Forward logs from DataDog to Firetiger

This guide covers forwarding logs from Datadog to Firetiger via a custom log destination. For forwarding traces and metrics via the Datadog Agent, see Datadog Agent.

Configuring a log forwarding custom destination

Consult the DataDog docs here: https://docs.datadoghq.com/logs/log_configuration/forwarding_custom_destinations/?tab=http

You’ll need three inputs from Firetiger, an ingest endpoint, username, and password (also known as an ingest secret).

The ingest endpoint for DataDog is https://ingest.cloud.firetiger.com/datadog/logs

Configure DataDog to use Basic auth, with username and secret provided to you by Firetiger.

Log message handling

DataDog sends logs as JSON arrays:

[ { "date": "2025-08-20T06:01:07.323Z", "service": "auth-service", "host": "localhost", "attributes": { "level": "INFO", "service": "auth-service", "host": "localhost", "source": "python-log-generator", "@timestamp": "2025-08-20T06:01:07.323115Z", "tags": "env:dev,version:1.0.0,service:web-server" }, "_id": "AZjGER5YAACoY1YER9GoqwZA", "message": "Authentication token validated", "status": "info", "tags": ["source:undefined", "datadog.submission_auth:api_key"] } ]

This log will be ingested with:

  • Service: auth-service
  • Host: localhost
  • Timestamp: 2025-08-20T06:01:07.323Z
  • Severity: INFO
  • Message: “Authentication token validated”
  • Tags parsed as attributes

Timestamp handling

Firetiger uses the top-level date field as the log record timestamp.

The @timestamp field inside attributes, if present, is stored as part of the attributes and is queryable, but does not affect the record timestamp.

Severity

The status field from the Datadog log object is stored as-is. No normalization is applied, so the value in Firetiger will match exactly what Datadog sends (e.g., "info", "warn", "error").

This site uses Just the Docs, a documentation theme for Jekyll.