Analytics Release Notes

You can now perform more powerful queries directly in Workers Analytics Engine with a major expansion of our SQL function library.

Workers Analytics Engine allows you to ingest and store high-cardinality data at scale (such as custom analytics) and query your data through a simple SQL API.

New aggregate functions

• countIf() - count the number of rows which satisfy a provided condition
• sumIf() - calculate a sum from rows which satisfy a provided condition
• avgIf() - calculate an average from rows which satisfy a provided condition

New date and time functions

• toYear()
• toMonth()
• toDayOfMonth()
• toDayOfWeek()
• toHour()
• toMinute()
• toSecond()
• toStartOfYear()
• toStartOfMonth()
• toStartOfWeek()
• toStartOfDay()
• toStartOfHour()
• toStartOfFifteenMinutes()
• toStartOfTenMinutes()
• toStartOfFiveMinutes()
• toStartOfMinute()
• today()
• toYYYYMM()

Ready to get started?

Whether you're building usage-based billing systems, customer analytics dashboards, or other custom analytics, these functions let you get the most out of your data.

Get started with Workers Analytics Engine and explore all available functions in our SQL reference documentation.

Logpush Health Dashboards

We’re excited to introduce Logpush Health Dashboards, giving customers real-time visibility into the status, reliability, and performance of their Logpush jobs. Health dashboards make it easier to detect delivery issues, monitor job stability, and track performance across destinations. The dashboards are divided into two sections:

• Upload Health: See how much data was successfully uploaded, where drops occurred, and how your jobs are performing overall. This includes data completeness, success rate, and upload volume.

• Upload Reliability – Diagnose issues impacting stability, retries, or latency, and monitor key metrics such as retry counts, upload duration, and destination availability.

Health Dashboards can be accessed from the Logpush page in the Cloudflare dashboard at the account or zone level, under the Health tab. For more details, refer to our Logpush Health Dashboards documentation, which includes a comprehensive troubleshooting guide to help interpret and resolve common issues.

Zero Trust Logpush Permissions Update

Permissions for managing Logpush jobs related to Zero Trust datasets (Access, Gateway, and DEX) have been updated to improve data security and enforce appropriate access controls.

To view, create, update, or delete Logpush jobs for Zero Trust datasets, users must now have both of the following permissions:

• Logs Edit
• Zero Trust: PII Read

Note

Update your UI, API or Terraform configurations to include the new permissions. Requests to Zero Trust datasets will fail due to insufficient access without the additional permission.

Brand Protection logo query dashboard

The Brand Protection logo query dashboard now allows you to use the Report to Cloudflare button to submit an Abuse report directly from the Brand Protection logo queries dashboard. While you could previously report new domains that were impersonating your brand before, now you can do the same for websites found to be using your logo without your permission. The abuse reports will be prefilled and you will only need to validate a few fields before you can click the submit button, after which our team processes your request.

Ready to start? Check out the Brand Protection docs.

Radar TLD insights and API updates

Radar now introduces Top-Level Domain (TLD) insights, providing visibility into popularity based on the DNS magnitude metric, detailed TLD information including its type, manager, DNSSEC support, RDAP support, and WHOIS data, and trends such as DNS query volume and geographic distribution observed by the 1.1.1.1 DNS resolver.

The following dimensions were added to the Radar DNS API, specifically, to the /dns/summary/{dimension} and /dns/timeseries_groups/{dimension} endpoints:

• tld: Top-level domain extracted from DNS queries; can also be used as a filter.
• tld_dns_magnitude: Top-level domain ranking by DNS magnitude.

And the following endpoints were added

• /tlds - Lists all TLDs.
• /tlds/{tld} - Retrieves information about a specific TLD.

Learn more about the new Radar DNS insights in our blog post, and check out the new Radar page.

The Requests for Information (RFI) dashboard now shows users the number of tokens used by each submitted RFI to better understand usage of tokens and how they relate to each request submitted.

What’s new

• Users can now see the number of tokens used for a submitted request for information.
• Users can see the remaining tokens allocated to their account for the quarter.
• Users can only select the Routine priority for the Strategic Threat Research request type.

Cloudforce One subscribers can try it now in Application Security > Threat Intelligence > Requests for Information.

Logpush now supports integration with Microsoft Sentinel

The new Azure Sentinel Connector built on Microsoft’s Codeless Connector Framework (CCF), is now avaialble. This solution replaces the previous Azure Functions-based connector, offering significant improvements in security, data control, and ease of use for customers. Logpush customers can send logs to Azure Blob Storage and configure this new Sentinel Connector to ingest those logs directly into Microsoft Sentinel.

This upgrade significantly streamlines log ingestion, improves security, and provides greater control:

• Simplified Implementation: Easier for engineering teams to set up and maintain.
• Cost Control: New support for Data Collection Rules (DCRs) allows you to filter and transform logs at ingestion time, offering potential cost savings.
• Enhanced Security: CCF provides a higher level of security compared to the older Azure Functions connector.
• ata Lake Integration: Includes native integration with Data Lake.

Find the new solution here and refer to the Cloudflare's developer documention for more information on the connector, including setup steps, supported logs and Microsfot's resources.

Cloudflare's new Application Security report, currently in Closed Beta, is now available in the dashboard.

Go to Security reports

The reports are generated monthly and provide cyber security insights trends for all of the Enterprise zones in your Cloudflare account.

The reports also include an industry benchmark, comparing your cyber security landscape to peers in your industry.

Learn more about the reports by referring to the Security Reports documentation.

Use the feedback survey link at the top of the page to help us improve the reports.

Radar has expanded its Certificate Transparency (CT) log insights with new stats that provide greater visibility into log activity:

• Log growth rate: The average throughput of the CT log over the past 7 days, measured in certificates per hour.
• Included certificate count: The total number of certificates already included in this CT log.
• Eligible-for-inclusion certificate count: The number of certificates eligible for inclusion in this log but not yet included. This metric is based on certificates signed by trusted root CAs within the log's accepted date range.
• Last update: The timestamp of the most recent update to the CT log.

These new statistics have been added to the response of the Get Certificate Log Details API endpoint, and are displayed on the CT log information page.