Cloudflare Log Explorer now supports 14 additional datasets spanning Application Services and Cloudflare One, enabling security analysts to investigate multi-vector attacks with 360-degree visibility. The update allows correlation of HTTP request logs, DDoS/firewall events, Zero Trust Access logs, email security alerts, DNS gateway logs, and network analytics in a unified SQL interface. Practical investigation scenarios are provided, including detecting bot sessions tied to authenticated users, tracing phishing-to-DNS-exfiltration chains, and identifying insider network scanning after Zero Trust login. Architectural improvements reduced P99 ingestion latency by ~55% and P50 by ~25%. A schema-driven JSON approach also lays groundwork for ingesting third-party log sources in the future.
Table of contents
The flight recorder for your entire stackLog Explorer can identify malicious activity at every stageCorrelate across datasetsFollow along for more updatesGet access to Log ExplorerSort: