To use the new URL, you will have to get a new ownership challenge and update the destination for your job.

• Sumo Logic may impose throttling and caps on your log ingestion to prevent your account from using On-Demand Capacity. Refer to manage ingestion ↗.

• To analyze and visualize Cloudflare Logs using the Cloudflare App for Sumo Logic, follow the steps in the Sumo Logic integration documentation to install the Cloudflare App ↗ and view the Cloudflare dashboards ↗.