send

Datadog Logs Sink

The Vector datadog_logs sink sends logs to Datadog logs.

Configuration

[sinks.my_sink_id]
  # General
  type = "datadog_logs" # required
  inputs = ["my-source-or-transform-id", "prefix-*"] # required
  api_key = "${DATADOG_API_KEY_ENV_VAR}" # required
  compression = "gzip" # optional, default


  # Encoding
  encoding.codec = "json" # required


  # Healthcheck
  healthcheck.enabled = true # optional, default
8 items
  • commonrequiredstring

    api_key

    Datadog API key

    • Syntax: literal
    • View examples
  • optionaltable

    batch

    Configures the sink batching behavior.

    • commonoptionaluint

      max_bytes

      The maximum size of a batch, in bytes, before it is flushed.

      • Default: 1049000 (bytes)
    • commonoptionaluint

      timeout_secs

      The maximum age of a batch before it is flushed. See Buffers & batches for more info.

      • Default: 1 (seconds)
  • optionaltable

    buffer

    Configures the sink specific buffer behavior.

    • commonoptionaluint

      max_events

      The maximum number of events allowed in the buffer. See Buffers & batches for more info.

      • Only relevant when: type = "memory"
      • Default: 500 (events)
    • commonrequired*uint

      max_size

      The maximum size of the buffer on the disk. See Buffers & batches for more info.

      • Only required when: type = "disk"
      • View examples
    • enumcommonoptionalstring

      type

      The buffer's type and storage mechanism.

      • Syntax: literal
      • Default: "memory"
      • Enum, must be one of: "memory" "disk"
      • View examples
    • enumoptionalstring

      when_full

      The behavior when the buffer becomes full.

      • Syntax: literal
      • Default: "block"
      • Enum, must be one of: "block" "drop_newest"
      • View examples
  • enumcommonoptionalstring

    compression

    The compression strategy used to compress the encoded event data before transmission.

    Some cloud storage API clients and browsers will handle decompression transparently, so files may not always appear to be compressed depending how they are accessed.

    • Syntax: literal
    • Default: "gzip"
    • Enum, must be one of: "none" "gzip" "syntax"
    • View examples
  • commonrequiredtable

    encoding

    Configures the encoding specific sink behavior.

    • commonrequiredstring

      codec

      The encoding codec used to serialize the events before outputting.

      • Syntax: literal
      • View examples
    • optional[string]

      except_fields

      Prevent the sink from encoding the specified labels.

      • View examples
    • optional[string]

      only_fields

      Prevent the sink from encoding the specified labels.

      • View examples
    • enumoptionalstring

      timestamp_format

      How to format event timestamps.

      • Syntax: literal
      • Default: "rfc3339"
      • Enum, must be one of: "rfc3339" "unix"
      • View examples
  • optionalstring

    endpoint

    The endpoint to send data to.

    • Syntax: literal
    • Only relevant when: region is not set
    • View examples
  • commonoptionaltable

    healthcheck

    Health check options for the sink. See Health checks for more info.

    • commonoptionalbool

      enabled

      Enables/disables the healthcheck upon Vector boot.

      • Default: true
      • View examples
  • optionaltable

    tls

    Configures the TLS options for incoming connections.

    • optionalstring

      ca_file

      Absolute path to an additional CA certificate file, in DER or PEM format (X.509), or an inline CA certificate in PEM format.

      • Syntax: literal
      • View examples
    • commonoptionalstring

      crt_file

      Absolute path to a certificate file used to identify this connection, in DER or PEM format (X.509) or PKCS#12, or an inline certificate in PEM format. If this is set and is not a PKCS#12 archive, key_file must also be set.

      • Syntax: literal
      • View examples
    • commonoptionalbool

      enabled

      Enable TLS during connections to the remote.

      • Default: true
      • View examples
    • commonoptionalstring

      key_file

      Absolute path to a private key file used to identify this connection, in DER or PEM format (PKCS#8), or an inline private key in PEM format. If this is set, crt_file must also be set.

      • Syntax: literal
      • View examples
    • optionalstring

      key_pass

      Pass phrase used to unlock the encrypted key file. This has no effect unless key_file is set.

      • Syntax: literal
      • View examples
    • optionalbool

      verify_certificate

      If true (the default), Vector will validate the TLS certificate of the remote host.

      • Default: true
      • View examples
    • optionalbool

      verify_hostname

      If true (the default), Vector will validate the configured remote host name against the remote host's TLS certificate. Do NOT set this to false unless you understand the risks of not verifying the remote hostname.

      • Default: true
      • View examples

Telemetry

This component provides the following metrics that can be retrieved through the internal_metrics source. See the metrics section in the monitoring page for more info.

  • counter

    events_in_total

    The total number of events accepted by this component. This metric includes the following tags:

    • component_kind - The Vector component kind.

    • component_name - The Vector component ID.

    • component_type - The Vector component type.

    • instance - The Vector instance identified by host and port.

    • job - The name of the job producing Vector metrics.

  • counter

    events_out_total

    The total number of events emitted by this component. This metric includes the following tags:

    • component_kind - The Vector component kind.

    • component_name - The Vector component ID.

    • component_type - The Vector component type.

    • instance - The Vector instance identified by host and port.

    • job - The name of the job producing Vector metrics.

How It Works

Buffers & batches

Buffers and Batches

This component buffers & batches data as shown in the diagram above. You'll notice that Vector treats these concepts differently, instead of treating them as global concepts, Vector treats them as sink specific concepts. This isolates sinks, ensuring services disruptions are contained and delivery guarantees are honored.

Batches are flushed when 1 of 2 conditions are met:

  1. The batch age meets or exceeds the configured timeout_secs.
  2. The batch size meets or exceeds the configured <% if component.options.batch.children.respond_to?(:max_size) %>max_size<% else %>max_events<% end %>.

Buffers are controlled via the buffer.* options.

Health checks

Health checks ensure that the downstream service is accessible and ready to accept data. This check is performed upon sink initialization. If the health check fails an error will be logged and Vector will proceed to start.

Require health checks

If you'd like to exit immediately upon a health check failure, you can pass the --require-healthy flag:

vector --config /etc/vector/vector.toml --require-healthy

Disable health checks

If you'd like to disable health checks for this sink you can set the healthcheck option to false.

State

This component is stateless, meaning its behavior is consistent across each input.

Transport Layer Security (TLS)

Vector uses Openssl for TLS protocols for it's maturity. You can enable and adjust TLS behavior via the tls.* options.

Support
Contents
Resources