What are Telemetry Pipelines? | Datadog
What are Telemetry Pipelines?

logs

Telemetry Pipelines Overview

Telemetry pipelines provide DevOps and Security teams with centralized governance for cost control and compliance.

on this page

What are telemetry pipelines and why do they matter for DevOps and security teams?

As organizations scale their infrastructure and adopt hybrid and multi-cloud environments, they often find their telemetry data volume increasing exponentially. This data is expensive to store, hard to manage, and difficult to route efficiently. That’s where telemetry pipelines come in.

A telemetry pipeline is a data processing layer that ingests telemetry—such as log data—from distributed systems and sends it to one or more observability, security, or analytics destinations. Rather than shipping data directly from source to tool, a pipeline acts as a central layer to clean, enrich, and optimize data before it lands in downstream systems. Telemetry pipelines are typically hosted within an organization’s environment to stay close to the source of the data, enabling greater control over how it’s processed and governed for compliance without being tied to a specific vendor.

Telemetry pipelines are a critical component of modern observability and Security Operations Center (SOC) architectures. When implemented correctly, they:

  • Handle large volumes of telemetry from cloud-native and on-premise environments

  • Support diverse data types and formats

  • Reduce observability and SIEM costs

  • Improve operational and security visibility

  • Streamline data compliance and governance workflows

Telemetry pipelines give teams fine-grained control over how observability data—especially logs—is collected, transformed, routed, and stored. This allows organizations to reduce costs, enforce compliance, and break free from vendor lock-in, while improving system performance, reliability, and investigation workflows.

Why are telemetry pipelines essential for handling log data?

Logs are foundational to observability and security—they power monitoring, troubleshooting, auditing, and investigations. But as infrastructure scales, so does log volume. Managing that data in a cost-efficient and compliant way has become one of the biggest challenges for modern DevOps, platform, and security teams.

The problem with log data at scale

Modern cloud-native environments generate an enormous volume of log data—from CDNs and VPCs to WAFs, load balancers, application services, and everything in between. Most of this telemetry is:

  • High-volume and high-ingest: Logs can grow into terabytes per day, particularly in high-throughput environments.

  • Low-access: Many logs are written once and rarely queried—think CDN or network flow logs held for compliance or auditing.

  • Noisy and redundant: Without filtering, logs often include verbose, duplicate, or irrelevant fields.

The result? Storage, egress, and ingestion costs rise exponentially.

Cost isn’t the only concern

In addition to cost, organizations without a proper telemetry pipeline solution may find themselves struggling with:

  • Compliance: Regulated industries must retain and redact sensitive data (e.g. PII, PCI, PHI), which adds complexity to how logs are handled, stored, and moved across systems.

  • Vendor lock-in: Many hosted observability and security tools require proprietary agents or tight integrations that limit your flexibility to route data to multiple destinations.

  • Operational burden: Self-hosted tools reduce some vendor costs, but they introduce new overhead: infrastructure to manage, engineers to train, and maintenance to sustain.

How does a telemetry pipeline help?

Telemetry pipelines solve these challenges by offering a scalable, flexible way to control log data before it becomes a cost or compliance liability.

With a telemetry pipeline, teams can:

  • Reduce observability and security data costs: Filter, sample, or transform logs before they hit downstream tools to minimize ingest and storage. Generate metrics from high-volume logs to retain key insights and KPIs over time. Control egress by routing only the necessary data to external services. Segment logs by use case or team, and apply quotas or thresholds to reduce cloud egress and storage spend.

  • Enable vendor migrations and flexibility: Route logs to multiple vendors simultaneously during a migration. Segment log types (e.g., application logs to observability, audit logs to SIEM) and test new tools without re-instrumenting code.

  • Enhance security analytics: Transform logs into standardized formats such as the Open Cybersecurity Schema Framework (OCSF) and add contextual metadata (IP geolocation, AWS tags, user info) to improve threat detection and investigation in SIEM tools like Datadog Cloud SIEM, Amazon, Security Lake, SentinelOne, or GoogleSecOps.

  • Data residency and compliance: Discover, classify, and redact sensitive fields (PII, PHI, and PCI) before logs leave your environment. Route sensitive data to on-prem storage — enabling compliance with GDPR, HIPAA, CCPA, and more.

  • Improve analytics and performance: Enrich and reshape logs for specific use cases. Improve searchability, support advanced dashboards, and reduce investigation time with structured and contextualized logs.

How Does a Telemetry Pipeline Work?

A typical telemetry pipeline follows five core stages:

  1. Log collection:

Log data is ingested from a wide range of sources—including applications, containers, servers, cloud services, and on-prem infrastructure. This is often done through telemetry agents, SDKs, open standards like OpenTelemetry, or integrations with existing pipelines and forwarders. For example, you might collect application logs via an agent, infrastructure logs via Fluent Bit, and cloud service logs via native provider APIs—all into a unified pipeline.

  1. Log processing:

Once ingested, the pipeline processes the data to reduce cost and improve usability:

  • Filtering: Remove low-value logs (e.g., debug or health checks)

  • Parsing: Extract structure from unstructured log lines

  • Redacting: Mask or remove sensitive fields (PII, tokens)

  • Enriching: Add metadata like region, team owner, or deployment tags

  • Transforming: Normalize formats (e.g., to JSON or OCSF)

  1. Log routing:

Processed logs are routed to different destinations based on rules, including:

  • Log analytics platforms

  • SIEMs

  • Cold storage (e.g., S3 or data lakes)

  • Application monitoring tools

  1. Pipeline monitoring:

The pipeline itself must be observed for performance optimization. Teams should monitor:

  • Ingest/egress throughput

  • Processing errors

  • Latency

  • CPU/memory usage of pipeline agents

Alerts can help detect misconfigurations, dropped logs, or bottlenecks in real time.

  1. Enterprise governance:

Telemetry pipelines support governance features such as role-based access control (RBAC), allowing teams to manage pipeline configurations and data access with fine-grained security controls.

Key Features to Look for in a Telemetry Pipeline

To deploy an enterprise-grade telemetry pipeline, look for a solution that includes:

  • Fast, no-code deployment: Look for telemetry pipelines that offer low-overhead, no-code or low-code deployment options. This enables faster time to value and reduces the need for custom scripting or manual configuration.

  • High performance: Your pipeline must be able to ingest and process massive log volumes with enterprise-grade speed and reliability. It should automatically scale to support high-throughput environments without bottlenecks or data loss.

  • Robust processing capabilities: Filtering, parsing, redaction, sampling, quotas, deduplication.

  • Enrichment support: Add metadata, apply tagging, and transform formats.

  • Standards-based output: Support for open data formats such as JSON and OCSF (Open Cybersecurity Schema Framework) ensures compatibility with a wide range of vendors.

  • Broad integrations: Integrate seamlessly with diverse data sources and destinations, including cloud services, on-prem systems, APMs, SIEMs, and long-term storage solutions.

  • Granular visibility and monitoring: Track pipeline health and log flow in real time. Alerts and dashboards should be easy to configure and actionable.

  • Compliance and access controls: Ensure secure and compliant operations with features for managing user permissions, audit logging to track changes and access history, and configuration versioning to support change management and rollback.

Get Started with Telemetry Pipelines

Telemetry pipelines give DevOps and security teams full control over their observability data—providing better performance, lower costs, and greater visibility across systems. Whether you’re migrating vendors, enforcing compliance, or scaling your infrastructure, a telemetry pipeline can help you optimize telemetry data at scale.

Learn more about Datadog Observability Pipelines and how to build a pipeline strategy that fits your environment.

Related Content

Learn about Datadog at your own pace with these on-demand resources.

/blog/observability-pipelines/new-observability-pipelines-hero

BLOG

Aggregate, process, and route logs easily with Datadog Observability Pipelines
Read More
/blog/observability-pipelines-route-logs-google-secops/google-secops-op-hero

BLOG

Streamline your security workflows with Google SecOps and Datadog Observability Pipelines
Read More
Get free unlimited monitoring for 14 days