- Reduce unnecessary ingestion and storage costs.
- Prevent sensitive data from being sent to Datadog.
- Keep metric cardinality in check.
- Make collection rules explicit and auditable.
High-level goals
- Reduce log volume and exclude or mask sensitive data before ingestion.
- Limit metric collection and manage cardinality to control costs.
- Configure an appropriate Agent log level so the Agent does not create excess logs.
- Make collection, filters, and tags explicit so you collect only what you need.
Start with conservative collection rules. Enable additional sources, higher verbosity, or broader scraping only when you need them for troubleshooting. Incrementally expand data collection after validating cost and usefulness.
Agent-level settings
Set basic Agent options indatadog.yaml so behavior is explicit and predictable.
Example (datadog.yaml):
logs_enabled: enable or disable the Agent’s log collection.log_level: recommendedINFOfor production; useDEBUGonly for short-lived troubleshooting.
Log collection, filtering, and masking
Collect only the logs you need and apply processing as close to the source as possible. The Agent supports local processing rules, and Datadog provides server-side log pipelines and dedicated masking/redaction processors—prefer server-side when possible. Best practices:- Scope file paths and services narrowly (avoid wildcards that capture unrelated logs).
- Exclude noisy endpoints (health checks, probes) before ingestion.
- Mask or redact PII and secrets as early as possible, ideally in a controlled pipeline.
- Test any regex-based exclusions or redactions in staging to avoid losing important data.
conf.d/<integration>.d/conf.yaml):
exclude_at_matchprevents known noisy lines from being forwarded.multi_linepreserves stack traces and multiline exceptions.- Verify that the Agent version you use supports the processors you plan to run locally. See the Agent logs documentation for supported processors and syntax.
Avoid broad regex-based exclusions or redactions that can remove useful diagnostic data. Always validate processing rules in a staging environment and review their effects on a representative sample of logs.
Metrics scraping and cardinality control
Unrestricted metric collection and high-cardinality tags are common drivers of cost. Apply strict controls on which metrics and tags are collected. Recommendations:- Enable only the integrations and checks you actively use.
- Avoid high-cardinality tags (unique IDs, user IDs, request IDs).
- Normalize tags to coarse-grained values such as
region,role, orservice. - Use allowlists/deny-lists (where supported) to limit scraped metrics.
| Action | Recommended |
|---|---|
Add instance-id or request-id as a metric tag | Don’t — high cardinality |
Use region, service, role tags | Do — low cardinality and useful for aggregation |
| Collect every Prometheus metric by default | Don’t — use a whitelist where possible |
| Aggregate or roll up metrics at source if feasible | Do — reduces downstream cardinality and cost |
- Review your metric catalog regularly and delete unused or noisy metrics.
- Use metric roll-ups or aggregates when raw metrics are not required for troubleshooting.
Debugging and troubleshooting
When investigating issues, temporarily increase verbosity and enable additional integrations. Always revert these changes. Temporary debug example:- Restrict
DEBUGto a short troubleshooting window. - For logs, enable only the integration(s) generating the data you need.
- Revert settings and remove any temporary tag or metrics changes immediately after resolving the incident.
Cost optimization checklist
Use this checklist to validate your configuration before wide deployment.| Category | Action |
|---|---|
| Logs | Disable collection for unused services, scope file paths, and exclude noisy endpoints |
| Privacy | Mask/redact PII and secrets in pipelines or at the Agent if necessary |
| Metrics | Remove high-cardinality tags and whitelist important metrics |
| Retention | Configure indexing and retention policies to limit long-term storage |
| Audit | Periodically review integration configs, dashboards, and alerts for stale data |
Links and references
- Datadog Logs Processing and Pipelines: https://docs.datadoghq.com/logs/processing/pipelines/
- Datadog Logs Processors (masking/redaction): https://docs.datadoghq.com/logs/processing/processors/
- Datadog Agent Logs documentation: https://docs.datadoghq.com/agent/logs/
- Prometheus metrics best practices: https://prometheus.io/docs/practices/naming/