Firelens config file to ship logs to cloudwatch and datadog

extra.conf

[SERVICE]
    # built in parsers file
    Parsers_File /fluent-bit/parsers/parsers.conf
    Flush 1
    Grace 30

# multiline filter to concat docker logs that are split because of size
[FILTER]
    name                  multiline
    Match_Regex ^.+-firelens-.+$
    multiline.key_content log
    mode                  partial_message

# "split" the record to a datadog tagged record so we can json process it
[FILTER]
    Name rewrite_tag
    Match_Regex ^.+-firelens-.+$
    Rule $log .* datadog true

# the streams file will split a stream tagged datadog, this parses that
# streams `log` key as JSON. If the parsing fails, the message looks like:
# {"log":"<original log message here>"}
[FILTER]
    Name                parser
    Match               datadog
    Parser              json
    Key_Name            log
    Reserve_Data        On


# send the raw logs to cloudwatch, this will only send the `log` key
[OUTPUT]
    Name cloudwatch_logs
    Match_Regex ^.+-firelens-.+$
    region ${AWS_REGION}
    log_key log
    log_group_name ${FIRELENS_CLOUDWATCH_LOG_GROUP}
    log_stream_prefix ${FIRELENS_CLOUDWATCH_LOG_STREAM_PREFIX}
    auto_create_group false
    retry_limit 2

# send the datadog tagged logs to datadog
[OUTPUT]
    Name datadog
    Match datadog
    Host http-intake.logs.datadoghq.com
    TLS on
    compress gzip
    dd_service ${DD_SERVICE}
    dd_source ${DD_SOURCE}
    dd_tags env:${DD_ENV},${DD_TAGS}
    provider ecs
    apikey ${DD_API_KEY}