Skip to content

Commit

Permalink
feat(promtail): add CF ClientRequestSource field (#9669)
Browse files Browse the repository at this point in the history 
**What this PR does / why we need it**:

Hey folks 👋 

Little contribution here to add a useful log field for cloudflare users.
Indeed I add the [ClientRequestSource
field](https://developers.cloudflare.com/logs/reference/clientrequestsource/
) which is pretty useful when debugging some specific traffic handled by
cloudflare

Extra: Since I was on the documentation I fixed an indentation issue
that I spotted

Don't hesitate to reach me if you have any questions

Cheers 😉 


**Which issue(s) this PR fixes**:
Fixes #<issue number>

**Special notes for your reviewer**:

Loki rocks 🚀 

**Checklist**
- [x] Reviewed the
[`CONTRIBUTING.md`](https://github.com/grafana/loki/blob/main/CONTRIBUTING.md)
guide (**required**)
- [x] Documentation added
- [ ] Tests updated
- [ ] `CHANGELOG.md` updated
- [ ] Changes that require user attention or interaction to upgrade are
documented in `docs/sources/upgrading/_index.md`
- [ ] For Helm chart changes bump the Helm chart version in
`production/helm/loki/Chart.yaml` and update
`production/helm/loki/CHANGELOG.md` and
`production/helm/loki/README.md`. [Example
PR](d10549e)
  • Loading branch information
@rasta-rocket
rasta-rocket authored Jun 9, 2023
1 parent b1917a6 commit 1b410db
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 7 deletions.
2 changes: 1 addition & 1 deletion clients/pkg/promtail/targets/cloudflare/fields.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ var (
allFields = append(extendedFields, []string{
"BotScore", "BotScoreSrc", "ClientRequestBytes", "ClientSrcPort", "ClientXRequestedWith", "CacheTieredFill", "EdgeResponseCompressionRatio", "EdgeServerIP", "FirewallMatchesSources",
"FirewallMatchesActions", "FirewallMatchesRuleIDs", "OriginResponseBytes", "OriginResponseTime", "ClientDeviceType", "WAFFlags", "WAFMatchedVar", "EdgeColoID",
"RequestHeaders", "ResponseHeaders",
"RequestHeaders", "ResponseHeaders", "ClientRequestSource",
}...)
)

Expand Down
13 changes: 7 additions & 6 deletions docs/sources/clients/promtail/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1079,7 +1079,7 @@ The `azure_event_hubs` block configures how Promtail receives Azure Event Hubs m

To learn more about streaming Azure logs to an Azure Event Hubs, you can see this [tutorial](https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub).

Note that an Apache Kafka endpoint is not available within the `Basic` pricing plan. For more information, see the [Event Hubs pricing page](https://azure.microsoft.com/en-us/pricing/details/event-hubs/).
Note that an Apache Kafka endpoint is not available within the `Basic` pricing plan. For more information, see the [Event Hubs pricing page](https://azure.microsoft.com/en-us/pricing/details/event-hubs/).

```yaml
# Event Hubs namespace host names (Required). Typically, it looks like <your-namespace>.servicebus.windows.net:9093.
Expand Down Expand Up @@ -1307,7 +1307,7 @@ Here are the different set of fields type available and the fields they include
"OriginResponseHTTPExpires", "OriginResponseHTTPLastModified"`

- `all` includes all `extended` fields and adds `"BotScore", "BotScoreSrc", "ClientRequestBytes", "ClientSrcPort", "ClientXRequestedWith", "CacheTieredFill", "EdgeResponseCompressionRatio", "EdgeServerIP", "FirewallMatchesSources",
"FirewallMatchesActions", "FirewallMatchesRuleIDs", "OriginResponseBytes", "OriginResponseTime", "ClientDeviceType", "WAFFlags", "WAFMatchedVar", "EdgeColoID", "RequestHeaders", "ResponseHeaders"`
"FirewallMatchesActions", "FirewallMatchesRuleIDs", "OriginResponseBytes", "OriginResponseTime", "ClientDeviceType", "WAFFlags", "WAFMatchedVar", "EdgeColoID", "RequestHeaders", "ResponseHeaders", "ClientRequestSource"`

To learn more about each field and its value, refer to the [Cloudflare documentation](https://developers.cloudflare.com/logs/reference/log-fields/zone/http_requests).

Expand Down Expand Up @@ -1341,6 +1341,7 @@ All Cloudflare logs are in JSON. Here is an example:
"ClientRequestReferer": "https://www.foo.com/foo/168855/?offset=8625",
"ClientRequestURI": "/foo/15248108/",
"ClientRequestUserAgent": "some bot",
"ClientRequestSource": "1"
"ClientSSLCipher": "ECDHE-ECDSA-AES128-GCM-SHA256",
"ClientSSLProtocol": "TLSv1.2",
"ClientSrcPort": 39816,
Expand Down Expand Up @@ -1372,10 +1373,10 @@ All Cloudflare logs are in JSON. Here is an example:
"OriginSSLProtocol": "TLSv1.2",
"ParentRayID": "00",
"RayID": "6b0a...",
"RequestHeaders": [],
"ResponseHeaders": [
"x-foo": "bar"
],
"RequestHeaders": [],
"ResponseHeaders": [
"x-foo": "bar"
],
"SecurityLevel": "med",
"WAFAction": "unknown",
"WAFFlags": "0",
Expand Down

0 comments on commit 1b410db

Please sign in to comment.