Datadog Logs Sink

The Vector datadog_logs sink sends logs to Datadog logs.

Configuration

• Common
• Advanced

• vector.toml
• vector.yaml
• vector.json

[sinks.my_sink_id]
  # General
  type = "datadog_logs" # required
  inputs = ["my-source-or-transform-id", "prefix-*"] # required
  api_key = "${DATADOG_API_KEY_ENV_VAR}" # required
  compression = "gzip" # optional, default

  # Encoding
  encoding.codec = "json" # required

  # Healthcheck
  healthcheck.enabled = true # optional, default

9 items

commonrequired

• commonrequiredstring

  api_key

  Datadog API key

  • Syntax: literal
  • View examples
• optionaltable

  batch

  Configures the sink batching behavior.

  • commonoptionaluint

    max_bytes

    The maximum size of a batch, in bytes, before it is flushed.

    • Default: 1049000 (bytes)
  • commonoptionaluint

    timeout_secs

    The maximum age of a batch before it is flushed. See Buffers & batches for more info.

    • Default: 1 (seconds)
• optionaltable

  buffer

  Configures the sink specific buffer behavior.

  • commonoptionaluint

    max_events

    The maximum number of events allowed in the buffer. See Buffers & batches for more info.

    • Only relevant when: type = "memory"
    • Default: 500 (events)
  • commonrequired*uint

    max_size

    The maximum size of the buffer on the disk. See Buffers & batches for more info.

    • Only required when: type = "disk"
    • View examples
  • enumcommonoptionalstring

    type

    The buffer's type and storage mechanism.

    • Syntax: literal
    • Default: "memory"
    • Enum, must be one of: "memory" "disk"
    • View examples
  • enumoptionalstring

    when_full

    The behavior when the buffer becomes full.

    • Syntax: literal
    • Default: "block"
    • Enum, must be one of: "block" "drop_newest"
    • View examples
• enumcommonoptionalstring

  compression

  The compression strategy used to compress the encoded event data before transmission.

  Some cloud storage API clients and browsers will handle decompression transparently, so files may not always appear to be compressed depending how they are accessed.

  • Syntax: literal
  • Default: "gzip"
  • Enum, must be one of: "none" "gzip" "syntax"
  • View examples
• commonrequiredtable

  encoding

  Configures the encoding specific sink behavior.

  • commonrequiredstring

    codec

    The encoding codec used to serialize the events before outputting.

    • Syntax: literal
    • View examples
  • optional[string]

    except_fields

    Prevent the sink from encoding the specified fields.

    • View examples
  • optional[string]

    only_fields

    Prevent the sink from encoding the specified fields.

    • View examples
  • enumoptionalstring

    timestamp_format

    How to format event timestamps.

    • Syntax: literal
    • Default: "rfc3339"
    • Enum, must be one of: "rfc3339" "unix"
    • View examples
• optionalstring

  endpoint

  The endpoint to send data to.

  • Syntax: literal
  • Only relevant when: region is not set
  • View examples
• commonoptionaltable

  healthcheck

  Health check options for the sink. See Health checks for more info.

  • commonoptionalbool

    enabled

    Enables/disables the healthcheck upon Vector boot.

    • Default: true
    • View examples
• enumoptionalstring

  region

  The region to send data to.

  • Syntax: literal
  • Only relevant when: endpoint is not set
  • Enum, must be one of: "us" "eu"
  • View examples
• optionaltable

  tls

  Configures the TLS options for incoming connections.

  • optionalstring

    ca_file

    Absolute path to an additional CA certificate file, in DER or PEM format (X.509), or an inline CA certificate in PEM format.

    • Syntax: literal
    • View examples
  • commonoptionalstring

    crt_file

    Absolute path to a certificate file used to identify this connection, in DER or PEM format (X.509) or PKCS#12, or an inline certificate in PEM format. If this is set and is not a PKCS#12 archive, key_file must also be set.

    • Syntax: literal
    • View examples
  • commonoptionalbool

    enabled

    Enable TLS during connections to the remote.

    • Default: true
    • View examples
  • commonoptionalstring

    key_file

    Absolute path to a private key file used to identify this connection, in DER or PEM format (PKCS#8), or an inline private key in PEM format. If this is set, crt_file must also be set.

    • Syntax: literal
    • View examples
  • optionalstring

    key_pass

    Pass phrase used to unlock the encrypted key file. This has no effect unless key_file is set.

    • Syntax: literal
    • View examples
  • optionalbool

    verify_certificate

    If true (the default), Vector will validate the TLS certificate of the remote host.

    • Default: true
    • View examples
  • optionalbool

    verify_hostname

    If true (the default), Vector will validate the configured remote host name against the remote host's TLS certificate. Do NOT set this to false unless you understand the risks of not verifying the remote hostname.

    • Default: true
    • View examples

Telemetry

This component provides the following metrics that can be retrieved through the internal_metrics source. See the metrics section in the monitoring page for more info.

• counter

  events_in_total

  The number of events accepted by this component either from tagged origin like file and uri, or cumulatively from other origins. This metric includes the following tags:

  • component_kind - The Vector component kind.

  • component_name - The Vector component ID.

  • component_type - The Vector component type.

  • container_name - The name of the container from which the event originates.

  • file - The file from which the event originates.

  • instance - The Vector instance identified by host and port.

  • job - The name of the job producing Vector metrics.

  • mode - The connection mode used by the component.

  • peer_addr - The IP from which the event originates.

  • peer_path - The pathname from which the event originates.

  • pod_name - The name of the pod from which the event originates.

  • uri - The sanitized uri from which the event originates.

• counter

  events_out_total

  The total number of events emitted by this component. This metric includes the following tags:

  • component_kind - The Vector component kind.

  • component_name - The Vector component ID.

  • component_type - The Vector component type.

  • instance - The Vector instance identified by host and port.

  • job - The name of the job producing Vector metrics.

How It Works

Buffers & batches

This component buffers & batches data as shown in the diagram above. You'll notice that Vector treats these concepts differently, instead of treating them as global concepts, Vector treats them as sink specific concepts. This isolates sinks, ensuring services disruptions are contained and delivery guarantees are honored.

Batches are flushed when 1 of 2 conditions are met:

1. The batch age meets or exceeds the configured timeout_secs.
2. The batch size meets or exceeds the configured <% if component.options.batch.children.respond_to?(:max_size) %>max_size<% else %>max_events<% end %>.

Buffers are controlled via the buffer.* options.

Health checks

Health checks ensure that the downstream service is accessible and ready to accept data. This check is performed upon sink initialization. If the health check fails an error will be logged and Vector will proceed to start.

Require health checks

If you'd like to exit immediately upon a health check failure, you can pass the --require-healthy flag:

vector --config /etc/vector/vector.toml --require-healthy

Disable health checks

If you'd like to disable health checks for this sink you can set the healthcheck option to false.

State

This component is stateless, meaning its behavior is consistent across each input.

Transport Layer Security (TLS)

Vector uses Openssl for TLS protocols for it's maturity. You can enable and adjust TLS behavior via the tls.* options.