Help with logstash config using datadog output plugin

I'm using the old datadog output plugin for logstash, which I'm running inside a container.

For the life of me, I cannot get my JSON input (coming in via the http input filter) to show up in DataDog.

Basically, I don't know how to either leverage the output plugin's options and/or logstash's filters to pass on the JSON.

Out of the box, what I get passed through is the "message" field, but because my input has no message field, it's useless.

Here's my current NON-WORKING config.

Help MOST appreciated!

input {
  http {
    port => 80
    codec => json

filter {
  if [headers][request_method] != "POST" {
    # Drop all non-POST requests. Healthchecks happen over HTTP GET,
    # and we don't want those getting into Logstash.
    drop { }

output {
  datadog { 
    api_key => "goes here" 
    codec => "json" 

Typically when writing a new config, I also include a stdout output plugin until I am happy with the shape of the data.

Do you have any indication from datadog that it is (a) receiving messages and if so, (b) what the shape of those messages is? I am not familiar with what shape of data is expected by datadog, but these are the types of questions that generally lead to discovery.

I actually had a bit of success after I posted this, but I could sure use some advice on filters...

Because of the environment there is some concern that I should not work with the stdout plugin... I'm asking for clarification on that, since it is indeed a best practice.

Basically I can get any of my fields sent across to datadog if I stuff the info into one of their fields. So for example, it was simple enough to get the "log" field from the JSON over just by adding it to DD's text field, i.e.:

text => "%{log}"

That's the breakthrough. So it's simple, really. But now I want to do more complex stuff like define the value of the alert_type field based on matched text in the log line... I am certain logstash can do this (and much more) but I'm not having an easy time discovering documentation to match my needs.


to clarify, I use stdout only while developing as a way of seeing the "shape" of data that is exiting my pipeline, not in a production mode.

For example conditionals, see also the Logstash Config Examples docs.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.