Export env0 Log Data to SIEM and Monitoring Platforms

As we’ve talked with larger and larger enterprise customers, there has been a common message coming back to us — customers want, often need, env0 to send its logs to an aggregation platform. Whether for a security team to audit group activity, or to produce company-wide metrics, we frequently hear large organizations have a log aggregator in place, and they’d like to send activity from env0 to it.

So recently our engineering team made it a simple job to send logs to three of the most widely used log aggregation/SIEM platforms — Splunk, Datadog and Logz.io.

The documentation page has links to instructions for each platform, so keeping it simple here, it comes down to setting variables (in any scope) in env0.

Once set up, env0 will send comprehensive logging information to your aggregator of choice, allowing you to manipulate the data as you choose. Imagine a dashboard of daily deployment counts, a list of GitHub repositories utilised in deployments, metrics on deployment times and costs or even how about a projection of costs based on historical data?

In the quick example here, we sent data off to Splunk Cloud. Within the message.meta JSON blob, we can find a treasure trove of information:

‍

We can find each of the steps from the env0 interface under message.meta.stepName, and looking at some of its output, we find some useful messages:

Using the timestamps from the messages featuring ‘Creating’ to ‘Creation complete’ would give us a simple path to graphing the time it takes to create instances, for example.

Want to centrally log all the packages being installed during a custom flow? Mine message.msg: