Log Drains
The Log Drains feature allows you to connect site traffic logs, function logs, and edge function logs from Netlify’s CDN to third-party monitoring services for analysis, alerting, and data persistence. Additionally, this feature allows you to connect deploy logs from our builds service.
Once you’ve configured a log drain for a site, Netlify batches the site’s log records from our CDN and build system and posts them to an endpoint in JSON/NDJSON format in near real-time. A configured external monitoring provider receives these records from the intake endpoint and makes them available for processing. You can drain the following data:
- site traffic log output: tracks visitor requests for assets and pages.
- function log output: tracks information such as function invocations.
- edge function log output: tracks edge functions that output console log statements.
- deploy log output: tracks deploy information gathered while building and deploying a site.
# Configure a log drain
To set up a log drain, you must be a Netlify Team Owner and have an account and API key provisioned with an external monitoring provider. Netlify supports integration with:
- Datadog
- New Relic
- Axiom
- Azure Monitor
- Sumo Logic
- Splunk Observability Cloud
- Logflare
- Amazon Simple Storage Service (Amazon S3)
- General HTTP endpoints
Select your external monitoring provider:
# Datadog
For your selected site, go to
and select Enable a log drain.Select
Datadog
as the Log drain service.Select the Log types to drain. You can drain your site’s traffic logs, function logs, edge function logs, and deploy logs.
Optional: add Traffic log filtering. If you’re draining traffic logs and don’t want
client_ip
anduser_agent
in the data, selectExclude personally identifiable information (PII)
.Under Service settings, select the Region where your Datadog site is located.
Enter the unique API key for your logging service provider account. Verify that you are entering your API key instead of the Datadog application key.
Optional: add key/value pairs under Tags to tag your logs with certain attributes. These become query parameters in requests to the logs intake endpoint.
Available keys for Datadog:
Key Tag Description Example value ddtag
tags associated with logs, grouped into a single list with the value ddtags
env:prod
service
name of the application or service generating the log events mysubdomain
Select Connect.
# Edit a log drain
If you need to adjust the settings for an existing log drain, under
, select Configure. Configuration changes become active within approximately five minutes.To stop sending specific log data to your external monitoring provider, clear the Log types you no longer need and then save your change.
# Remove a log drain
To terminate an existing log drain configuration for a site, under
, select Delete. All log types associated with the site’s log drain will be removed. Saved logs are accessible in your logging service provider account.# Traffic log output
Drained site traffic logs include the following fields parsed from our CDN logs:
account_id
: ID of the Netlify team that the site belongs to.client_ip
: IP address of the client. Omitted if you selected Exclude personally identifiable information (PII).content_type
: Content-Type of the request (for example,text/html
).country
: country of origin for the request, formatted as an ISO 3166-1 two-letter code.deploy_id
: ID of the deploy (for example,61153ae8b0f6a900088386e8
).duration
: duration of the request in milliseconds.firewall_rule
: the Firewall traffic rule that matches the request. Can be one ofdefault_allow
,default_deny
,ip_allow
,ip_deny
,geo_allow
,geo_deny
, or-
. If there are no traffic rules added to a site, thenfirewall_rule
returns-
. Learn more about Firewall traffic rules.block_reason
: indicates why the request was blocked. If there are rate limiting rules applied to the site and if the rules match the request, thenblock_reason
returnsrate_limit
. Learn more about Rate limiting Rules.rate_limit
:rule_id
: ID of the rate limiting rule the request matched. Learn more about Rate limiting Rules.
- [Deprecated]
rule_id
: ID of the rate limiting rule the request matched. This field is being deprecated and will disappear in a future release, userate_limit.rule_id
instead. log_type
: indicates the type of log. The value istraffic
.method
: request method.referrer
: referrer on the request.request_id
: Netlify request ID (for example,01FDWR77JMF2DA1CHF5YA6H07C
).request_size
: size of the request in bytes.response_size
: size of the response in bytes.site_id
: ID of the site.status_code
: status code of the HTTP response.timestamp
: timestamp of the request, formatted with RFC 3339 (for example,2021-08-24T18:54:34.831Z
).url
: URL of the request.user_agent
: user-agent that made the request. Omitted if you selected Exclude personally identifiable information (PII).waf
:outcome
: indicates the outcome of the request evaluated by Web Application Firewall (WAF). Can be one ofpassive
,blocked
, orno match
. When WAF is enabled in passive mode, and a request matches a WAF rule, the outcome ispassive
. When WAF is enabled in blocked mode, and a request matches a WAF rule, then the outcome isblocked
. When WAF is enabled in passive or blocked mode, and a request does not match any enabled WAF rule, the outcome isno match
. Learn more about Web Application Firewall.rule_id
: ID of the matched Web Application Firewall rule.policy_id
: ID of the WAF policy applied to the evaluated request. The WAF policy represents all enabled WAF rules or rulesets and any additional configuration, such as excluded paths or whether the passive or blocked mode are enabled.rule_set_id
: ID of the ruleset applied to the evaluated request.
# Function log output
Drained function logs include the following fields parsed from our CDN logs:
account_id
: ID of the Netlify team that the function belongs to.branch
: the branch of the deploy.deploy_id
: ID of the deploy (for example,61153ae8b0f6a900088386e8
).duration
: amount of time it took for AWS Lambda to execute the function.function_name
: name of the function.function_type
: type of function. The value for function logs isstandard
.level
: level of the log line (for example,INFO
,ERROR
,WARN
,REPORT
).message
: log message.log_type
: field indicating the type of log. All function types will have the valuefunctions
.method
: method of the request (for example, GET).path
: path of the request (for example,/.netlify/functions/your-awesome-function
).request_id
: Netlify request ID (for example,01FDWR77JMF2DA1CHF5YA6H07C
).site_id
: ID of the site.status_code
: status code of the HTTP response.timestamp
: timestamp of the request, formatted with RFC 3339 (for example,2021-08-24T18:54:34.831Z
).
# Function log output limitations
- Netlify’s Log Drains feature doesn’t currently support function log output for Background Functions. We recommend storing historical logs for this type of function on an external service.
- Function log output is limited to 4 KB total per invocation. If a log’s output exceeds 4 KB, only the last 4 KB of the log is sent to the logging service and the log message will be truncated.
# Edge Function log output
Drained edge function logs include the following fields parsed from our CDN logs:
account_id
: ID of the Netlify team that the edge function belongs to.branch
: name of the branch. This field is only present for non-production branches.deploy_id
: ID of the deploy (for example,61153ae8b0f6a900088386e8
).function_name
: name of the edge function.function_type
: type of function. The value for edge function logs isedge
.level
: level of the log line (for example,INFO
,ERROR
,WARN
,REPORT
).log_type
: field indicating the type of log. All function types, including edge functions, will have the valuefunctions
.request_id
: Netlify request ID (for example,01FDWR77JMF2DA1CHF5YA6H07C
).request_path
: path of the request (for example,/log
).site_id
: ID of the site.timestamp
: timestamp of the request, formatted with RFC 3339 (for example,2021-08-24T18:54:34.831Z
).
Log messages will appear in the content field for your logging service.
# Deploy log output
Drained deploy logs include the following fields parsed from our internal build logs:
account_id
: ID of the Netlify team that the deploy belongs to.deploy_id
: ID of the deploy (for example,61153ae8b0f6a900088386e8
).deploy_section
: section of the deploy process (for example,Initializing
,Building
,Deploying
,Cleanup
,Post-Processing
).level
: level of the log line (for example,INFO
,ERROR
,WARN
,REPORT
).log_type
: field indicating the type of log. The value isdeploys
.message
: log message.site_id
: ID of the site.timestamp
: timestamp of the log line, formatted with RFC 3339 (for example,2021-08-24T18:54:34.831Z
).
Did you find this doc useful?
Your feedback helps us improve our docs.