All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cloudflare app has no data

phudinhha
Explorer
‎10-14-2020 12:02 AM

Dear Team,

I have cloudflare app setup and index has data. However, when i open the app from the menu, it show zero result. This is the search of one query:

| tstats count from datamodel=cloudflare.cloudflare where Cloudflare.ClientCountry="*" Cloudflare.ClientDeviceType="*" Cloudflare.dest_ip="*" Cloudflare.dest_host="*" Cloudflare.uri_path="*" Cloudflare.http_user_agent="*" Cloudflare.status="*" Cloudflare.src_ip="" Cloudflare.OriginResponseStatus="200" Cloudflare.RayID="*" Cloudflare.WorkerSubrequest="*" Cloudflare.http_method="*"

--> the result is 0.

However, when i omit the rest and leave ony clientcountry field. I have data. I have my data model created and finished acceleration.

What is the cause of that?

Labels (2)
0 Karma
Reply

ebailey1367
New Member
‎06-10-2021 08:23 AM

We ran into this as well. As long you you verified the data path is open and you are getting data then take a look at this link 

https://developers.cloudflare.com/fundamentals/data-products/analytics-integrations/splunk

Go to the bottom under troubleshooting. You have to enable the right data in the Cloudflare console for the dashboards to populate. Just turning on the log feed is not enough. Good luck!

0 Karma
Reply

phudinhha
Explorer
‎10-18-2020 08:30 PM

you mean search for index=cloudflare _raw?

0 Karma
Reply

joshd
Builder
‎10-15-2020 07:51 PM

If you go to the Search page within the Cloudflare application and perform a search against the raw cloudflare data that has been indexed, do you see all of the expected fields from the query you shared visible? I'm expecting one, or more, of them is missing which is causing this query to fail. That or there are simply no events with OriginResponseStatus="200" in them.

ClientCountry
ClientDeviceType
dest_ip
dest_host
uri_parth
http_user_agent
http_method
status
src_ip
uri_path
OriginResponseStatus
RayID
WorkerSubrequest

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...