Update lambda-logs-collection-troubleshooting-guide.md #33162
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
helenefav
added
the
tap
Contributor
Preview links (active after the
|
estherk15
reviewed
Dec 8, 2025
|
|
||
| ## Check the Lambda function Permissions | ||
|
|
||
| Permission issues may also be impacting the ability of the forwarder to access log sources. The lambda function uses a resource based policy (unrelated to the Datadog Integration Role policy) to allow permission to access log sources. |
Contributor
There was a problem hiding this comment.
Suggested change
| Permission issues may also be impacting the ability of the forwarder to access log sources. The lambda function uses a resource based policy (unrelated to the Datadog Integration Role policy) to allow permission to access log sources. | |
| Permission issues may also be impacting the ability of the forwarder to access log sources. The lambda function uses a resource-based policy (unrelated to the Datadog Integration Role policy) to grant access log sources. |
| get-policy command aws lambda get-policy --function-name <FUNCTION_NAME> | ||
| ``` | ||
|
|
||
| This command returns a resource-based policy that specifies which AWS services and resources (like specific S3 buckets) are allowed to invoke the forwarder function. Crucially, ensure the Action and Resource elements in the policy document exactly match the specifications in the [public documentation][5]. |
Contributor
There was a problem hiding this comment.
This formats the information in a yellow banner.
Suggested change
| This command returns a resource-based policy that specifies which AWS services and resources (like specific S3 buckets) are allowed to invoke the forwarder function. Crucially, ensure the Action and Resource elements in the policy document exactly match the specifications in the [public documentation][5]. | |
| This command returns a resource-based policy that specifies which AWS services and resources (like specific S3 buckets) are allowed to invoke the forwarder function. | |
| <div class="alert alert-danger"> | |
| The Action and Resource elements in the policy document **must exactly match** the specifications in the <a href="/logs/guide/forwarder/?tab=cloudformation#permissions">Datadog Forwarder permissions</a>. | |
| </div> |
|
|
||
| ### Automatic trigger | ||
|
|
||
| If Datadog is failing to automatically create triggers, follow this troubleshooting checklist: |
Contributor
There was a problem hiding this comment.
Suggested change
| If Datadog is failing to automatically create triggers, follow this troubleshooting checklist: | |
| If Datadog fails to automatically create triggers, follow this troubleshooting checklist: |
| 2. Verify the [required permissions][10] have been added to the integration role | ||
| 3. If the log source is a Lambda log group, verify if the lambda function has the [extension][11] installed | ||
| 4. If the log source is a CloudWatch log group, ensure it does not already have the maximum number of subscribers (2) | ||
|
|
Contributor
There was a problem hiding this comment.
Suggested change
| 1. Verify that the Forwarder ARN appears in the Log Collection tab of the AWS Integration. | |
| 2. Verify that the [required permissions][10] are assigned to the integration role. | |
| 3. If the log source is a Lambda log group, verify that the lambda function has the [extension][11] installed. | |
| 4. If the log source is a CloudWatch log group, verify that it does not already have two subscribers (the maximum allowed). |
|
|
||
| 4. Set environment variable "DD_LOG_LEVEL" to "debug" on the forwarder Lambda function to enable the debugging logs for further debugging. The debugging logs are quite verbose; remember to disable it after debugging. | ||
|
|
||
| ### Are your logs filtered by the lambda function? |
Contributor
There was a problem hiding this comment.
Suggested change
| ### Are your logs filtered by the lambda function? | |
| ### Logs filtered by the lambda function |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do? What is the motivation?
Merge instructions
Merge readiness:
For Datadog employees:
Your branch name MUST follow the
<name>/<description>convention and include the forward slash (/). Without this format, your pull request will not pass CI, the GitLab pipeline will not run, and you won't get a branch preview. Getting a branch preview makes it easier for us to check any issues with your PR, such as broken links.If your branch doesn't follow this format, rename it or create a new branch and PR.
[6/5/2025] Merge queue has been disabled on the documentation repo. If you have write access to the repo, the PR has been reviewed by a Documentation team member, and all of the required checks have passed, you can use the Squash and Merge button to merge the PR. If you don't have write access, or you need help, reach out in the #documentation channel in Slack.
Additional notes