Datadog v4.59.0, Oct 22 25

Datadog v4.59.0 published on Wednesday, Oct 22, 2025 by Pulumi

datadog.LogsCustomDestination

Datadog v4.59.0 published on Wednesday, Oct 22, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as datadog from "@pulumi/datadog";

const sampleDestination = new datadog.LogsCustomDestination("sample_destination", {
    name: "sample destination",
    query: "service:my-service",
    enabled: true,
    httpDestination: {
        endpoint: "https://example.org",
        basicAuth: {
            username: "my-username",
            password: "my-password",
        },
    },
});

import pulumi
import pulumi_datadog as datadog

sample_destination = datadog.LogsCustomDestination("sample_destination",
    name="sample destination",
    query="service:my-service",
    enabled=True,
    http_destination={
        "endpoint": "https://example.org",
        "basic_auth": {
            "username": "my-username",
            "password": "my-password",
        },
    })

package main

import (
	"github.com/pulumi/pulumi-datadog/sdk/v4/go/datadog"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := datadog.NewLogsCustomDestination(ctx, "sample_destination", &datadog.LogsCustomDestinationArgs{
			Name:    pulumi.String("sample destination"),
			Query:   pulumi.String("service:my-service"),
			Enabled: pulumi.Bool(true),
			HttpDestination: &datadog.LogsCustomDestinationHttpDestinationArgs{
				Endpoint: pulumi.String("https://example.org"),
				BasicAuth: &datadog.LogsCustomDestinationHttpDestinationBasicAuthArgs{
					Username: pulumi.String("my-username"),
					Password: pulumi.String("my-password"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Datadog = Pulumi.Datadog;

return await Deployment.RunAsync(() => 
{
    var sampleDestination = new Datadog.LogsCustomDestination("sample_destination", new()
    {
        Name = "sample destination",
        Query = "service:my-service",
        Enabled = true,
        HttpDestination = new Datadog.Inputs.LogsCustomDestinationHttpDestinationArgs
        {
            Endpoint = "https://example.org",
            BasicAuth = new Datadog.Inputs.LogsCustomDestinationHttpDestinationBasicAuthArgs
            {
                Username = "my-username",
                Password = "my-password",
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.datadog.LogsCustomDestination;
import com.pulumi.datadog.LogsCustomDestinationArgs;
import com.pulumi.datadog.inputs.LogsCustomDestinationHttpDestinationArgs;
import com.pulumi.datadog.inputs.LogsCustomDestinationHttpDestinationBasicAuthArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var sampleDestination = new LogsCustomDestination("sampleDestination", LogsCustomDestinationArgs.builder()
            .name("sample destination")
            .query("service:my-service")
            .enabled(true)
            .httpDestination(LogsCustomDestinationHttpDestinationArgs.builder()
                .endpoint("https://example.org")
                .basicAuth(LogsCustomDestinationHttpDestinationBasicAuthArgs.builder()
                    .username("my-username")
                    .password("my-password")
                    .build())
                .build())
            .build());

    }
}

resources:
  sampleDestination:
    type: datadog:LogsCustomDestination
    name: sample_destination
    properties:
      name: sample destination
      query: service:my-service
      enabled: true
      httpDestination:
        endpoint: https://example.org
        basicAuth:
          username: my-username
          password: my-password

Create LogsCustomDestination Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new LogsCustomDestination(name: string, args: LogsCustomDestinationArgs, opts?: CustomResourceOptions);

@overload
def LogsCustomDestination(resource_name: str,
                          args: LogsCustomDestinationArgs,
                          opts: Optional[ResourceOptions] = None)

@overload
def LogsCustomDestination(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          name: Optional[str] = None,
                          elasticsearch_destination: Optional[LogsCustomDestinationElasticsearchDestinationArgs] = None,
                          enabled: Optional[bool] = None,
                          forward_tags: Optional[bool] = None,
                          forward_tags_restriction_list_type: Optional[str] = None,
                          forward_tags_restriction_lists: Optional[Sequence[str]] = None,
                          http_destination: Optional[LogsCustomDestinationHttpDestinationArgs] = None,
                          microsoft_sentinel_destination: Optional[LogsCustomDestinationMicrosoftSentinelDestinationArgs] = None,
                          query: Optional[str] = None,
                          splunk_destination: Optional[LogsCustomDestinationSplunkDestinationArgs] = None)

func NewLogsCustomDestination(ctx *Context, name string, args LogsCustomDestinationArgs, opts ...ResourceOption) (*LogsCustomDestination, error)

public LogsCustomDestination(string name, LogsCustomDestinationArgs args, CustomResourceOptions? opts = null)

public LogsCustomDestination(String name, LogsCustomDestinationArgs args)
public LogsCustomDestination(String name, LogsCustomDestinationArgs args, CustomResourceOptions options)

type: datadog:LogsCustomDestination
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args LogsCustomDestinationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args LogsCustomDestinationArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args LogsCustomDestinationArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args LogsCustomDestinationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args LogsCustomDestinationArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var logsCustomDestinationResource = new Datadog.LogsCustomDestination("logsCustomDestinationResource", new()
{
    Name = "string",
    ElasticsearchDestination = new Datadog.Inputs.LogsCustomDestinationElasticsearchDestinationArgs
    {
        BasicAuth = new Datadog.Inputs.LogsCustomDestinationElasticsearchDestinationBasicAuthArgs
        {
            Password = "string",
            Username = "string",
        },
        Endpoint = "string",
        IndexName = "string",
        IndexRotation = "string",
    },
    Enabled = false,
    ForwardTags = false,
    ForwardTagsRestrictionListType = "string",
    ForwardTagsRestrictionLists = new[]
    {
        "string",
    },
    HttpDestination = new Datadog.Inputs.LogsCustomDestinationHttpDestinationArgs
    {
        Endpoint = "string",
        BasicAuth = new Datadog.Inputs.LogsCustomDestinationHttpDestinationBasicAuthArgs
        {
            Password = "string",
            Username = "string",
        },
        CustomHeaderAuth = new Datadog.Inputs.LogsCustomDestinationHttpDestinationCustomHeaderAuthArgs
        {
            HeaderName = "string",
            HeaderValue = "string",
        },
    },
    MicrosoftSentinelDestination = new Datadog.Inputs.LogsCustomDestinationMicrosoftSentinelDestinationArgs
    {
        ClientId = "string",
        DataCollectionEndpoint = "string",
        DataCollectionRuleId = "string",
        StreamName = "string",
        TenantId = "string",
    },
    Query = "string",
    SplunkDestination = new Datadog.Inputs.LogsCustomDestinationSplunkDestinationArgs
    {
        AccessToken = "string",
        Endpoint = "string",
    },
});

example, err := datadog.NewLogsCustomDestination(ctx, "logsCustomDestinationResource", &datadog.LogsCustomDestinationArgs{
	Name: pulumi.String("string"),
	ElasticsearchDestination: &datadog.LogsCustomDestinationElasticsearchDestinationArgs{
		BasicAuth: &datadog.LogsCustomDestinationElasticsearchDestinationBasicAuthArgs{
			Password: pulumi.String("string"),
			Username: pulumi.String("string"),
		},
		Endpoint:      pulumi.String("string"),
		IndexName:     pulumi.String("string"),
		IndexRotation: pulumi.String("string"),
	},
	Enabled:                        pulumi.Bool(false),
	ForwardTags:                    pulumi.Bool(false),
	ForwardTagsRestrictionListType: pulumi.String("string"),
	ForwardTagsRestrictionLists: pulumi.StringArray{
		pulumi.String("string"),
	},
	HttpDestination: &datadog.LogsCustomDestinationHttpDestinationArgs{
		Endpoint: pulumi.String("string"),
		BasicAuth: &datadog.LogsCustomDestinationHttpDestinationBasicAuthArgs{
			Password: pulumi.String("string"),
			Username: pulumi.String("string"),
		},
		CustomHeaderAuth: &datadog.LogsCustomDestinationHttpDestinationCustomHeaderAuthArgs{
			HeaderName:  pulumi.String("string"),
			HeaderValue: pulumi.String("string"),
		},
	},
	MicrosoftSentinelDestination: &datadog.LogsCustomDestinationMicrosoftSentinelDestinationArgs{
		ClientId:               pulumi.String("string"),
		DataCollectionEndpoint: pulumi.String("string"),
		DataCollectionRuleId:   pulumi.String("string"),
		StreamName:             pulumi.String("string"),
		TenantId:               pulumi.String("string"),
	},
	Query: pulumi.String("string"),
	SplunkDestination: &datadog.LogsCustomDestinationSplunkDestinationArgs{
		AccessToken: pulumi.String("string"),
		Endpoint:    pulumi.String("string"),
	},
})

var logsCustomDestinationResource = new LogsCustomDestination("logsCustomDestinationResource", LogsCustomDestinationArgs.builder()
    .name("string")
    .elasticsearchDestination(LogsCustomDestinationElasticsearchDestinationArgs.builder()
        .basicAuth(LogsCustomDestinationElasticsearchDestinationBasicAuthArgs.builder()
            .password("string")
            .username("string")
            .build())
        .endpoint("string")
        .indexName("string")
        .indexRotation("string")
        .build())
    .enabled(false)
    .forwardTags(false)
    .forwardTagsRestrictionListType("string")
    .forwardTagsRestrictionLists("string")
    .httpDestination(LogsCustomDestinationHttpDestinationArgs.builder()
        .endpoint("string")
        .basicAuth(LogsCustomDestinationHttpDestinationBasicAuthArgs.builder()
            .password("string")
            .username("string")
            .build())
        .customHeaderAuth(LogsCustomDestinationHttpDestinationCustomHeaderAuthArgs.builder()
            .headerName("string")
            .headerValue("string")
            .build())
        .build())
    .microsoftSentinelDestination(LogsCustomDestinationMicrosoftSentinelDestinationArgs.builder()
        .clientId("string")
        .dataCollectionEndpoint("string")
        .dataCollectionRuleId("string")
        .streamName("string")
        .tenantId("string")
        .build())
    .query("string")
    .splunkDestination(LogsCustomDestinationSplunkDestinationArgs.builder()
        .accessToken("string")
        .endpoint("string")
        .build())
    .build());

logs_custom_destination_resource = datadog.LogsCustomDestination("logsCustomDestinationResource",
    name="string",
    elasticsearch_destination={
        "basic_auth": {
            "password": "string",
            "username": "string",
        },
        "endpoint": "string",
        "index_name": "string",
        "index_rotation": "string",
    },
    enabled=False,
    forward_tags=False,
    forward_tags_restriction_list_type="string",
    forward_tags_restriction_lists=["string"],
    http_destination={
        "endpoint": "string",
        "basic_auth": {
            "password": "string",
            "username": "string",
        },
        "custom_header_auth": {
            "header_name": "string",
            "header_value": "string",
        },
    },
    microsoft_sentinel_destination={
        "client_id": "string",
        "data_collection_endpoint": "string",
        "data_collection_rule_id": "string",
        "stream_name": "string",
        "tenant_id": "string",
    },
    query="string",
    splunk_destination={
        "access_token": "string",
        "endpoint": "string",
    })

const logsCustomDestinationResource = new datadog.LogsCustomDestination("logsCustomDestinationResource", {
    name: "string",
    elasticsearchDestination: {
        basicAuth: {
            password: "string",
            username: "string",
        },
        endpoint: "string",
        indexName: "string",
        indexRotation: "string",
    },
    enabled: false,
    forwardTags: false,
    forwardTagsRestrictionListType: "string",
    forwardTagsRestrictionLists: ["string"],
    httpDestination: {
        endpoint: "string",
        basicAuth: {
            password: "string",
            username: "string",
        },
        customHeaderAuth: {
            headerName: "string",
            headerValue: "string",
        },
    },
    microsoftSentinelDestination: {
        clientId: "string",
        dataCollectionEndpoint: "string",
        dataCollectionRuleId: "string",
        streamName: "string",
        tenantId: "string",
    },
    query: "string",
    splunkDestination: {
        accessToken: "string",
        endpoint: "string",
    },
});

type: datadog:LogsCustomDestination
properties:
    elasticsearchDestination:
        basicAuth:
            password: string
            username: string
        endpoint: string
        indexName: string
        indexRotation: string
    enabled: false
    forwardTags: false
    forwardTagsRestrictionListType: string
    forwardTagsRestrictionLists:
        - string
    httpDestination:
        basicAuth:
            password: string
            username: string
        customHeaderAuth:
            headerName: string
            headerValue: string
        endpoint: string
    microsoftSentinelDestination:
        clientId: string
        dataCollectionEndpoint: string
        dataCollectionRuleId: string
        streamName: string
        tenantId: string
    name: string
    query: string
    splunkDestination:
        accessToken: string
        endpoint: string

LogsCustomDestination Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The LogsCustomDestination resource accepts the following input properties:

Name string: The custom destination name.
ElasticsearchDestination LogsCustomDestinationElasticsearchDestination: The Elasticsearch destination.
Enabled bool: Whether logs matching this custom destination should be forwarded or not.
ForwardTags bool: Whether tags from the forwarded logs should be forwarded or not.
ForwardTagsRestrictionListType string: How the forward_tags_restriction_list parameter should be interpreted. If ALLOW_LIST, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. BLOCK_LIST works the opposite way. It does not forward the tags matching the ones on the list. Valid values are ALLOW_LIST, BLOCK_LIST.
ForwardTagsRestrictionLists List<string>: List of tag keys to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on forward_tags_restriction_list_type parameter.
HttpDestination LogsCustomDestinationHttpDestination: The HTTP destination.
MicrosoftSentinelDestination LogsCustomDestinationMicrosoftSentinelDestination: The Microsoft Sentinel destination.
Query string: The custom destination query filter. Logs matching this query are forwarded to the destination.
SplunkDestination LogsCustomDestinationSplunkDestination: The Splunk HTTP Event Collector (HEC) destination.

Name string: The custom destination name.
ElasticsearchDestination LogsCustomDestinationElasticsearchDestinationArgs: The Elasticsearch destination.
Enabled bool: Whether logs matching this custom destination should be forwarded or not.
ForwardTags bool: Whether tags from the forwarded logs should be forwarded or not.
ForwardTagsRestrictionListType string: How the forward_tags_restriction_list parameter should be interpreted. If ALLOW_LIST, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. BLOCK_LIST works the opposite way. It does not forward the tags matching the ones on the list. Valid values are ALLOW_LIST, BLOCK_LIST.
ForwardTagsRestrictionLists []string: List of tag keys to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on forward_tags_restriction_list_type parameter.
HttpDestination LogsCustomDestinationHttpDestinationArgs: The HTTP destination.
MicrosoftSentinelDestination LogsCustomDestinationMicrosoftSentinelDestinationArgs: The Microsoft Sentinel destination.
Query string: The custom destination query filter. Logs matching this query are forwarded to the destination.
SplunkDestination LogsCustomDestinationSplunkDestinationArgs: The Splunk HTTP Event Collector (HEC) destination.

name String: The custom destination name.
elasticsearchDestination LogsCustomDestinationElasticsearchDestination: The Elasticsearch destination.
enabled Boolean: Whether logs matching this custom destination should be forwarded or not.
forwardTags Boolean: Whether tags from the forwarded logs should be forwarded or not.
forwardTagsRestrictionListType String: How the forward_tags_restriction_list parameter should be interpreted. If ALLOW_LIST, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. BLOCK_LIST works the opposite way. It does not forward the tags matching the ones on the list. Valid values are ALLOW_LIST, BLOCK_LIST.
forwardTagsRestrictionLists List<String>: List of tag keys to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on forward_tags_restriction_list_type parameter.
httpDestination LogsCustomDestinationHttpDestination: The HTTP destination.
microsoftSentinelDestination LogsCustomDestinationMicrosoftSentinelDestination: The Microsoft Sentinel destination.
query String: The custom destination query filter. Logs matching this query are forwarded to the destination.
splunkDestination LogsCustomDestinationSplunkDestination: The Splunk HTTP Event Collector (HEC) destination.

name string: The custom destination name.
elasticsearchDestination LogsCustomDestinationElasticsearchDestination: The Elasticsearch destination.
enabled boolean: Whether logs matching this custom destination should be forwarded or not.
forwardTags boolean: Whether tags from the forwarded logs should be forwarded or not.
forwardTagsRestrictionListType string: How the forward_tags_restriction_list parameter should be interpreted. If ALLOW_LIST, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. BLOCK_LIST works the opposite way. It does not forward the tags matching the ones on the list. Valid values are ALLOW_LIST, BLOCK_LIST.
forwardTagsRestrictionLists string[]: List of tag keys to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on forward_tags_restriction_list_type parameter.
httpDestination LogsCustomDestinationHttpDestination: The HTTP destination.
microsoftSentinelDestination LogsCustomDestinationMicrosoftSentinelDestination: The Microsoft Sentinel destination.
query string: The custom destination query filter. Logs matching this query are forwarded to the destination.
splunkDestination LogsCustomDestinationSplunkDestination: The Splunk HTTP Event Collector (HEC) destination.

name str: The custom destination name.
elasticsearch_destination LogsCustomDestinationElasticsearchDestinationArgs: The Elasticsearch destination.
enabled bool: Whether logs matching this custom destination should be forwarded or not.
forward_tags bool: Whether tags from the forwarded logs should be forwarded or not.
forward_tags_restriction_list_type str: How the forward_tags_restriction_list parameter should be interpreted. If ALLOW_LIST, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. BLOCK_LIST works the opposite way. It does not forward the tags matching the ones on the list. Valid values are ALLOW_LIST, BLOCK_LIST.
forward_tags_restriction_lists Sequence[str]: List of tag keys to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on forward_tags_restriction_list_type parameter.
http_destination LogsCustomDestinationHttpDestinationArgs: The HTTP destination.
microsoft_sentinel_destination LogsCustomDestinationMicrosoftSentinelDestinationArgs: The Microsoft Sentinel destination.
query str: The custom destination query filter. Logs matching this query are forwarded to the destination.
splunk_destination LogsCustomDestinationSplunkDestinationArgs: The Splunk HTTP Event Collector (HEC) destination.

name String: The custom destination name.
elasticsearchDestination Property Map: The Elasticsearch destination.
enabled Boolean: Whether logs matching this custom destination should be forwarded or not.
forwardTags Boolean: Whether tags from the forwarded logs should be forwarded or not.
forwardTagsRestrictionListType String: How the forward_tags_restriction_list parameter should be interpreted. If ALLOW_LIST, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. BLOCK_LIST works the opposite way. It does not forward the tags matching the ones on the list. Valid values are ALLOW_LIST, BLOCK_LIST.
forwardTagsRestrictionLists List<String>: List of tag keys to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on forward_tags_restriction_list_type parameter.
httpDestination Property Map: The HTTP destination.
microsoftSentinelDestination Property Map: The Microsoft Sentinel destination.
query String: The custom destination query filter. Logs matching this query are forwarded to the destination.
splunkDestination Property Map: The Splunk HTTP Event Collector (HEC) destination.

Outputs

All input properties are implicitly available as output properties. Additionally, the LogsCustomDestination resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing LogsCustomDestination Resource

Get an existing LogsCustomDestination resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: LogsCustomDestinationState, opts?: CustomResourceOptions): LogsCustomDestination

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        elasticsearch_destination: Optional[LogsCustomDestinationElasticsearchDestinationArgs] = None,
        enabled: Optional[bool] = None,
        forward_tags: Optional[bool] = None,
        forward_tags_restriction_list_type: Optional[str] = None,
        forward_tags_restriction_lists: Optional[Sequence[str]] = None,
        http_destination: Optional[LogsCustomDestinationHttpDestinationArgs] = None,
        microsoft_sentinel_destination: Optional[LogsCustomDestinationMicrosoftSentinelDestinationArgs] = None,
        name: Optional[str] = None,
        query: Optional[str] = None,
        splunk_destination: Optional[LogsCustomDestinationSplunkDestinationArgs] = None) -> LogsCustomDestination

func GetLogsCustomDestination(ctx *Context, name string, id IDInput, state *LogsCustomDestinationState, opts ...ResourceOption) (*LogsCustomDestination, error)

public static LogsCustomDestination Get(string name, Input<string> id, LogsCustomDestinationState? state, CustomResourceOptions? opts = null)

public static LogsCustomDestination get(String name, Output<String> id, LogsCustomDestinationState state, CustomResourceOptions options)

resources:  _:    type: datadog:LogsCustomDestination    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

ElasticsearchDestination LogsCustomDestinationElasticsearchDestination: The Elasticsearch destination.
Enabled bool: Whether logs matching this custom destination should be forwarded or not.
ForwardTags bool: Whether tags from the forwarded logs should be forwarded or not.
ForwardTagsRestrictionListType string: How the forward_tags_restriction_list parameter should be interpreted. If ALLOW_LIST, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. BLOCK_LIST works the opposite way. It does not forward the tags matching the ones on the list. Valid values are ALLOW_LIST, BLOCK_LIST.
ForwardTagsRestrictionLists List<string>: List of tag keys to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on forward_tags_restriction_list_type parameter.
HttpDestination LogsCustomDestinationHttpDestination: The HTTP destination.
MicrosoftSentinelDestination LogsCustomDestinationMicrosoftSentinelDestination: The Microsoft Sentinel destination.
Name string: The custom destination name.
Query string: The custom destination query filter. Logs matching this query are forwarded to the destination.
SplunkDestination LogsCustomDestinationSplunkDestination: The Splunk HTTP Event Collector (HEC) destination.

ElasticsearchDestination LogsCustomDestinationElasticsearchDestinationArgs: The Elasticsearch destination.
Enabled bool: Whether logs matching this custom destination should be forwarded or not.
ForwardTags bool: Whether tags from the forwarded logs should be forwarded or not.
ForwardTagsRestrictionListType string: How the forward_tags_restriction_list parameter should be interpreted. If ALLOW_LIST, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. BLOCK_LIST works the opposite way. It does not forward the tags matching the ones on the list. Valid values are ALLOW_LIST, BLOCK_LIST.
ForwardTagsRestrictionLists []string: List of tag keys to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on forward_tags_restriction_list_type parameter.
HttpDestination LogsCustomDestinationHttpDestinationArgs: The HTTP destination.
MicrosoftSentinelDestination LogsCustomDestinationMicrosoftSentinelDestinationArgs: The Microsoft Sentinel destination.
Name string: The custom destination name.
Query string: The custom destination query filter. Logs matching this query are forwarded to the destination.
SplunkDestination LogsCustomDestinationSplunkDestinationArgs: The Splunk HTTP Event Collector (HEC) destination.

elasticsearchDestination LogsCustomDestinationElasticsearchDestination: The Elasticsearch destination.
enabled Boolean: Whether logs matching this custom destination should be forwarded or not.
forwardTags Boolean: Whether tags from the forwarded logs should be forwarded or not.
forwardTagsRestrictionListType String: How the forward_tags_restriction_list parameter should be interpreted. If ALLOW_LIST, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. BLOCK_LIST works the opposite way. It does not forward the tags matching the ones on the list. Valid values are ALLOW_LIST, BLOCK_LIST.
forwardTagsRestrictionLists List<String>: List of tag keys to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on forward_tags_restriction_list_type parameter.
httpDestination LogsCustomDestinationHttpDestination: The HTTP destination.
microsoftSentinelDestination LogsCustomDestinationMicrosoftSentinelDestination: The Microsoft Sentinel destination.
name String: The custom destination name.
query String: The custom destination query filter. Logs matching this query are forwarded to the destination.
splunkDestination LogsCustomDestinationSplunkDestination: The Splunk HTTP Event Collector (HEC) destination.

elasticsearchDestination LogsCustomDestinationElasticsearchDestination: The Elasticsearch destination.
enabled boolean: Whether logs matching this custom destination should be forwarded or not.
forwardTags boolean: Whether tags from the forwarded logs should be forwarded or not.
forwardTagsRestrictionListType string: How the forward_tags_restriction_list parameter should be interpreted. If ALLOW_LIST, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. BLOCK_LIST works the opposite way. It does not forward the tags matching the ones on the list. Valid values are ALLOW_LIST, BLOCK_LIST.
forwardTagsRestrictionLists string[]: List of tag keys to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on forward_tags_restriction_list_type parameter.
httpDestination LogsCustomDestinationHttpDestination: The HTTP destination.
microsoftSentinelDestination LogsCustomDestinationMicrosoftSentinelDestination: The Microsoft Sentinel destination.
name string: The custom destination name.
query string: The custom destination query filter. Logs matching this query are forwarded to the destination.
splunkDestination LogsCustomDestinationSplunkDestination: The Splunk HTTP Event Collector (HEC) destination.

elasticsearch_destination LogsCustomDestinationElasticsearchDestinationArgs: The Elasticsearch destination.
enabled bool: Whether logs matching this custom destination should be forwarded or not.
forward_tags bool: Whether tags from the forwarded logs should be forwarded or not.
forward_tags_restriction_list_type str: How the forward_tags_restriction_list parameter should be interpreted. If ALLOW_LIST, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. BLOCK_LIST works the opposite way. It does not forward the tags matching the ones on the list. Valid values are ALLOW_LIST, BLOCK_LIST.
forward_tags_restriction_lists Sequence[str]: List of tag keys to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on forward_tags_restriction_list_type parameter.
http_destination LogsCustomDestinationHttpDestinationArgs: The HTTP destination.
microsoft_sentinel_destination LogsCustomDestinationMicrosoftSentinelDestinationArgs: The Microsoft Sentinel destination.
name str: The custom destination name.
query str: The custom destination query filter. Logs matching this query are forwarded to the destination.
splunk_destination LogsCustomDestinationSplunkDestinationArgs: The Splunk HTTP Event Collector (HEC) destination.

elasticsearchDestination Property Map: The Elasticsearch destination.
enabled Boolean: Whether logs matching this custom destination should be forwarded or not.
forwardTags Boolean: Whether tags from the forwarded logs should be forwarded or not.
forwardTagsRestrictionListType String: How the forward_tags_restriction_list parameter should be interpreted. If ALLOW_LIST, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. BLOCK_LIST works the opposite way. It does not forward the tags matching the ones on the list. Valid values are ALLOW_LIST, BLOCK_LIST.
forwardTagsRestrictionLists List<String>: List of tag keys to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on forward_tags_restriction_list_type parameter.
httpDestination Property Map: The HTTP destination.
microsoftSentinelDestination Property Map: The Microsoft Sentinel destination.
name String: The custom destination name.
query String: The custom destination query filter. Logs matching this query are forwarded to the destination.
splunkDestination Property Map: The Splunk HTTP Event Collector (HEC) destination.

Supporting Types

LogsCustomDestinationElasticsearchDestination, LogsCustomDestinationElasticsearchDestinationArgs

BasicAuth LogsCustomDestinationElasticsearchDestinationBasicAuth: Basic access authentication.
Endpoint string: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.
IndexName string: Name of the Elasticsearch index (must follow Elasticsearch's criteria).
IndexRotation string: Date pattern with US locale and UTC timezone to be appended to the index name after adding '-' (that is, '${index_name}-${indexPattern}'). You can customize the index rotation naming pattern by choosing one of these options: - Hourly: 'yyyy-MM-dd-HH' (as an example, it would render: '2022-10-19-09') - Daily: 'yyyy-MM-dd' (as an example, it would render: '2022-10-19') - Weekly: 'yyyy-'W'ww' (as an example, it would render: '2022-W42') - Monthly: 'yyyy-MM' (as an example, it would render: '2022-10') If this field is missing or is blank, it means that the index name will always be the same (that is, no rotation).

BasicAuth LogsCustomDestinationElasticsearchDestinationBasicAuth: Basic access authentication.
Endpoint string: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.
IndexName string: Name of the Elasticsearch index (must follow Elasticsearch's criteria).
IndexRotation string: Date pattern with US locale and UTC timezone to be appended to the index name after adding '-' (that is, '${index_name}-${indexPattern}'). You can customize the index rotation naming pattern by choosing one of these options: - Hourly: 'yyyy-MM-dd-HH' (as an example, it would render: '2022-10-19-09') - Daily: 'yyyy-MM-dd' (as an example, it would render: '2022-10-19') - Weekly: 'yyyy-'W'ww' (as an example, it would render: '2022-W42') - Monthly: 'yyyy-MM' (as an example, it would render: '2022-10') If this field is missing or is blank, it means that the index name will always be the same (that is, no rotation).

basicAuth LogsCustomDestinationElasticsearchDestinationBasicAuth: Basic access authentication.
endpoint String: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.
indexName String: Name of the Elasticsearch index (must follow Elasticsearch's criteria).
indexRotation String: Date pattern with US locale and UTC timezone to be appended to the index name after adding '-' (that is, '${index_name}-${indexPattern}'). You can customize the index rotation naming pattern by choosing one of these options: - Hourly: 'yyyy-MM-dd-HH' (as an example, it would render: '2022-10-19-09') - Daily: 'yyyy-MM-dd' (as an example, it would render: '2022-10-19') - Weekly: 'yyyy-'W'ww' (as an example, it would render: '2022-W42') - Monthly: 'yyyy-MM' (as an example, it would render: '2022-10') If this field is missing or is blank, it means that the index name will always be the same (that is, no rotation).

basicAuth LogsCustomDestinationElasticsearchDestinationBasicAuth: Basic access authentication.
endpoint string: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.
indexName string: Name of the Elasticsearch index (must follow Elasticsearch's criteria).
indexRotation string: Date pattern with US locale and UTC timezone to be appended to the index name after adding '-' (that is, '${index_name}-${indexPattern}'). You can customize the index rotation naming pattern by choosing one of these options: - Hourly: 'yyyy-MM-dd-HH' (as an example, it would render: '2022-10-19-09') - Daily: 'yyyy-MM-dd' (as an example, it would render: '2022-10-19') - Weekly: 'yyyy-'W'ww' (as an example, it would render: '2022-W42') - Monthly: 'yyyy-MM' (as an example, it would render: '2022-10') If this field is missing or is blank, it means that the index name will always be the same (that is, no rotation).

basic_auth LogsCustomDestinationElasticsearchDestinationBasicAuth: Basic access authentication.
endpoint str: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.
index_name str: Name of the Elasticsearch index (must follow Elasticsearch's criteria).
index_rotation str: Date pattern with US locale and UTC timezone to be appended to the index name after adding '-' (that is, '${index_name}-${indexPattern}'). You can customize the index rotation naming pattern by choosing one of these options: - Hourly: 'yyyy-MM-dd-HH' (as an example, it would render: '2022-10-19-09') - Daily: 'yyyy-MM-dd' (as an example, it would render: '2022-10-19') - Weekly: 'yyyy-'W'ww' (as an example, it would render: '2022-W42') - Monthly: 'yyyy-MM' (as an example, it would render: '2022-10') If this field is missing or is blank, it means that the index name will always be the same (that is, no rotation).

basicAuth Property Map: Basic access authentication.
endpoint String: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.
indexName String: Name of the Elasticsearch index (must follow Elasticsearch's criteria).
indexRotation String: Date pattern with US locale and UTC timezone to be appended to the index name after adding '-' (that is, '${index_name}-${indexPattern}'). You can customize the index rotation naming pattern by choosing one of these options: - Hourly: 'yyyy-MM-dd-HH' (as an example, it would render: '2022-10-19-09') - Daily: 'yyyy-MM-dd' (as an example, it would render: '2022-10-19') - Weekly: 'yyyy-'W'ww' (as an example, it would render: '2022-W42') - Monthly: 'yyyy-MM' (as an example, it would render: '2022-10') If this field is missing or is blank, it means that the index name will always be the same (that is, no rotation).

LogsCustomDestinationElasticsearchDestinationBasicAuth, LogsCustomDestinationElasticsearchDestinationBasicAuthArgs

Password string: The password of the authentication. This field is not returned by the API.
Username string: The username of the authentication. This field is not returned by the API.

Password string: The password of the authentication. This field is not returned by the API.
Username string: The username of the authentication. This field is not returned by the API.

password String: The password of the authentication. This field is not returned by the API.
username String: The username of the authentication. This field is not returned by the API.

password string: The password of the authentication. This field is not returned by the API.
username string: The username of the authentication. This field is not returned by the API.

password str: The password of the authentication. This field is not returned by the API.
username str: The username of the authentication. This field is not returned by the API.

password String: The password of the authentication. This field is not returned by the API.
username String: The username of the authentication. This field is not returned by the API.

LogsCustomDestinationHttpDestination, LogsCustomDestinationHttpDestinationArgs

Endpoint string: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.
BasicAuth LogsCustomDestinationHttpDestinationBasicAuth: Basic access authentication.
CustomHeaderAuth LogsCustomDestinationHttpDestinationCustomHeaderAuth: Custom header access authentication.

Endpoint string: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.
BasicAuth LogsCustomDestinationHttpDestinationBasicAuth: Basic access authentication.
CustomHeaderAuth LogsCustomDestinationHttpDestinationCustomHeaderAuth: Custom header access authentication.

endpoint String: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.
basicAuth LogsCustomDestinationHttpDestinationBasicAuth: Basic access authentication.
customHeaderAuth LogsCustomDestinationHttpDestinationCustomHeaderAuth: Custom header access authentication.

endpoint string: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.
basicAuth LogsCustomDestinationHttpDestinationBasicAuth: Basic access authentication.
customHeaderAuth LogsCustomDestinationHttpDestinationCustomHeaderAuth: Custom header access authentication.

endpoint str: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.
basic_auth LogsCustomDestinationHttpDestinationBasicAuth: Basic access authentication.
custom_header_auth LogsCustomDestinationHttpDestinationCustomHeaderAuth: Custom header access authentication.

endpoint String: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.
basicAuth Property Map: Basic access authentication.
customHeaderAuth Property Map: Custom header access authentication.

LogsCustomDestinationHttpDestinationBasicAuth, LogsCustomDestinationHttpDestinationBasicAuthArgs

Password string: The password of the authentication. This field is not returned by the API.
Username string: The username of the authentication. This field is not returned by the API.

Password string: The password of the authentication. This field is not returned by the API.
Username string: The username of the authentication. This field is not returned by the API.

password String: The password of the authentication. This field is not returned by the API.
username String: The username of the authentication. This field is not returned by the API.

password string: The password of the authentication. This field is not returned by the API.
username string: The username of the authentication. This field is not returned by the API.

password str: The password of the authentication. This field is not returned by the API.
username str: The username of the authentication. This field is not returned by the API.

password String: The password of the authentication. This field is not returned by the API.
username String: The username of the authentication. This field is not returned by the API.

LogsCustomDestinationHttpDestinationCustomHeaderAuth, LogsCustomDestinationHttpDestinationCustomHeaderAuthArgs

HeaderName string: The header name of the authentication.
HeaderValue string: The header value of the authentication. This field is not returned by the API.

HeaderName string: The header name of the authentication.
HeaderValue string: The header value of the authentication. This field is not returned by the API.

headerName String: The header name of the authentication.
headerValue String: The header value of the authentication. This field is not returned by the API.

headerName string: The header name of the authentication.
headerValue string: The header value of the authentication. This field is not returned by the API.

header_name str: The header name of the authentication.
header_value str: The header value of the authentication. This field is not returned by the API.

headerName String: The header name of the authentication.
headerValue String: The header value of the authentication. This field is not returned by the API.

LogsCustomDestinationMicrosoftSentinelDestination, LogsCustomDestinationMicrosoftSentinelDestinationArgs

ClientId string: Client ID from the Datadog Azure Integration.
DataCollectionEndpoint string: Azure Data Collection Endpoint.
DataCollectionRuleId string: Azure Data Collection Rule ID.
StreamName string: Azure stream name.
TenantId string: Tenant ID from the Datadog Azure Integration.

ClientId string: Client ID from the Datadog Azure Integration.
DataCollectionEndpoint string: Azure Data Collection Endpoint.
DataCollectionRuleId string: Azure Data Collection Rule ID.
StreamName string: Azure stream name.
TenantId string: Tenant ID from the Datadog Azure Integration.

clientId String: Client ID from the Datadog Azure Integration.
dataCollectionEndpoint String: Azure Data Collection Endpoint.
dataCollectionRuleId String: Azure Data Collection Rule ID.
streamName String: Azure stream name.
tenantId String: Tenant ID from the Datadog Azure Integration.

clientId string: Client ID from the Datadog Azure Integration.
dataCollectionEndpoint string: Azure Data Collection Endpoint.
dataCollectionRuleId string: Azure Data Collection Rule ID.
streamName string: Azure stream name.
tenantId string: Tenant ID from the Datadog Azure Integration.

client_id str: Client ID from the Datadog Azure Integration.
data_collection_endpoint str: Azure Data Collection Endpoint.
data_collection_rule_id str: Azure Data Collection Rule ID.
stream_name str: Azure stream name.
tenant_id str: Tenant ID from the Datadog Azure Integration.

clientId String: Client ID from the Datadog Azure Integration.
dataCollectionEndpoint String: Azure Data Collection Endpoint.
dataCollectionRuleId String: Azure Data Collection Rule ID.
streamName String: Azure stream name.
tenantId String: Tenant ID from the Datadog Azure Integration.

LogsCustomDestinationSplunkDestination, LogsCustomDestinationSplunkDestinationArgs

AccessToken string: Access token of the Splunk HTTP Event Collector. This field is not returned by the API.
Endpoint string: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.

AccessToken string: Access token of the Splunk HTTP Event Collector. This field is not returned by the API.
Endpoint string: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.

accessToken String: Access token of the Splunk HTTP Event Collector. This field is not returned by the API.
endpoint String: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.

accessToken string: Access token of the Splunk HTTP Event Collector. This field is not returned by the API.
endpoint string: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.

access_token str: Access token of the Splunk HTTP Event Collector. This field is not returned by the API.
endpoint str: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.

accessToken String: Access token of the Splunk HTTP Event Collector. This field is not returned by the API.
endpoint String: The destination for which logs will be forwarded to. Must have HTTPS scheme. Forwarding back to Datadog is not allowed.

Import

The pulumi import command can be used, for example:

Custom destinations can be imported using the destination ID. Caution: auth credentials can not be imported.

$ pulumi import datadog:index/logsCustomDestination:LogsCustomDestination sample_destination "destination-id"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Datadog pulumi/pulumi-datadog
License: Apache-2.0
Notes: This Pulumi package is based on the datadog Terraform Provider.

Datadog v4.59.0 published on Wednesday, Oct 22, 2025 by Pulumi

pulumi/pulumi-datadog

datadog.LogsCustomDestination

On this page

On this page

Example Usage

Create LogsCustomDestination Resource

Constructor syntax

Parameters

Constructor example

LogsCustomDestination Resource Properties

Inputs

Outputs

Look up Existing LogsCustomDestination Resource

Supporting Types

LogsCustomDestinationElasticsearchDestination, LogsCustomDestinationElasticsearchDestinationArgs

LogsCustomDestinationElasticsearchDestinationBasicAuth, LogsCustomDestinationElasticsearchDestinationBasicAuthArgs

LogsCustomDestinationHttpDestination, LogsCustomDestinationHttpDestinationArgs

LogsCustomDestinationHttpDestinationBasicAuth, LogsCustomDestinationHttpDestinationBasicAuthArgs

LogsCustomDestinationHttpDestinationCustomHeaderAuth, LogsCustomDestinationHttpDestinationCustomHeaderAuthArgs

LogsCustomDestinationMicrosoftSentinelDestination, LogsCustomDestinationMicrosoftSentinelDestinationArgs

LogsCustomDestinationSplunkDestination, LogsCustomDestinationSplunkDestinationArgs

Import

Package Details

On this page

On this page