Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tryflare.ai/llms.txt

Use this file to discover all available pages before exploring further.

File Upload

Don’t have a cloud connector set up yet? You can upload log files directly to Flare for analysis. This works with logs from any source - GCP exports, AWS CloudTrail, third-party tools, or custom application logs.

Supported formats

FormatExtensionsDetails
JSON.jsonStandard JSON array of log objects
NDJSON.jsonl, .ndjsonNewline-delimited JSON (one object per line)
CSV.csvComma-separated values with a header row
Plain text.txt, .logLine-based log files
Flare auto-detects the format from the file extension. You can also select the format manually if auto-detection picks the wrong one.

Limits

  • Maximum file size: 2 MB
  • Daily analysis limit: 10 analyses per day (shared with connector-based analyses)
For larger log sets, filter your export to a specific time window or log type before uploading. Flare works best with focused, relevant logs rather than a full dump.

How to upload

  1. Go to Analyses > New Analysis
  2. Enter an analysis name
  3. Select GCP Audit Logs as the source (or the source that matches your logs)
  4. Drag and drop your file onto the upload area, or click to browse
  5. Optionally set a Project ID and Time Window for context
  6. Click Run Analysis
The file content is sent to Flare for analysis and then discarded. Flare does not store your raw log files.

Preparing your logs

GCP Cloud Audit Logs export

Export from the GCP Console:
  1. Go to Logs Explorer
  2. Filter to audit logs: logName:"cloudaudit.googleapis.com"
  3. Set your desired time range
  4. Click Download > Download as JSON
  5. Upload the downloaded file to Flare

AWS CloudTrail export

Export from the AWS Console:
  1. Go to CloudTrail > Event history
  2. Set your date range and any filters
  3. Click Download events > Download as JSON
  4. Upload to Flare (select GCP Audit Logs as source - Flare handles the format difference)

Custom or application logs

Flare works best when each log entry includes:
  • A timestamp field
  • An action or method field (what happened)
  • An actor or principal field (who did it)
  • A resource or target field (what was affected)
JSON and NDJSON formats preserve field structure best. CSV works if columns are clearly named.

Tips

  • Start small. Upload a 24-hour window to get familiar with Flare’s output before analyzing larger sets.
  • Include context. Setting the Project ID and Time Window helps Flare give better explanations, even for uploaded files.
  • Use the baseline. After your first analysis, Flare starts tracking field values. Subsequent analyses on the same project will flag “First Seen” values, making repeated uploads increasingly useful.