Datadog V2

the datadog connector integrates with swimlane to monitor cloud scale applications, including monitoring servers, databases, tools, and services through the datadog saas platform prerequisites the datadog connector requires both an api key and an application key api key in order to obtain the api key, login to datadog and go to the api tab and click api keys then create api key you may also name your key application key in order to obtain the application key, login to datadog and go to the api tab and click application keys then create api key you may also name your key capabilities this connector provides the following capabilities search events create incident delete incident list incident search incidents update incidents limitations currently no limitations on the datadog integration and api asset setup datadog requires both an api key and an application key for full access to datadog's programmatic api thus without both keys this integration will not connect successfully configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required dd api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional dd application key application key string optional actions incident create create an incident this endpoint requires the incident write authorization scope endpoint url api/v2/incidents method post input argument name type required description data object required response data type string required incident data for a create request attributes object required the incident's attributes for a create request title string required the title of the incident, which summarizes what happened customer impacted boolean required a flag indicating whether the incident caused customer impact customer impact scope string optional required if customer impacted "true" a summary of the impact customers experienced during the incident fields object optional a condensed view of the user defined fields for which to create initial selections state object optional parameter for incident create initial cells array optional an array of initial timeline cells to be placed at the beginning of the incident timeline cell type string required type of the markdown timeline cell allowed enum values are markdown, default is markdown content object required the markdown timeline cell contents notification handles array optional notification handles that will be notified of the incident at creation display name string optional the name of the notified handle handle string optional the email address used for the notification relationships object optional the relationships the incident will have with other resources once created commander user object optional relationship to user data object optional relationship to user object output parameter type description status code number http status code of the response reason string response reason phrase data object incident data from a response attributes object the incident's attributes from a response created string timestamp when the incident was created customer impact duration string length of the incident's customer impact in seconds equals the difference between customer impact start and customer impact end customer impact end string timestamp when customers were no longer impacted by the incident customer impact scope string output field customer impact scope customer impact start string timestamp when customers began being impacted by the incident customer impacted boolean a flag indicating whether the incident caused customer impact detected string timestamp when the incident was detected fields object a condensed view of the user defined fields attached to incidents \<any key> string dynamic fields for which selections can be made, with field names as keys modified string timestamp when the incident was last modified notification handles array notification handles that will be notified of the incident during update display name string the name of the notified handle handle string the email address used for the notification public id number the monotonically increasing integer id for the incident resolved string timestamp when the incident's state was last changed from active or stable to resolved or completed time to detect string the amount of time in seconds to detect the incident equals the difference between customer impact start and detected time to internal response string the amount of time in seconds to call incident after detection equals the difference of detected and created time to repair string the amount of time in seconds to resolve customer impact after detecting the issue equals the difference between customer impact end and detected time to resolve string the amount of time in seconds to resolve the incident after it was created equals the difference between created and resolved title string the title of the incident, which summarizes what happened id string the incident's id example \[ { "status code" 201, "response headers" { "date" "wed, 06 sep 2023 17 59 56 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x frame options" "sameorigin", "content security policy" "frame ancestors 'self'; report uri https //logs browser intake datadoghq com/api ", "vary" "accept encoding", "content encoding" "gzip", "x ratelimit limit" "20", "x ratelimit period" "60", "x ratelimit remaining" "19", "x ratelimit reset" "4", "x ratelimit name" "incidents create incident", "x content type options" "nosniff", "strict transport security" "max age=31536000; includesubdomains; preload" }, "reason" "created", "json body" { "data" {}, "included" \[] } } ] delete incident deletes an existing incident from the users organization this endpoint requires the incident write authorization scope endpoint url api/v2/incidents/{{incident id}} method delete input argument name type required description incident id string required the uuid of the incident output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 204, "response headers" { "date" "wed, 06 sep 2023 18 10 23 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x frame options" "sameorigin", "content security policy" "frame ancestors 'self'; report uri https //logs browser intake datadoghq com/api ", "vary" "accept encoding", "content encoding" "gzip", "x ratelimit limit" "20", "x ratelimit period" "60", "x ratelimit remaining" "19", "x ratelimit reset" "37", "x ratelimit name" "incidents delete incident", "x content type options" "nosniff", "strict transport security" "max age=31536000; includesubdomains; preload" }, "reason" "ok" } ] list incidents get all incidents for the user’s organization this endpoint requires the incident read authorization scope endpoint url api/v2/incidents method get input argument name type required description include array optional specifies which types of related objects should be included in the response page size number optional size for a given page the maximum allowed value is 100 page offset number optional specific offset to use as the beginning of the returned page output parameter type description status code number http status code of the response reason string response reason phrase data array an array of incidents type string incident resource type allowed enum values is incidents and default is incidents id string the incident's id attributes object the incident's attributes from a response public id number the monotonically increasing integer id for the incident incident type uuid number unique identifier title string the title of the incident, which summarizes what happened resolved string timestamp when the incident's state was last changed from active or stable to resolved or completed customer impact end string timestamp when customers were no longer impacted by the incident customer impact scope string a summary of the impact customers experienced during the incident customer impact start string timestamp when customers began being impacted by the incident customer impacted boolean a flag indicating whether the incident caused customer impact notification handles array notification handles that will be notified of the incident during update display name string the name of the notified handle handle string the email address used for the notification last modified by uuid string unique identifier created string timestamp when the incident was created modified string timestamp when the incident was last modified detected string timestamp when the incident was detected created by uuid string unique identifier creation idempotency key number unique identifier customer impact duration number length of the incident's customer impact in seconds equals the difference between customer impact start and customer impact end time to detect number the amount of time in seconds to detect the incident equals the difference between customer impact start and detected example \[ { "status code" 200, "response headers" { "date" "thu, 07 sep 2023 09 44 07 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x frame options" "sameorigin", "content security policy" "frame ancestors 'self'; report uri https //logs browser intake datadoghq com/api ", "vary" "accept encoding", "content encoding" "gzip", "x ratelimit limit" "100", "x ratelimit period" "60", "x ratelimit remaining" "99", "x ratelimit reset" "53", "x ratelimit name" "incidents get incident list", "x content type options" "nosniff", "strict transport security" "max age=31536000; includesubdomains; preload" }, "reason" "ok", "json body" { "data" \[], "meta" {} } } ] seacrh events list endpoint returns events that match an events search query results are paginated similarly to logs use this endpoint to build complex events filtering and search this endpoint requires the events read authorization scope endpoint url api/v2/events/search method post input argument name type required description filter object optional the search and filter query settings from string optional the minimum time for the requested events supports date math and regular timestamps in milliseconds default is now 15m query string optional the search query following the event search syntax default is to string optional the maximum time for the requested events supports date math and regular timestamps in milliseconds default is now options object optional the global query options that are used either provide a timezone or a time offset but not both, otherwise the query fails timeoffset number optional the time offset to apply to the query in seconds timezone string optional the timezone can be specified as gmt, utc, an offset from utc (like utc+1), or as a timezone database identifier (like america/new york) default is utc page object optional pagination settings cursor string optional the returned paging point to use to get the next results limit number optional the maximum number of logs in the response default is 10 sort string optional the sort parameters when querying events allowed enum values are timestamp, timestamp output parameter type description status code number http status code of the response reason string response reason phrase data array an array of events matching the request attributes object the object description of an event response attribute attributes object object description of attributes from your event aggregation key string aggregation key of the event date happened number posix timestamp of the event must be sent as an integer (no quotation marks) limited to events no older than 18 hours device name string a device name duration number the duration between the triggering of the event and its recovery in nanoseconds event object string the event title evt object the metadata associated with a request id string event id name string the event name source id number event source id type string event type hostname string host name to associate with the event any tags associated with the host are also applied to this event monitor object attributes from the monitor that triggered the event created at number the posix timestamp of the monitor's creation in nanoseconds group status number monitor group status used when there is no result groups groups array groups to which the monitor belongs id number the monitor id message string the monitor message modified number the monitor's last modified timestamp name string the monitor name query string the query that triggers the alert example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" \[], "links" {}, "meta" {} } } ] search incidents search for incidents matching a certain query this endpoint requires the incident read authorization scope endpoint url api/v2/incidents/search method get input argument name type required description include string optional specifies which types of related objects should be included in the response allowed enum values are users, attachments query string required specifies which incidents should be returned after entering a search query in your incidents page, use the query parameter value in the url of the page as the value for this parameter the query can contain any number of incident facets joined by ands, along with multiple values for each of those facets joined by ors, sort string optional specifies the order of returned incidents allowed enum values are created, created page size number optional size for a given page the maximum allowed value is 100 page offset number optional specific offset to use as the beginning of the returned page output parameter type description status code number http status code of the response reason string response reason phrase data object data returned by an incident search attributes object attributes returned by an incident search facets object facet data for incidents returned by a search query commander array facet data for incident commander users count number count of the facet value appearing in search results email string email of the user handle string handle of the user name string name of the user uuid string id of the user created by array facet data for incident creator users count number count of the facet value appearing in search results email string email of the user handle string handle of the user name string name of the user uuid string id of the user fields array facet data for incident property fields aggregates object aggregate information for numeric incident data facets array facet data for the property field of an incident name string name of the incident property field impact array facet data for incident impact attributes count number count of the facet value appearing in search results name string the facet value appearing in search results last modified by array facet data for incident last modified by users example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" {}, "included" \[], "meta" {} } } ] update incident updates an incident provide only the attributes that should be updated as this request is a partial update this endpoint requires the incident write authorization scope endpoint url api/v2/incidents/{{incident id}} method patch input argument name type required description incident id string required the uuid of the incident include array optional specifies which types of related objects should be included in the response data object required incident data for an update request attributes object optional the incident's attributes for an update request customer impact end string optional timestamp when customers were no longer impacted by the incident customer impact scope string optional a summary of the impact customers experienced during the incident customer impact start string optional timestamp when customers began being impacted by the incident customer impacted boolean optional a flag indicating whether the incident caused customer impact detected string optional timestamp when the incident was detected fields object optional a condensed view of the user defined fields for which to update selections \<any key> string optional dynamic fields for which selections can be made, with field names as keys notification handles array optional notification handles that will be notified of the incident during update display name string optional the name of the notified handle handle string optional the email address used for the notification title string optional the title of the incident, which summarizes what happened id string required the incident's id relationships object required the incident's relationships for an update request commander user object required relationship to user data object required relationship to user object integrations object required a relationship reference for multiple integration metadata objects data array required integration metadata relationship array postmortem object required a relationship reference for postmortems data object required the postmortem relationship data type string required incident resource type allowed enum values = incidents and default = incidents output parameter type description status code number http status code of the response reason string response reason phrase data object incident data from a response attributes object the incident's attributes from a response created string timestamp when the incident was created customer impact duration integer length of the incident's customer impact in seconds equals the difference between customer impact start and customer impact end customer impact end string timestamp when customers were no longer impacted by the incident customer impact scope string a summary of the impact customers experienced during the incident customer impact start string timestamp when customers began being impacted by the incident customer impacted boolean a flag indicating whether the incident caused customer impact detected string timestamp when the incident was detected fields object a condensed view of the user defined fields attached to incidents \<any key> string dynamic fields for which selections can be made, with field names as keys modified string timestamp when the incident was last modified notification handles array notification handles that will be notified of the incident during update display name string the name of the notified handle handle string the email address used for the notification public id number the monotonically increasing integer id for the incident resolved string timestamp when the incident's state was last changed from active or stable to resolved or completed time to detect string the amount of time in seconds to detect the incident equals the difference between customer impact start and detected time to internal response string the amount of time in seconds to call incident after detection equals the difference of detected and created time to repair string the amount of time in seconds to resolve customer impact after detecting the issue equals the difference between customer impact end and detected time to resolve string the amount of time in seconds to resolve the incident after it was created equals the difference between created and resolved title string the title of the incident, which summarizes what happened id string the incident's id example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" {}, "included" \[] } } ] response headers header description example connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 19 content security policy http response header content security policy frame ancestors 'self'; report uri https //logs browser intake datadoghq com/api/v2/logs?dd api key=pube4f163c23bbf91c16b8f57f56af9fc58\&dd evp origin=content security policy\&ddsource=csp report\&ddtags=site%3adatadoghq com https //logs browser intake datadoghq com/api/v2/logs?dd api key=pube4f163c23bbf91c16b8f57f56af9fc58\&dd evp origin=content security policy\&ddsource=csp report\&ddtags=site%3adatadoghq com content type the media type of the resource application/json date the date and time at which the message was originated thu, 07 sep 2023 09 44 07 gmt strict transport security http response header strict transport security max age=31536000; includesubdomains; preload transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x ratelimit limit the number of requests allowed in the current rate limit window 100 x ratelimit name http response header x ratelimit name incidents delete incident x ratelimit period http response header x ratelimit period 60 x ratelimit remaining the number of requests remaining in the current rate limit window 599 x ratelimit reset the time at which the current rate limit window resets 4 notes for more information on datadog datadog api documentation https //docs datadoghq com/api/?lang=bash#api reference complete list of source attribute values https //docs datadoghq com/integrations/faq/list of api source attribute value/