Cloudflare app has no data

phudinhha · ‎10-14-2020

Dear Team,

I have cloudflare app setup and index has data. However, when i open the app from the menu, it show zero result. This is the search of one query:

| tstats count from datamodel=cloudflare.cloudflare where Cloudflare.ClientCountry="*" Cloudflare.ClientDeviceType="*" Cloudflare.dest_ip="*" Cloudflare.dest_host="*" Cloudflare.uri_path="*" Cloudflare.http_user_agent="*" Cloudflare.status="*" Cloudflare.src_ip="" Cloudflare.OriginResponseStatus="200" Cloudflare.RayID="*" Cloudflare.WorkerSubrequest="*" Cloudflare.http_method="*"

--> the result is 0.

However, when i omit the rest and leave ony clientcountry field. I have data. I have my data model created and finished acceleration.

What is the cause of that?

ebailey1367 · ‎06-10-2021

We ran into this as well. As long you you verified the data path is open and you are getting data then take a look at this link

https://developers.cloudflare.com/fundamentals/data-products/analytics-integrations/splunk

Go to the bottom under troubleshooting. You have to enable the right data in the Cloudflare console for the dashboards to populate. Just turning on the log feed is not enough. Good luck!

phudinhha · ‎10-18-2020

you mean search for index=cloudflare _raw?

joshd · ‎10-15-2020

If you go to the Search page within the Cloudflare application and perform a search against the raw cloudflare data that has been indexed, do you see all of the expected fields from the query you shared visible? I'm expecting one, or more, of them is missing which is causing this query to fail. That or there are simply no events with OriginResponseStatus="200" in them.

ClientCountry
ClientDeviceType
dest_ip
dest_host
uri_parth
http_user_agent
http_method
status
src_ip
uri_path
OriginResponseStatus
RayID
WorkerSubrequest

Cloudflare app has no data

configuration

troubleshooting

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk