cloudflare
diff --git a/‎products/distributed-web/src/content/ipfs-gateway/automated-deployment.md‎
Lines changed: 3 additions & 0 deletions b/‎products/distributed-web/src/content/ipfs-gateway/automated-deployment.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎products/load-balancing/src/content/load-balancing-analytics/index.md‎
Lines changed: 192 additions & 0 deletions b/‎products/load-balancing/src/content/load-balancing-analytics/index.md‎
Lines changed: 192 additions & 0 deletions
diff --git a/‎products/load-balancing/src/content/understand-basics/pools.md‎
Lines changed: 4 additions & 1 deletion b/‎products/load-balancing/src/content/understand-basics/pools.md‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎products/logs/src/content/faq/index.md‎
Lines changed: 43 additions & 15 deletions b/‎products/logs/src/content/faq/index.md‎
Lines changed: 43 additions & 15 deletions
diff --git a/‎products/logs/src/content/get-started/enable-destinations/datadog/index.md‎
Lines changed: 4 additions & 4 deletions b/‎products/logs/src/content/get-started/enable-destinations/datadog/index.md‎
Lines changed: 4 additions & 4 deletions
@@ -24,3 +24,6 @@ hash. There are several tools that help with different parts of this:
 - [dnslink-cloudflare](https://github.com/ipfs-shipyard/dnslink-cloudflare) is a
   script to programmatically update DNSLink records. This can be run with the
   `-Q` flag of `ipfs add` that only outputs the top-level hash.
+- [Fission's IPNS support](https://guide.fission.codes/developers/custom-domains/using-cloudflare-ipfs-gateway) 
+  lets you use the Fission IPFS app publishing system from the CLI
+  or from GitHub Actions, while using Cloudflare-managed DNS and gateway.
@@ -0,0 +1,192 @@
+---
+title: Analytics
+order: 45
+pcx-content-type: how-to
+---
+
+# Load balancing analytics
+
+Using load balancing analytics, you can:
+- Evaluate traffic flow.
+- Assess the health status of origin servers in your pools.
+- Review changes in pools and pool health over time.
+
+<Aside type="note">
+
+Load balancing analytics are only available to customers on paid plans (Pro, Business, and Enterprise).
+
+</Aside>
+
+## Dashboard Analytics
+
+### Overview metrics
+
+To view **Overview** metrics for your load balancer, go to **Traffic** > **Load Balancing Analytics**.
+
+These metrics show the number of requests routed to specific pools within a load balancer, helping you:
+- Evaluate the effects of adding or removing a pool.
+- Decide when to create new origin pools.
+- Plan for peak traffic demands and future infrastructure needs.
+
+Add additional filters for specific pools, times, regions, and origins.
+
+### Latency and Logs
+
+To view latency and log information for your load balancer, go to **Traffic** > **Load Balancing Analytics** > **Latency**.
+
+**Latency** metrics show an interactive map, helping you identify regions with **Unhealthy** or **Slow** pools.
+
+**Logs** provide a history of all origin server status changes and how they affect your load balancing pools.
+
+## GraphQL Analytics
+
+For more flexibility, get load balancing metrics directly from the [GraphQL Analytics API](https://developers.cloudflare.com/analytics/graphql-api).
+
+Get started with a sample query:
+
+<details>
+<summary>Requests per pool</summary>
+<div>
+
+This query shows the number of requests each pool receives from each location in Cloudflare's global network.
+
+```graphql
+---
+header: Query
+---
+{
+  viewer {
+    zones(filter: {zoneTag: "your Zone ID"}) {
+         loadBalancingRequestsAdaptiveGroups( 
+            limit: 100, 
+            filter: {   
+                datetime_geq: "2021-06-26T00:00:00Z", 
+                datetime_leq: "2021-06-26T03:00:00Z",
+                lbName:"lb.example.com"
+            },
+            orderBy: [datetimeFifteenMinutes_DESC] 
+        ) {
+          count
+          dimensions {
+            datetimeFifteenMinutes
+            coloCode
+            selectedPoolName
+        }
+      }
+    }
+  }
+}
+```
+
+```json
+---
+header: Response (truncated)
+---
+{
+    "data": {
+        "viewer": {
+            "zones": [
+                {
+                    "loadBalancingRequestsAdaptiveGroups": [
+                        {
+                            "count": 4,
+                            "dimensions": {
+                                "coloCode": "IAD",
+                                "datetimeFifteenMinutes": "2021-06-26T00:45:00Z",
+                                "selectedPoolName": "us-east"
+                            }
+                        },
+                        ...
+                    ]
+                }
+            ]
+        }
+    }
+}
+```
+
+</div>
+
+</details>
+
+<details>
+<summary>Requests per data center</summary>
+<div>
+
+This query shows the weighted, round-trip time measurement (`avgRttMs`) for individual requets from a specific data center (for example, Singapore or `SIN`) to each pool in a specific load balancer.
+
+```graphql
+---
+header: Query
+---
+{
+  viewer {
+    zones(filter: {zoneTag: "your Zone ID"}) {
+         loadBalancingRequestsAdapative( 
+            limit: 100, 
+            filter: { 
+                datetime_geq: "2021-06-26T00:00:00Z", 
+                datetime_leq: "2021-06-26T03:00:00Z",
+                lbName:"lb.example.com",
+                coloCode: "SIN"
+            },
+            orderBy: [datetime_DESC] 
+        ) {
+        selectedPoolName
+        pools {
+          poolName
+          healthy
+          healthCheckEnabled
+          avgRttMs
+        }
+      }
+    }
+  }
+}
+```
+
+```json
+---
+header: Response (truncated)
+---
+{
+    "data": {
+        "viewer": {
+            "zones": [
+                {
+                    "loadBalancingRequestsAdaptive": [
+                        {
+                            "pools": [
+                                {
+                                    "avgRttMs": 67,
+                                    "healthCheckEnabled": 1,
+                                    "healthy": 1,
+                                    "poolName": "asia-ne"
+                                },
+                                {
+                                    "avgRttMs": 156,
+                                    "healthCheckEnabled": 1,
+                                    "healthy": 1,
+                                    "poolName": "us-east_and_asia-ne"
+                                },
+                                {
+                                    "avgRttMs": 237,
+                                    "healthCheckEnabled": 1,
+                                    "healthy": 1,
+                                    "poolName": "us-east"
+                                },
+                            ],
+                            "selectedPoolName": "asia-ne"
+                        },
+                    ...
+                    ]
+                }
+            ]
+        }
+    }
+}
+```
+
+</div>
+
+</details>
@@ -224,7 +224,10 @@ For example, you might have a pool with origins hosted in multiple AppEngine pro
 
 Since these examples require specific hostnames per origin, your load balancer could not properly route traffic _without_ a `Host` header override.
 
-If you need an origin `Host` header override, add it when [creating](/create-load-balancer-ui#create-and-add-origin-pools) or editing a pool. For security reasons, this header also needs to be a subdomain of the overall zone. See [Configure Cloudflare and Heroku](https://support.cloudflare.com/hc/articles/205893698) for more details.
+If you need an origin `Host` header override, add it when [creating](/create-load-balancer-ui#create-and-add-origin-pools) or editing a pool. For security reasons, this header must meet one of the following criteria:
+- Is a subdomain of a zone associated with this account
+- Matches the origin address
+- Publicly resolves to the origin address
 
 For details about how origin and monitor `Host` headers interact, see [Host header prioritization](/understand-basics/monitors#host-header-prioritization).
 
 
@@ -9,48 +9,76 @@ pcx-content-type: faq
 
 ### Once a request has passed through the Cloudflare network, how soon are the logs available?
 
-Logs become available in approximately 1 to 5 minutes.
-
-In the best case, logs take about 1 minute to process, and so we require that calls to the **Logpull API** be for time periods of at least 1 minute in the past. For example, if it’s 9:43 now, you can ask for logs processed between 9:41 and 9:42. The response will include logs for requests that passed through our network between 9:41 and 9:42 and potentially earlier. It’s normal for our processing to take between 3 and 4 minutes, so when you ask for that same time period, you may also see logs of requests that passed through our network at 9:39 or earlier.
-
 When using **Logpush**, logs are pushed in batches as soon as possible. For example, if you receive a file at 10:10, the file consists of logs that were processed shortly before 10:10.
 
-These timings are only a guideline, not a guarantee, and may depend on network conditions, the request volume for your domain, and other factors. Although we try to get the logs to you as fast as possible, we prioritize not losing log data over speed. On rare occasions, you may see a longer delay. In this case, you don’t need to take any action--the logs will be available as soon as they’re processed.
+When using **Logpull**, logs become available in approximately one to five minutes. Cloudflare requires that calls to the **Logpull API** be for time periods of at least one minute in the past. For example, if it is 9:43 now, you can ask for logs processed between 9:41 and 9:42. The response will include logs for requests that passed through our network between 9:41 and 9:42 and potentially earlier. It is normal for our processing to take between three and four minutes, so when you ask for that same time period, you may also see logs of requests that passed through our network at 9:39 or earlier.
+
+These timings are only a guideline, not a guarantee, and may depend on network conditions, the request volume for your domain, and other factors. Although we try to get the logs to you as fast as possible, we prioritize not losing log data over speed. On rare occasions, you may see a longer delay. In this case, you do not need to take any action. The logs will be available as soon as they are processed.
 
 ### Are logs available for customers who are not on an Enterprise plan?
 
-Not yet, but we’re planning to make them available to other customer plans in the future.
+Not yet, but we are planning to make them available to other customer plans in the future.
 
-### When pulling or pushing logs, I occasionally come across a time period with no data, even though I’m sure my domain received requests at that time. Is this normal?
+### When pulling or pushing logs, I occasionally come across a time period with no data, even though I am sure my domain received requests at that time. Is this normal?
 
-Yes, this is normal. The time period for which you pull or receive logs is based on our processing time, not the time the requests passed through our network. If you receive an empty response, it does not mean there were no requests during that time period. It just means we did not process any logs for your domain during that time.
+Yes. The time period for which you pull or receive logs is based on our processing time, not the time the requests passed through our network. Empty responses do not mean there were no requests during that time period, just that we did not process any logs for your domain during that time.
 
 ### Can I receive logs in a format other than JSON?
 
-Currently not. Talk to your account manager or Cloudflare Support if you’re interested in other formats and we’ll consider them for the future.
+Not at this time. Talk to your account manager or Cloudflare Support if you are interested in other formats and we will consider them for the future.
 
 ## Logpush FAQ
 
 ### What happens if my cloud storage destination is temporarily unavailable?
 
-**Logpush** is designed to retry in case of errors. If your destination is temporarily unavailable, we’ll keep trying until it’s online again and the logs are received. We’ll also automatically catch up, so that you don’t miss any logs. However, if we persistently receive errors from your destination, we’ll take that as a sign that it’s permanently unavailable and disable your push job. It can always be re-enabled later.
+**Logpush** is designed to retry in case of errors. If your destination is temporarily unavailable, Logpush will make the best effort to retry. If Cloudflare persistently receives errors from your destination, Logpush will eventually drop logs. If the errors continue for a prolonged period of time, Logpush will assume that the destination is permanently unavailable and disable your push job. You can always re-enable the job later.
 
 ### Can I adjust how often logs are pushed?
 
 No. Cloudflare pushes logs in batches as soon as possible.
 
-### My job was accidentally turned off, and I didn’t receive my logs for a certain time period. Can they still be pushed to me?
+### My job was accidentally turned off, and I did not receive my logs for a certain time period. Can they still be pushed to me?
+
+No. **Logpush** only pushes the logs once as they become available and is unable to backfill. However, the logs are stored for at least 72 hours and can be downloaded using the **Logpull API**.
+
+### Why am I receiving a validating destination error while setting up a Splunk job? 
+You could be seeing this error for multiple reasons:
+* The Splunk endpoint URL is not correct. Cloudflare only supports Splunk HEC raw endpoint over HTTPS.
+* The Splunk authentication token is not correct. Be sure to URL-encode the token. For example, use "%20" for a whitespace.
+* The certificate for Splunk Server is not properly configured. Certificates generated by Splunk/third-party certificates should have the Common Name field in the certificate match the Splunk server’s domain name. Otherwise you may see errors like: `x509: certificate is valid for SplunkServerDefaultCert, not <your-instance>.splunkcloud.com.`
+
+### What is the insecure-skip-verify parameter in Splunk jobs?
+This flag, if set to `true`, makes an insecure connection to Splunk. Setting this value to ``true`` is equivalent to using the `-k` option with ``curl`` as shown in Splunk examples and is **not** recommended. Cloudflare highly recommends setting this flag to ``false` when using the `insecure-skip-verify` parameter.
+
+### Why do we have the insecure-skip-verify parameter in Splunk jobs if it is not recommended?
+Certificates generated by Splunk/third-party certificates should have the Common Name field in the certificate match the Splunk server’s domain name. Otherwise you may see errors like: `x509: certificate is valid for SplunkServerDefaultCert, not <your-instance>.splunkcloud.com.` This happens especially with the default certificates generated by Splunk on startup. Pushes will never succeed unless the certificates are fixed.
+
+The proper way to resolve the issue is to fix the certificates. This flag is only here for those rare scenarios when it is not possible to have access or permissions to fix the certificates, like with the Splunk cloud instances, which don’t allow changing Splunk server configurations.
+
+### How can I verify that my Splunk HEC is working correctly before setting up a job?
+Ensure that you can publish events to your Splunk instance through ``curl`` without the `-k` flag and with the `insecure-skip-verify` parameter set to ``false`` as in the following example:
+
+```bash
+curl  "https://<SPLUNK-ENDPOINT-URL>?channel=<SPLUNK-CHANNEL-ID>&insecure-skip-verify=<INSECURE-SKIP-VERIFY>&sourcetype=<SOURCE-TYPE>" \
+   -H "Authorization: Splunk <SPLUNK-AUTH-TOKEN>" \
+   -d '{"BotScore":99,"BotScoreSrc":"Machine Learning","CacheCacheStatus":"miss","CacheResponseBytes":2478}'
+{"text":"Success","code":0}
+```
+
+### Can I use any HEC network port in the Splunk destination conf?
+No. Cloudflare expects the HEC network port to be configured to `:443` or `:8088`.
 
-No, **Logpush** only pushes the logs once as they become available, and is unable to backfill. However, the logs are stored for a period of at least 72 hours and can be downloaded using the **Logpull API**.
+### Does Logpush integrate with the Cloudflare Splunk App?
+Yes. See [Cloudflare App for Splunk](https://splunkbase.splunk.com/app/4501/) for more information. As long as you ingest logs using the `cloudflare:json` source type, you can use the Cloudflare Splunk App.
 
 ## Logpull API FAQ
 
 ### How long are logs retained?
 
-Cloudflare makes logs available for at least 3 days and up to 7 days. If you need your logs for a longer time period, download and store them locally.
+Cloudflare makes logs available for at least three days and up to seven days. If you need your logs for a longer time period, download and store them locally.
 
-### I’m asking for logs for the time window of 16:10-16:13. However, the timestamps in the logs show requests that are before this time period. Why does that happen?
+### I am asking for logs for the time window of 16:10-16:13. However, the timestamps in the logs show requests that are before this time period. Why does that happen?
 
 When you make a call for the time period of 16:10-16:13, you are actually asking for the logs that were received and processed by our system during that time (hence the endpoint name, _logs/received_). The _received_ time is the time the logs are written to disk. There is some delay between the time the request hits the Cloudflare edge and the time it is received and processed. The _request time_ is what you see in the log itself: _EdgeStartTimestamp_ and _EdgeEndTimestamp_ tell you when the edge started and stopped processing the request.
 
-The advantage of basing the responses on the _time received_ rather than the request or edge time is not needing to worry about late-arriving logs. As long as you are calling our API for continuous time segments, you will always get all of your logs without making duplicate calls. If we based the response on request time, you could never be sure that all the logs for that request time had been processed.
+The advantage of basing the responses on the _time received_ rather than the request or edge time is not needing to worry about late-arriving logs. As long as you are calling our API for continuous time segments, you will always get all of your logs without making duplicate calls. If we based the response on request time, you could never be sure that all the logs for that request time had been processed.
@@ -20,7 +20,7 @@ To set up a Datadog Logpush job:
 
 <Aside type="note" header="Note">
 
-Note: Unlike configuring Logpush jobs for AWS S3, GCS, or Azure, there is no ownership challenge when configuring Logpush to Datadog.
+Unlike configuring Logpush jobs for AWS S3, GCS, or Azure, there is no ownership challenge when configuring Logpush to Datadog.
 
 </Aside>
 
@@ -104,8 +104,8 @@ Response:
   "success": true
 }
 ```
+<Aside type="note" header="Note">
 
-## Troubleshooting
+The Datadog destination is exclusive to new jobs and might not be backward compatible with older jobs. Create new jobs if you expect to send your logs directly to Datadog instead of modifying already existing ones. If you try to modify an existing job for another destination to push logs to Datadog, you may observe errors.
 
-### I am observing errors pushing to Datadog after I modify an existing job for another destination to push logs to Datadog.
-Datadog destination is exclusive to new jobs and might not be backward compatible with older jobs. Create new jobs if you expect to send your logs directly to Datadog instead of modifying already existing ones.
+</Aside>