From 6090c99300dead80b66ed52cc90454e00ea584f5 Mon Sep 17 00:00:00 2001 From: May Lee Date: Mon, 14 Jul 2025 15:38:06 -0400 Subject: [PATCH 1/4] add note and verification section --- content/en/agent/guide/private-link.md | 33 +++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/content/en/agent/guide/private-link.md b/content/en/agent/guide/private-link.md index fd451d8d64bda..ae0fdac344c01 100644 --- a/content/en/agent/guide/private-link.md +++ b/content/en/agent/guide/private-link.md @@ -144,7 +144,10 @@ After the endpoint status is updated to **Available**, you can use this endpoint | Database Monitoring | {{< region-param key="aws_private_link_dbm_service_name" code="true" >}} | {{< region-param key="dbm_endpoint_private_link" code="true" >}} | | Remote Configuration | {{< region-param key="aws_private_link_remote_config_service_name" code="true" >}} | {{< region-param key="remote_config_endpoint_private_link" code="true" >}} | +**Note**: Cross-region PrivateLink doesn't emit CloudWatch metrics. See [CloudWatch metrics for AWS PrivateLink][2] for more information. + [1]: /help/ +[2]: https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-cloudwatch-metrics.html {{% /tab %}} {{% tab "VPC Peering" %}} @@ -278,7 +281,6 @@ The VPCs with Private Hosted Zone (PHZ) attached need to have a couple of settin 3. [Restart the Agent][7]. - [1]: /help/ [2]: https://docs.aws.amazon.com/vpc/latest/peering/working-with-vpc-peering.html [3]: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html @@ -302,6 +304,35 @@ The VPCs with Private Hosted Zone (PHZ) attached need to have a couple of settin {{% /site-region %}} +## Verify that data is being sent using PrivateLink + +After setting up PrivateLink, to verify that data is getting sent using PrivateLink, run the `dig` command on a machine that is on that VPC. For example, run this command if you had set up a PrivateLink for the endpoint `http-intake.logs.datadoghq.com`: + +``` +dig http-intake.logs.datadoghq.com +``` + +If logs are being sent over PrivateLink, the `ANSWER Section` section of the output shows `http-intake.logs.datadoghq.com` like this: + +``` +;; ANSWER SECTION: +http-intake.logs.datadoghq.com. 60 IN A 172.31.57.3 +http-intake.logs.datadoghq.com. 60 IN A 172.31.3.10 +http-intake.logs.datadoghq.com. 60 IN A 172.31.20.174 +http-intake.logs.datadoghq.com. 60 IN A 172.31.34.135 +``` + +If logs are not being sent over PrivateLink, the `ANSWER SECTION` of the output shows the load balancer (`4-logs-http-s1-e721f9c2a0e65948.elb.us-east-1.amazonaws.com.`) to which the logs are getting sent. + +``` +;; ANSWER SECTION: +http-intake.logs.datadoghq.com. 177 IN CNAME http-intake-l4.logs.datadoghq.com. +http-intake-l4.logs.datadoghq.com. 173 IN CNAME l4-logs-http-s1-e721f9c2a0e65948.elb.us-east-1.amazonaws.com. +l4-logs-http-s1-e721f9c2a0e65948.elb.us-east-1.amazonaws.com. 42 IN A 3.233.158.48 +l4-logs-http-s1-e721f9c2a0e65948.elb.us-east-1.amazonaws.com. 42 IN A 3.233.158.49 +l4-logs-http-s1-e721f9c2a0e65948.elb.us-east-1.amazonaws.com. 42 IN A 3.233.158.50 +``` + ## Further reading {{< partial name="whats-next/whats-next.html" >}} From 0e1970659bdb07c48d980db7ed5e0ba5bc3b5014 Mon Sep 17 00:00:00 2001 From: May Lee Date: Thu, 17 Jul 2025 10:43:15 -0400 Subject: [PATCH 2/4] Update content/en/agent/guide/private-link.md --- content/en/agent/guide/private-link.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/agent/guide/private-link.md b/content/en/agent/guide/private-link.md index ae0fdac344c01..5f923fd754bba 100644 --- a/content/en/agent/guide/private-link.md +++ b/content/en/agent/guide/private-link.md @@ -322,7 +322,7 @@ http-intake.logs.datadoghq.com. 60 IN A 172.31.20.174 http-intake.logs.datadoghq.com. 60 IN A 172.31.34.135 ``` -If logs are not being sent over PrivateLink, the `ANSWER SECTION` of the output shows the load balancer (`4-logs-http-s1-e721f9c2a0e65948.elb.us-east-1.amazonaws.com.`) to which the logs are getting sent. +If logs are not being sent over PrivateLink, the `ANSWER SECTION` of the output shows the load balancer (`4-logs-http-s1-e721f9c2a0e65948.elb.us-east-1.amazonaws.com`) to which the logs are getting sent. ``` ;; ANSWER SECTION: From a3d126ca823a46aefff775a0af3ed8a048dabd77 Mon Sep 17 00:00:00 2001 From: May Lee Date: Thu, 17 Jul 2025 12:03:37 -0400 Subject: [PATCH 3/4] Update content/en/agent/guide/private-link.md --- content/en/agent/guide/private-link.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/agent/guide/private-link.md b/content/en/agent/guide/private-link.md index 5f923fd754bba..68516af4dd0f0 100644 --- a/content/en/agent/guide/private-link.md +++ b/content/en/agent/guide/private-link.md @@ -312,7 +312,7 @@ After setting up PrivateLink, to verify that data is getting sent using PrivateL dig http-intake.logs.datadoghq.com ``` -If logs are being sent over PrivateLink, the `ANSWER Section` section of the output shows `http-intake.logs.datadoghq.com` like this: +If logs are being sent over PrivateLink, the `ANSWER Section` section of the output shows `http-intake.logs.datadoghq.com` like in the following example. **Note**: The IP addresses you see are going to be different. ``` ;; ANSWER SECTION: From f88f9618fa42e0b234853fe4ecc0b6398347c1f9 Mon Sep 17 00:00:00 2001 From: May Lee Date: Thu, 17 Jul 2025 12:12:39 -0400 Subject: [PATCH 4/4] apply suggestions --- content/en/agent/guide/private-link.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/en/agent/guide/private-link.md b/content/en/agent/guide/private-link.md index 68516af4dd0f0..91fb00f5427c5 100644 --- a/content/en/agent/guide/private-link.md +++ b/content/en/agent/guide/private-link.md @@ -312,7 +312,7 @@ After setting up PrivateLink, to verify that data is getting sent using PrivateL dig http-intake.logs.datadoghq.com ``` -If logs are being sent over PrivateLink, the `ANSWER Section` section of the output shows `http-intake.logs.datadoghq.com` like in the following example. **Note**: The IP addresses you see are going to be different. +If logs are being sent over PrivateLink, the `ANSWER Section` section of the output shows `http-intake.logs.datadoghq.com` like in the following example. **Note**: The IP addresses you get back should be in [private IP space][1]. ``` ;; ANSWER SECTION: @@ -336,3 +336,5 @@ l4-logs-http-s1-e721f9c2a0e65948.elb.us-east-1.amazonaws.com. 42 IN A 3.233.158. ## Further reading {{< partial name="whats-next/whats-next.html" >}} + +[1]: https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses