Cloudflare Logpush supports pushing logs directly to Dynatrace. You can configure Logpush via the Cloudflare dashboard or via API.
Before you configure Cloudflare Logpush, you need the following:
A Dynatrace API token with the logs.ingest scope.
For more information about tokens, generation, and scopes, see Dynatrace API - Tokens and authentication.
The base URL for your Dynatrace HTTP logs intake.
An example base URL is https://abc123.live.dynatrace.com.
This is required only if you configure Logpush via API.
A Cloudflare role with Log Share edit permissions. For more information, see Roles.
For more information about the Dynatrace logs ingest API, see Log Monitoring API - POST ingest logs.
Configure Logpush either via the Cloudflare dashboard or the API.
The Dynatrace API destination may not be backwards-compatible with older jobs.
Log into your Cloudflare dashboard.
Select the Enterprise account or domain/zone that you want to use with Logpush.
Go to Analytics & Logs > Logpush.
Select Create a Logpush job.
While still in your Cloudflare dashboard, select the dataset that you want to push to the storage service.
In Select a destination, select HTTP Destination (or Dynatrace, if available).
Enter the destination details: the Dynatrace HTTP logs ingest API endpoint for your environment, with the Dynatrace API token and required headers provided as query parameters.
An example destination is shown below.
https://<YOUR_DYNATRACE_ENVIRONMENT>.live.dynatrace.com/api/v2/logs/ingest?header_Authorization=Api-Token%20<DYNATRACE_API_TOKEN>&header_accept=application/json&header_content-type=application/json&dt.ingest.origin=cloudflare
Select Continue
While still in your Cloudflare dashboard, select the dataset that you want to push to the storage service.
Configure your Logpush job.
Job name: Enter a name of your choosing.
If logs match: Select the events that you want to be included or removed from your ingested logs. This option is not available for all datasets. For more information, see Filters.
Send the following fields: Choose which logs to push, whether all logs or only select fields.
Advanced Options:
RFC33339 (default), Unix, or UnixNano.CVE-2021-44228.
This will replace every instance of ${ with x{.When you are done configuring your job, select Submit.
To create a job, make a POST request to the Logpush jobs endpoint.
An example request using cURL is shown in the code block below:
$ curl -s https://api.cloudflare.com/client/v4/zones/<ZONE_TAG>/logpush/jobs -X \-H "X-Auth-Email: <CLOUDFLARE_EMAIL>" \-H "X-Auth-Key: <CLOUDFLARE_API_KEY>" \POST -d '{"name": "dynatrace","logpull_options": "fields=ClientIP,EdgeStartTimestamp,EdgeResponseStatus,EdgeResponseBytes,ClientRequestURI,ClientRequestHost,ClientRequestMethod,ClientRequestPath×tamps=rfc3339","destination_conf": "https://<DYNATRACE_BASE_URL>/api/v2/logs/ingest?header_Authorization=Api-Token%20<DYNATRACE API_TOKEN>&header_accept=application/json&header_content-type=application/json&dt.ingest.origin=cloudflare","dataset": "http_requests","enabled": true,"output_options": { "output_type": "ndjson", "batch_prefix": "[", "batch_suffix": "]", "record_delimiter": ","}}'
Replace the following placeholders with the appropriate values:
name: Use your domain name as the job name. optional
destination_conf: The Dynatrace HTTP logs ingest API endpoint for your environment, with the Dynatrace API token and required headers provided as query parameters.
<ZONE_TAG>: A hexadecimal identifier that is available from Cloudflare.<CLOUDFLARE_EMAIL>: A Cloudflare email address.<CLOUDFLARE_API_KEY>: A Cloudflare API key.<CLOUDFLARE_BASIC_AUTHORIZATION>: A Cloudflare authorization key.<DYNATRACE_BASE_URL>: The Dynatrace HTTP logs intake endpoint for your environment, as described in Prerequisites.<DYNATRACE_API_TOKEN>: An API token that has the logs.ingest scope, as described in Prerequisites.dataset: The category of logs that you want to receive.
For a full list of supported datasets, see Datasets.
output_options: Configure fields, sample rate, and timestamp format. optional
For more information, see Log Output Options.
An example JSON response is shown in the code block below.
{"errors": [],"messages": [],"result": {"id": <JOB_ID>,"dataset": "http_requests","enabled": false,"name": "<DOMAIN_NAME>","output_options": {"field_names": [ "ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "ClientRequestPath", "EdgeEndTimestamp", "EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"],"timestamp_format": "rfc3339"},"destination_conf": "https://<DYNATRACE_BASE_URL>/api/v2/logs/ingest?header_Authorization=Api-Token%20<DYNATRACE API_TOKEN>&header_accept=application/json&header_content-type=application/json&dt.ingest.origin=cloudflare","last_complete": null,"last_error": null,"error_message": null},"success": true}
To enable a job, make a PUT request to the Logpush jobs endpoint.
An example request using cURL is shown in the code block below.
<JOB_ID> from the JSON response, as shown in Create a job.{"enabled": true} in the request body.$ curl --request PUT \https://api.cloudflare.com/client/v4/zones/{ZONE_ID}/logpush/jobs/{JOB_ID} \--header "X-Auth-Email: <CLOUDFLARE_EMAIL>" \--header "X-Auth-Key: <CLOUDFLARE_API_KEY>" \--header "Content-Type: application/json" \--data '{"enabled": true}'
An example JSON response is shown in the code block below.
{"errors": [],"messages": [],"result": {"id": <JOB_ID>,"dataset": "http_requests","enabled": true,"name": "<DOMAIN_NAME>","output_options": {"field_names": [ "ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "ClientRequestPath", "EdgeEndTimestamp", "EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"],"timestamp_format": "rfc3339"},"destination_conf": "https://<YOUR_DYNATRACE_ENVIRONMENT>.live.dynatrace.com/api/v2/logs/ingest?header_Authorization=Api-Token%20<DYNATRACE_API_TOKEN>&header_accept=application/json&header_content-type=application/json&dt.ingest.origin=cloudflare","last_error": null,"error_message": null},"success": true}