Menu
DocumentationGrafana CloudMonitor infrastructureGrafana integrationsIntegrations referenceCloudflare
Grafana Cloud

Cloudflare integration for Grafana Cloud

Cloudflare is a globally distributed network infrastructure and cybersecurity company that provides content delivery, DDoS mitigation, internet security, and other related services to enhance the performance and security of websites and internet applications. This integration for Grafana Cloud allows users to collect and analyze metrics for Cloudflare Analytics - account and zone analytics, a description of which is found here.

Metrics include requests, bandwidth, CPU utilization, HTTP response codes, pool health, and colocation information. These are used to provide valuable visualizations for zones, workers, and pools.

This integration requires Pro Plan or better Cloudflare subscriptions.

This integration includes 5 useful alerts and 3 pre-built dashboards to help monitor and visualize Cloudflare metrics.

Grafana Alloy configuration

Before you begin

In order for the integration to properly work, you must set up the Cloudflare Prometheus exporter to export metrics from Cloudflare.

Get an API token

It is recommended to authenticate the exporter using an API token, which can be created by following this guide.

This newly created token will also need to be given certain permissions so the exporter can retrieve metrics. These permissions are:

  • Account Analytics: Read
  • Account Settings: Read
  • Analytics: Read

Set up Cloudflare exporter

The exporter can be configured by following this guide.

To build and run the exporter, use the following commands.

This command will build the exporter binary with the name cloudflare_exporter.

sh 
make build

This uses the API token authentication method, so be sure to replace <cloudflare-api-token> with the token generated in the previous step. It also uses the useful flag -listen which will set the port metrics are served at. The default port is 8080 which may be an issue if you have a pre-existing process using that port.

sh 
./cloudflare_exporter -listen=:<port_number> -cf_api_token=<cloudflare-api-token>

Install Cloudflare integration for Grafana Cloud

  1. In your Grafana Cloud stack, click Connections in the left-hand menu.
  2. Find Cloudflare and click its tile to open the integration.
  3. Review the prerequisites in the Configuration Details tab and set up Grafana Agent to send Cloudflare metrics to your Grafana Cloud instance.
  4. Click Install to add this integration’s pre-built dashboards and alerts to your Grafana Cloud instance, and you can start monitoring your Cloudflare setup.

Configuration snippets for Grafana Alloy

Advanced mode

The following snippets provide examples to guide you through the configuration process.

To instruct Grafana Alloy to scrape your Cloudflare instances, manually copy and append the snippets to your alloy configuration file, then follow subsequent instructions.

Advanced metrics snippets

river 
prometheus.scrape "metrics_integrations_integrations_cloudflare" {
	targets = [{
		__address__ = "<exporter_hostname>:<exporter_port>",
		instance    = constants.hostname,
	}]
	forward_to = [prometheus.remote_write.metrics_service.receiver]
	job_name   = "integrations/cloudflare"
}

To monitor your Cloudflare instance, you must use a discovery.relabel component to discover your Cloudflare Prometheus endpoint and apply appropriate labels, followed by a prometheus.scrape component to scrape it.

Configure the following properties within each discovery.relabel component:

  • __address__: The address to your Cloudflare Prometheus metrics endpoint.
  • instance label: constants.hostname sets the instance label to your Grafana Alloy server hostname. If that is not suitable, change it to a value uniquely identifies this Cloudflare instance.

If you have multiple Cloudflare servers to scrape, configure one discovery.relabel for each and scrape them by including each under targets within the prometheus.scrape component.

Grafana Agent configuration

Before you begin

In order for the integration to properly work, you must set up the Cloudflare Prometheus exporter to export metrics from Cloudflare.

Get an API token

It is recommended to authenticate the exporter using an API token, which can be created by following this guide.

This newly created token will also need to be given certain permissions so the exporter can retrieve metrics. These permissions are:

  • Account Analytics: Read
  • Account Settings: Read
  • Analytics: Read

Set up Cloudflare exporter

The exporter can be configured by following this guide.

To build and run the exporter, use the following commands.

This command will build the exporter binary with the name cloudflare_exporter.

sh 
make build

This uses the API token authentication method, so be sure to replace <cloudflare-api-token> with the token generated in the previous step. It also uses the useful flag -listen which will set the port metrics are served at. The default port is 8080 which may be an issue if you have a pre-existing process using that port.

sh 
./cloudflare_exporter -listen=:<port_number> -cf_api_token=<cloudflare-api-token>

Install Cloudflare integration for Grafana Cloud

  1. In your Grafana Cloud stack, click Connections in the left-hand menu.
  2. Find Cloudflare and click its tile to open the integration.
  3. Review the prerequisites in the Configuration Details tab and set up Grafana Agent to send Cloudflare metrics to your Grafana Cloud instance.
  4. Click Install to add this integration’s pre-built dashboards and alerts to your Grafana Cloud instance, and you can start monitoring your Cloudflare setup.

Post-install configuration for the Cloudflare integration

After enabling the Cloudflare Prometheus exporter, instruct the Grafana Agent to scrape the metrics endpoint.

Be sure to change <exporter_host> and <exporter_port> to match your environment to get the correct label.

Configuration snippets for Grafana Agent

Below metrics.configs.scrape_configs, insert the following lines and change the URLs according to your environment:

yaml 
    - job_name: integrations/cloudflare
      metrics_path: /metrics
      static_configs:
        - targets:
          - <exporter_hostname>:<exporter_port>
          labels:
            instance: <exporter_hostname>:<exporter_port>

Full example configuration for Grafana Agent

Refer to the following Grafana Agent configuration for a complete example that contains all the snippets used for the Cloudflare integration. This example also includes metrics that are sent to monitor your Grafana Agent instance.

yaml 
integrations:
  prometheus_remote_write:
  - basic_auth:
      password: <your_prom_pass>
      username: <your_prom_user>
    url: <your_prom_url>
  agent:
    enabled: true
    relabel_configs:
    - action: replace
      source_labels:
      - agent_hostname
      target_label: instance
    - action: replace
      target_label: job
      replacement: "integrations/agent-check"
    metric_relabel_configs:
    - action: keep
      regex: (prometheus_target_sync_length_seconds_sum|prometheus_target_scrapes_.*|prometheus_target_interval.*|prometheus_sd_discovered_targets|agent_build.*|agent_wal_samples_appended_total|process_start_time_seconds)
      source_labels:
      - __name__
  # Add here any snippet that belongs to the `integrations` section.
  # For a correct indentation, paste snippets copied from Grafana Cloud at the beginning of the line.
logs:
  configs:
  - clients:
    - basic_auth:
        password: <your_loki_pass>
        username: <your_loki_user>
      url: <your_loki_url>
    name: integrations
    positions:
      filename: /tmp/positions.yaml
    scrape_configs:
      # Add here any snippet that belongs to the `logs.configs.scrape_configs` section.
      # For a correct indentation, paste snippets copied from Grafana Cloud at the beginning of the line.
metrics:
  configs:
  - name: integrations
    remote_write:
    - basic_auth:
        password: <your_prom_pass>
        username: <your_prom_user>
      url: <your_prom_url>
    scrape_configs:
      # Add here any snippet that belongs to the `metrics.configs.scrape_configs` section.
      # For a correct indentation, paste snippets copied from Grafana Cloud at the beginning of the line.
    - job_name: integrations/cloudflare
      metrics_path: /metrics
      static_configs:
        - targets:
          - <exporter_hostname>:<exporter_port>
          labels:
            instance: <exporter_hostname>:<exporter_port>
  global:
    scrape_interval: 60s
  wal_directory: /tmp/grafana-agent-wal

Dashboards

The Cloudflare integration installs the following dashboards in your Grafana Cloud instance to help monitor your system.

  • Cloudflare Geomap overview
  • Cloudflare worker overview
  • Cloudflare zone overview

Cloudflare zone overview 1 (pools)

Cloudflare zone overview 1 (pools)

Cloudflare zone overview 2 (colocation table)

Cloudflare zone overview 2 (colocation table)

Cloudflare Geomap overview

Cloudflare Geomap overview

Alerts

The Cloudflare integration includes the following useful alerts:

AlertDescription
CloudflareHighThreatCountCritical: There are detected threats targeting the zone.
CloudflareHighRequestRateWarning: A high spike in requests is occurring which may indicate an attack or unexpected load.
CloudflareHighHTTPErrorCodesWarning: A high number of 4xx or 5xx HTTP status codes are occurring.
CloudflareUnhealthyPoolsCritical: There are unhealthy pools.
CloudflareMetricsDownCritical: Cloudflare metrics are down.

Metrics

The most important metrics provided by the Cloudflare integration, which are used on the pre-built dashboards and Prometheus alerts, are as follows:

  • cloudflare_worker_cpu_time
  • cloudflare_worker_duration
  • cloudflare_worker_errors_count
  • cloudflare_worker_requests_count
  • cloudflare_zone_bandwidth_cached
  • cloudflare_zone_bandwidth_content_type
  • cloudflare_zone_bandwidth_ssl_encrypted
  • cloudflare_zone_bandwidth_total
  • cloudflare_zone_colocation_requests_total
  • cloudflare_zone_pageviews_total
  • cloudflare_zone_pool_health_status
  • cloudflare_zone_pool_requests_total
  • cloudflare_zone_requests_browser_map_page_views_count
  • cloudflare_zone_requests_cached
  • cloudflare_zone_requests_status
  • cloudflare_zone_requests_total
  • cloudflare_zone_threats_total
  • cloudflare_zone_uniques_total
  • up

Changelog

md 
# 1.0.0 - November 2023

* Initial release

Cost

By connecting your Cloudflare instance to Grafana Cloud, you might incur charges. To view information on the number of active series that your Grafana Cloud account uses for metrics included in each Cloud tier, see Active series and dpm usage and Cloud tier pricing.