Intermediate Pro

Cloudflare HTTP Log Analysis using Splunk

Detecting WAF Blocks, Brute Force, SQLi, XSS, LFI, and Recon from Cloudflare HTTP Logs (JSON/JSONL)

Self-Paced by Rajneesh Gupta

Overview

Project Overview: Cloudflare HTTP Request Log Analysis using Splunk

This project walks you through analyzing Cloudflare HTTP Request Logs to separate normal traffic from malicious activity. You’ll ingest the JSONL dataset, use field-aware SPL on ClientIP, URI, QueryString, Status, UserAgent, CacheStatus, WAFAction, RayID, and also practice parsing an embedded raw record with spath for flexible extraction.

  • Ingest Cloudflare HTTP Request logs (Logpush-like JSON/JSONL)
  • Detect brute force, SQLi, XSS, LFI, reconnaissance, and WAF actions
  • Profile cache behavior (HIT/MISS/BYPASS/EXPIRED) for tuning & anomaly spotting
  • Use RayID for precise request correlation and raw + spath for dynamic parsing
  • Hands-on using the provided cloudflare_http_requests_with_raw.jsonl (2,000 entries; 50% attacks, 50% genuine)

What You'll Learn

  • Log Ingestion & Parsing

    Upload Cloudflare HTTP logs and extract fields with spath.

  • Threat Detection Queries

    Build SPL to detect brute force, SQLi, XSS, LFI, and recon scans.

  • WAF & Cache Signals

    Interpret actions and responses to analyze attack outcomes.

Prerequisites

  • Basic understanding of HTTP and common web attacks
  • Splunk Enterprise available in your lab

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.

Apache Web Server Log Monitoring using Wazuh
Pro Beginner

Apache Web Server Log Monitoring using Wazuh

Real-time detection of HTTP errors, brute-force and suspicious requests from Apache logs