Integrations

Cloud Setup

LogPulse integrates directly with your CI/CD and deployment platforms to collect audit logs, pipeline events, and deployment data. Set up cloud integrations to get full visibility into your DevOps workflows without installing any agents.

Overview

Cloud integrations connect LogPulse to your existing platforms via API polling and webhooks. Events are automatically normalized to standard data models, making them searchable with LPQL alongside your application logs.

Active Providers

Collection Methods

Data Sources

Note: Cloud integrations collect platform-level events (builds, deploys, audits). For application logs from your own services, use the Vector Agent or HTTP API instead.

Supported Providers

LogPulse currently supports four cloud providers for direct integration. Each provider offers both polling and webhook-based data collection.

Azure DevOps

Audit logs, service hooks, and pipeline logs from Azure DevOps organizations.

GitHub Actions

Workflow runs, job results, and repository events from GitHub Actions.

Railway

Deployments, build logs, runtime logs, and deployment events from Railway.

Cloudflare

Logs, traces, firewall events, audit logs, Pages deployments, and Zero Trust security logs from Cloudflare.

Azure DevOps

Connect your Azure DevOps organization to collect audit trails, CI/CD pipeline logs, and service hook events. LogPulse polls the Azure DevOps REST API and receives real-time webhooks for immediate event delivery.

Configuration

To connect Azure DevOps, you'll need a Personal Access Token (PAT) with the appropriate scopes.

Field	Required	Description
Organization URL	Yes	Your Azure DevOps organization URL (e.g., https://dev.azure.com/myorg)
Personal Access Token	Yes	A Personal Access Token with required scopes (see below)
Project Name	No	Limit data collection to a specific project. If omitted, all projects are included.

Tip: Create a PAT with the minimum required scopes. Use a service account rather than a personal account for production integrations.

The following PAT scopes are required for full functionality:

Required PAT Scopes

• Audit Log: Read
• Build: Read
• Code: Read
• Project and Team: Read
• Service Connections: Read

Data Sources

Azure DevOps provides three data sources, each capturing different types of events:

Data Source	Method	Events
Audit Logs	Poll	Permission changes, PAT creation, git policy changes, group membership updates
Service Hooks	Webhook	Build completions, PR activity, code pushes, work item updates
Pipeline Logs	Poll	Pipeline run results, stage/job/task details, duration, status

GitHub Actions

Integrate GitHub Actions to monitor CI/CD workflow executions, job results, and repository events. LogPulse normalizes GitHub workflow data to the CICDPipelineEvent model for consistent querying.

Configuration

You need a GitHub Personal Access Token (classic or fine-grained) to connect your repositories.

Field	Required	Description
Personal Access Token	Yes	A GitHub Personal Access Token with read access to actions and contents
Owner	Yes	GitHub organization or username that owns the repositories
Repository	No	Specific repository to monitor. If omitted, all repositories under the owner are included.

Tip: Fine-grained tokens are recommended — they allow you to restrict access to specific repositories.

The token needs read-only access to the following permissions:

Required Token Permissions

• actions: read
• contents: read
• metadata: read

Data Sources

GitHub Actions provides three data sources for comprehensive CI/CD visibility:

Data Source	Method	Events
Workflow Runs	Poll	Workflow execution start, completion, status, duration, trigger info
Workflow Jobs	Poll	Individual job results, step details, runner information
Repository Events	Webhook	Push events, PR creation/merge, releases, branch protection changes

Railway

Connect Railway to monitor deployments, build processes, and runtime logs from your Railway projects. LogPulse captures the full deployment lifecycle from build start to runtime.

Configuration

Generate an API token in your Railway account settings to connect your projects.

Field	Required	Description
API Token	Yes	Railway API token from your account settings
Project ID	Yes	The Railway project ID to monitor
Environment ID	No	Specific environment to monitor (e.g., production). If omitted, all environments are included.
Service ID	No	Specific service within the project. If omitted, all services are included.

Note: You can find your Project ID in the Railway dashboard under Project Settings → General.

Data Sources

Railway provides four data sources covering the complete deployment lifecycle:

Data Source	Method	Events
Deployments	Poll	Deployment creation, status changes, rollbacks, environment details
Build Logs	Poll	Build start, build logs, build success/failure, duration
Runtime Logs	Poll	Application stdout/stderr, crash logs, restart events
Deployment Events	Webhook	Real-time deployment lifecycle events via webhook

Cloudflare

Connect Cloudflare to collect logs, traces, firewall events, audit logs, Pages deployments, and more. Use OTLP push for real-time Workers & Pages logs and traces, or API polling for infrastructure data.

Edge HTTP request logs with RayID tracing

WAF/Firewall security event monitoring

Account audit trail for compliance (NIS2)

Workers trace events (poll + OTLP push)

Pages deployment tracking

Zero Trust Access & Gateway logs

DNS query analytics

Origin healthcheck monitoring

Note: OTLP push for Workers & Pages requires no Cloudflare credentials — just configure Cloudflare Observability to point at your LogPulse OTLP endpoint. An API key is auto-generated during setup.

Data Sources

Cloudflare provides ten data sources across security, observability, and deployment tracking. Sources use either API polling or OTLP push depending on the data type:

Data Source	Plan	Method	Description
HTTP Request Logs	Enterprise	Poll	Edge HTTP request logs from Cloudflare with RayID tracing.
DNS Query Logs	Enterprise	Poll	DNS query analytics from Cloudflare.
Firewall / WAF Events	Free	Poll	Web Application Firewall events including blocked requests, challenges, bot detections, and rate limiting triggers.
Account Audit Logs	Free	Poll	Account-level audit trail from Cloudflare.
Zero Trust Access Logs	Zero Trust	Poll	Zero Trust Access authentication events.
Zero Trust Gateway Logs	Zero Trust	Poll	Zero Trust Gateway activity logs.
Workers & Pages Logs	Workers Paid	Push (OTLP)	Application logs from Cloudflare Workers and Pages via OTLP push.
Workers & Pages Traces	Workers Paid	Push (OTLP)	Cloudflare Workers and Pages execution traces via OTLP push.
Pages Deployments	Free	Poll	Cloudflare Pages deployment events.
Healthcheck Events	Pro	Poll	Origin health monitoring from Cloudflare.

Data Models

Cloudflare events are normalized to five data models depending on the source type:

Model	Sourcetype	Sources	Description
Application Log	cloudflare:workers:log	Workers & Pages Logs	Workers and Pages application logs streamed in real-time via OTLP push. Console output, exceptions, and custom events.
Security Event	security_event	Firewall, Audit, Access, Gateway	Firewall/WAF events, audit logs, Zero Trust Access and Gateway logs normalized with standardized security fields.
Trace Event	observability_trace	Workers & Pages Traces	Workers and Pages execution traces and OTLP spans with service name, duration, status, and error details.
CI/CD Pipeline	cicd_pipeline	Pages Deployments	Pages deployment events with build status, stages, git trigger info, and environment context.
Observability Alert	observability_alert	Healthchecks	Healthcheck status changes with origin address, failure reasons, and check regions.

LPQL Example — Query Workers logs

sourcetype="cloudflare:workers:log" level="error" | stats count by service_name

LPQL Example — Query WAF blocks

sourcetype="security_event" waf_action="block" | stats count by path, rule_id

Requirements

Requirements differ depending on whether you use OTLP push (Workers/Pages) or API polling (infrastructure data):

Field	Required	Description
OTLP Push	Workers/Pages only	No Cloudflare credentials needed — just configure Cloudflare Observability to push to your LogPulse OTLP endpoint.
API Token	API polling	Cloudflare API Token with appropriate permissions for the data sources you want to poll.
Account ID	API polling	Your Cloudflare Account ID (found in the dashboard sidebar).
Zone ID	Optional	Zone ID for zone-level data sources (HTTP logs, firewall, DNS, healthchecks). Optional if using account-level sources only.

Tip: Use a custom API Token instead of a Global API Key. Custom tokens can be scoped to specific zones and permissions for better security.

Required API Token Permissions

• Zone: Analytics: Read
• Zone: Firewall Services: Read
• Zone: Logs: Read (Enterprise only)
• Account: Account Settings: Read (for audit logs)
• Account: Zero Trust: Read (for Access & Gateway logs)
• Account: Cloudflare Pages: Read (for Pages deployments)

Webhooks

Each integration provides a unique webhook URL for real-time event delivery. Configure the webhook URL in your provider's settings to receive events immediately instead of waiting for the next poll cycle.

Webhook URL Format

POST https://api.logpulse.io/api/v1/webhooks/cloud/:integrationId

After creating an integration, copy the webhook URL from the integration details and paste it into your provider's webhook configuration. LogPulse automatically validates incoming webhook payloads.

Note: Webhook endpoints validate the payload signature where supported (e.g., GitHub webhook secrets). Always configure webhook secrets in your provider for production integrations.

Polling & Sync

For data sources that don't support webhooks, LogPulse uses scheduled polling to fetch new events. The polling worker runs in the background and automatically handles pagination, deduplication, and retries.

Setting	Description
Poll Interval	How often LogPulse checks for new events (configurable per integration, default: 5 minutes)
Deduplication	Events are deduplicated by their unique provider ID to prevent duplicate entries
Retry Logic	Failed poll attempts are retried with exponential backoff (max 3 attempts)

Tip: Reduce the poll interval for critical pipelines that need near-real-time visibility. For less critical data, a longer interval reduces API usage against your provider's rate limits.

Data Models

All cloud integration events are normalized to standardized data models before being stored. This ensures consistent field names and queryability across providers.

Model	Used By	Key Fields
CICDPipelineEvent	GitHub Actions, Azure DevOps, Cloudflare Pages	pipeline_name, status, trigger, duration_ms, branch, commit_sha
DeploymentEvent	Railway	service_name, environment, status, deploy_type, image, duration_ms
AuditEvent	Azure DevOps	action, actor, target, ip_address, timestamp, scope
SecurityEvent	Cloudflare	waf_action, rule_id, client_ip, path, bot_score, threat_score
ApplicationLog	Cloudflare Workers	service_name, level, message, timestamp, exception, worker_name
TraceEvent	Cloudflare Workers	service_name, span_id, trace_id, duration_ms, status, error
ObservabilityAlert	Cloudflare	origin_address, status, failure_reason, check_region, latency_ms

Use the sourcetype field in LPQL to filter events by provider. Each provider sets a unique sourcetype (e.g., "github_actions", "azure_devops", "railway", "cloudflare:workers:log").

LPQL Example — Query CI/CD events

sourcetype="github_actions" status="failure" | stats count by workflow_name

Connection Validation

When you create or edit an integration, LogPulse runs a validation test to verify the connection before saving. This ensures your credentials are correct and the required permissions are in place.

The validation test checks:

URL format and accessibility
Authentication with provided credentials
Access to the configured data sources (e.g., audit log read access)
Specific project/repo access (if configured)

Warning: If validation fails, double-check your credentials and ensure the token has the required scopes. Expired or revoked tokens are the most common cause of validation failures.

Managing Integrations

After creating an integration, you can manage it from the Integrations page in the LogPulse dashboard. Each integration shows its status, last sync time, and event count.

Action	Description
Pause / Resume	Temporarily stop data collection without deleting the integration configuration
Edit Configuration	Update credentials, project scope, or poll interval. Re-validation runs automatically.
Delete Integration	Remove the integration and stop all data collection. Previously collected data remains searchable.
View Sync Logs	Inspect recent sync history, errors, and event counts per poll cycle

Coming Soon

We're actively working on adding more cloud provider integrations. The following platforms are planned for upcoming releases:

Argo CD

Flux CD

GitLab CI

Tekton

Jenkins

Amazon EKS

Google GKE

Azure AKS

Falco

Trivy

HashiCorp Vault

Prometheus

Note: Have a provider you'd like to see supported? Contact us at [email protected] — we prioritize based on user demand.