Forward logs from DataDog to Firetiger

Configuring a log forwarding custom destination

Consult the DataDog docs here: https://docs.datadoghq.com/logs/log_configuration/forwarding_custom_destinations/?tab=http

You’ll need three inputs from Firetiger, an ingest endpoint, username, and password (also known as an ingest secret).

The ingest endpoint for DataDog is of the form https://ingest.YOUR_FIRETIGER_TENANT_NAME.firetigerapi.com/datadog/logs

Configure DataDog to use Basic auth, with username and secret provided to you by Firetiger.

Log message handling

DataDog sends logs as JSON arrays:

[ { "date": "2025-08-20T06:01:07.323Z", "service": "auth-service", "host": "localhost", "attributes": { "level": "INFO", "service": "auth-service", "host": "localhost", "source": "python-log-generator", "timestamp": "2025-08-20T06:01:07.323115Z", "tags": "env:dev,version:1.0.0,service:web-server" }, "_id": "AZjGER5YAACoY1YER9GoqwZA", "message": "Authentication token validated", "status": "info", "tags": ["source:undefined", "datadog.submission_auth:api_key"] } ]

This log will be ingested with:

  • Service: auth-service
  • Host: localhost
  • Timestamp: 2025-08-20T06:01:07.323115Z
  • Severity: INFO
  • Message: “Authentication token validated”
  • Tags parsed as attributes

Timestamp handling

Firetiger processes timestamps with the following priority:

  1. attributes.timestamp - Primary timestamp source (RFC3339 format)
  2. date - Used as observed timestamp and fallback for record timestamp

Both timestamps are preserved to maintain log timing accuracy.

Severity mapping

DataDog severity levels are automatically converted:

  • DEBUG, debug → DEBUG
  • INFO, info → INFO
  • WARN, warn, WARNING, warning → WARN
  • ERROR, error → ERROR
  • FATAL, fatal, CRITICAL, critical → FATAL
This site uses Just the Docs, a documentation theme for Jekyll.