Understanding Cloudflare Network Analytics

Learn how Magic Transit and Bring-Your-Own-IP (BYOIP) Cloudflare Spectrum customers use account-level Network Analytics to explore Layer 3 and 4 traffic and attack details.


Network Analytics provides near real-time visibility into network- and transport-layer traffic patterns and DDoS attacks for a customizable timeframe ranging from 30 minutes up to the last 60 days.  Network Analytics are available to Enterprise customers that use Cloudflare Magic Transit or Bring-Your-Own-IP for Cloudflare Spectrum.

Network Analytics accelerates reporting and investigation of malicious traffic and allows filtering by:

  • Source and destination IP and port
  • Attack size, type, rate, and duration
  • TCP flags and action taken by Cloudflare

Network Analytics helps quickly identify information such as:

  • Potential downtime and bandwidth spared by Cloudflare
  • Attack location (Cloudflare data center and ASN)
  • Top attack vectors reaching the network 

Analytics are displayed at a sampling rate of 1/8192 packets. Also, the UI shows a maximum of 500 attack logs and paginates 10 results per page. The analytics API is not limited to 500 results.

View Network Analytics

Network Analytics are found in the Cloudflare UI via the following steps:

  1. Request your Cloudflare Account Team enable Network Analytics.
  2. Log in to your Cloudflare account.
  3. If you have multiple accounts, select the appropriate account from the account list.
  4. Click on Network Analytics beside the list of domains.

Source IPs are stored for 30 days. Report periods older than 30 days do not include source IP data.

Related resources

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk