Export logs to Datadog tutorial

This section is a step-by-step guide for working with your Aidbox logs with Datadog.

Set up Datadog API Key

You need to enable Datadog Logs API and create an API Key

To create a new API key go to Datadog then go to Integrations -> APIs:

Datadog Integrations menu showing APIs option

Click API Keys

Datadog API Keys section

Enter the name of the new key and click Create API Key

Create API Key dialog in Datadog

Copy the newly generated key

Newly generated API key in Datadog

Configure Aidbox

Set the AIDBOX_DD_API_KEY environment variable to the Datadog API Key.

For example, if you are using Docker Compose, add the variable to the environment section:

aidbox:
  # ...
  environment:
    # ...
    AIDBOX_DD_API_KEY: 64977deeb1fff8e27763028e596a6856

Configure Datadog

Go to Logs -> Configuration

Click edit on Preprocessing for JSON logs

Set the attributes

NameValue
Date attributets
Service attributestn
Status attributeslvl
Trace Id attributesctx
Message attributesmsg,err

Now add a facet for the event.

Go to logs then click add on the left

Datadog Logs interface with add facet option

Use @ev path for the new facet

Add facet dialog with event path configuration

In this guide, we will add a metric for authorization failures

Go to Logs -> Generate Metrics

Click Add a new metric

Datadog Generate Metrics page

Define a query for the auth/authorize-failed event

Metric query definition for authorization failures

Enter the name for the new metric and click Create metric

Create metric dialog with metric name input

Now we can see our metric in the Metrics Explorer

Datadog Metrics Explorer showing authorization failures metric

And we can define monitoring to alert if there are too many authorization failures. To do this navigate to Monitors -> New Monitor

Datadog Monitors menu with New Monitor option

Select monitor type "metric"

Monitor type selection showing metric option

Set up monitoring options

Monitor configuration with alert thresholds

And notifications

Now we can see our monitor on the Monitor page

Datadog Monitor page showing created monitor

It takes some time for Datadog to set up the monitor. After a while, it will become green

And when there are too many authorization failures in a short period of time, it changes the status to warning

Monitor status showing warning state

Then when it hits the threshold, the alert is created

Monitor alert triggered notification

On the Monitor page, you can see statistics

Monitor statistics and performance data

By default Aidbox sends logs as bundles of multiple records so if there's not enough data you won't see any logs in Datadog. For testing purposes reduce bundle size to 1 record by setting environment variable:

AIDBOX_DD_BATCH_SIZE=1