All Apps and Add-ons

Cloudflare app has no data

phudinhha
Explorer

Dear Team,

I have cloudflare app setup and index has data. However, when i open the app from the menu, it show zero result. This is the search of one query:

| tstats count from datamodel=cloudflare.cloudflare where Cloudflare.ClientCountry="*" Cloudflare.ClientDeviceType="*" Cloudflare.dest_ip="*" Cloudflare.dest_host="*" Cloudflare.uri_path="*" Cloudflare.http_user_agent="*" Cloudflare.status="*" Cloudflare.src_ip="" Cloudflare.OriginResponseStatus="200" Cloudflare.RayID="*" Cloudflare.WorkerSubrequest="*" Cloudflare.http_method="*"

--> the result is 0.

However, when i omit the rest and leave ony clientcountry field. I have data. I have my data model created and finished acceleration.

What is the cause of that?

Labels (2)
0 Karma

ebailey1367
New Member

We ran into this as well. As long you you verified the data path is open and you are getting data then take a look at this link 

https://developers.cloudflare.com/fundamentals/data-products/analytics-integrations/splunk

Go to the bottom under troubleshooting. You have to enable the right data in the Cloudflare console for the dashboards to populate. Just turning on the log feed is not enough. Good luck!

0 Karma

phudinhha
Explorer

you mean search for index=cloudflare _raw?

0 Karma

joshd
Builder

If you go to the Search page within the Cloudflare application and perform a search against the raw cloudflare data that has been indexed, do you see all of the expected fields from the query you shared visible? I'm expecting one, or more, of them is missing which is causing this query to fail. That or there are simply no events with OriginResponseStatus="200" in them.

ClientCountry
ClientDeviceType
dest_ip
dest_host
uri_parth
http_user_agent
http_method
status
src_ip
uri_path
OriginResponseStatus
RayID
WorkerSubrequest

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...