Logging
Sombra has detailed logs about many event types, such as for user authentication events and queries of data silo systems. These JSON logs are simply written to the standard output of the Sombra container, so you should be able to use any standard protocol to push those logs to your log system of choice such as Splunk, Datadog, or AWS CloudWatch.
Here's an example of configuring Datadog to collect tracing and statsD metrics:
- Install the Datadog Agent as a sidecar container so that Sombra can forward traces and metrics over your configured ports.
- Set the following Datadog-related configurations:
RUN_DATADOG_APM: Initialize Datadog tracing. Default:trueDD_APM_PORT: Datadog Agent APM port, used for sending trace data. Default:8126DD_HOST: Datadog Agent host, used as the destination for sending metrics and traces. Default:localhostDD_STATSD_PORT: Datadog Agent metric port, used for sending metrics data. Default:8125DD_APM_BLOCKLIST: A blocklist of routes to pass to the trace. See the docs. Default:[]DD_APM_ANALYTICS: Filter Analyzed Spans by user-defined tags. Default:trueDD_APM_LOG_INJECTION: Enable automatic injection of trace IDs in logs for supported logging libraries. Default:trueDD_APM_RUNTIME_METRICS: Whether to enable capturing runtime metrics. Port 8125 (or configured with DD_STATSD_PORT) must be opened on the Agent for UDP. Default:trueDD_TRACE_DEBUG: Enable debug logging in the tracer. Default:false
In the event you have an issue with Sombra that requires Transcend support be involved, Sombra has a configuration option that allows it to send its logs to Transcend's servers.
Please be aware that this option may expose encryption related metadata to Transcend, and we recommend turning this feature off once the issue has been resolved.
In order to use this feature, please set the LOG_HTTP_TRANSPORT_URL to https://collector.transcend.io/api/v1/logs if you are hosting Transcend in the EU, and https://collector.us.transcend.io/api/v1/logs if you are hosting Transcend in the US.
By default, the log transporter sends logs to Transcend in batches of 10 log lines, every 5 seconds. These values can be adjusted by setting the environment variables listed below.
| Environment Variable | Description | Default | Required |
|---|---|---|---|
LOG_HTTP_TRANSPORT_URL | The Transcend Collector's HTTPS ingress endpoint. | N/A | Yes |
LOG_HTTP_TRANSPORT_BATCH_INTERVAL_MS | The maximum time to wait between batches of logs sent to the Collector. | 5000 milliseconds | No |
LOG_HTTP_TRANSPORT_BATCH_COUNT | The maximum number of log lines to send in a single batched request. | 10 | No |
DD_SERVICE_NAME | The name for your Sombra. | transcend-hosted-sombra | No |
In the event you have an issue with the LLM that requires Transcend support be involved, the LLM has a configuration option that allows it to send its logs to Transcend's servers.
Please be aware that this option may expose metadata from your data silos to Transcend, and we recommend turning this feature off once the issue has been resolved.
In order to use this feature, you will need to generate an API key with the LLM Log Transfer scope. You can do this in the Admin Dashboard by selecting API Keys under Developer Tools, then creating a new key (by clicking the + button in the upper right) and creating an API key as such:
Please set the LOG_HTTP_TRANSPORT_URL to https://collector.transcend.io/api/v1/logs if you are hosting Transcend in the EU, and https://collector.us.transcend.io/api/v1/logs if you are hosting Transcend in the US.
| Environment Variable | Description | Required |
|---|---|---|
LOG_HTTP_TRANSPORT_URL | The Transcend Collector's HTTPS ingress endpoint. | Yes |
LOG_FORWARDING_TRANSCEND_API_KEY | The log forwarding API key | Yes |