Ensure that your machine is configured to run Docker.

To run the Worker on your Kubernetes nodes, you need a minimum of two nodes with one CPU and 512MB RAM available. Datadog recommends creating a separate node pool for the Workers, which is also the recommended configuration for production deployments.

• The EBS CSI driver is required. To see if it is installed, run the following command and look for ebs-csi-controller in the list:

  kubectl get pods -n kube-system
  

• A StorageClass is required for the Workers to provision the correct EBS drives. To see if it is installed already, run the following command and look for io2 in the list:

  kubectl get storageclass
  

  If io2 is not present, download the StorageClass YAML and kubectl apply it.

• The AWS Load Balancer controller is required. To see if it is installed, run the following command and look for aws-load-balancer-controller in the list:

  helm list -A
  

• Datadog recommends using Amazon EKS >= 1.16.

See Best Practices for OPW Aggregator Architecture for production-level requirements.

To run the Worker on your Kubernetes nodes, you need a minimum of two nodes with one CPU and 512MB RAM available. Datadog recommends creating a separate node pool for the Workers, which is also the recommended configuration for production deployments.

See Best Practices for OPW Aggregator Architecture for production-level requirements.

To run the Worker on your Kubernetes nodes, you need a minimum of two nodes with one CPU and 512MB RAM available. Datadog recommends creating a separate node pool for the Workers, which is also the recommended configuration for production deployments.

See Best Practices for OPW Aggregator Architecture for production-level requirements.

There are no provider-specific requirements for APT-based Linux.

There are no provider-specific requirements for RPM-based Linux.

In order to run the Worker in your AWS account, you need administrative access to that account. Collect the following pieces of information to run the Worker instances:

• The VPC ID your instances will run in.
• The subnet IDs your instances will run in.
• The AWS region your VPC is located in.

In order to run the Worker in your AWS account, you need administrative access to that account. Collect the following pieces of information to run the Worker instances:

• The VPC ID your instances will run in.
• The subnet IDs your instances will run in.
• The AWS region your VPC is located in.

The Observability Pipelines Worker Docker image is published to Docker Hub here.

1. Download the sample pipeline configuration file.

2. Run the following command to start the Observability Pipelines Worker with Docker:

   docker run -i -e DD_API_KEY=<API_KEY> \
     -e DD_OP_PIPELINE_ID=<PIPELINE_ID> \
     -e DD_SITE=<SITE> \
     -e SPLUNK_HEC_ENDPOINT=<SPLUNK_URL> \
     -e SPLUNK_TOKEN=<SPLUNK_TOKEN> \
     -p 8088:8088 \
     -v ./pipeline.yaml:/etc/observability-pipelines-worker/pipeline.yaml:ro \
     datadog/observability-pipelines-worker run
   

   Replace <API_KEY> with your Datadog API key, <PIPELINES_ID> with your Observability Pipelines configuration ID, and <SITE> with . Be sure to also update SPLUNK_HEC_ENDPOINT and SPLUNK_TOKEN with values that match the Splunk deployment you created in Setting up the Splunk Index. ./pipeline.yaml must be the relative or absolute path to the configuration you downloaded in Step 1.

1. Download the Helm chart values file for AWS EKS.

2. In the Helm chart, replace datadog.apiKey and datadog.pipelineId with their respective values and replace <site> with :

   datadog:
     apiKey: "<datadog_api_key>"
     pipelineId: "<observability_pipelines_configuration_id>"
     site: "<site>"
   

3. Replace the values for SPLUNK_HEC_ENDPOINT and SPLUNK_HEC_TOKEN to match your Splunk deployment, including the token you created in Setting up the Splunk Index:

   env:
     - name: SPLUNK_HEC_ENDPOINT
       value: <https://your.splunk.index:8088/>
     - name: SPLUNK_TOKEN
       value: <a_random_token_usually_a_uuid>
   

4. Install the Helm chart in your cluster with the following commands:

   helm repo add datadog https://helm.datadoghq.com
   

   helm repo update
   

   helm upgrade --install \
       opw datadog/observability-pipelines-worker \
       -f aws_eks.yaml
   

1. Download the Helm chart values file for Azure AKS.

2. In the Helm chart, replace datadog.apiKey and datadog.pipelineId with their respective values and replace <site> with :

   datadog:
     apiKey: "<datadog_api_key>"
     pipelineId: "<observability_pipelines_configuration_id>"
     site: "<site>"
   

3. Replace the values for SPLUNK_HEC_ENDPOINT and SPLUNK_HEC_TOKEN to match your Splunk deployment, including the token you created in Setting up the Splunk Index:

   env:
     - name: SPLUNK_HEC_ENDPOINT
       value: <https://your.splunk.index:8088/>
     - name: SPLUNK_TOKEN
       value: <a_random_token_usually_a_uuid>
   

4. Install the Helm chart in your cluster with the following commands:

   helm repo add datadog https://helm.datadoghq.com
   

   helm repo update
   

   helm upgrade --install \
     opw datadog/observability-pipelines-worker \
     -f azure_aks.yaml
   

1. Download the Helm chart values file for Google GKE.

2. In the Helm chart, replace datadog.apiKey and datadog.pipelineId with their respective values and replace <site> with :

   datadog:
     apiKey: "<datadog_api_key>"
     pipelineId: "<observability_pipelines_configuration_id>"
     site: "<site>"
   

3. Replace the values for SPLUNK_HEC_ENDPOINT and SPLUNK_HEC_TOKEN to match your Splunk deployment, including the token you created in Setting up the Splunk Index:

   env:
     - name: SPLUNK_HEC_ENDPOINT
       value: <https://your.splunk.index:8088/>
     - name: SPLUNK_TOKEN
       value: <a_random_token_usually_a_uuid>
   

4. Install the Helm chart in your cluster with the following commands:

   helm repo add datadog https://helm.datadoghq.com
   

   helm repo update
   

   helm upgrade --install \
     opw datadog/observability-pipelines-worker \
     -f google_gke.yaml
   

1. Run the following commands to set up APT to download through HTTPS:

   sudo apt-get update
   sudo apt-get install apt-transport-https curl gnupg
   

2. Run the following commands to set up the Datadog deb repo on your system and create a Datadog archive keyring:

   sudo sh -c "echo 'deb [signed-by=/usr/share/keyrings/datadog-archive-keyring.gpg] https://apt.datadoghq.com/ stable observability-pipelines-worker-1' > /etc/apt/sources.list.d/datadog-observability-pipelines-worker.list"
   sudo touch /usr/share/keyrings/datadog-archive-keyring.gpg
   sudo chmod a+r /usr/share/keyrings/datadog-archive-keyring.gpg
   curl https://keys.datadoghq.com/DATADOG_APT_KEY_CURRENT.public | sudo gpg --no-default-keyring --keyring /usr/share/keyrings/datadog-archive-keyring.gpg --import --batch
   curl https://keys.datadoghq.com/DATADOG_APT_KEY_F14F620E.public | sudo gpg --no-default-keyring --keyring /usr/share/keyrings/datadog-archive-keyring.gpg --import --batch
   curl https://keys.datadoghq.com/DATADOG_APT_KEY_C0962C7D.public | sudo gpg --no-default-keyring --keyring /usr/share/keyrings/datadog-archive-keyring.gpg --import --batch
   

3. Run the following commands to update your local apt repo and install the Worker:

   sudo apt-get update
   sudo apt-get install observability-pipelines-worker datadog-signing-keys
   

4. Add your keys, site (), and Splunk information to the Worker’s environment variables:

   sudo cat <<-EOF > /etc/default/observability-pipelines-worker
   DD_API_KEY=<API_KEY>
   DD_OP_PIPELINE_ID=<PIPELINE_ID>
   DD_SITE=<SITE>
   SPLUNK_HEC_ENDPOINT=<SPLUNK_URL>
   SPLUNK_TOKEN=<SPLUNK_TOKEN>
   EOF
   

5. Download the sample configuration file to /etc/observability-pipelines-worker/pipeline.yaml on the host.

6. Start the worker:

   sudo systemctl restart observability-pipelines-worker
   

1. Run the following commands to set up the Datadog rpm repo on your system:

   cat <<EOF > /etc/yum.repos.d/datadog-observability-pipelines-worker.repo
   [observability-pipelines-worker]
   name = Observability Pipelines Worker
   baseurl = https://yum.datadoghq.com/stable/observability-pipelines-worker-1/\$basearch/
   enabled=1
   gpgcheck=1
   repo_gpgcheck=1
   gpgkey=https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
          https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
   EOF
   

   Note: If you are running RHEL 8.1 or CentOS 8.1, use repo_gpgcheck=0 instead of repo_gpgcheck=1 in the configuration above.

2. Update your packages and install the Worker:

   sudo yum makecache
   sudo yum install observability-pipelines-worker
   

3. Add your keys, site (), and Splunk information to the Worker’s environment variables:

   sudo cat <<-EOF > /etc/default/observability-pipelines-worker
   DD_API_KEY=<API_KEY>
   DD_OP_PIPELINE_ID=<PIPELINE_ID>
   DD_SITE=<SITE>
   SPLUNK_HEC_ENDPOINT=<SPLUNK_URL>
   SPLUNK_TOKEN=<SPLUNK_TOKEN>
   EOF
   

4. Download the sample configuration file to /etc/observability-pipelines-worker/pipeline.yaml on the host.

5. Start the worker:

   sudo systemctl restart observability-pipelines-worker
   

Setup the Worker module in your existing Terraform using this sample configuration. Update the values in vpc-id, subnet-ids, and region to match your AWS deployment. Update the values in datadog-api-key and pipeline-id to match your pipeline.

module "opw" {
    source     = "git::https://github.com/DataDog/opw-terraform//aws"
    vpc-id     = "{VPC ID}"
    subnet-ids = ["{SUBNET ID 1}", "{SUBNET ID 2}"]
    region     = "{REGION}"

    datadog-api-key = "{DATADOG API KEY}"
    pipeline-id = "{OP PIPELINE ID}"
    environment = {
      "SPLUNK_TOKEN": "<SPLUNK TOKEN>",
    }
    pipeline-config = <<EOT
sources:
  splunk_receiver:
    type: splunk_hec
    address: 0.0.0.0:8088
    valid_tokens:
        - $${SPLUNK_TOKEN}

transforms:
  ## This is a placeholder for your own remap (or other transform)
  ## steps with tags set up. Datadog recommends these tag assignments.
  ## They show which data has been moved over to OP and what still needs
  ## to be moved.
  LOGS_YOUR_STEPS:
    type: remap
    inputs:
      - splunk_receiver
    source: |
      .sender = "observability_pipelines_worker"
      .opw_aggregator = get_hostname!()

## This buffer configuration is split into 144GB buffers for both of the Datadog and Splunk sinks.
##
## This should work for the vast majority of OP Worker deployments and should rarely
## need to be adjusted. If you do change it, be sure to update the size the `ebs-drive-size-gb` parameter.
sinks:
  datadog_logs:
    type: datadog_logs
    inputs:
      - LOGS_YOUR_STEPS
    default_api_key: "$${DD_API_KEY}"
    compression: gzip
    buffer:
        type: disk
        max_size: 154618822656
  splunk_logs:
    type: splunk_hec_logs
    inputs:
      - LOGS_YOUR_STEPS
    endpoint: <SPLUNK HEC ENDPOINT>
    default_token: $${SPLUNK_TOKEN}
    encoding:
      codec: json
    buffer:
        type: disk
        max_size: 154618822656
EOT
}

To install the Worker in your AWS Account, use the CloudFormation template to create a Stack:

1. Download the CloudFormation template for the Worker.

2. In the CloudFormation console, click Create stack, and select the With new resources (standard) option.

3. Make sure that the Template is ready option is selected. Click Choose file and add the CloudFormation template file you downloaded earlier. Click Next.

4. Enter a name for the stack in Specify stack details.

5. Fill in the parameters for the CloudFormation template. A few require special attention:

   • For APIKey and PipelineID, provide the key and ID that you gathered earlier in the Prerequisites section.

   • For the SplunkToken, provide the token you created earlier on your Splunk index.

   • For the VPCID and SubnetIDs, provide the subnets and VPC you chose earlier.

   • All other parameters are set to reasonable defaults for a Worker deployment but you can adjust them for your use case as needed.

6. Click Next.

7. Review and make sure the parameters are as expected. Click the necessary permissions checkboxes for IAM, and click Submit to create the Stack.

CloudFormation handles the installation at this point; the Worker instances are launched and they automatically download the necessary software and start running.

Production-oriented setup is not included in the Docker instructions. Instead, refer to your company’s standards for load balancing in containerized environments. If you are testing on your local machine, configuring a load balancer is unnecessary.

Use the load balancers provided by your cloud provider. They adjust based on autoscaling events that the default Helm setup is configured for. The load balancers are internal-facing, so they are only accessible inside your network.

Use the load balancer URL given to you by Helm when you configure your existing collectors.

NLBs provisioned by the AWS Load Balancer Controller are used.

See Capacity Planning and Scaling for load balancer recommendations when scaling the Worker.

Cross-availability-zone load balancing

The provided Helm configuration tries to simplify load balancing, but you must take into consideration the potential price implications of cross-AZ traffic. Wherever possible, the samples try to avoid creating situations where multiple cross-AZ hops can happen.

The sample configurations do not enable the cross-zone load balancing feature available in this controller. To enable it, add the following annotation to the service block:

service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true

See AWS Load Balancer Controller for more details.

Use the load balancers provided by your cloud provider. They adjust based on autoscaling events that the default Helm setup is configured for. The load balancers are internal-facing, so they are only accessible inside your network.

Use the load balancer URL given to you by Helm when you configure your existing collectors.

See Capacity Planning and Scaling for load balancer recommendations when scaling the Worker.

Cross-availability-zone load balancing

The provided Helm configuration tries to simplify load balancing, but you must take into consideration the potential price implications of cross-AZ traffic. Wherever possible, the samples try to avoid creating situations where multiple cross-AZ hops can happen.

Use the load balancers provided by your cloud provider. They adjust based on autoscaling events that the default Helm setup is configured for. The load balancers are internal-facing, so they are only accessible inside your network.

Use the load balancer URL given to you by Helm when you configure your existing collectors.

See Capacity Planning and Scaling for load balancer recommendations when scaling the Worker.

Cross-availability-zone load balancing

The provided Helm configuration tries to simplify load balancing, but you must take into consideration the potential price implications of cross-AZ traffic. Wherever possible, the samples try to avoid creating situations where multiple cross-AZ hops can happen.

Global Access is enabled by default since that is likely required for use in a shared tools cluster.

No built-in support for load-balancing is provided, given the single-machine nature of the installation. You will need to provision your own load balancers using whatever your company’s standard is.

No built-in support for load-balancing is provided, given the single-machine nature of the installation. You will need to provision your own load balancers using whatever your company’s standard is.

An NLB is provisioned by the Terraform module, and provisioned to point at the instances. Its DNS address is returned in the lb-dns output in Terraform.

An NLB is provisioned by the CloudFormation template, and is configured to point at the AutoScaling Group. Its DNS address is returned in the LoadBalancerDNS CloudFormation output.

By default, the Observability Pipelines Worker’s data directory is set to /var/lib/observability-pipelines-worker. Make sure that your host machine has a sufficient amount of storage capacity allocated to the container’s mountpoint.

For AWS, Datadog recommends using the io2 EBS drive family. Alternatively, the gp3 drives could also be used.

For Azure AKS, Datadog recommends using the default (also known as managed-csi) disks.

For Google GKE, Datadog recommends using the premium-rwo drive class because it is backed by SSDs. The HDD-backed class, standard-rwo, might not provide enough write performance for the buffers to be useful.

By default, the Observability Pipelines Worker’s data directory is set to /var/lib/observability-pipelines-worker - if you are using the sample configuration, you should ensure that this has at least 288GB of space available for buffering.

Where possible, it is recommended to have a separate SSD mounted at that location.

By default, the Observability Pipelines Worker’s data directory is set to /var/lib/observability-pipelines-worker - if you are using the sample configuration, you should ensure that this has at least 288GB of space available for buffering.

Where possible, it is recommended to have a separate SSD mounted at that location.

By default, a 288GB EBS drive is allocated to each instance, and the sample configuration above is set to use that for buffering.

By default, a 288GB EBS drive is allocated to each instance, and is auto-mounted and formatted upon instance boot.