Cloudflare Integration

Overview

Cloudflare is a cloud-based platform that provides CDN services, DDoS protection, internet security, and distributed DNS services to improve the performance and security of web applications. It acts as a reverse proxy between visitors and a website’s server, helping to mitigate attacks, reduce latency, and optimize content delivery.

Use Hydrolix with Cloudflare to route your HTTP logs directly to a Hydrolix cluster for fast queries and cost-effective long-term storage.

Setup Steps

There are some prerequisites and three major steps covered within this document. Following these steps will result in an integrated setup between Cloudflare and a running Hydrolix cluster:

Before you Begin: Complete these prerequisites first
Configure a Hydrolix Transform: Prepare Hydrolix to receive and transform Cloudflare log data
Configure Cloudflare Logpush: Set up a Logpush job in Cloudflare to send HTTP logs to Hydrolix
Verification: Follow these steps to verify the integration is working correctly

Before You Begin

The integration uses the Cloudflare Logpush service to send Cloudflare HTTP request log data directly to the Hydrolix HTTP Streaming API. The data flow is as follows:

Cloudflare Services → Cloudflare Logpush → Hydrolix HTTP Streaming API

You will need a Cloudflare account and a running Hydrolix deployment. Follow the instructions for your preferred deployment method if you have yet to deploy Hydrolix. From your running Hydrolix cluster, you will need the following information:

Item	Description	Example value	How to obtain this information
Org ID	This is the ID of your Hydrolix organization.	`bc3f041b-ea52-45e1-b9d5-41819c465854`	You can determine what orgs exist within your running Hydrolix cluster using our API. The org ID you use should correspond to the table in which you want to store Cloudflare data.
Project name and ID	This is a logical namespace for your table below. You will need the name of the project corresponding to the table in which you want to store Cloudflare data.	Name: `project_name` ID: `c2445da3-ec63-42be-9f12-f104f9656f4c`	Instructions for creating a project can be followed here.
Table name and ID	This is the destination to which you will route data from your Cloudflare instance. You will need the name of the table you want to store Cloudflare data in.	Name: `table_name` ID: `798dfcf4-7560-4b24-1337-29017619baa6`	Instructions for creating a table can be followed here.
OAuth bearer token	Use an OAuth Bearer token in order to authenticate with the Hydrolix Streaming Ingest API.	`eyXrxkzoN2fRiiKpnV...`	Instructions for generating a bearer token can be followed here.

Keep these values on hand for later steps within this guide.

Getting Started

There are two required components to successfully integrate Cloudflare with a running Hydrolix cluster:

Component	Description
Cloudflare Logpush	The service for collecting and routing log data to your Hydrolix instance
Hydrolix Transform	The configuration that maps Cloudflare log fields to Hydrolix table columns

Configure a Hydrolix Transform

Register a Hydrolix transform. The transform defines a schema to map fields from the Cloudflare logs onto the Hydrolix table.

Using the Hydrolix transform for Cloudflare, see Publishing Your Transform to publish the transform.

You have the option of registering a transform through the UI which requires:

Project name
Table name
The contents of the output_columns property from the transform

Alternatively, you can use the API which requires:

Project ID
Table ID
The entirety of the Cloudflare transform json.

Configure Cloudflare Logpush

Follow these steps to configure Cloudflare Logpush to send data to your Hydrolix cluster:

From Account Home select the relevant domain in the Domains list.
Select Analytics & Logs to show options.
Select Logpush from the options.
Select the blue button on the right labeled Create a Logpush Job.
Select HTTP destination from the listed options.
Enter the following URL, replacing the {} fields:

https://{myhost}.hydrolix.live/ingest/event?header_content-type={format}&header_x-hdx-table={project.table}&header_Authorization=%20Bearer%20{bearer-token}

Examples for each field:

myhost: my_cluster
format: application/json or text/csv
project.table: project_name.table_name
bearer token: Your OAuth token from Before you Begin

Select HTTP requests from the listed options.
Fill in the Job name field (Note: Underscores aren't allowed).
Select the Select All option under Send the following fields....
Select Submit at the bottom of the page.

Verification

To verify that the integration is working correctly:

Wait a few minutes for data to start flowing from Cloudflare to Hydrolix. Recall that the Logpush service is sending Cloudflare HTTP request log data Hydrolix. Verify that Cloudflare is generating this data type if you don't see data in Hydrolix.
In the Hydrolix UI, navigate to the query interface. (https://{myhost}.hydrolix.live/queries/)
Run a simple query against your Cloudflare table. For example:

SELECT
  timestamp,
  request_host,
  request_method,
  request_full_path,
  response_status_code,
  response_time_to_first_byte_ms
FROM integrations.cloudflare
WHERE timestamp > NOW() - INTERVAL '1 hour'
LIMIT 10

Verify that you see results similar to your data in Cloudflare.

Going Further

For more information on querying your Hydrolix cluster, see ClickHouse SQL.
Explore your Cloudflare logs in Grafana dashboards
Set up alerting based on Cloudflare events

Troubleshooting

If you encounter issues with the integration:

Verify your Cloudflare Logpush Job is enabled

Retrieve the ID of the job you created. Use cURL to the jobs endpoint to obtain job status. Verify the result contains "enabled": true. If it contains "enabled": false, follow the instructions to enable the job.

Check the Logpush job status in Cloudflare for any errors

You can use Logpush alerts and analytics to look for errors or to monitor job health.

Verify your Hydrolix bearer token is valid and hasn't expired

If you receive a 401 Unauthorized response then it's possible the bearer token expired. You can retrieve a new bearer token using the Hydrolix login API endpoint.

Review the ingest logs in Hydrolix for any errors

You can view and explore cluster logs using the cluster's System Health page.

Check ingest latency in table health

Navigate to https://{myhost}.hydrolix.live/data/tables/. Select your project and table. This will take you to a page which displays some table health information.
Check that the value for Ingest Latency indicates a time since you last sent data from Cloudflare. Note that if the table is the destination for any other data streams, this number may be low due to data from another stream. If the latency indicates a time since the epoch (January 1st, 1970 at 00:00:00 UTC), then the table has received no data.

Ensure your transform correctly maps the fields you expect to see

The Hydrolix transform provided acts a schema for storing HTTP requests Cloudflare log fields in Hydrolix. If you forward another data set to Hydrolix, see the Hydrolix documentation on transform output columns to modify the transform to correctly map the data you are sending.