All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cloudflare app has no data

phudinhha
Explorer
‎10-14-2020 12:02 AM

Dear Team,

I have cloudflare app setup and index has data. However, when i open the app from the menu, it show zero result. This is the search of one query:

| tstats count from datamodel=cloudflare.cloudflare where Cloudflare.ClientCountry="*" Cloudflare.ClientDeviceType="*" Cloudflare.dest_ip="*" Cloudflare.dest_host="*" Cloudflare.uri_path="*" Cloudflare.http_user_agent="*" Cloudflare.status="*" Cloudflare.src_ip="" Cloudflare.OriginResponseStatus="200" Cloudflare.RayID="*" Cloudflare.WorkerSubrequest="*" Cloudflare.http_method="*"

--> the result is 0.

However, when i omit the rest and leave ony clientcountry field. I have data. I have my data model created and finished acceleration.

What is the cause of that?

Labels (2)
0 Karma
Reply

ebailey1367
New Member
‎06-10-2021 08:23 AM

We ran into this as well. As long you you verified the data path is open and you are getting data then take a look at this link 

https://developers.cloudflare.com/fundamentals/data-products/analytics-integrations/splunk

Go to the bottom under troubleshooting. You have to enable the right data in the Cloudflare console for the dashboards to populate. Just turning on the log feed is not enough. Good luck!

0 Karma
Reply

phudinhha
Explorer
‎10-18-2020 08:30 PM

you mean search for index=cloudflare _raw?

0 Karma
Reply

joshd
Builder
‎10-15-2020 07:51 PM

If you go to the Search page within the Cloudflare application and perform a search against the raw cloudflare data that has been indexed, do you see all of the expected fields from the query you shared visible? I'm expecting one, or more, of them is missing which is causing this query to fail. That or there are simply no events with OriginResponseStatus="200" in them.

ClientCountry
ClientDeviceType
dest_ip
dest_host
uri_parth
http_user_agent
http_method
status
src_ip
uri_path
OriginResponseStatus
RayID
WorkerSubrequest

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...