Cloudflare Log Explorer is now GA, providing native observability and forensics

Jen Sells
11 min readadvanced
--
View Original

Overview

Cloudflare has announced the General Availability of Log Explorer, a new product that integrates observability and forensics capabilities into the Cloudflare dashboard. This tool allows security teams and developers to access Cloudflare logs with full context, enabling faster detection, triage, and investigation of security incidents without relying on third-party tools.

What You'll Learn

1

How to create custom dashboards for monitoring security and performance metrics

2

How to utilize Log Search for investigating security incidents

3

How to set up saved queries for efficient log analysis

4

Why using Cloudflare Log Explorer reduces costs and complexity in log management

Key Questions Answered

What are the key benefits of using Cloudflare Log Explorer?
Cloudflare Log Explorer offers reduced costs and complexity by eliminating the need for third-party log analytics tools. It provides faster detection and triage of security incidents, accelerated investigations with full context, and minimal recovery time for incident response.
How does Log Search enhance log investigation capabilities?
Log Search allows users to perform data type-aware searches and switch to a custom SQL interface for more complex queries. This streamlines the investigation process by enabling analysts to quickly pivot from dashboards to detailed log searches based on specific incidents.
What features are included in the upcoming Custom Alerting?
Custom Alerting will allow users to define alert policies based on specific log queries. This feature will enable proactive monitoring of critical indicators, ensuring that users are notified about potential issues in real-time.
How does Cloudflare Log Explorer maintain compliance with flexible retention?
Log Explorer allows users to set precise retention periods for their logs, facilitating compliance with audit requirements. Unlike other providers, it enables querying of historical logs as easily as current logs, thanks to its integration with Cloudflare R2 storage.

Technologies & Tools

Some links below are affiliate links. We may earn a commission if you make a purchase.

Storage
Cloudflare R2
Used for scalable log storage and querying capabilities.
Data Format
Apache Parquet
Utilized for efficient data storage and retrieval in Log Explorer.
Query Engine
Apache Datafusion
Processes SQL queries for log data.
Data Management
Delta Lake
Provides a database table abstraction atop R2 object storage.

Key Actionable Insights

1
Utilize the custom dashboard feature to monitor specific security threats like Remote Code Execution (RCE) attacks.
Creating tailored dashboards allows teams to correlate various security events, enhancing situational awareness and response times.
2
Leverage the Log Search functionality to quickly investigate incidents using contextual data from previous analyses.
This capability enables analysts to efficiently track down compromised systems by searching logs with relevant filters and SQL queries.
3
Implement saved queries for recurring log analysis tasks to streamline the investigation process.
By saving frequently used queries, teams can collaborate more effectively and reduce the time spent on repetitive log analysis.
4
Prepare for the upcoming Custom Alerting feature by identifying key metrics that require monitoring.
Defining these metrics in advance will ensure that your alerting policies are aligned with your operational priorities when the feature becomes available.

Common Pitfalls

1
Failing to utilize the full context provided by Cloudflare logs can lead to inefficient incident response.
Without leveraging the contextual data available in Log Explorer, teams may struggle to understand the scope of incidents, leading to delayed responses and potential security breaches.

Related Concepts

Log Management
Security Incident Response
Data Observability
Cloudflare Services