Edge Delta Datadog Output
3 minute read
See the latest version here.
Overview
You can configure the Edge Delta agent to stream data to Datadog. To do this you need to configure Datadog and update the Edge Delta agent configuration.
Configure Datadog
Create Measure Facets
You need to create Measures for sentiment_score and pattern_count for the pattern analysis panels. To create a facet:
- Search for
@sentiment_score:*to find all negative events. - Click any event, in the JSON section.
- Click sentiment_score and select Create Measure for @sentiment_score.
- Repeat the process for
pattern_count.
See Measure Facets on the Datadog docs website.
Alternatively, you can create processors to convert the sentiment_score and pattern_count fields from strings to integers.
If you add the
include_pattern_info_in_samples: trueparameter to the cluster processor, it will replace all the cluster_samples with patterns. You will need to also turn off thecluster patternfeature and turn on thecluster_samplefeature. If you add theinclude_pattern_info_in_samples: trueparameter you can skip the following steps: Create a Pipeline and Add a Grok Parser.
Create a Pipeline
Create a pipeline for @pattern_count.
- Click log - configuration.
- Add a new pipeline with filter
@pattern_count:*to search patterns. - Name the pipeline
pattern.
See Create a pipeline on the Datadog docs website.
Add a Grok Parser
Add a Grok Parser processor with the following rule:
autoFilledRule1 %{regex(".*"):pattern}.*
Add a processor with the following attributes:
- type:
Grok Parser - log sample:
* test - parsing rule:
autoFilledRule1 %{regex(".*"):pattern}.*
In a log search, select edgedelta_datatype:cluster_pattern then click on a pattern. View the pattern event attribute, and click pattern - add as a facet.
See Add a Grok Parser on the Datadog docs website.
Configure the Edge Delta Agent
Configure an agent with the Datadog account details including the Datadog API key. The following example illustrates a number of Datadog output configuration options:
outputs:
streams:
- name: datadog-default
type: datadog
api_key: '{{ Env "TEST_DD_APIKEY" }}'
custom_tags:
"app": "transaction_manager"
"region": "us-west-2"
"File Path": "{{.FileGlobPath}}"
"K8s PodName": "{{.K8sPodName}}"
"K8s Namespace": "{{.K8sNamespace}}"
"K8s ControllerKind": "{{.K8sControllerKind}}"
"K8s ContainerName": "{{.K8sContainerName}}"
"K8s ContainerImage": "{{.K8sContainerImage}}"
"K8s ControllerLogicalName": "{{.K8sControllerLogicalName}}"
"ECSCluster": "{{.ECSCluster}}"
"ECSContainerName": "{{.ECSContainerName}}"
"ECSTaskVersion": "{{.ECSTaskVersion}}"
"ECSTaskFamily": "{{.ECSTaskFamily}}"
"DockerContainerName": "{{.DockerContainerName}}"
"ConfigID": "{{.ConfigID}}"
"Host": "{{.Host}}"
"Source": "{{.Source}}"
"SourceType": "{{.SourceType}}"
"Tag": "{{.Tag}}"
- name: datadog-custom
type: datadog
log_host: "<ADD DATADOG LOG_HOST>"
metric_host: "<ADD DATADOG METRIC_HOST>"
event_host: "<ADD DATADOG EVENT_HOST>"
api_key: '{{ Env "TEST_DD_APIKEY" }}'
features: metric
custom_tags:
"app": "s_pos_transaction_manager"
"region": "us-west-2"
- name: datadog-alert-as-log
type: datadog
api_key: '{{ Env "TEST_DD_APIKEY" }}'
features: metric, alert, edac
alert_as_log: true
- name: datadog-buffered-output
type: datadog
api_key: '{{ Env "TEST_DD_APIKEY" }}'
features: metric, alert, edac
buffer_path: /var/log/edgedelta/pushbuffer/
buffer_ttl: 2h
buffer_max_bytesize: 100MB
Features
In the Edge Delta App, features are the data types that the Edge Delta agent collects (or generates), and then sends to a streaming destination.
See Streaming Features.
| Feature Type | Supported? |
|---|---|
| Log | Yes |
| Metrics | Yes |
| Alert as event | Yes |
| Alert as log | Yes |
| Health | No |
| Dimensions as attribute | Yes |
| Send as is | No |
| Send as JSON | No |
| Custom tags | Yes |
| EDAC enrichment | No |
| Message template | No |
| outgoing_bytes.sum | Yes |
| outgoing__raw_bytes.sum | cell |
| outgoing_lines.count | Yes |
| output buffering to disk | Yes |