Update Existing Pipelines

For existing pipelines in Observability Pipelines, you can update and deploy changes for source settings, destination settings, and processors in the Observability Pipelines UI. But if you want to update source and destination environment variables, you need to manually update the Worker with the new values.

Update an existing pipeline

  1. Navigate to Observability Pipelines.
  2. Select the pipeline you want to update.
  3. Click Edit Pipeline in the top right corner.
  4. Make changes to the pipeline.
    • If you are updating the source or destination settings shown in the tiles, or updating and adding processors, make the changes and then click Deploy Changes.
    • To update source or destination environment variables, click Go to Worker Installation Steps and see Update source or destination variables for instructions.

Update source or destination variables

On the Worker installation page:

  1. Select your platform in the Choose your installation platform dropdown menu.

  2. If you want to update source environment variables, update the information for your log source.

    • Amazon Data Firehose address
      • The Observability Pipelines Worker listens to this socket address to receive logs from Amazon Data Firehose.
      • The address is stored in the environment variable AWS_DATA_FIREHOSE_ADDRESS.
    • Amazon S3 SQS URL
      • The URL of the SQS queue to which the S3 bucket sends the notification events.
      • Stored as the environment variable: DD_OP_SOURCE_AWS_S3_SQS_URL
    • AWS_CONFIG_FILE path
      • The path to the AWS configuration file local to this node.
      • Stored as the environment variable: AWS_CONFIG_FILE.
    • AWS_PROFILE name
      • The name of the profile to use within these files.
      • Stored as the environment variable: AWS_PROFILE.
    • Datadog Agent address:
      • The Observability Pipelines Worker listens to this socket address to receive logs from the Datadog Agent.
      • Stored in the environment variableDD_OP_SOURCE_DATADOG_AGENT_ADDRESS.
    • Fluent socket address and port:
      • The Observability Pipelines Worker listens on this address for incoming log messages.
      • Stored in the environment variable DD_OP_SOURCE_FLUENT_ADDRESS.

    There are no environment variables for the Google Pub/Sub source.

    • HTTP/s endpoint URL:
      • The Observability Pipelines Worker collects log events from this endpoint. For example,
      • Stored as the environment variable: DD_OP_SOURCE_HTTP_CLIENT_ENDPOINT_URL.
    • If you are using basic authentication:
      • HTTP/S endpoint authentication username and password.
      • Stored as the environment variables: DD_OP_SOURCE_HTTP_CLIENT_USERNAME and DD_OP_SOURCE_HTTP_CLIENT_PASSWORD.
    • If you are using bearer authentication:
      • HTTP/S endpoint bearer token.
      • Stored as the environment variable: DD_OP_SOURCE_HTTP_CLIENT_BEARER_TOKEN.
    • HTTP/S server address:
      • The Observability Pipelines Worker listens to this socket address, such as, for your HTTP client logs.
      • Stored in the environment variable: DD_OP_SOURCE_HTTP_SERVER_ADDRESS.
    • The host and port of the Kafka bootstrap servers.
      • The bootstrap server that the client uses to connect to the Kafka cluster and discover all the other hosts in the cluster. The host and port must be entered in the format of host:port, such as If there is more than one server, use commas to separate them.
      • Stored as the environment variable: DD_OP_SOURCE_KAFKA_BOOTSTRAP_SERVERS.
    • If you enabled SASL:
      • Kafka SASL username
        • Stored as the environment variable: DD_OP_SOURCE_KAFKA_SASL_USERNAME.
      • Kafka SASL password
        • Stored as the environment variable: DD_OP_SOURCE_KAFKA_SASL_PASSWORD.
    • Logstash address and port:
      • The Observability Pipelines Worker listens on this address, such as, for incoming log messages.
      • Stored in the environment variable as: DD_OP_SOURCE_LOGSTASH_ADDRESS
    • Splunk HEC address:
      • The bind address that your Observability Pipelines Worker listens on to receive logs originally intended for the Splunk indexer. For example,
        Note: /services/collector/event is automatically appended to the endpoint.
      • Stored in the environment variable DD_OP_SOURCE_SPLUNK_HEC_ADDRESS.
    • Splunk TCP address:
      • The Observability Pipelines Worker listens to this socket address to receive logs from the Splunk Forwarder. For example,
      • Stored in the environment variable DD_OP_SOURCE_SPLUNK_TCP_ADDRESS.
    • Sumo Logic address:
      • The bind address that your Observability Pipelines Worker listens on to receive logs originally intended for the Sumo Logic HTTP Source. For example,
        Note: /receiver/v1/http/ path is automatically appended to the endpoint.
      • Stored in the environment variable DD_OP_SOURCE_SUMO_LOGIC_ADDRESS.
    • rsyslog or syslog-ng address:
      • The Observability Pipelines Worker listens on this bind address to receive logs from the Syslog forwarder. For example,
      • Stored in the environment variable DD_OP_SOURCE_SYSLOG_ADDRESS.

  3. If you want to update destination environment variables, update the information for your log destination.

    • Amazon OpenSearch authentication username:
      • Stored in the environment variable: DD_OP_DESTINATION_AMAZON_OPENSEARCH_USERNAME.
    • Amazon OpenSearch authentication password:
      • Stored in the environment variable: DD_OP_DESTINATION_AMAZON_OPENSEARCH_PASSWORD.
    • Amazon OpenSearch endpoint URL:
      • Stored in the environment variable: DD_OP_DESTINATION_AMAZON_OPENSEARCH_ENDPOINT_URL.
    • Google Chronicle endpoint URL:
    • CrowdStrike HEC ingestion URL:

      • Stored in the environment variable DD_OP_DESTINATION_CROWDSTRIKE_NEXT_GEN_SIEM_ENDPOINT_URL.
    • CrowdStrike HEC API token:

      • Stored in the environment variable DD_OP_DESTINATION_CROWDSTRIKE_NEXT_GEN_SIEM_TOKEN.

    No environment variables required.

    Amazon S3

    • AWS access key ID of your S3 archive:

      • Stored in the environment variable: DD_OP_DESTINATION_DATADOG_ARCHIVES_AWS_ACCESS_KEY_ID
    • AWS secret access key ID of your S3 archive:

      • The AWS secret access key ID for the S3 archive bucket.
      • Stored in the environment variable DD_OP_DESTINATION_DATADOG_ARCHIVES_AWS_SECRET_KEY.

    Google Cloud Storage

    There are no environment variables to configure.

    Azure Storage

    • Azure connections string to give the Worker access to your Azure Storage bucket.
    • Elasticsearch authentication username:
      • Stored in the environment variable: DD_OP_DESTINATION_ELASTICSEARCH_USERNAME.
    • Elasticsearch authentication password:
      • Stored in the environment variable: DD_OP_DESTINATION_ELASTICSEARCH_PASSWORD.
    • Elasticsearch endpoint URL:
      • Stored in the environment variable: DD_OP_DESTINATION_ELASTICSEARCH_ENDPOINT_URL.
    • Data collection endpoint (DCE)
      • Stored as the environment variable: DD_OP_DESTINATION_MICROSOFT_SENTINEL_DCE_URI
    • Client secret
      • Stored as the environment variable: DD_OP_DESTINATION_MICROSOFT_SENTINEL_CLIENT_SECRET
    • New Relic account ID:
      • Stored in the environment variable: DD_OP_DESTINATION_NEW_RELIC_ACCOUNT_ID.
    • New Relic license:
      • Stored in the environment variable: DD_OP_DESTINATION_NEW_RELIC_LICENSE_KEY.
    • OpenSearch authentication username:
      • Stored in the environment variable: DD_OP_DESTINATION_OPENSEARCH_USERNAME.
    • OpenSearch authentication password:
      • Stored in the environment variable: DD_OP_DESTINATION_OPENSEARCH_PASSWORD.
    • OpenSearch endpoint URL:
      • Stored in the environment variable: DD_OP_DESTINATION_OPENSEARCH_ENDPOINT_URL.
    • SentinelOne write access token:
      • Stored as the environment variable: DD_OP_DESTINATION_SENTINEL_ONE_TOKEN
    • Token HEC Splunk :
      • Le token HEC Splunk pour l’indexeur Splunk.
      • Stocké dans la variable d’environnement DD_OP_DESTINATION_SPLUNK_HEC_TOKEN.
    • URL de base de l’instance Splunk :
      • L’endpoint Event Collector HTTP Splunk auquel votre worker de pipelines d’observabilité envoie les logs traités. Par exemple, https://hec.splunkcloud.com:8088. Remarque : le chemin d’accès /services/collector/event est automatiquement ajouté au endpoint.
      • Stocké dans la variable d’environnement DD_OP_DESTINATION_SPLUNK_HEC_ENDPOINT_URL.
    • Unique URL generated for the HTTP Logs and Metrics Source to receive log data.
      • The Sumo Logic HTTP Source endpoint. The Observability Pipelines Worker sends processed logs to this endpoint. For example, https://<ENDPOINT>.collection.sumologic.com/receiver/v1/http/<UNIQUE_HTTP_COLLECTOR_CODE>, where:
        • <ENDPOINT> is your Sumo collection endpoint.
        • <UNIQUE_HTTP_COLLECTOR_CODE> is the string that follows the last forward slash (/) in the upload URL for the HTTP source.
      • Stored in the environment variable DD_OP_DESTINATION_SUMO_LOGIC_HTTP_COLLECTOR_URL.
    • The rsyslog or syslog-ng endpoint URL. For example,
      • The Observability Pipelines Worker sends logs to this address and port.
      • Stored as the environment variable: DD_OP_DESTINATION_SYSLOG_ENDPOINT_URL.

  4. Follow the instructions for your environment to update the worker:

    1. Cliquez sur Select API key pour choisir la clé d’API Datadogque vous souhaitez utiliser.
    2. Exécutez la commande fournie dans l’interface utilisateur pour installer le worker. La commande est automatiquement remplie avec les variables d’environnement que vous avez saisies précédemment.
      docker run -i -e DD_API_KEY=<DATADOG_API_KEY> \
          -e DD_SITE=<DATADOG_SITE> \
          -e <SOURCE_ENV_VARIABLE> \
          -p 8088:8088 \
          datadog/observability-pipelines-worker run
      Remarque : par défaut, la commande docker run expose le même port que celui sur lequel le worker est actif. Si vous voulez mapper le port du conteneur du worker sur un autre port dans le host Docker, utilisez l’option -p | --publish :
      -p 8282:8088 datadog/observability-pipelines-worker run
    3. Cliquez sur Navigate Back pour revenir à la page d’édition des pipelines d’observabilité.
    4. Cliquez sur Deploy Changes.
    1. Download the Helm chart values file.
    2. Click Select API key to choose the Datadog API key you want to use.
    3. Update the Datadog Helm chart to the latest version:
      helm repo update
    4. Run the command provided in the UI to install the Worker. The command is automatically populated with the environment variables you entered earlier.
      helm upgrade --install opw \
      -f values.yaml \
      --set datadog.apiKey=<DATADOG_API_KEY> \
      --set datadog.pipelineId=<PIPELINE_ID> \
      --set <SOURCE_ENV_VARIABLES> \
      --set service.ports[0].protocol=TCP,service.ports[0].port=<SERVICE_PORT>,service.ports[0].targetPort=<TARGET_PORT> \
      Note: By default, the Kubernetes Service maps incoming port <SERVICE_PORT> to the port the Worker is listening on (<TARGET_PORT>). If you want to map the Worker’s pod port to a different incoming port of the Kubernetes Service, use the following service.ports[0].port and service.ports[0].targetPort values:
      --set service.ports[0].protocol=TCP,service.ports[0].port=8088,service.ports[0].targetPort=8282
    5. Click Navigate Back to go back to the Observability Pipelines edit pipeline page.
    6. Click Deploy Changes.
    1. Click Select API key to choose the Datadog API key you want to use.

    2. Run the one-step command provided in the UI to re-install the Worker.

      Note: The environment variables used by the Worker in /etc/default/observability-pipelines-worker are not updated on subsequent runs of the install script. If changes are needed, update the file manually and restart the Worker.

    If you prefer not to use the one-line installation script, follow these step-by-step instructions:

    1. Run the following commands to update your local apt repo and install the latest Worker version:
      sudo apt-get update
      sudo apt-get install observability-pipelines-worker datadog-signing-keys
    2. Add your keys, site (for example datadoghq.com for US1), source, and destination environment variables to the Worker’s environment file:
      sudo cat &lt;<EOF > /etc/default/observability-pipelines-worker
    3. Restart the worker:
      sudo systemctl restart observability-pipelines-worker
    4. Click Navigate Back to go back to the Observability Pipelines edit pipeline page.
    5. Click Deploy Changes.
    1. Click Select API key to choose the Datadog API key you want to use.

    2. Run the one-step command provided in the UI to re-install the Worker.

      Note: The environment variables used by the Worker in /etc/default/observability-pipelines-worker are not updated on subsequent runs of the install script. If changes are needed, update the file manually and restart the Worker.

    If you prefer not to use the one-line installation script, follow these step-by-step instructions:

    1. Update your packages and install the latest version of Worker:
      sudo yum makecache
      sudo yum install observability-pipelines-worker
    2. Add your keys, site (for example datadoghq.com for US1), source, and destination updated environment variables to the Worker’s environment file:
      sudo cat &lt;&lt;-EOF > /etc/default/observability-pipelines-worker
    3. Restart the worker:
      sudo systemctl restart observability-pipelines-worker
    4. Click Navigate Back to go back to the Observability Pipelines edit pipeline page.
    5. Click Deploy Changes.
    1. Sélectionnez dans la liste déroulante le volume attendu du log pour le pipeline.
    2. Sélectionnez la région AWS que vous souhaitez utiliser pour installer le worker.
    3. Cliquez sur Select API key pour choisir la clé d’API Datadogque vous souhaitez utiliser.
    4. Cliquez sur Launch CloudFormation Template pour accéder à la console AWS afin d’examiner la configuration de la stack et de la lancer. Assurez-vous que les paramètres de CloudFormation sont définis comme prévu.
    5. Sélectionnez le VPC et le sous-réseau que vous souhaitez utiliser pour installer le worker.
    6. Passez en revue et vérifiez les cases des autorisations nécessaires pour IAM. Cliquez sur Submit pour créer la stack. CloudFormation s’occupe de l’installation à ce stade. Les instances du worker sont lancées, le logiciel nécessaire est téléchargé et le worker démarre automatiquement.
    7. Supprimez la stack CloudFormation précédente et les ressources qui y sont associées.
    8. Cliquez sur Navigate Back pour revenir à la page d’édition des pipelines d’observabilité.
    9. Cliquez sur Deploy Changes.

