Integration Name
Cloudflare Logpush [packages/cloudflare_logpush]
Dataset Name
cloudflare_logpush.network_analytics
Integration Version
1.44.0
Agent Version
9.3.4
Agent Output Type
elasticsearch
Elasticsearch Version
Serverless
OS Version and Architecture
Elastic Agent docker image on k8s
Software/API Version
SaaS
Error Message
Processor "convert" with tag convert_json_ipv4_options in pipeline
"logs-cloudflare_logpush.network_analytics-1.44.0" failed with message
"For input string: "7,0""
The processor's on_failure swallows the exception and appends the message
to error.message, so events are not dropped — but cloudflare_logpush.network_analytics.ipv4.options is left unset.
Event Original
{"AttackCampaignID":"","AttackID":"","AttackVector":"","ColoName":"mad01","Datetime":"2026-05-11T11:31:18Z","DestinationASN":13335,"Direction":"ingress","IPDestinationAddress":"203.0.113.243","IPDestinationSubnet":"203.0.113.0/24","IPProtocol":1,"IPSourceAddress":"198.51.100.140","IPSourceSubnet":"198.51.100.0/24","MitigationReason":"","MitigationScope":"","MitigationSystem":"magic-firewall","Outcome":"pass","ProtocolState":"","RuleID":"c301d61435d948009173f78d37ede4e2","RuleName":"","RulesetID":"1e7b7ef15bbc4ca190ebcc24b27a0e98","RulesetOverrideID":"","SampleInterval":100,"SourceASN":1273,"Verdict":"pass","ColoCity":"Madrid","ColoCode":"MAD","ColoCountry":"ES","ColoGeoHash":"ezjqqgdu26nu","DestinationASNName":"Cloudflare, Inc.","DestinationCountry":"US","DestinationGeoHash":"9q8yyf3hhvek","DestinationPort":0,"GREChecksum":0,"GREEtherType":0,"GREHeaderLength":0,"GREKey":0,"GRESequenceNumber":0,"GREVersion":0,"ICMPChecksum":23487,"ICMPCode":0,"ICMPType":8,"IPFragmentOffset":0,"IPHeaderLength":60,"IPMoreFragments":0,"IPProtocolName":"ICMP","IPTTL":57,"IPTTLBuckets":50,"IPTotalLength":124,"IPTotalLengthBuckets":100,"IPv4Checksum":25737,"IPv4DSCP":0,"IPv4DontFragment":1,"IPv4ECN":0,"IPv4Identification":17232,"IPv4Options":"7,0","IPv6DSCP":0,"IPv6ECN":0,"IPv6ExtensionHeaders":"","IPv6FlowLabel":0,"IPv6Identification":0,"SourceASNName":"Vodafone Group PLC","SourceCountry":"PT","SourceGeoHash":"eyckrc9mfpyx","SourcePort":0,"TCPAcknowledgementNumber":0,"TCPChecksum":0,"TCPDataOffset":0,"TCPFlags":0,"TCPFlagsString":"","TCPMSS":0,"TCPOptions":"","TCPSACKBlocks":"","TCPSACKPermitted":0,"TCPSequenceNumber":0,"TCPTimestampECR":0,"TCPTimestampValue":0,"TCPUrgentPointer":0,"TCPWindowScale":0,"TCPWindowSize":0,"UDPChecksum":0,"UDPPayloadLength":0}What did you do?
Configured the Cloudflare Logpush integration with the network_analytics data stream to pull logs from an S3 bucket (aws-s3 input). Cloudflare emits IPv4 header options as a comma-separated string in theIPv4Options field of network_analytics_logs. When any packet in a sampled flow had more than one IPv4 option, the value sent was e.g."7,0".
What did you see?
The processor convert_json_ipv4_options failed:
|
- convert: |
|
tag: convert_json_ipv4_options |
|
field: json.IPv4Options |
|
target_field: cloudflare_logpush.network_analytics.ipv4.options |
|
if: ctx.json?.IPv4Options != '' |
|
type: long |
|
ignore_missing: true |
|
on_failure: |
|
- append: |
|
field: error.message |
|
value: |- |
|
Processor "{{{ _ingest.on_failure_processor_type }}}" with tag {{{_ingest.on_failure_processor_tag}}} in pipeline "{{{ _ingest.on_failure_pipeline }}}" failed with message "{{{ _ingest.on_failure_message }}}" |
Long.parseLong("7,0") throws NumberFormatException: For input string: "7,0". The on_failure writes to error.message and the target field is not populated. Every event with multiple IPv4 options is affected.
What did you expect to see?
cloudflare_logpush.network_analytics.ipv4.options populated as an array of longs like [7, 0].
Anything else?
Cloudflare doc references.
- Network Analytics Logs reference: https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/network_analytics_logs/
IPv4Options: type string, "List of Options numbers included in the IPv4 packet header."IPv6ExtensionHeaders: type string, "List of Extension Header numbers included in the IPv6 packet header."TCPOptions: type string, "List of Options numbers included in the TCP packet header."TCPSACKBlocks: type string, "List of the SACK Blocks option header in the TCP packet."
All four of these Cloudflare fields are documented as comma-separated string lists.
Integration Name
Cloudflare Logpush [packages/cloudflare_logpush]
Dataset Name
cloudflare_logpush.network_analyticsIntegration Version
1.44.0Agent Version
9.3.4Agent Output Type
elasticsearchElasticsearch Version
Serverless
OS Version and Architecture
Elastic Agent docker image on k8s
Software/API Version
SaaS
Error Message
The processor's
on_failureswallows the exception and appends the messageto
error.message, so events are not dropped — butcloudflare_logpush.network_analytics.ipv4.optionsis left unset.Event Original
{"AttackCampaignID":"","AttackID":"","AttackVector":"","ColoName":"mad01","Datetime":"2026-05-11T11:31:18Z","DestinationASN":13335,"Direction":"ingress","IPDestinationAddress":"203.0.113.243","IPDestinationSubnet":"203.0.113.0/24","IPProtocol":1,"IPSourceAddress":"198.51.100.140","IPSourceSubnet":"198.51.100.0/24","MitigationReason":"","MitigationScope":"","MitigationSystem":"magic-firewall","Outcome":"pass","ProtocolState":"","RuleID":"c301d61435d948009173f78d37ede4e2","RuleName":"","RulesetID":"1e7b7ef15bbc4ca190ebcc24b27a0e98","RulesetOverrideID":"","SampleInterval":100,"SourceASN":1273,"Verdict":"pass","ColoCity":"Madrid","ColoCode":"MAD","ColoCountry":"ES","ColoGeoHash":"ezjqqgdu26nu","DestinationASNName":"Cloudflare, Inc.","DestinationCountry":"US","DestinationGeoHash":"9q8yyf3hhvek","DestinationPort":0,"GREChecksum":0,"GREEtherType":0,"GREHeaderLength":0,"GREKey":0,"GRESequenceNumber":0,"GREVersion":0,"ICMPChecksum":23487,"ICMPCode":0,"ICMPType":8,"IPFragmentOffset":0,"IPHeaderLength":60,"IPMoreFragments":0,"IPProtocolName":"ICMP","IPTTL":57,"IPTTLBuckets":50,"IPTotalLength":124,"IPTotalLengthBuckets":100,"IPv4Checksum":25737,"IPv4DSCP":0,"IPv4DontFragment":1,"IPv4ECN":0,"IPv4Identification":17232,"IPv4Options":"7,0","IPv6DSCP":0,"IPv6ECN":0,"IPv6ExtensionHeaders":"","IPv6FlowLabel":0,"IPv6Identification":0,"SourceASNName":"Vodafone Group PLC","SourceCountry":"PT","SourceGeoHash":"eyckrc9mfpyx","SourcePort":0,"TCPAcknowledgementNumber":0,"TCPChecksum":0,"TCPDataOffset":0,"TCPFlags":0,"TCPFlagsString":"","TCPMSS":0,"TCPOptions":"","TCPSACKBlocks":"","TCPSACKPermitted":0,"TCPSequenceNumber":0,"TCPTimestampECR":0,"TCPTimestampValue":0,"TCPUrgentPointer":0,"TCPWindowScale":0,"TCPWindowSize":0,"UDPChecksum":0,"UDPPayloadLength":0}What did you do?
Configured the Cloudflare Logpush integration with the
network_analyticsdata stream to pull logs from an S3 bucket (aws-s3input). Cloudflare emits IPv4 header options as a comma-separated string in theIPv4Optionsfield ofnetwork_analytics_logs. When any packet in a sampled flow had more than one IPv4 option, the value sent was e.g."7,0".What did you see?
The processor
convert_json_ipv4_optionsfailed:integrations/packages/cloudflare_logpush/data_stream/network_analytics/elasticsearch/ingest_pipeline/default.yml
Lines 616 to 627 in f6689be
Long.parseLong("7,0")throwsNumberFormatException: For input string: "7,0". Theon_failurewrites toerror.messageand the target field is not populated. Every event with multiple IPv4 options is affected.What did you expect to see?
cloudflare_logpush.network_analytics.ipv4.optionspopulated as an array of longs like[7, 0].Anything else?
Cloudflare doc references.
IPv4Options: type string, "List of Options numbers included in the IPv4 packet header."IPv6ExtensionHeaders: type string, "List of Extension Header numbers included in the IPv6 packet header."TCPOptions: type string, "List of Options numbers included in the TCP packet header."TCPSACKBlocks: type string, "List of the SACK Blocks option header in the TCP packet."All four of these Cloudflare fields are documented as comma-separated string lists.