Datadog agent
Receive logs collected by a Datadog Agent
status: beta
role: aggregator
role: sidecar
delivery: at-least-once
egress: batch
state: stateless
output: log
Receives observability data from a Datadog Agent over HTTP or HTTPS. For now, this is limited to logs, but will
be expanded in the future to cover metrics and traces.
Configuration
Example configurations
{
"sources": {
"my_source_id": {
"type": "datadog_agent",
"acknowledgements": null,
"address": "0.0.0.0:80"
}
}
}[sources.my_source_id]
type = "datadog_agent"
address = "0.0.0.0:80"
---
sources:
my_source_id:
type: datadog_agent
acknowledgements: null
address: 0.0.0.0:80
{
"sources": {
"my_source_id": {
"type": "datadog_agent",
"acknowledgements": null,
"address": "0.0.0.0:80",
"store_api_key": true
}
}
}[sources.my_source_id]
type = "datadog_agent"
address = "0.0.0.0:80"
store_api_key = true
---
sources:
my_source_id:
type: datadog_agent
acknowledgements: null
address: 0.0.0.0:80
framing: null
tls: null
store_api_key: true
decoding: null
acknowledgements
common optional boolControls if the source will wait for destination sinks to deliver the events before acknowledging receipt.
Warning
Disabling this option may lead to loss of data, as destination sinks may reject events after the source acknowledges their successful receipt.
default:
falseaddress
required string literalThe address to accept connections on. The address must include a port.
decoding
optional objectConfigures in which way frames are decoded into events.
decoding.codec
optional string literal enumThe decoding method.
Enum options
| Option | Description |
|---|---|
bytes | Events containing the byte frame as-is. |
json | Events being parsed from a JSON string. |
syslog | Events being parsed from a Syslog message. |
default:
bytesframing
optional objectConfigures in which way incoming byte sequences are split up into byte frames.
framing.character_delimited
optional objectOptions for
character_delimited framing.Relevant when:
method = `character_delimited`framing.character_delimited.delimiter
optional string literalThe character used to separate frames.
framing.character_delimited.max_length
optional uintThe maximum frame length limit. Any frames longer than
max_length bytes will be discarded entirely.framing.method
optional string literal enumThe framing method.
Enum options
| Option | Description |
|---|---|
bytes | Byte frames are passed through as-is according to the underlying I/O boundaries (e.g. split between messages or stream segments). |
character_delimited | Byte frames which are delimited by a chosen character. |
length_delimited | Byte frames whose length is encoded in a header. |
newline_delimited | Byte frames which are delimited by a newline character. |
octet_counting | Byte frames according to the octet counting format. |
default:
bytesframing.newline_delimited
optional objectOptions for
newline_delimited framing.Relevant when:
method = `newline_delimited`framing.newline_delimited.max_length
optional uintThe maximum frame length limit. Any frames longer than
max_length bytes will be discarded entirely.framing.octet_counting
optional objectOptions for
octet_counting framing.Relevant when:
method = `octet_counting`framing.octet_counting.max_length
optional uintThe maximum frame length limit. Any frames longer than
max_length bytes will be discarded entirely.store_api_key
optional boolWhen incoming events contain a Datadog API key, if this setting is set to
true the key will kept in the event metadata and will be used if the event is sent to a Datadog sink.default:
truetls
optional objectConfigures the TLS options for incoming connections.
tls.ca_file
optional string literalAbsolute path to an additional CA certificate file, in DER or PEM format (X.509), or an in-line CA certificate in PEM format.
tls.crt_file
optional string literalAbsolute path to a certificate file used to identify this server, in DER or PEM format (X.509) or PKCS#12, or an in-line certificate in PEM format. If this is set, and is not a PKCS#12 archive,
key_file must also be set. This is required if enabled is set to true.tls.enabled
optional boolRequire TLS for incoming connections. If this is set, an identity certificate is also required.
default:
falsetls.key_file
optional string literalAbsolute path to a private key file used to identify this server, in DER or PEM format (PKCS#8), or an in-line private key in PEM format.
tls.key_pass
optional string literalPass phrase used to unlock the encrypted key file. This has no effect unless
key_file is set.tls.verify_certificate
optional boolIf
true, Vector will require a TLS certificate from the connecting host and terminate the connection if the certificate is not valid. If false (the default), Vector will not request a certificate from the client.default:
falseOutput
Logs
Line
An individual event from a batch of events received through an HTTP POST request sent by a Datadog Agent.
ddsource
required
string
literal
The source field extracted from the event.
Examples
javaddtags
required
string
literal
The coma separated tags list extracted from the event.
Examples
env:prod,region:ap-east-1hostname
required
string
literal
The local hostname, equivalent to the
gethostname command.Examples
my-host.localmessage
required
string
literal
The message field, containing the plain text message.
Examples
Hi from erlangservice
required
string
literal
The service field extracted from the event.
Examples
backendstatus
required
string
literal
The status field extracted from the event.
Examples
infotimestamp
required
timestamp
The exact time the event was ingested into Vector.
Examples
2020-10-10T17:07:36.452332ZTelemetry
Metrics
linkcomponent_sent_event_bytes_total
counterThe total number of event bytes emitted by this component.
component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id instead. The value is the same as component_id.component_type
required
The Vector component type.
host
required
The hostname of the system Vector is running on.
pid
required
The process ID of the Vector instance.
component_sent_events_total
counterThe total number of events emitted by this component.
component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id instead. The value is the same as component_id.component_type
required
The Vector component type.
host
required
The hostname of the system Vector is running on.
pid
required
The process ID of the Vector instance.
events_out_total
counterThe total number of events emitted by this component.
This metric is deprecated and will be removed in a future version.
Use
component_sent_events_total instead.component_id
required
The Vector component ID.
component_kind
required
The Vector component kind.
component_name
required
Deprecated, use
component_id instead. The value is the same as component_id.component_type
required
The Vector component type.
host
required
The hostname of the system Vector is running on.
pid
required
The process ID of the Vector instance.
How it works
Configuring the Datadog Agent
To send logs from a Datadog Agent to this source, the Datadog Agent configuration must be updated to use:
logs_config:
dd_url: "<VECTOR_HOST>:<SOURCE_PORT>"
use_v2_api: false # source does not yet support new v2 API
use_http: true # this source only supports HTTP/HTTPS
logs_no_ssl: true|false # should match source SSL configuration.
Transport Layer Security (TLS)
Vector uses OpenSSL for TLS protocols. You can
adjust TLS behavior via the
tls.* options.