Help with logstash config using datadog output plugin

caljess599 · April 6, 2018, 9:00pm

I'm using the old datadog output plugin for logstash, which I'm running inside a container.

For the life of me, I cannot get my JSON input (coming in via the http input filter) to show up in DataDog.

Basically, I don't know how to either leverage the output plugin's options and/or logstash's filters to pass on the JSON.

Out of the box, what I get passed through is the "message" field, but because my input has no message field, it's useless.

Here's my current NON-WORKING config.

Help MOST appreciated!

input {
  http {
    port => 80
    codec => json
  }
}

filter {
  if [headers][request_method] != "POST" {
    # Drop all non-POST requests. Healthchecks happen over HTTP GET,
    # and we don't want those getting into Logstash.
    drop { }
  }
}

output {
  datadog { 
    api_key => "goes here" 
    codec => "json" 
  }
}

yaauie · April 7, 2018, 1:08am

Typically when writing a new config, I also include a stdout output plugin until I am happy with the shape of the data.

Do you have any indication from datadog that it is (a) receiving messages and if so, (b) what the shape of those messages is? I am not familiar with what shape of data is expected by datadog, but these are the types of questions that generally lead to discovery.

caljess599 · April 9, 2018, 6:12pm

I actually had a bit of success after I posted this, but I could sure use some advice on filters...

Because of the environment there is some concern that I should not work with the stdout plugin... I'm asking for clarification on that, since it is indeed a best practice.

Basically I can get any of my fields sent across to datadog if I stuff the info into one of their fields. So for example, it was simple enough to get the "log" field from the JSON over just by adding it to DD's text field, i.e.:

text => "%{log}"

That's the breakthrough. So it's simple, really. But now I want to do more complex stuff like define the value of the alert_type field based on matched text in the log line... I am certain logstash can do this (and much more) but I'm not having an easy time discovering documentation to match my needs.

Thanks.

yaauie · April 9, 2018, 8:15pm

to clarify, I use stdout only while developing as a way of seeing the "shape" of data that is exiting my pipeline, not in a production mode.

For example conditionals, see also the Logstash Config Examples docs.

system · May 7, 2018, 8:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Filter help - Newbie question Logstash	6	314	February 17, 2022
Having Issues With JSON Input Logstash	5	366	June 11, 2020
Beginner issue - testing output to stdout Logstash	9	4562	July 6, 2017
JSON parsing problem Logstash	9	1042	February 28, 2019
Output json Logstash	3	5227	June 20, 2017

Help with logstash config using datadog output plugin

Related Topics