Is it possible to get raw logs?


The other day we received a series of DDoS attacks and I was wondering if it’s possible to request the raw access logs of minutes before the attack started. Because some of the requests went through CF initially, I had to remove those logs and I’d really like to have the traffic before the attack occurred. :sweat_smile:


After the fact? Even on Enterprise plans, I don’t think it’s possible.


Data retention period

You can query for logs starting from 1 minute in the past (relative to the actual time that you make the query) and going back at least 3 days and up to 7 days.

The attack was just a couple of days ago, (we are still receiving the attacks so even those from some hours ago would work).

Yeah, but it says you need to enable log retention first.


Oh, you are right, my bad! I will keep the post open in case there is some hope that I can get those :sweat_smile:.
I’m primarily asking because I remember that once when I asked support about an attack, they were able to show me part of the logs (visualized) so if there is any chance that they exist and I can get them… that’d be great.

1 Like

Probably they are using GraphQL to query the data, but sampled data.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.