Skip to main content

Forwarding logs to Datadog

Introduction

Datadog is a monitoring and analytics platform with great visualization capabilities. FlowG allows you to take advantage of Datadog's features by forwarding logs to it.

Setting up Datadog

DataDog provides an HTTP endpoint to receive logs (see the documentation). It expects in its payload the following properties:

PropertyTypeExample
ddsourcestringnginx
ddtagsstringenv:prod,version:1.0
hostnamestringmyhost
servicestringmyapp
messagestringmy log message

All you need is to create an API Key in your Datadog account:

DataDog API Key creation

Setting up the FlowG pipeline

First, let's create a "Datadog Forwarder" named dd, with the following configuration:

PropertyValueComment
URLhttps://http-intake.logs.datadoghq.com/api/v2/logsThis is the endpoint to send logs to
API KeyN/AThis is an API Key you created earlier
Datadog Forwarder Configuration

⚠️ Important Notice

The API Key is tied to the "site" you use. The URL MUST match, otherwise you will receive a 403 error when trying to submit logs.

For example, if you are in Europe, the URL should be: https://http-intake.logs.datadoghq.eu/api/v2/logs

Then, let's create a transformer named prepare-dd with the following code:

. = {
"ddtags": "test:flowg",
"ddsource": "logger",
"hostname": .hostname,
"service": "terminal",
"message": .content
}

This will setup the structure of the log record to the one expected by the Datadog HTTP Intake API.

Finally, create a pipeline that transforms logs received via Syslog and forwards them to the dd forwarder:

Pipeline with Datadog Forwarder

And that's it!

Testing

You can test the setup by sending a log to the pipeline using the logger command:

logger -n localhost -P 5514 --rfc3164 -t myapp 'hello world'

You can then find your logs in Datadog at one of the following URLs depending on your region:

FlowG logs in Datadog