惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

SecWiki News
SecWiki News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
博客园 - 叶小钗
S
SegmentFault 最新的问题
IT之家
IT之家
大猫的无限游戏
大猫的无限游戏
博客园_首页
Apple Machine Learning Research
Apple Machine Learning Research
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
腾讯CDC
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V
V2EX
阮一峰的网络日志
阮一峰的网络日志
L
Lohrmann on Cybersecurity
量子位
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
J
Java Code Geeks
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 三生石上(FineUI控件)
Attack and Defense Labs
Attack and Defense Labs
AI
AI
The Cloudflare Blog
T
Tailwind CSS Blog
S
Schneier on Security
爱范儿
爱范儿
PCI Perspectives
PCI Perspectives
Stack Overflow Blog
Stack Overflow Blog
S
Secure Thoughts
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
V2EX - 技术
V2EX - 技术
S
Securelist
P
Proofpoint News Feed
T
Threat Research - Cisco Blogs
Help Net Security
Help Net Security
C
Cisco Blogs
N
News and Events Feed by Topic
人人都是产品经理
人人都是产品经理
B
Blog RSS Feed
K
Kaspersky official blog
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Simon Willison's Weblog
Simon Willison's Weblog

Datadog | The Monitor blog

Introducing our open source AI-native SAST Instrument and monitor Boomi integration flows with OpenTelemetry and Datadog Not all index scans are equal: How we cut query latency by over 99% Platform engineering metrics: What to measure and what to ignore Integrate Recorded Future threat intelligence with Datadog Cloud SIEM CI/CD security: threat modeling using a MITRE-style threat matrix CI/CD security: How to secure your GitHub ecosystem Ingress NGINX is EOL: A practical guide for migrating to Kubernetes Gateway API Operating agentic AI with Amazon Bedrock AgentCore and Datadog LLM Observability: Lessons from NTT DATA Introducing the Datadog Code Security MCP Capture and analyze custom heatmaps in Session Replay Understand session replays faster with AI summaries and smart chapters Monitor ClickHouse query performance with Datadog Database Monitoring How we designed empathetic alert sounds for on-call engineers Search and act across Datadog to resolve issues faster with Bits Assistant Measure the business impact of every product change with Datadog Experiments Analyzing round trip query latency Configuring JavaScript caches for better performance Introducing Bits AI Dev Agent for Code Security Datadog achieves ISO 42001 certification for responsible AI Monitor Nutanix clusters, hosts, and VMs with Datadog Monitor Juniper Mist in Datadog A new Host Map for modern infrastructure Annotate traces to improve LLM quality with Datadog LLM Observability What’s new in Cloud SIEM: AI-powered investigations, enhanced threat intelligence, and scalable security operations Explore Kubernetes with native OpenTelemetry data Monitor Oracle Fusion Cloud Applications with Datadog Announcing the Datadog Terraform provider v4.0.0 Scaling Kubernetes workloads on custom metrics How to design cloud environments for AI-powered threat analysis Monitor Aruba Central in Datadog How we centralize and remediate risks with Datadog Case Management Accelerate incident response with Datadog and ServiceNow Monitor your application and network load balancer logs Understanding Karpenter architecture for Kubernetes autoscaling Tools for collecting metrics and logs from Karpenter Monitor Karpenter with Datadog What your product data is actually saying Key metrics for monitoring Karpenter Securing Datadog’s platform in the AI age: The role of observability data Four ways engineering teams use the Datadog MCP Server to power AI agents Approaching your observability migration with the right mindset Meet the new Bits AI SRE: Deeper reasoning, twice as fast Key learnings from the 2026 State of DevSecOps study Use plain English to query your multi-cloud infrastructure in Resource Catalog Simplifying troubleshooting across the user journey with Datadog Synthetic Monitoring Protect your OCI resources with Datadog Cloud Security This Month in Datadog - February 2026 Amazon EC2 security: How misconfigured and public AMIs expand your cloud attack surface Enable end-to-end visibility into your Java apps with a single command Measure and improve mobile app startup performance with Datadog RUM Evaluating our AI Guard application to improve quality and control cost Identify untested code across every level of your codebase Make use of guardrail metrics and stop babysitting your releases Monitor Versa Networks SD-WAN performance in Datadog Improve performance and reliability with APM Recommendations Remediate transitive vulnerabilities faster with Datadog Software Composition Analysis Generate audit-ready vulnerability and compliance reports with Datadog Sheets Monitor Fortinet FortiManager performance in Datadog Improve test coverage across codebases with Datadog Code Coverage Move fast, don’t break things: Consistent testing standards at scale Enrich logs with ServiceNow CMDB context before routing to any SIEM or logging tool Monitor Lustre with Datadog Make faster, better product decisions with Datadog Product Analytics Surface and remediate runtime posture issues with Workload Protection Findings Protect agentic AI applications with Datadog AI Guard How to optimize JavaScript code with CSS Trace Google Pub/Sub workloads in Cloud Run with Datadog Detect human names in logs with ML in Sensitive Data Scanner How we cut our NLQ agent debugging time from hours to minutes with LLM Observability Debug PostgreSQL query latency faster with EXPLAIN ANALYZE in Datadog Database Monitoring Datadog acquires Propolis Unify and correlate frontend and backend data with retention filters Scale compliance across global frameworks with Datadog Cloud Security Monitor Arista VeloCloud SD-WAN performance with Datadog Building reliable dashboard agents with Datadog LLM Observability Simplify log collection and aggregation for MSSPs with Datadog Observability Pipelines Mitigation for Node.js denial-of-service vulnerability affecting Datadog APM Automate flaky test fixes with the Bits AI Dev Agent and Test Optimization How we built an AI SRE agent that investigates like a team of engineers Datadog integrations 2025 recap: Observability for AI, security, and hybrid cloud Design effective executive dashboards with Datadog Implement dbt data quality checks with dbt-expectations Bring faster visibility into AWS Lambda functions with remote instrumentation Troubleshoot faster with the GitLab Source Code integration in Datadog How Cambia Health Solutions saved $30,000 monthly with Cloud Cost Management and the Datadog Resource Catalog Normalize any logs for Cloud SIEM with Datadog's OCSF processor Optimizing Datadog at scale: Cost-efficient observability at Zendesk Detect, diagnose, and resolve network issues easily with CNM Network Health Connect engineering errors to user impact in early-stage products Cilium configuration for Kubernetes operations at scale Designing feedback loops for progressive delivery Ship features faster and safer with Datadog Feature Flags Choosing the right OpenTelemetry Collector distribution Route your monitor alerts with Datadog monitor notification rules Automate Cloud SIEM investigations with Bits AI Security Analyst Cloud threat detection: How to identify risky activity across control and data planes Collecting Kafka performance metrics Monitoring Kafka with Datadog Monitoring Kafka performance metrics
Take enhanced control of your log data with Datadog Log Workspaces
2025-05-23 · via Datadog | The Monitor blog
Aaron Kaplan

Aaron Kaplan

Usman Khan

Usman Khan

Jason Manson-Hing

Jason Manson-Hing

Security, operations, and development teams rely more and more on the ability to efficiently query logs. As these teams monitor the health, performance, and usage of their systems and investigate incidents, delving into log data can often be a matter of urgency. But it can also be a cumbersome task: Modern, distributed systems and applications churn out logs from innumerable components, and teams must frequently cross-reference log data from scattered sources in order to translate dispersed datapoints into cohesive visibility. The sheer volume of this data, combined with the inconsistent and frequently unpredictable ways in which it is structured, complicates analysis. Many teams rely on multiple highly specialized tools to comb through mountains of logs and tease out insights. Others adopt proprietary query languages, turning anything beyond the simplest kind of search into a specialist skill.

To address these challenges and help organizations take greater control over their log data, we’re pleased to introduce Datadog Log Workspaces. Log Workspaces extends the powerful capabilities of the Datadog Log Explorer, which helps teams swiftly and easily navigate enormous volumes of log data in a point-and-click interface, with a cohesive, highly adaptable environment for in-depth analysis of log data. With Log Workspaces, teams can easily dive deep into their log data by flexibly and collaboratively querying, joining, and transforming it, as well as seamlessly correlating it with other types of telemetry data.

This post will explore how Log Workspaces lets you seamlessly parse and enrich log data from any number of sources, helping anyone in your organization easily analyze that data in clear and declarative terms using SQL, natural language, and Datadog’s visualizations.

Seamlessly parse and enrich log data from any number of sources

As software architectures grow in complexity and organizations collect more and more logs, the ability to quickly and flexibly correlate log data from many different sources becomes increasingly important. Historically, conducting this type of analysis has meant engineering elaborate query statements—a time-consuming process that can create confusion as teams work together to get the answers they need from their data.

Log Workspaces helps teams query their logs flexibly and in depth, empowering virtually anyone in your organization to home in on log data from any number of sources, enrich it, and mold it into easily queryable forms for open-ended and declarative analysis. To get started, you can create a Workspace either from scratch or by exporting queries from the Log Explorer. Workspaces are both canvas-like environments and adaptable toolkits for working with your log data on your own terms. They are collaboration-friendly spaces that also permit the configuration of role-based access control (RBAC) for teams working with sensitive data.

Each Workspace is built around one or more data source cells, where you can draw in data using log or RUM queries, reference tables, or metrics. Data source cells automatically extract column-based data schemas from your input data’s tags and attributes, enabling you to work nimbly with many kinds of data using lightweight tabular structures.

Creating a data source from a log query in Log Workspaces.

In many cases, you may need to extract information from your logs that isn’t neatly nested under tags or attributes. Log Workspaces makes it easy to add granularity and structure to your log data at query time via transformation cells. You can use transformations to extract values from your log content at query time using custom grok rules, aggregate and filter your datasets based on specific column values, and perform table joins, calculations, and conversions, as well as limit and sort operations.

Let’s say you’re overseeing transactions for a financial trading platform. You want to take a closer look at failed transactions and understand the business impact, in dollars, of these failures. To do so, you need to compare logs from two separate services: trade-receiver, which is responsible for fielding trade requests, and trade-finalizer, which fulfills them. By querying trade-receiver logs and filtering for the message text, “Streaming trade request,” you’re able to isolate a record of all trade requests.

Using the Log Explorer to obtain a record of streaming events from a microservice.

From here, you open your query in Log Workspaces to continue your investigation. You add the logs from trade-finalizer as a second data source to round out your visibility into the trade fulfillment pipeline.

Creating data sources based on log queries in Log Workspaces.

In order to correlate the logs from your two data sources, you’ll need the ID of each transaction. As we can see in the above screenshot, however, the trade-receiver logs include a transaction-id column, but the trade-finalizer logs do not. You can select any log from your query results in order to inspect it in greater detail in a side panel. From here, you can select any attribute to add it as a column to your dataset in order to make it easily queryable during subsequent analysis.

Adding a log attribute as a column in a dataset in order to simplify subsequent querying.
Adding a log attribute as a column in a dataset in order to simplify subsequent querying.

In this case, however, the transaction IDs you need are buried in the unstructured data of the log messages from the trade-finalizer service. In order to isolate them, you create a new transformation cell and add a column extraction. In column extractions, you write custom grok rules that are applied at query time. In this case, your extraction adds a transaction_id column to the resulting dataset.

Using a transformation to add structure to log data by extracting variables from messages.

So far, we’ve seen how Log Workspaces lets you dynamically refine the structure and granularity of your log data at query time, helping you create clear-cut foundations for analysis by defining data sources and dynamically homing in on key data via transformations. With these foundations in place, anyone in your organization—regardless of their level of experience—can use Log Workspaces to seamlessly correlate and delve deeply into log data from many different sources.

Conduct complex analysis of log data expressively and declaratively

Let’s continue with our example from above: You’re overseeing transactions for a financial trading platform, and now you want to dig deeper into the failed transactions you’ve isolated. In order to establish a clearer picture of their business impact, you want to determine where these failures have had the greatest effect on customers. To do so, you need to identify the highest-value failed trades, the customer accounts associated with those trades, and the countries in which those accounts are registered.

For flexible querying of your data sources, you can add analysis cells to your Workspaces. By allowing you to query your data using either SQL or Bits AI-powered natural language queries, analysis cells put deep insights into log data within reach for any Datadog user. The following screenshot illustrates how SQL queries enable highly flexible control over your data. With this query, you correlate the data from the datasets you’ve created by performing a table join and extract the precise information you need in a clear-cut form, creating the failed_transaction_record dataset.

Analyzing log data in depth by querying bespoke datasets using SQL.

From here, you can build a clearer picture of the business impact of these failures in a few quick steps. To get the names associated with the accounts behind these trades, you add a reference table with all of your customer data as a new data source and perform a join with your failed_transaction_record dataset.

TODO:

Finally, to paint a clear picture, you can visualize your data. Log Workspaces provides several options for visualization—including tables, toplists, timeseries, treemaps, pie charts, and scatterplots—and allows you to filter your datasets by status, environment, and other variables. And you can save these visualizations to dashboards in order to seamlessly correlate your fine-tuned, log-driven datasets with other types of observability data.

TODO:

Dive deeper into your logs

Datadog Log Workspaces enables anyone in your organization to work quickly, flexibly, and collaboratively with log data from any number of sources, as well as correlate this data with RUM events and metrics. Log Workspaces can help teams accelerate incident response by making quick work of complex log analysis. It can also help them incorporate fine-tuned log-driven datasets into their day-to-day monitoring (such as by embedding Workspace cells into dashboards). And its collaboration-friendliness and RBAC capabilities make Log Workspaces a powerful tool for engineering, security, operations, FinOps, and other teams in many industries. To learn more, you can check out our detailed use cases for using Log Workspaces to:

Log Workspaces is now generally available as a part of Datadog Log Management. You can learn more Datadog Log Management throughout our blog. By coupling Log Workspaces with Datadog Logging without Limits™ and Flex Logs—which allow you to ingest and index large volumes of logs without multiplying your storage costs—you can collect, store, archive, forward, and query all of your logs without restrictions. If you’re new to Datadog, you can get started with a 14-day free trial.