Observe /
Configure log sinks
You can integrate your preferred log aggregators and observability platforms with your Northflank account.
Log sinks allow you to forward logs from containers in specific projects, or your whole account, allowing you to unify and process logs from your entire operation. You can improve your observability with the features of your preferred log service; analyze and visualise metrics, perform searches, set up real-time alerts, and meet your log auditing requirements.
You can also integrate with your own logging solutions by sending logs to a custom HTTP endpoint or an Amazon S3 bucket.

Northflank currently supports the following endpoints for log sinks:
- Datadog
- Loki
- Papertrail
- Mezmo (formerly LogDNA)
- Logtail
- Honeycomb
- AWS S3
- HTTP (custom endpoint)
By default, logs will be sent as plain text, some log sinks allow you to send logs as JSON instead.
Text
Text logs are sent as a single string containing only the log message itself in the format:
<timestamp: [yyyy-MM-dd’T’HH:mm:ss.SSSSSSSSS’Z’]> <stream [stdout | stderr]> <log line>
.
For example:
2022-09-12T09:21:40.817924799Z stdout F Mon Sep 12 09:21:40 UTC 2022: Log item 138051
JSON
JSON logs are sent as an array of objects, with each object representing a single log entry:
{
[
{
"entity":"<entity_id>",
"host":"Northflank",
"message":"<datetime with timezone> <log message>",
"path":"/",
"pod":"<service_name>-<pod_id>",
"project":"<project_name>",
"service":"<service_name>",
"source":"Northflank",
"source_type":"http",
"timestamp":"<datetime with timezone>",
"type":"<service|job|addon>"
},
{...},
{...}
]
}
Log sinks can be created on your user or team account in your account settings.
To add a new log sink, select the type of log sink you want and follow the specific instructions below for each type.
You can pause and resume your log sinks as required after they have been created, update the authentication details, and change the projects they target.
Project restrictions
You can enable make log sink target selected projects to select specific projects to forward logs from. Only containers running in the selected projects will have their logs forwarded.
You can leave this disabled to forward logs from all running containers in all projects on your account.
If you are creating a log sink on a team account and your role is restricted to specific projects you will only be able to create log sinks targeting the projects you have access to.
Validation log
When you create or update a log sink a validation log is sent to the endpoint to ensure the credentials entered are correct. This validation log will be stored in your sink and takes the following format:
{
"app-name": "log-forwarder",
"host": "Northflank",
"message": "Validating log sink credentials",
"severity": "info",
"date": "<datetime with timezone>"
}
- Select the Datadog sink type in your new Northflank log sink
- Select the region your Datadog account exists in by identifying it from the URL that you use to access it:
Region | Site |
---|---|
EU1 | datadoghq.eu |
US1 | datadoghq.com |
US3 | us3.datadoghq.com |
US5 | us5.datadoghq.com |
US1-FED | ddog-gov.com |
- Navigate to organisation settings, open API keys, and create a new key. Make sure your account has at least the standard role, or a custom role with permissions to write logs .
- Copy the API key and paste it into the field in Northflank
- Select your project restrictions, if any, and add log sink
- You should receive a validation log entry to confirm your credentials are valid, and logs will now be sent to the sink
You can send your logs to a self-hosted instance of Loki, or to a Loki instance hosted on Grafana cloud .
Grafana cloud
- Select the Loki sink type in your new Northflank log sink
- Navigate to your Grafana cloud stack
- View the details for Loki
- Follow the instructions to add Loki as a data source in your Grafana instance, if it's not currently configured. Copy and/or save your API key, as it will not be shown again.
- Go to Northflank and enter the information from your Loki configuration:
- URL
- user
- the API key you created when integrating Loki with Grafana
- Choose the encoding method for the logs:
text
(default) orJSON
- Select your project restrictions, if any, and add log sink
- You should receive a validation log entry to confirm your credentials are valid, and logs will now be sent to the sink
Self-hosted
- Select the Loki sink type in your new Northflank log sink
- Enter the URL of your Loki deployment
- Enter the username and password you set when configuring your Loki instance
- Choose the encoding method for the logs:
text
(default) orJSON
- Select your project restrictions, if any, and add log sink
- You should receive a validation log entry to confirm your credentials are valid, and logs will now be sent to the sink
- Select the Papertrail sink type in your new Northflank log sink
- Navigate to your Papertrail settings and open log destinations
- Create log destination, allow it to
accept logs from unrecognised systems
, and leavedelete systems with no events
enabled - Choose to accept connections via
port
(recommended) ortoken
(HTTPS). LeaveTLS encryption
enabled for TCP, andplain text
enabled for UDP forport
connections. - On Northflank select the authentication method you chose when creating your log destination
- For
port
enter the URL and port generated for your log destination, for examplelogs5.papertrailapp.com:12345
- For
token
enter both theendpoint
andtoken
generated for your log destination
- For
- Choose the encoding method for the logs:
text
(default) orJSON
- Select your project restrictions, if any, and add log sink
- You should receive a validation log entry to confirm your credentials are valid, and logs will now be sent to the sink
- Select the Mezmo (formerly LogDNA) sink type in your new Northflank log sink
- In Mezmo, open settings, navigate to the API keys page under organisation
- Generate a new ingestion key and copy the value
- Return to Northflank and paste the ingestion key into the API key field
- Select your project restrictions, if any, and add log sink
- You should receive a validation log entry to confirm your credentials are valid, and logs will now be sent to the sink
- Select the Logtail sink type in your new Northflank log sink
- In your Logtail account navigate to sources and connect source
- Name your source, select
HTTP
as the platform, and create source - Copy the source token, return to Northflank, and enter it into the API key field for your new log sink
- Select your project restrictions, if any, and add log sink
- You should receive a validation log entry to confirm your credentials are valid, and logs will now be sent to the sink
- Select the Honeycomb sink type in your new Northflank log sink
- In Honeycomb navigate to environments and manage environments
- View API keys for the environment you want to use with Northflank and copy the API key value
- Return to Northflank and paste the API key value into the form
- Enter the name of your dataset, if it doesn't already exist in Honeycomb it will be created for you
- Select your project restrictions, if any, and add log sink
- You should receive a validation log entry to confirm your credentials are valid, and logs will now be sent to the sink
- You must be a Honeycomb team owner to create and manage API keys
- Your API key must have
send events
andcreate datasets
permissions
- Select the Logz.io sink type in your new Northflank log sink
- In Logz.io open your settings and select the manage tokens page
- Open data shipping tokens and copy the default token, or create a new one
- Return to Northflank and paste the API token into the form
- If the
listener URL
displayed on the data shipping tokens page is different from the defaultlistener.logz.io
, copy it and replace thelistener URL
in the Northflank form - Select your project restrictions, if any, and add log sink
- You should receive a validation log entry to confirm your credentials are valid, and logs will now be sent to the sink
You can create an S3 sink hosted by Amazon Web Services, or another implementation of S3 storage. The following instructions are to integrate S3 hosted by AWS, for other implementations the exact details may differ.
Logs sent to S3 buckets are automatically segmented into directories to help identify and find them, by project, resource type, and resource name. For example:
Project | Resource category | Resource |
---|---|---|
my-project/ | service/ | my-service-1/ |
my-project/ | service/ | my-service-2/ |
my-project/ | addon/ | mongo-db/ |
my-project/ | job/ | db-cleanup-cron/ |
- Select the AWS S3 sink type in your new Northflank log sink
- Go to your AWS console and select S3 from the storage section in the services menu
- Create a new bucket, or select an existing one, and enter the name of the bucket in Northflank
- Enter the service endpoint, for example
s3.eu-west-1.amazonaws.com
for a bucket in theEU-West-1
region - Enter the region for your bucket, as indicated in the endpoint
- Open the IAM console and create a new IAM user with the necessary permissions, or a role containing the necessary permissions
- Copy the
access key ID
andaccess key secret
to Northflank directly, and/or save them somewhere secure (you will not be able to view them again) - Choose whether to send uncompressed plaintext logs, or logs compressed with gzip to your bucket
- Select your project restrictions, if any, and add log sink
- You should receive a validation log entry to confirm your credentials are valid, and logs will now be sent to the sink
- Northflank will create a folder to store logs each day, with the format
date=YYYY-MM-DD
- Each log file will be named with a Unix timestamp in seconds, followed by a UUID:
[timestamp]-[UUID].[file-extension]
- Logs will have the file extension
.log
if uncompressed, or.log.gzip
for compressed logs - Logs will be sent in batches no greater than 32.7KB, or every second while logs are being generated
You can configure a custom HTTP endpoint to receive your logs from Northflank.
Log format
Your endpoint will receive logs from Northflank in either text or JSON format, and you can secure your endpoint by only accepting requests with either basic authentication or a bearer token.
Text logs will be sent with the header Content-Type: text/plain
and the body will consist of a string containing the log line. JSON logs will be sent with the header Content-Type: application/json
and the body will consist of a JSON object containing an array of log lines.
Authentication
Northflank support two types of HTTP authentication. For security your endpoint should require HTTPS, otherwise credentials and logs will be transmitted unencrypted.
- Basic authentication: basic auth requires a password, and optionally a username. This will be encoded using base64 before being sent in the header as
Authorization: "Basic <encoded credentials>"
- Bearer token: your bearer token will be encoded using base64 and sent in the header of the request as
Authorization: "Bearer <encoded token>"
Response
Your endpoint should return a 2xx response code.
Create your HTTP log sink on Northflank
- Enter the URL of your log sink
- Select your authentication strategy:
basic authentication
orbearer token
- Enter your username and password to authenticate using basic authentication
- Enter your token to authenticate using bearer token
- Choose the encoding method for the logs:
text
orJSON
- Select your project restrictions, if any, and add log sink
- Your HTTPS endpoint should receive a validation log entry to confirm your credentials are valid, and logs will now be sent to the sink