Cert

Question 1

What is the primary purpose of logging systems?

Answer 1

Logging systems collect store and analyze logs from various sources to help with debugging monitoring and security.

Question 2

Name one example of a logging system.

Answer 2

Datadog

Question 3

What are the four main benefits of logging systems?

Answer 3

Troubleshooting, Monitoring, Security, and Compliance

Question 4

How do logs help with troubleshooting?

Answer 4

Logs help identify and resolve issues by providing insights into what happened when and why.

Question 5

How do logging systems support monitoring?

Answer 5

Logging systems enable real-time monitoring of system health and performance allowing for proactive identification of potential problems.

Question 6

How do logs enhance security?

Answer 6

Logs can be used to detect and investigate security incidents such as unauthorized access or malicious activity.

Question 7

How do logging systems help with compliance?

Answer 7

Logging systems can help organizations meet regulatory requirements by providing audit trails and evidence of system activity.

Question 8

What are the five main types of log sources?

Answer 8

Server, Container, Cloud, Client, and Other existing logging services

Question 9

What are Datadog server integrations?

Answer 9

Datadog offers several integrations to forward logs from a server to Datadog using a log configuration block in the conf.yaml file.

Question 10

How are logs collected from containers?

Answer 10

It depends on where the agent is deployed or run or how logs are routed (e.g. Docker host agent Docker container agent or Kubernetes DaemonSet).

Question 11

How are logs collected from cloud sources?

Answer 11

Through subscribing to logs on cloud provider services (e.g. AWS CloudWatch) and sending them through streams like AWS Kinesis.

Question 12

How can logs be collected from clients?

Answer 12

Through SDKs or libraries such as the datadog-logs SDK for JavaScript clients.

Question 13

What are the three main types of Datadog integrations?

Answer 13

Agent-based, Authentication (crawler) based, and Library integrations

Question 14

What are Agent-based integrations?

Answer 14

Integrations installed with the Datadog Agent.

Question 15

What are Authentication-based integrations?

Answer 15

Integrations where credentials are provided for obtaining data with an API (e.g. for AWS).

Question 16

What are Library integrations?

Answer 16

Integrations that use the Datadog API to send data from applications based on the language they are written in.

Question 17

What is the recommended log format for Datadog?

Answer 17

JSON format is always recommended.

Question 18

How is log collection enabled in Docker?

Answer 18

Using the DD_LOGS_ENABLED=true environment variable.

Question 19

How is log collection enabled in Kubernetes using the Datadog operator?

Answer 19

By setting logCollection.enabled: true in the datadog-agent.yaml manifest.

Question 20

How is log collection enabled on a host?

Answer 20

By changing logs_enabled from false to true in the datadog.yaml configuration file.

Question 21

What are the two options for log filtering?

Answer 21

exclude_at_match (exclude logs containing a pattern) and include_at_match (include only logs containing a pattern)

Question 22

What does the mask_sequences option do for log obfuscation?

Answer 22

It replaces all matched groups with the value of the replace_holder parameter.

Question 23

What is the flow that logs follow when being ingested by Datadog?

Answer 23

1. Logs are ingested, 2. JSON structured logs are preprocessed, 3. Logs are filtered through pipelines, 4. Standard Attributes are applied

Question 24

What is a pipeline in Datadog log processing?

Answer 24

A pipeline takes a subset of ingested logs and applies a list of sequential Processors.

Question 25

Name three types of processors in Datadog.

Answer 25

GROK parser, Remapper, URL parser, User Agent Parser, Category Processor, Status Remapper, etc.

Question 26

What does the GROK parser do?

Answer 26

Extracts attributes from semi-structured text log messages without the need to learn regular expressions.

Question 27

What does a Remapper do?

Answer 27

Remaps an attribute to another name.

Question 28

What does the URL parser do?

Answer 28

Extracts all values from a URL attribute.

Question 29

What does the User Agent Parser do?

Answer 29

Extracts all values from a user-agent attribute.

Question 30

What does the Category Processor do?

Answer 30

Adds a new attribute matching a provided search query.

Question 31

What does the Status Remapper do?

Answer 31

Remaps a specified attribute as the official log status.

Question 32

What are Standard Attributes in Datadog?

Answer 32

A set of attributes that act as the backbone of the naming convention for an organization.

Question 33

What is the difference between Log Explorer and Live Trail?

Answer 33

Log Explorer is for log troubleshooting and exploration, while Live Trail shows incoming log events in near real-time.

Question 34

How would you search for logs with a specific tag in Datadog?

Answer 34

Using tag:value format, e.g. env:prod

Question 35

How would you search for logs with a specific attribute in Datadog?

Answer 35

Using @attribute:value format, e.g. @url:www.petco.com

Question 36

How would you search for logs containing a specific word in Datadog?

Answer 36

Just type the word e.g. hello

Question 37

How would you search for logs containing a specific phrase in Datadog?

Answer 37

Use double quotes around the phrase, e.g. "hello world"

Question 38

What are the three Boolean operators available for log searching?

Answer 38

AND (intersection), OR (union), and - (exclusion)

Question 39

What does the wildcard search *:prod find?

Answer 39

All log attributes or tags with the exact value prod

Question 40

What does the wildcard search *:prod* find?

Answer 40

All log attributes or tags for strings that start with prod

Question 41

What is the difference between Facets and Measures in log analysis?

Answer 41

Facets are qualitative and categorical, while Measures are quantitative, continuous, and numerical

Question 42

What are the three ways logs can be aggregated in Datadog?

Answer 42

By Fields, by Patterns, and by Transactions

Question 43

What happens when aggregating logs by Fields?

Answer 43

All logs matching the query filter are aggregated into groups based on the query search values.

Question 44

What is the purpose of Log Patterns?

Answer 44

Log Patterns cluster logs with similar values for the message field and group results by Status and Service.

Question 45

What do Transactions aggregate?

Answer 45

Transactions aggregate indexed logs according to instances of a sequence of events.

Question 46

Name three visualization types available in Datadog log analysis.

Answer 46

Lists, Timeseries, Top List, Nested Tables, Pie chart, Tree map

Question 47

What are the three types of log monitors in Datadog?

Answer 47

Monitor over a log count, Monitor over a facet or attribute, Monitor over a measure

Question 48

How do log samples enhance monitor notifications?

Answer 48

Log samples can be added to the message of the notification to provide context.

Question 49

Why would you generate metrics from logs?

Answer 49

To still have visibility into logs that are excluded from indexes while managing costs.

Question 50

What elements need to be defined when creating a log-based metric?

Answer 50

Query input to filter logs, field to track, dimensions (group by), optional percentile aggregations, and metric name

Question 51

What export options are available from log searches?

Answer 51

Saved View, Dashboard widget, Monitor, Metric, CSV, Share

Question 52

What three elements does a saved view keep track of?

Answer 52

A search query with time range, a custom default visualization, and a selected subset of facets

Question 53

List three common agent issues to check when troubleshooting.

Answer 53

Hostname detection issues, internet connectivity, proxy configuration, API key configuration, site configuration, multiple agents, restart after config changes

Question 54

What are three common log ingestion issues?

Answer 54

Logs daily quota reached, timestamp outside ingestion window, unable to parse timestamp, truncated logs

Question 55

What is the time limit for log ingestion regarding timestamps?

Answer 55

Logs with timestamps older than 18 hours may not be ingested.

Question 56

What is the size limit for log messages in Datadog?

Answer 56

75KB for message fields and 25KB for non-message fields.

Question 57

What is the overall size limit for a log in Datadog?

Answer 57

1MB

Question 58

What should you do if your Agent container stops right after starting?

Answer 58

Check for hostname detection issues.

Question 59

When is an indexed log required for Datadog features?

Answer 59

For monitors, aggregations, and many analysis features

Question 60

What configuration file is used for the Datadog Agent's main configuration?

Answer 60

datadog.yaml

Question 61

What is the file path for the Datadog Agent configuration on Linux?

Answer 61

/etc/datadog-agent/

Question 62

How are logs filtered through pipelines?

Answer 62

Based on log attributes - e.g. a log with source:nginx will be processed by the nginx pipeline.

Question 63

What happens to logs that don't match any pipeline and aren't in JSON format?

Answer 63

They will not be parsed.

Question 64

How do you check if your Agent is properly configured for a proxy?

Answer 64

Verify the proxy configuration in the Agent configuration.

Question 65

What should you do after editing a yaml configuration file for the Datadog Agent?

Answer 65

Restart the Datadog Agent.