---
title: "otelcol.receiver.cloudflare | Grafana Cloud documentation"
description: "Learn about otelcol.receiver.cloudflare"
---

# `otelcol.receiver.cloudflare`

> **EXPERIMENTAL**: This is an [experimental](/docs/release-life-cycle/) component. Experimental components are subject to frequent breaking changes, and may be removed with no equivalent replacement. To enable and use an experimental component, you must set the `stability.level` [flag](/docs/alloy/latest/reference/cli/run/) to `experimental`.

`otelcol.receiver.cloudflare` receives logs sent by Cloudflare [LogPush](https://developers.cloudflare.com/logs/logpush/) jobs.

> Note
> 
> `otelcol.receiver.cloudflare` is a wrapper over the upstream OpenTelemetry Collector [`cloudflare`](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/v0.147.0/receiver/cloudflarereceiver) receiver. Bug reports or feature requests will be redirected to the upstream repository, if necessary.

You can specify multiple `otelcol.receiver.cloudflare` components by giving them different labels.

## Usage

Alloy ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy

```alloy
otelcol.receiver.cloudflare "<LABEL>" {
  endpoint = "<HOST>:<PORT>"

  output {
    logs = [...]
  }
}
```

## Arguments

You can use the following arguments with `otelcol.receiver.cloudflare`:

Expand table

| Name               | Type                | Description                                                                                                | Default                | Required |
|--------------------|---------------------|------------------------------------------------------------------------------------------------------------|------------------------|----------|
| `endpoint`         | `string`            | The `<HOST:PORT>` endpoint address on which the receiver awaits requests from Cloudflare.                  |                        | yes      |
| `secret`           | `string`            | If this value is set, the receiver expects to see it in any valid requests under the `X-CF-Secret` header. |                        | no       |
| `attributes`       | `map[string]string` | Sets log attributes from message fields. Only string, boolean, integer, or float fields can be mapped.     |                        | no       |
| `delimiter`        | `string`            | The separator to join nested fields in the log message when setting attributes.                            | `"."`                  | no       |
| `timestamp_field`  | `string`            | Log field name that contains timestamp.                                                                    | `"EdgeStartTimestamp"` | no       |
| `timestamp_format` | `string`            | One of `unix`, `unixnano`, or `rfc3339`, matching how your LogPush job encodes the timestamp field.        | `"rfc3339"`            | no       |

When the `attributes` configuration is empty, the receiver will automatically ingest all fields from the log messages as attributes, using the original field names as attribute names.

Refer to the upstream receiver [documentation](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/cloudflarereceiver#configuration) for more details.

## Blocks

You can use the following blocks with `otelcol.receiver.cloudflare`:

No valid configuration blocks found.

### `output`

Required

The `output` block configures a set of components to forward resulting telemetry data to.

The following arguments are supported:

Expand table

| Name      | Type                     | Description                           | Default | Required |
|-----------|--------------------------|---------------------------------------|---------|----------|
| `logs`    | `list(otelcol.Consumer)` | List of consumers to send logs to.    | `[]`    | no       |
| `metrics` | `list(otelcol.Consumer)` | List of consumers to send metrics to. | `[]`    | no       |
| `traces`  | `list(otelcol.Consumer)` | List of consumers to send traces to.  | `[]`    | no       |

You must specify the `output` block, but all its arguments are optional. By default, telemetry data is dropped. Configure the `metrics`, `logs`, and `traces` arguments accordingly to send telemetry data to other components.

### `tls`

The `tls` block configures TLS settings used for a server. If the `tls` block isn’t provided, TLS won’t be used for connections to the server.

The following arguments are supported:

Expand table

| Name                           | Type           | Description                                                                                  | Default     | Required |
|--------------------------------|----------------|----------------------------------------------------------------------------------------------|-------------|----------|
| `ca_file`                      | `string`       | Path to the CA file.                                                                         |             | no       |
| `ca_pem`                       | `string`       | CA PEM-encoded text to validate the server with.                                             |             | no       |
| `cert_file`                    | `string`       | Path to the TLS certificate.                                                                 |             | no       |
| `cert_pem`                     | `string`       | Certificate PEM-encoded text for client authentication.                                      |             | no       |
| `cipher_suites`                | `list(string)` | A list of TLS cipher suites that the TLS transport can use.                                  | `[]`        | no       |
| `client_ca_file`               | `string`       | Path to the TLS cert to use by the server to verify a client certificate.                    |             | no       |
| `curve_preferences`            | `list(string)` | Set of elliptic curves to use in a handshake.                                                | `[]`        | no       |
| `include_system_ca_certs_pool` | `boolean`      | Whether to load the system certificate authorities pool alongside the certificate authority. | `false`     | no       |
| `key_file`                     | `string`       | Path to the TLS certificate key.                                                             |             | no       |
| `key_pem`                      | `secret`       | Key PEM-encoded text for client authentication.                                              |             | no       |
| `max_version`                  | `string`       | Maximum acceptable TLS version for connections.                                              | `"TLS 1.3"` | no       |
| `min_version`                  | `string`       | Minimum acceptable TLS version for connections.                                              | `"TLS 1.2"` | no       |
| `reload_interval`              | `duration`     | The duration after which the certificate is reloaded.                                        | `"0s"`      | no       |

If `reload_interval` is set to `"0s"`, the certificate never reloaded.

The following pairs of arguments are mutually exclusive and can’t both be set simultaneously:

- `ca_pem` and `ca_file`
- `cert_pem` and `cert_file`
- `key_pem` and `key_file`

If `cipher_suites` is left blank, a safe default list is used. Refer to the [Go Cipher Suites documentation](https://go.dev/src/crypto/tls/cipher_suites.go) for a list of supported cipher suites.

`client_ca_file` sets the `ClientCA` and `ClientAuth` to `RequireAndVerifyClientCert` in the `TLSConfig`. Refer to the [Go TLS documentation](https://godoc.org/crypto/tls#Config) for more information.

The `curve_preferences` argument determines the set of elliptic curves to prefer during a handshake in preference order. If not provided, a default list is used. The set of elliptic curves available are `X25519`, `P521`, `P256`, and `P384`.

## Exported fields

`otelcol.receiver.cloudflare` doesn’t export any fields.

## Component health

`otelcol.receiver.cloudflare` is only reported as unhealthy if given an invalid configuration.

## Debug information

`otelcol.receiver.cloudflare` doesn’t expose any component-specific debug information.

## Example

The following example receives logs from Cloudflare and forwards them through a batch processor:

Alloy ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy

```alloy
otelcol.receiver.cloudflare "default" {
  endpoint = "<HOST>:<PORT>"
  secret = "1234567890abcdef1234567890abcdef"
  timestamp_field = "EdgeStartTimestamp"
  timestamp_format = "rfc3339"
  attributes = {
    ClientIP = "http_request.client_ip",
    ClientRequestURI = "http_request.uri",
  }

  tls {
    cert_file = "/path/to/cert.pem"
    key_file = "/path/to/key.pem"
  }

  output {
    logs = [otelcol.processor.batch.default.input]
  }
}

otelcol.processor.batch "default" {
  output {
    logs = [otelcol.exporter.otlphttp.default.input]
  }
}

otelcol.exporter.otlphttp "default" {
  client {
    endpoint = env("<OTLP_ENDPOINT>")
  }
}
```

Replace the following:

- *`<HOST>`* : The hostname or IP address where the receiver listens for Cloudflare LogPush requests.
- *`<PORT>`* : The port number where the receiver listens for Cloudflare LogPush requests.
- *`<OTLP_ENDPOINT>`* : The OTLP endpoint URL for your observability backend.

## Compatible components

`otelcol.receiver.cloudflare` can accept arguments from the following components:

- Components that export [OpenTelemetry `otelcol.Consumer`](/docs/grafana-cloud/send-data/alloy/reference/compatibility/#opentelemetry-otelcolconsumer-exporters)

> Note
> 
> Connecting some components may not be sensible or components may require further configuration to make the connection work correctly. Refer to the linked documentation for more details.