Datadog V2

the datadog connector integrates with swimlane to monitor cloud scale applications, including monitoring servers, databases, tools, and services through the datadog saas platform prerequisites the datadog connector requires both an api key and an application key api key in order to obtain the api key, login to datadog and go to the api tab and click api keys then create api key you may also name your key application key in order to obtain the application key, login to datadog and go to the api tab and click application keys then create api key you may also name your key capabilities this connector provides the following capabilities search events create incident delete incident list incident search incidents update incidents limitations currently no limitations on the datadog integration and api asset setup datadog requires both an api key and an application key for full access to datadog's programmatic api thus without both keys this integration will not connect successfully notes for more information on datadog https //docs datadoghq com/api/?lang=bash#api reference https //docs datadoghq com/integrations/faq/list of api source attribute value/ configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required dd api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional dd application key application key string optional actions incident create create an incident this endpoint requires the incident write authorization scope endpoint url api/v2/incidents method post input argument name type required description data object optional response data data type string required incident data for a create request data attributes object required the incident's attributes for a create request data attributes title string required the title of the incident, which summarizes what happened data attributes customer impacted boolean required a flag indicating whether the incident caused customer impact data attributes customer impact scope string optional required if customer impacted "true" a summary of the impact customers experienced during the incident data attributes fields object optional a condensed view of the user defined fields for which to create initial selections data attributes fields state object optional response data data attributes fields state type string optional type of the single value field definitions allowed enum values are dropdown,textbox and default is dropdown data attributes fields state value string optional the single value selected for this field data attributes initial cells array optional an array of initial timeline cells to be placed at the beginning of the incident timeline data attributes initial cells cell type string required type of the markdown timeline cell allowed enum values are markdown, default is markdown data attributes initial cells content object required the markdown timeline cell contents data attributes initial cells content content string optional the markdown content of the cell data attributes initial cells content important boolean optional a flag indicating whether the timeline cell is important and should be highlighted data attributes notification handles array optional notification handles that will be notified of the incident at creation data attributes notification handles display name string optional the name of the notified handle data attributes notification handles handle string optional the email address used for the notification data relationships object optional the relationships the incident will have with other resources once created data relationships commander user object optional relationship to user data relationships commander user data object optional relationship to user object data relationships commander user data type string optional users resource type allowed enum values are users, default is users data relationships commander user data id string optional a unique identifier that represents the user input example {"data" {"type" "string","attributes" {"title" "string","customer impacted"\ true,"customer impact scope" "string","fields" {"state" {}},"initial cells" \[{"cell type" "string","content" {}}],"notification handles" \[{"display name" "example name","handle" "string"}]},"relationships" {"commander user" {"data" {}}}}} output parameter type description status code number http status code of the response reason string response reason phrase data object incident data from a response data attributes object the incident's attributes from a response data attributes created string timestamp when the incident was created data attributes customer impact duration string length of the incident's customer impact in seconds equals the difference between customer impact start and customer impact end data attributes customer impact end string timestamp when customers were no longer impacted by the incident data attributes customer impact scope string response data data attributes customer impact start string timestamp when customers began being impacted by the incident data attributes customer impacted boolean a flag indicating whether the incident caused customer impact data attributes detected string timestamp when the incident was detected data attributes fields object a condensed view of the user defined fields attached to incidents data attributes fields \<any key> string dynamic fields for which selections can be made, with field names as keys data attributes modified string timestamp when the incident was last modified data attributes notification handles array notification handles that will be notified of the incident during update data attributes notification handles display name string the name of the notified handle data attributes notification handles handle string the email address used for the notification data attributes public id number the monotonically increasing integer id for the incident data attributes resolved string timestamp when the incident's state was last changed from active or stable to resolved or completed data attributes time to detect string the amount of time in seconds to detect the incident equals the difference between customer impact start and detected data attributes time to internal response string the amount of time in seconds to call incident after detection equals the difference of detected and created data attributes time to repair string the amount of time in seconds to resolve customer impact after detecting the issue equals the difference between customer impact end and detected data attributes time to resolve string the amount of time in seconds to resolve the incident after it was created equals the difference between created and resolved data attributes title string the title of the incident, which summarizes what happened data id string the incident's id output example {"status code" 201,"response headers" {"date" "wed, 06 sep 2023 17 59 56 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x frame options" "sameorigin","content security policy" "frame ancestors 'self'; report uri https //logs browser intake datadoghq com/api ","vary" "accept encoding","content encoding" "gzip","x ratelimit limit" "20","x ratelimit period" "60","x ratelimit remaining" "19","x ratelimit reset" "4","x ratelimit name" "incidents crea delete incident deletes an existing incident from the users organization this endpoint requires the incident write authorization scope endpoint url api/v2/incidents/{{incident id}} method delete input argument name type required description path parameters incident id string required the uuid of the incident input example {"path parameters" {"incident id" "73e9f627 5dd6 526f b658 6e89b7e2e438"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 204,"response headers" {"date" "wed, 06 sep 2023 18 10 23 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x frame options" "sameorigin","content security policy" "frame ancestors 'self'; report uri https //logs browser intake datadoghq com/api ","vary" "accept encoding","content encoding" "gzip","x ratelimit limit" "20","x ratelimit period" "60","x ratelimit remaining" "19","x ratelimit reset" "37","x ratelimit name" "incidents del list incidents get all incidents for the user’s organization this endpoint requires the incident read authorization scope endpoint url api/v2/incidents method get input argument name type required description parameters include array optional specifies which types of related objects should be included in the response parameters page size number optional size for a given page the maximum allowed value is 100 parameters page offset number optional specific offset to use as the beginning of the returned page input example {"parameters" {"include" \["string"],"page size" 123,"page offset" 123}} output parameter type description status code number http status code of the response reason string response reason phrase data array an array of incidents data type string incident resource type allowed enum values is incidents and default is incidents data id string the incident's id data attributes object the incident's attributes from a response data attributes public id number the monotonically increasing integer id for the incident data attributes incident type uuid number response data data attributes title string the title of the incident, which summarizes what happened data attributes resolved string timestamp when the incident's state was last changed from active or stable to resolved or completed data attributes customer impact end string timestamp when customers were no longer impacted by the incident data attributes customer impact scope string a summary of the impact customers experienced during the incident data attributes customer impact start string timestamp when customers began being impacted by the incident data attributes customer impacted boolean a flag indicating whether the incident caused customer impact data attributes notification handles array notification handles that will be notified of the incident during update data attributes notification handles display name string the name of the notified handle data attributes notification handles handle string the email address used for the notification data attributes last modified by uuid string response data data attributes created string timestamp when the incident was created data attributes modified string timestamp when the incident was last modified data attributes detected string timestamp when the incident was detected data attributes created by uuid string response data data attributes creation idempotency key number response data data attributes customer impact duration number length of the incident's customer impact in seconds equals the difference between customer impact start and customer impact end data attributes time to detect number the amount of time in seconds to detect the incident equals the difference between customer impact start and detected output example {"status code" 200,"response headers" {"date" "thu, 07 sep 2023 09 44 07 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x frame options" "sameorigin","content security policy" "frame ancestors 'self'; report uri https //logs browser intake datadoghq com/api ","vary" "accept encoding","content encoding" "gzip","x ratelimit limit" "100","x ratelimit period" "60","x ratelimit remaining" "99","x ratelimit reset" "53","x ratelimit name" "incidents ge seacrh events list endpoint returns events that match an events search query results are paginated similarly to logs use this endpoint to build complex events filtering and search this endpoint requires the events read authorization scope endpoint url api/v2/events/search method post input argument name type required description filter object optional the search and filter query settings filter from string optional the minimum time for the requested events supports date math and regular timestamps in milliseconds default is now 15m filter query string optional the search query following the event search syntax default is filter to string optional the maximum time for the requested events supports date math and regular timestamps in milliseconds default is now options object optional the global query options that are used either provide a timezone or a time offset but not both, otherwise the query fails options timeoffset number optional the time offset to apply to the query in seconds options timezone string optional the timezone can be specified as gmt, utc, an offset from utc (like utc+1), or as a timezone database identifier (like america/new york) default is utc page object optional pagination settings page cursor string optional the returned paging point to use to get the next results page limit number optional the maximum number of logs in the response default is 10 sort string optional the sort parameters when querying events allowed enum values are timestamp, timestamp input example {"filter" {"from" "string","query" "string","to" "string"},"options" {"timeoffset" 123,"timezone" "string"},"page" {"cursor" "string","limit" 123},"sort" "string"} output parameter type description status code number http status code of the response reason string response reason phrase data array an array of events matching the request data attributes object the object description of an event response attribute data attributes attributes object object description of attributes from your event data attributes attributes aggregation key string aggregation key of the event data attributes attributes date happened number posix timestamp of the event must be sent as an integer (no quotation marks) limited to events no older than 18 hours data attributes attributes device name string a device name data attributes attributes duration number the duration between the triggering of the event and its recovery in nanoseconds data attributes attributes event object string the event title data attributes attributes evt object the metadata associated with a request data attributes attributes evt id string event id data attributes attributes evt name string the event name data attributes attributes evt source id number event source id data attributes attributes evt type string event type data attributes attributes hostname string host name to associate with the event any tags associated with the host are also applied to this event data attributes attributes monitor object attributes from the monitor that triggered the event data attributes attributes monitor created at number the posix timestamp of the monitor's creation in nanoseconds data attributes attributes monitor group status number monitor group status used when there is no result groups data attributes attributes monitor groups array groups to which the monitor belongs data attributes attributes monitor id number the monitor id data attributes attributes monitor message string the monitor message data attributes attributes monitor modified number the monitor's last modified timestamp data attributes attributes monitor name string the monitor name data attributes attributes monitor query string the query that triggers the alert output example {"data" \[{"attributes" {},"id" "aaaaawgn8xwgr1vkdqaaaabbv2doofh3zzzobm1mwxjfytr0oa","type" "event"}],"links" {"next" "https //app datadoghq com/api/v2/events?filter\[query]=foo\&page\[cursor]=eyjzdgfyd "},"meta" {"elapsed" 132,"page" {"after" "eyjzdgfydef0ijoiqvfbqufys2tms3ppbm40ngv3qufbqujcv0v0clrfddzvbg8zy3pcrmnsbhjivmxd "},"request id" "mwlfujvawgztttzpyzm0vxp1oxu2d3xlsvpemjzkq0vkuti0deytm3rsofvr","status" "done","warnings" \[{}]}} search incidents search for incidents matching a certain query this endpoint requires the incident read authorization scope endpoint url api/v2/incidents/search method get input argument name type required description parameters include string optional specifies which types of related objects should be included in the response allowed enum values are users, attachments parameters query string required specifies which incidents should be returned after entering a search query in your incidents page, use the query parameter value in the url of the page as the value for this parameter the query can contain any number of incident facets joined by ands, along with multiple values for each of those facets joined by ors, parameters sort string optional specifies the order of returned incidents allowed enum values are created, created parameters page size number optional size for a given page the maximum allowed value is 100 parameters page offset number optional specific offset to use as the beginning of the returned page input example {"parameters" {"include" "string","query" "string","sort" "string","page size" 123,"page offset" 123}} output parameter type description status code number http status code of the response reason string response reason phrase data object data returned by an incident search data attributes object attributes returned by an incident search data attributes facets object facet data for incidents returned by a search query data attributes facets commander array facet data for incident commander users data attributes facets commander count number count of the facet value appearing in search results data attributes facets commander email string email of the user data attributes facets commander handle string handle of the user data attributes facets commander name string name of the user data attributes facets commander uuid string id of the user data attributes facets created by array facet data for incident creator users data attributes facets created by count number count of the facet value appearing in search results data attributes facets created by email string email of the user data attributes facets created by handle string handle of the user data attributes facets created by name string name of the user data attributes facets created by uuid string id of the user data attributes facets fields array facet data for incident property fields data attributes facets fields aggregates object aggregate information for numeric incident data data attributes facets fields facets array facet data for the property field of an incident data attributes facets fields name string name of the incident property field data attributes facets impact array facet data for incident impact attributes data attributes facets impact count number count of the facet value appearing in search results data attributes facets impact name string the facet value appearing in search results data attributes facets last modified by array facet data for incident last modified by users output example {"data" {"attributes" {"facets" {},"incidents" \[],"total" 123},"type" "string"},"included" \[{"attributes" {},"id" "12345678 1234 1234 1234 123456789abc","relationships" {},"type" "string"}],"meta" {"pagination" {"next offset" 123,"offset" 123,"size" 123}}} update incident updates an incident provide only the attributes that should be updated as this request is a partial update this endpoint requires the incident write authorization scope endpoint url api/v2/incidents/{{incident id}} method patch input argument name type required description path parameters incident id string required the uuid of the incident parameters include array optional specifies which types of related objects should be included in the response data object optional incident data for an update request data attributes object optional the incident's attributes for an update request data attributes customer impact end string optional timestamp when customers were no longer impacted by the incident data attributes customer impact scope string optional a summary of the impact customers experienced during the incident data attributes customer impact start string optional timestamp when customers began being impacted by the incident data attributes customer impacted boolean optional a flag indicating whether the incident caused customer impact data attributes detected string optional timestamp when the incident was detected data attributes fields object optional a condensed view of the user defined fields for which to update selections data attributes fields \<any key> string optional dynamic fields for which selections can be made, with field names as keys data attributes notification handles array optional notification handles that will be notified of the incident during update data attributes notification handles display name string optional the name of the notified handle data attributes notification handles handle string optional the email address used for the notification data attributes title string optional the title of the incident, which summarizes what happened data id string required the incident's id data relationships object required the incident's relationships for an update request data relationships commander user object required relationship to user data relationships commander user data object required relationship to user object data relationships commander user data id string required a unique identifier that represents the user data relationships commander user data type string required users resource type allowed enum values is users and default is users data relationships integrations object required a relationship reference for multiple integration metadata objects data relationships integrations data array required integration metadata relationship array data relationships integrations data id string required a unique identifier that represents the integration metadata data relationships integrations data type string required integration metadata resource type allowed enum values = incident integrations and default is incident integrations input example {"parameters" {"include" \["commander user","incident"]},"path parameters" {"incident id" "73e9f627 5dd6 526f b658 6e89b7e2e438"}} output parameter type description status code number http status code of the response reason string response reason phrase data object incident data from a response data attributes object the incident's attributes from a response data attributes created string timestamp when the incident was created data attributes customer impact duration integer length of the incident's customer impact in seconds equals the difference between customer impact start and customer impact end data attributes customer impact end string timestamp when customers were no longer impacted by the incident data attributes customer impact scope string a summary of the impact customers experienced during the incident data attributes customer impact start string timestamp when customers began being impacted by the incident data attributes customer impacted boolean a flag indicating whether the incident caused customer impact data attributes detected string timestamp when the incident was detected data attributes fields object a condensed view of the user defined fields attached to incidents data attributes fields \<any key> string dynamic fields for which selections can be made, with field names as keys data attributes modified string timestamp when the incident was last modified data attributes notification handles array notification handles that will be notified of the incident during update data attributes notification handles display name string the name of the notified handle data attributes notification handles handle string the email address used for the notification data attributes public id number the monotonically increasing integer id for the incident data attributes resolved string timestamp when the incident's state was last changed from active or stable to resolved or completed data attributes time to detect string the amount of time in seconds to detect the incident equals the difference between customer impact start and detected data attributes time to internal response string the amount of time in seconds to call incident after detection equals the difference of detected and created data attributes time to repair string the amount of time in seconds to resolve customer impact after detecting the issue equals the difference between customer impact end and detected data attributes time to resolve string the amount of time in seconds to resolve the incident after it was created equals the difference between created and resolved data attributes title string the title of the incident, which summarizes what happened data id string the incident's id output example {"data" {"attributes" {"created" "2024 01 01t00 00 00z","customer impact duration" 123,"customer impact end" "string","customer impact scope" "string","customer impact start" "string","customer impacted"\ true,"detected" "string","fields" {},"modified" "string","notification handles" \[],"public id" 123,"resolved" "string","time to detect" "string","time to internal response" "string","time to repair" "string"},"id" "12345678 1234 1234 1234 123456789abc","relationships" {"attachments" {},"commande response headers header description example connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 19 content security policy http response header content security policy frame ancestors 'self'; report uri https //logs browser intake datadoghq com/api/v2/logs?dd api key=pube4f163c23bbf91c16b8f57f56af9fc58\&dd evp origin=content security policy\&ddsource=csp report\&ddtags=site%3adatadoghq com content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt strict transport security http response header strict transport security max age=31536000; includesubdomains; preload transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x ratelimit limit the number of requests allowed in the current rate limit window 600 x ratelimit name http response header x ratelimit name incidents delete incident x ratelimit period http response header x ratelimit period 60 x ratelimit remaining the number of requests remaining in the current rate limit window 99 x ratelimit reset the time at which the current rate limit window resets 53