We’re using Cloudflare Logpush to push various logs to Azure Log Analytics Workspace / Sentinel as final destination.
We’ve noticed that there are no consistency what so ever on attributes/properties/fields on the logs. For instance it would be great with ONE common attribute to determine when a log was created.
Here are the logs we’re currently pushing:
- Audit logs:
- Firewall events:
- HTTP requests:
- Spectrum evetns:
From what I can gather, following is the attribute used to determine log creation date time given the log type:
Would also be great with attributes for log type and scope (account vs. zone). Some consistency would be good, thus something like that:
|Actual log creation date time
|Firewall, HTTP, Audit…
|Account vs. Zone…