Why do my logs show up with an Info status even for Warnings or Errors?

Why do my logs show up with an Info status even for Warnings or Errors?

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

By default, Datadog generates a status (Info) and appends it in the status attribute when logs are received on Datadog’s intake API. However, this default status does not always reflect the actual value that might be contained in the log itself; this article describes how to override this default value.

Raw logs

Extract the status value with a parser

While writing a parsing rule for your logs, extract the status in a specific attribute.

For the log above, use the following rule with the word() matcher to extract the status and pass it into a custom log_status attribute:

Define a log status remapper

The log_status attribute contains the correct status. Add a Log Status remapper to make sure the status value in the log_status attribute overrides the official log status.

Note: Any modification on a Pipeline only impacts new logs as all the processing is done during the intake process.

JSON logs

JSON logs are automatically parsed in Datadog. The log status attribute is one of the reserved attributes in Datadog which means JSON logs that use those attributes have their values treated specially - in this case to derive the log’s status. Change the default remapping for these attributes at the top of your Pipeline. Imagine that the actual status of the log is contained in the attribute logger_severity.

To make sure this attribute value is taken to override the log status, add it in the list of Status attributes.

The status remapper looks for each of the reserved attributes in the order in which they are configured in the reserved attribute mapping. To ensure that the status derives from the logger_severity attribute, place it first in the list.

Note: Any modification on the Pipeline only impacts new logs as all the processing is done at ingestion.

There are specific status formats that must be adhered to for the remapping to work. The recognized status formats are explained in the status remapper description. In this specific case, by adding some host and service remapping new logs are correctly configured: