How to setup Cloudflare Logpush via HTTP Endpoint?

Hello,

I am trying to use the Cloudflare Logpush integration via HTTP Endpoint. I have read both the documentation on Cloudflare and Elasticsearch and I am still confused.

I have Elasticsearch and Kibana 8.9.0 deployed on a kubernetes cluster with ECK operator, as well as Fleet and Elastic Agent.

On Cloudflare it states that Logpush jobs should be send to an Elastic Agent endpoint. This confuses me for a few reasons:

  • This seems to imply I would be exposed a singular Agent? But if I am running Fleet, it seems odd to expose a singular Agent. Also, I tried to expose a singular Agent by creating a http service for it but ECK operator stopped me and said that would be an invalid configuration since I am using fleet.

  • When I tried to use the Fleet url instead, it returns 404 on the root Fleet url. I am guessing this means the path with the POST verb is not valid. Now I am not sure what url I am even suppose to use for the Logpush url.

  • Since this being run on Kubernetes, ingress would not allow arbitrary ports to be used, but the integration defaults to use various random ports for different Cloudflare logs. How would I even approach this? My plan was to simply ignore that and just use the regular ports, if I can figure out what url to use, although this doesn't seem like what the integration wanted me to do.

Anyone successfully setup Cloudflare Logpush via HTTP Endpoint to Elastic Agent please help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.