Logpush - No consistency across log types

We’re using Cloudflare Logpush to push various logs to Azure Log Analytics Workspace / Sentinel as final destination.

We’ve noticed that there are no consistency what so ever on attributes/properties/fields on the logs. For instance it would be great with ONE common attribute to determine when a log was created.

Here are the logs we’re currently pushing:

  • Audit logs: https://developers.cloudflare.com/logs/reference/log-fields/account/audit_logs/
  • Firewall events: https://developers.cloudflare.com/logs/reference/log-fields/zone/firewall_events/
  • HTTP requests: https://developers.cloudflare.com/logs/reference/log-fields/zone/http_requests/
  • Spectrum evetns: https://developers.cloudflare.com/logs/reference/log-fields/zone/spectrum_events/

From what I can gather, following is the attribute used to determine log creation date time given the log type:

Log type Attribute
Audit log When
Firewall events Datetime
HTTP requests EdgeStartTimestamp
Spectrum events Timestamp

Would also be great with attributes for log type and scope (account vs. zone). Some consistency would be good, thus something like that:

Column What data
LogCreationTime Actual log creation date time
LogType Firewall, HTTP, Audit…
LogScope Account vs. Zone…