Introduction
This article aims to help users who are having trouble sending audit logs to Datadog, especially if they're facing difficulties in the US1 region.
Pre-requisites
User must be running production grade clusters as audit streaming feature is not available for Development tier clusters.
Problem
Sometimes, users run into problems when trying to send their audit logs to Datadog, particularly when they're working in the US1 region.
Cause
There are a few reasons why this might happen. It could be due to using outdated API keys or incorrectly filtering & indexing of logs.
Solutions:
- Ensure your audit logging is set up correctly according to the documentation. Also, ensure you're using an API key from the same region where you created your Datadog account.
- Make sure you haven't reached your log quotas in general or for specific indexes. You can find more guidance on this in Datadog's documentation
-
Import a new API key from the region you want to use and refresh your Datadog dashboard. Make sure you're filtering your logs correctly, using things like the right cluster identifiers.
For example: Instead of searching for a cluster using just its name, like "<cluster-name>" try using the correct filter format, such as "@cluster_id:<cluster-name>" This might help you see the logs you're looking for. - Try to switch your DD account to different region and see if you’re able to stream logs in another site region for example : US3 or US5. Ensure that you update the site region setting in the HCP audit log dashboard as well. Select Audit Logs page, click on the Manage drop-down, then Edit configuration & chose the correct site-region.
References:
https://developer.hashicorp.com/hcp/docs/vault/logs-metrics/datadog/logs
https://docs.datadoghq.com/logs/log_configuration/indexes/
If none of these steps work, it's best to get in touch with the Datadog team by filing a support ticket to their portal.