Datadog Cloud SIEM
Datadog Cloud SIEM Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.8.0 and later.
#
Datadog Cloud SIEMDatadog is an observability service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform.
The SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers' entire technology stack. This integration was integrated and tested with version 2.12.0 of datadog-api-client.
#
Configure Datadog Cloud SIEM in CortexParameter | Description | Required |
---|---|---|
Server URL | Datadog website URL | True |
API Key | The API Key to use for authentication | True |
Application Key | The application key to use for authentication. | True |
Trust any certificate (not secure) | False | |
Use system proxy settings | False | |
How many incidents to fetch each time. | False | |
First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year) | False | |
Incident type | False | |
Fetch incidents | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
datadog-event-createThis endpoint allows you to post events to the stream.
#
Base Commanddatadog-event-create
#
InputArgument Name | Description | Required |
---|---|---|
text | A description of the event. Limited to 4000 characters. The description supports markdown. To use markdown in the event text, start the text block with %%% \n and end the text block with \n %%% . | Required |
title | The title of an event. | Required |
date_happened | The timestamp cannot be older than 18 hours. Format : yyyy-MM-dd’T’HH:mm:ssZ or “12 hours ago” or “-12 hours” or “15 min ago” or “-15 min”. | Optional |
device_name | A device name. | Optional |
host_name | Host name to associate with the event. | Optional |
priority | The priority of the event. Restricted value : low Permitted value : normal (Bug will be fixed in the near future.). Possible values are: normal, low. | Optional |
related_event_id | ID of the parent event. | Optional |
tags | A comma-separated list of tags to apply to the event. Ex: "environment:production, region:East” . | Optional |
aggregation_key | An arbitrary string to use for aggregation. If you specify a key, all events using that key are grouped together in the Event Stream. Limited to 100 characters. | Optional |
source_type_name | The type of event being posted. A complete list of source attribute values are available here: https://docs.datadoghq.com/integrations/faq/list-of-api-source-attribute-value/. | Optional |
alert_type | If an alert event is enabled, set its type. Possible values are: error, warning, info, success, user_update, recommendation, snapshot. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.Event.date_happened | Number | The timestamp of when the event happened. |
Datadog.Event.id | Number | Integer ID of the event. |
Datadog.Event.priority | String | The priority of the event. Possible values: normal, low. |
Datadog.Event.text | String | The description of the event. Limited to 4000 characters. The description supports markdown. |
Datadog.Event.tags | Unknown | A list of tags to apply to the event. |
Datadog.Event.url | String | URL of the event. |
Datadog.Event.status | String | The status of the event. |
Datadog.Event.title | String | The event title. |
Datadog.Event.alert_type | String | The alert type. Possible values: error, warning, info, success, user_update, recommendation, snapshot. |
Datadog.Event.device_name | String | A device name associated with the event. |
Datadog.Event.source_type_name | String | The type of event being posted. |
Datadog.Event.host | String | Host name to associate with the event. Any tags associated with the host are also applied to this event. |
#
Command example!datadog-event-create title="EventTitle" text="EventText"
#
Context Example#
Human Readable Output#
Event Details
Title Text Date Happened Id EventTitle EventText May 02, 2023 08:18 AM 7025503766209321995
#
datadog-event-listGet a list of events / Get the details of a particular event.
#
Base Commanddatadog-event-list
#
InputArgument Name | Description | Required |
---|---|---|
event_id | The ID of the event. | Optional |
start_date | Start Date Format : yyyy-MM-dd’T’HH:mm:ssZ or “-1days” or “12 hours ago” or “-12 hours” or “15 min ago” or “-15 min”. . | Optional |
end_date | End Date Default: now Format : yyyy-MM-dd’T’HH:mm:ssZ or "-1 days" or “12 hours ago” or “-12 hours” or “15 min ago” or “-15 min”. . | Optional |
priority | The priority of the event. Possible values are: normal, low. | Optional |
sources | A comma-separated string of sources. A complete list of source attribute values is available here: https://docs.datadoghq.com/integrations/faq/list-of-api-source-attribute-value/. | Optional |
tags | A comma-separated list indicating what tags, if any, should be used to filter the list of events. Ex: "environment:production, region:East". | Optional |
unaggregated | Set unaggregated to 'true' to return all events within the specified [start,end] timeframe. Possible values are: True, False. | Optional |
exclude_aggregate | Set exclude_aggregate to 'true' to only return unaggregated events where is_aggregate=false in the response. Possible values are: True, False. | Optional |
page | The page number. Default is 1. | Optional |
limit | The maximum number of records to return from the collection. Default is 50. If the page_size argument is set by the user then the limit argument will be ignored. | Optional |
page_size | The number of requested results per page. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.Event.alert_type | String | The alert type. Possible values: error, warning, info, success, user_update, recommendation, snapshot. |
Datadog.Event.date_happened | Number | The timestamp of when the event happened. |
Datadog.Event.device_name | String | A device name. |
Datadog.Event.id | Number | Integer ID of the event. |
Datadog.Event.priority | String | The priority of the event. Possible values: normal, low. |
Datadog.Event.text | String | The description of the event. Limited to 4000 characters. The description supports markdown. |
Datadog.Event.tags | Unknown | A list of tags to apply to the event. |
Datadog.Event.url | String | URL of the event. |
Datadog.Event.status | String | The status of the event. |
Datadog.Event.host | String | Host name to associate with the event. Any tags associated with the host are also applied to this event. |
Datadog.Event.title | String | The Event title. |
Datadog.Event.source_type_name | String | The type of event being posted. |
#
Command example!datadog-event-list limit=2
#
Context Example#
Human Readable Output#
Events List
Title Text Date Happened Id Priority Source Tags Is Aggregate Alert Type Incident #236: incident-test1 Status: Active | Severity: Unknown | Commander: Unassigned
https://app.datadoghq.com/incidents/236May 02, 2023 08:17 AM 7025502259105342299 normal Incidents source:incidents false info Incident #235: incident-test1 Status: Active | Severity: Unknown | Commander: Unassigned
https://app.datadoghq.com/incidents/235May 02, 2023 08:16 AM 7025501798182967576 normal Incidents source:incidents false info
#
datadog-tag-listReturn a mapping of tags to hosts for your whole infrastructure.
#
Base Commanddatadog-tag-list
#
InputArgument Name | Description | Required |
---|---|---|
page | The page number. Default is 1. | Optional |
page_size | The number of requested results per page. Default is 50. | Optional |
limit | The maximum number of records to return from the collection. Default value is 50. If the page_size argument is set by the user then the limit argument will be ignored. | Optional |
source | Source to filter. Ex: user, datadog. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.Tag | String | A list of tags to apply to the host. |
Datadog.HostTag | Unknown | The host name. |
#
Command example!datadog-tag-list limit=10
#
Context Example#
Human Readable Output#
Tags List
Tag Host Name role:database TestHost2 app:frontend TestHost2 region:west TestHost2 team:infra TestHost2
#
datadog-host-tag-createThis endpoint allows you to add new tags to a host, optionally specifying where these tags come from.
#
Base Commanddatadog-host-tag-create
#
InputArgument Name | Description | Required |
---|---|---|
host_name | The host name. | Required |
tags | A list of tags to apply to the host. Comma-seperated values. Ex: "environment:production, region:East” . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.Tag | Unknown | A list of tags to apply to the host. |
Datadog.HostTag | String | The host name. |
#
Command example!datadog-host-tag-create host_name="TestHost2" tags="env:prod"
#
Context Example#
Human Readable Output#
Host Tags Details
Host Name Tag TestHost2 env:prod
#
datadog-host-tag-getReturn the list of tags that apply to a given host.
#
Base Commanddatadog-host-tag-get
#
InputArgument Name | Description | Required |
---|---|---|
host_name | The host name. | Required |
source | Source to filter. Ex: user, datadog. | Optional |
page | The page number. Default is 1. | Optional |
page_size | The number of requested results per page. Default is 50. . | Optional |
limit | The maximum number of records to return from the collection. Default value is 50. If the page_size argument is set by the user, then the limit argument will be ignored. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.Tag | Unknown | A list of tags to apply to the host. |
Datadog.HostTag | String | The host name. |
#
Command example!datadog-host-tag-get host_name="TestHost2"
#
Context Example#
Human Readable Output#
Host Tags List
Tags role:database team:infra region:west app:frontend
#
datadog-host-tag-updateThis endpoint allows you to replace all tags in an integration source with those supplied in the request.
#
Base Commanddatadog-host-tag-update
#
InputArgument Name | Description | Required |
---|---|---|
host_name | The host name. | Required |
tags | A comma-separated list of tags to apply to the host Previous tags will be replaced by new tags. Ex: "environment:production, region:East” . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.Tag | Unknown | A list of tags to apply to the host. |
Datadog.HostTag | String | The host name. |
#
Command example!datadog-host-tag-update host_name="TestHost2"
#
Context Example#
Human Readable Output#
Host Tags Details
Host Name TestHost2
#
datadog-host-tag-deleteThis endpoint allows you to remove all user-assigned tags for a single host.
#
Base Commanddatadog-host-tag-delete
#
InputArgument Name | Description | Required |
---|---|---|
host_name | Host name from which to remove associated tags. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!datadog-host-tag-delete host_name="TestHost2"
#
Human Readable Output#
Host tags deleted successfully!
#
datadog-active-metric-listGet the list of actively reporting metrics.
#
Base Commanddatadog-active-metric-list
#
InputArgument Name | Description | Required |
---|---|---|
from | List of actively reporting metrics from a given time until now. Format : yyyy-MM-dd’T’HH:mm:ssZ Or '-1days' . | Required |
host_name | Hostname for filtering the list of metrics. Please do not complete this field (Bug will be fixed in the near future.). | Optional |
tag_filter | Filter metrics that have been submitted with the given tags. Ex: “region:east,env:prod”. | Optional |
page | The page number. Default is 1. | Optional |
page_size | The number of requested results per page. Default is 50. | Optional |
limit | The maximum number of records to return from the collection. Default value is 50. If the page_size argument is set by the user, then the limit argument will be ignored. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.Metric.from | String | Time when the metrics were active in seconds since the Unix epoch. |
Datadog.Metric | Unknown | List of metric names. |
#
Command example!datadog-active-metric-list from="-2days"
#
Context Example#
Human Readable Output#
Active Metric List
From Metric Name 2023-04-30 08:18:57 datadog.agent.python.version,
datadog.agent.running,
datadog.dogstatsd.client.aggregated_context,
datadog.dogstatsd.client.aggregated_context_by_type,
datadog.dogstatsd.client.bytes_dropped,
datadog.dogstatsd.client.bytes_dropped_queue,
datadog.dogstatsd.client.bytes_dropped_writer,
datadog.dogstatsd.client.bytes_sent,
datadog.dogstatsd.client.events,
datadog.dogstatsd.client.metric_dropped_on_receive,
datadog.dogstatsd.client.metrics,
datadog.dogstatsd.client.metrics_by_type,
datadog.dogstatsd.client.packets_dropped,
datadog.dogstatsd.client.packets_dropped_queue,
datadog.dogstatsd.client.packets_dropped_writer,
datadog.dogstatsd.client.packets_sent,
datadog.dogstatsd.client.service_checks,
datadog.estimated_usage.events.custom_events,
datadog.estimated_usage.events.ingested_events,
datadog.estimated_usage.hosts,
datadog.estimated_usage.incident_management.active_users,
datadog.event.tracking.indexation.feed.events,
datadog.event.tracking.intake.feed.bytes,
datadog.event.tracking.intakev2.feed.bytes,
datadog.process.agent,
datadog.trace_agent.cpu_percent,
datadog.trace_agent.events.max_eps.current_rate,
datadog.trace_agent.events.max_eps.max_rate,
datadog.trace_agent.events.max_eps.reached_max,
datadog.trace_agent.events.max_eps.sample_rate,
datadog.trace_agent.heap_alloc,
datadog.trace_agent.heartbeat,
datadog.trace_agent.receiver.out_chan_fill,
datadog.trace_agent.receiver.ratelimit,
datadog.trace_agent.sampler.kept,
datadog.trace_agent.sampler.rare.hits,
datadog.trace_agent.sampler.rare.misses,
datadog.trace_agent.sampler.rare.shrinks,
datadog.trace_agent.sampler.seen,
datadog.trace_agent.sampler.size,
datadog.trace_agent.stats_writer.bytes,
datadog.trace_agent.stats_writer.client_payloads,
datadog.trace_agent.stats_writer.encode_ms.avg,
datadog.trace_agent.stats_writer.encode_ms.count,
datadog.trace_agent.stats_writer.encode_ms.max,
datadog.trace_agent.stats_writer.errors,
datadog.trace_agent.stats_writer.payloads,
datadog.trace_agent.stats_writer.retries,
datadog.trace_agent.stats_writer.splits,
datadog.trace_agent.stats_writer.stats_buckets
#
datadog-metric-searchSearch for metrics from the last 24 hours in Datadog.
#
Base Commanddatadog-metric-search
#
InputArgument Name | Description | Required |
---|---|---|
query | Query string to search metrics from last 24 hours in Datadog. A complete list of query string values are available here: https://app.datadoghq.com/metric/summary. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.Metric.metric_name | Unknown | List of metrics that match the search query. |
#
Command example!datadog-metric-search query="datadog.agent.python.version"
#
Context Example#
Human Readable Output#
Metrics Search List
Metric Name datadog.agent.python.version
#
datadog-metric-metadata-getGet metadata about a specific metric.
#
Base Commanddatadog-metric-metadata-get
#
InputArgument Name | Description | Required |
---|---|---|
metric_name | Name of the metric for which to get metadata. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.MetricMetadata.description | String | Metric description. |
Datadog.MetricMetadata.integration | String | Name of the integration that sent the metric if applicable. |
Datadog.MetricMetadata.per_unit | String | Per unit of the metric such as second in bytes per second. |
Datadog.MetricMetadata.short_name | String | A human-readable and abbreviated version of the metric name. |
Datadog.MetricMetadata.statsd_interval | Number | StatsD flush interval of the metric in seconds if applicable. |
Datadog.MetricMetadata.type | String | Metric type. |
Datadog.MetricMetadata.unit | String | Primary unit of the metric. |
Datadog.MetricMetadata.metric_name | String | The metric name. |
#
Command example!datadog-metric-metadata-get metric_name="system.io.block_in"
#
Context Example#
Human Readable Output#
Metric Metadata Details
Metric Name Type system.io.block_in gauge
#
datadog-metric-metadata-updateEdit metadata of a specific metric.
#
Base Commanddatadog-metric-metadata-update
#
InputArgument Name | Description | Required |
---|---|---|
metric_name | Name of the metric for which to edit metadata. | Required |
description | Metric description. | Optional |
per_unit | Per unit of the metric A complete list of metric units values are available here: https://docs.datadoghq.com/metrics/units/#unit-list. | Optional |
short_name | A human-readable and abbreviated version of the metric name. | Optional |
statsd_interval | StatsD flush interval of the metric in seconds if applicable. | Optional |
type | Metric type. Possible values are: count, rate, gauge, set, histogram, distribution. | Optional |
unit | Primary unit of the metric. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.MetricMetadata.description | String | Metric description. |
Datadog.MetricMetadata.per_unit | String | Per unit of the metric such as second in bytes per second. |
Datadog.MetricMetadata.short_name | String | A human-readable and abbreviated version of the metric name. |
Datadog.MetricMetadata.statsd_interval | Number | StatsD flush interval of the metric in seconds if applicable. |
Datadog.MetricMetadata.type | String | Metric type. |
Datadog.MetricMetadata.unit | String | Primary unit of the metric. |
Datadog.MetricMetadata.metric_name | String | The metric name. |
#
Command example!datadog-metric-metadata-update metric_name="system.io.block_in"
#
Context Example#
Human Readable Output#
Metric Metadata Details
Metric Name Type system.io.block_in gauge
#
datadog-incident-createCreate an incident.
#
Base Commanddatadog-incident-create
#
InputArgument Name | Description | Required |
---|---|---|
customer_impacted | A flag indicating whether the incident caused customer impact. Restricted value : True Permitted value : False (Bug will be fixed in the near future.). Possible values are: True, False. | Required |
title | The title of the incident, which summarizes what happened. | Required |
severity | The severity of the incident. Default value=unknown. Possible values are: SEV-1, SEV-2, SEV-3, SEV-4, SEV-5, UNKNOWN. | Optional |
state | The state of the incident. Possible values are: active, stable, resolved. | Optional |
detection_method | Specify how the incident was detected. Possible values are: customer, employee, monitor, other, unknown. | Optional |
root_cause | This field allows you to enter the description of the root cause, triggers, and contributing factors of the incident. | Optional |
summary | Summary of the incident. | Optional |
content | The Markdown content of the cell that is used to format using the Markdown syntax rules. If content is provided, important attribute is required. | Optional |
important | A flag indicating whether the timeline cell is important and should be highlighted. Possible values are: True, False. | Optional |
display_name | The name of the notified handle. | Optional |
handle | The email address used for the notification. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.Incident.id | String | The ID of the incident. |
Datadog.Incident.attributes.public_id | Number | The monotonically increasing integer ID for the incident. |
Datadog.Incident.attributes.resolved | Unknown | Timestamp when the incident's state was last changed from active or stable to resolved or completed. |
Datadog.Incident.attributes.title | String | The title of the incident, which summarizes what happened. |
Datadog.Incident.attributes.customer_impact_scope | Unknown | A summary of the impact customers experienced during the incident. |
Datadog.Incident.attributes.customer_impact_start | Unknown | Timestamp when customers began being impacted by the incident. |
Datadog.Incident.attributes.customer_impact_end | Unknown | Timestamp when customers were no longer impacted by the incident. |
Datadog.Incident.attributes.customer_impacted | Boolean | A flag indicating whether the incident caused customer impact. |
Datadog.Incident.attributes.notification_handles.display_name | String | The name of the notified handle. |
Datadog.Incident.attributes.notification_handles.handle | String | The email address used for the notification. |
Datadog.Incident.attributes.created | String | Timestamp when the incident was created. |
Datadog.Incident.attributes.modified | String | Timestamp when the incident was last modified. |
Datadog.Incident.attributes.detected | String | Timestamp when the incident was detected. |
Datadog.Incident.attributes.customer_impact_duration | Number | Length of the incident's customer impact in seconds. Equals the difference between customer_impact_start and customer_impact_end. |
Datadog.Incident.attributes.time_to_detect | Number | The amount of time in seconds to detect the incident. Equals the difference between customer_impact_start and detected. |
Datadog.Incident.attributes.time_to_repair | Number | The amount of time in seconds to resolve customer impact after detecting the issue. Equals the difference between customer_impact_end and detected. |
Datadog.Incident.attributes.time_to_internal_response | Number | The amount of time in seconds to call incident after detection. Equals the difference of detected and created. |
Datadog.Incident.attributes.time_to_resolve | Number | The amount of time in seconds to resolve the incident after it was created. Equals the difference between created and resolved. |
Datadog.Incident.attributes.fields.severity.value | String | The severity of the incident. |
Datadog.Incident.attributes.fields.state.value | String | The status of the incident. |
Datadog.Incident.attributes.fields.detection_method.value | String | Specify how the incident was detected with these default options - customer, employee, monitor, other, or unknown. |
Datadog.Incident.attributes.fields.root_cause.value | String | This text field allows you to enter the description of the root cause, triggers, and contributing factors of the incident. |
Datadog.Incident.attributes.fields.summary.value | String | Summary of incident. |
Datadog.Incident.relationships.created_by_user.data.id | String | A unique identifier that represents the user. |
Datadog.Incident.relationships.integrations.data.id | String | A unique identifier that represents the integration metadata. |
Datadog.Incident.relationships.last_modified_by_user.data.id | String | A unique identifier that represents the user. |
Datadog.Incident.relationships.commander_user.data.id | Unknown | A unique identifier that represents the user. |
Datadog.Incident.included.attributes.created_at | String | Creation time of the user. |
Datadog.Incident.included.attributes.disabled | Boolean | Whether the user is disabled. |
Datadog.Incident.included.attributes.email | String | Email of the user. |
Datadog.Incident.included.attributes.handle | String | Handle of the user. |
Datadog.Incident.included.attributes.icon | String | URL of the user's icon. |
Datadog.Incident.included.attributes.modified_at | String | Time that the user was last modified. |
Datadog.Incident.included.attributes.name | String | Name of the user. |
Datadog.Incident.included.attributes.service_account | Boolean | Whether the user is a service account. |
Datadog.Incident.included.attributes.status | String | Status of the user. |
Datadog.Incident.included.attributes.title | String | Title of the user. |
Datadog.Incident.included.attributes.verified | Boolean | Whether the user is verified. |
Datadog.Incident.included.id | String | ID of the user. |
Datadog.Incident.included.relationships.org.id | String | ID of the organization. |
Datadog.Incident.included.relationships.other_orgs.id | String | ID of the other organization. |
Datadog.Incident.included.relationships.other_users.id | String | A unique identifier that represents the user. |
Datadog.Incident.included.relationships.roles.id | String | The unique identifier of the role. |
#
Command example!datadog-incident-create customer_impacted=False title="incident-test1"
#
Context Example#
Human Readable Output#
Incident Details
ID Title Created Customer Impacted Customer Impact Duration Customer Impact Scope Detected Resolved Time to Detect Time to Internal Response Time to Repair Time to Resolve Severity State Detection Method Root Cause Summary Notification Display Name Notification Handle 33203994-907e-5fb1-8655-9a81f4fd2d99 incident-test1 May 02, 2023 08:19 AM False 0 None May 02, 2023 08:19 AM None 0 0 0 0 UNKNOWN active unknown None None None None
#
datadog-incident-deleteDelete an existing incident.
#
Base Commanddatadog-incident-delete
#
InputArgument Name | Description | Required |
---|---|---|
incident_id | The UUID of the incident. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!datadog-incident-delete incident_id=73e9f627-5dd6-526f-b658-6e89b7e2e438
#
Human Readable Output#
Incident deleted successfully!
#
datadog-incident-updateUpdates an incident. Provide only the attributes that should be updated as this request is a partial update.
#
Base Commanddatadog-incident-update
#
InputArgument Name | Description | Required |
---|---|---|
incident_id | The UUID of the incident. | Required |
customer_impact_end | Specifies the end of the search time frame. Format : yyyy-MM-dd’T’HH:mm:ssZ Or '-1days'. | Optional |
customer_impact_scope | A summary of the impact customers experienced during the incident. | Optional |
customer_impact_start | Timestamp when customers began being impacted by the incident. Format : yyyy-MM-dd’T’HH:mm:ssZ Or '-1days'. | Optional |
customer_impacted | A flag indicating whether the incident caused customer impact. Possible values are: True, False. | Optional |
detected | Timestamp when the incident was detected. Format : yyyy-MM-dd’T’HH:mm:ssZ Or '-1days'. | Optional |
severity | The severity of the incident. Default value=unknown. Possible values are: SEV-1, SEV-2, SEV-3, SEV-4, SEV-5, UNKNOWN. | Optional |
state | The state of the incident. Possible values are: active, stable, resolved. | Optional |
detection_method | Specify how the incident was detected. Possible values are: customer, employee, monitor, other, unknown. | Optional |
root_cause | This field allows you to enter the description of the root cause, triggers, and contributing factors of the incident. | Optional |
summary | Summary of the incident. | Optional |
display_name | The name of the notified handle. | Optional |
handle | The email address used for the notification. | Optional |
title | The title of the incident, which summarizes what happened. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.Incident.id | String | The incident ID. |
Datadog.Incident.attributes.public_id | Number | The monotonically increasing integer ID for the incident. |
Datadog.Incident.attributes.title | String | The title of the incident, which summarizes what happened. |
Datadog.Incident.attributes.resolved | String | Timestamp when the incident's state was last changed from active or stable to resolved or completed. |
Datadog.Incident.attributes.customer_impact_scope | String | A summary of the impact customers experienced during the incident. |
Datadog.Incident.attributes.customer_impact_start | Date | Timestamp when customers began being impacted by the incident. |
Datadog.Incident.attributes.customer_impact_end | String | Timestamp when customers were no longer impacted by the incident. |
Datadog.Incident.attributes.customer_impacted | Boolean | A flag indicating whether the incident caused customer impact. |
Datadog.Incident.attributes.notification_handles.handle | String | The email address used for the notification. |
Datadog.Incident.attributes.notification_handles.display_name | String | The name of the notified handle. |
Datadog.Incident.attributes.created | String | Timestamp when the incident was created. |
Datadog.Incident.attributes.modified | String | Timestamp when the incident was last modified. |
Datadog.Incident.attributes.detected | String | Timestamp when the incident was detected. |
Datadog.Incident.attributes.customer_impact_duration | Number | Length of the incident's customer impact in seconds. Equals the difference between customer_impact_start and customer_impact_end. |
Datadog.Incident.attributes.time_to_detect | Number | The amount of time in seconds to detect the incident. Equals the difference between customer_impact_start and detected. |
Datadog.Incident.attributes.time_to_repair | Number | The amount of time in seconds to resolve customer impact after detecting the issue. Equals the difference between customer_impact_end and detected. |
Datadog.Incident.attributes.time_to_internal_response | Number | The amount of time in seconds to call incident after detection. Equals the difference of detected and created. |
Datadog.Incident.attributes.time_to_resolve | Number | The amount of time in seconds to resolve the incident after it was created. Equals the difference between created and resolved. |
Datadog.Incident.attributes.fields.severity.value | String | The severity of the incident. |
Datadog.Incident.attributes.fields.state.value | String | The status of the incident. |
Datadog.Incident.attributes.fields.detection_method.value | String | Specify how the incident was detected with these default options: customer, employee, monitor, other, or unknown. |
Datadog.Incident.attributes.fields.root_cause.value | String | This text field allows you to enter the description of the root cause, triggers, and contributing factors of the incident. |
Datadog.Incident.attributes.fields.summary.value | String | Summary of incident. |
Datadog.Incident.relationships.created_by_user.data.id | String | A unique identifier that represents the user. |
Datadog.Incident.relationships.last_modified_by_user.data.id | String | A unique identifier that represents the user. |
Datadog.Incident.relationships.commander_user.data.id | String | A unique identifier that represents the user. |
Datadog.Incident.included.attributes.created_at | String | Creation time of the user. |
Datadog.Incident.included.attributes.disabled | Boolean | Whether the user is disabled. |
Datadog.Incident.included.attributes.email | String | Email of the user. |
Datadog.Incident.included.attributes.handle | String | Handle of the user. |
Datadog.Incident.included.attributes.icon | String | URL of the user's icon. |
Datadog.Incident.included.attributes.modified_at | String | Time that the user was last modified. |
Datadog.Incident.included.attributes.name | String | Name of the user. |
Datadog.Incident.included.attributes.service_account | Boolean | Whether the user is a service account. |
Datadog.Incident.included.attributes.status | String | Status of the user. |
Datadog.Incident.included.attributes.title | String | Title of the user. |
Datadog.Incident.included.attributes.verified | Boolean | Whether the user is verified. |
Datadog.Incident.included.id | String | ID of the user. |
Datadog.Incident.included.relationships.org.id | String | ID of the organization. |
Datadog.Incident.included.relationships.other_orgs.id | String | ID of the other organization. |
Datadog.Incident.included.relationships.other_users.id | String | A unique identifier that represents the user. |
Datadog.Incident.included.relationships.roles.id | String | The unique identifier of the role. |
#
Command example!datadog-incident-update incident_id=73e9f627-5dd6-526f-b658-6e89b7e2e438
#
Context Example#
Human Readable Output#
Incident Details
ID Title Created Customer Impacted Customer Impact Duration Customer Impact Scope Detected Resolved Time to Detect Time to Internal Response Time to Repair Time to Resolve Severity State Detection Method Root Cause Summary 73e9f627-5dd6-526f-b658-6e89b7e2e438 Example-Create_an_incident_returns_CREATED_response February 02, 2023 06:53 AM False 0 None February 02, 2023 06:53 AM None 0 0 0 0 UNKNOWN resolved unknown None None
#
datadog-incident-listGet all incidents for the user’s organization / Get the details of an incident using incident_id.
#
Base Commanddatadog-incident-list
#
InputArgument Name | Description | Required |
---|---|---|
incident_id | The UUID of the incident. | Optional |
state | The status of the incident. Possible values are: active, stable, resolved. | Optional |
severity | The severity of the incident. Possible values are: SEV-1, SEV-2, SEV-3, SEV-4, SEV-5, UNKNOWN. | Optional |
customer_impacted | A flag indicating whether the incident caused customer impact. Possible values are: True, False. | Optional |
detection_method | Specify how the incident was detected. Possible values are: customer, employee, monitor, other, unknown. | Optional |
sort | Specifies the order of returned incidents. Possible values are: asc, desc. | Optional |
page_size | The number of requested results per page. Default is 50. | Optional |
page | The page number. Default is 1. | Optional |
limit | The maximum number of records to return from the collection. Default value is 50. If the page_size argument is set by the user, then the limit argument will be ignored. | Optional |
include | Specifies which types of related objects should be included in the response. Allowed enum values: users, attachments. Possible values are: users, attachments. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.Incident.id | String | The ID of the incident. |
Datadog.Incident.attributes.public_id | Number | The monotonically increasing integer ID for the incident. |
Datadog.Incident.attributes.resolved | Unknown | Timestamp when the incident's state was last changed from active or stable to resolved or completed. |
Datadog.Incident.attributes.title | String | The title of the incident, which summarizes what happened. |
Datadog.Incident.attributes.customer_impact_scope | Unknown | A summary of the impact customers experienced during the incident. |
Datadog.Incident.attributes.customer_impact_start | Unknown | Timestamp when customers began being impacted by the incident. |
Datadog.Incident.attributes.customer_impact_end | Unknown | Timestamp when customers were no longer impacted by the incident. |
Datadog.Incident.attributes.customer_impacted | Boolean | A flag indicating whether the incident caused customer impact. |
Datadog.Incident.attributes.notification_handles.display_name | String | The name of the notified handle. |
Datadog.Incident.attributes.notification_handles.handle | String | The email address used for the notification. |
Datadog.Incident.attributes.created | String | Timestamp when the incident was created. |
Datadog.Incident.attributes.modified | String | Timestamp when the incident was last modified. |
Datadog.Incident.attributes.detected | String | Timestamp when the incident was detected. |
Datadog.Incident.attributes.customer_impact_duration | Number | Length of the incident's customer impact in seconds. Equals the difference between customer_impact_start and customer_impact_end. |
Datadog.Incident.attributes.time_to_detect | Number | The amount of time in seconds to detect the incident. Equals the difference between customer_impact_start and detected. |
Datadog.Incident.attributes.time_to_repair | Number | The amount of time in seconds to resolve customer impact after detecting the issue. Equals the difference between customer_impact_end and detected. |
Datadog.Incident.attributes.time_to_internal_response | Number | The amount of time in seconds to call incident after detection. Equals the difference of detected and created. |
Datadog.Incident.attributes.time_to_resolve | Number | The amount of time in seconds to resolve the incident after it was created. Equals the difference between created and resolved. |
Datadog.Incident.attributes.fields.severity.value | String | The severity of the incident. |
Datadog.Incident.attributes.fields.state.value | String | The status of the incident. |
Datadog.Incident.attributes.fields.detection_method.value | String | Specify how the incident was detected with these default options - customer, employee, monitor, other, or unknown. |
Datadog.Incident.attributes.fields.root_cause.value | String | This text field allows you to enter the description of the root cause, triggers, and contributing factors of the incident. |
Datadog.Incident.attributes.fields.summary.value | String | Summary of incident. |
Datadog.Incident.relationships.created_by_user.data.id | String | A unique identifier that represents the user. |
Datadog.Incident.relationships.integrations.data.id | String | A unique identifier that represents the integration metadata. |
Datadog.Incident.relationships.last_modified_by_user.data.id | String | A unique identifier that represents the user. |
Datadog.Incident.relationships.commander_user.data.id | Unknown | A unique identifier that represents the user. |
Datadog.Incident.included.attributes.created_at | String | Creation time of the user. |
Datadog.Incident.included.attributes.disabled | Boolean | Whether the user is disabled. |
Datadog.Incident.included.attributes.email | String | Email of the user. |
Datadog.Incident.included.attributes.handle | String | Handle of the user. |
Datadog.Incident.included.attributes.icon | String | URL of the user's icon. |
Datadog.Incident.included.attributes.modified_at | String | Time that the user was last modified. |
Datadog.Incident.included.attributes.name | String | Name of the user. |
Datadog.Incident.included.attributes.service_account | Boolean | Whether the user is a service account. |
Datadog.Incident.included.attributes.status | String | Status of the user. |
Datadog.Incident.included.attributes.title | String | Title of the user. |
Datadog.Incident.included.attributes.verified | Boolean | Whether the user is verified. |
Datadog.Incident.included.id | String | ID of the user. |
Datadog.Incident.included.relationships.org.id | String | ID of the organization. |
Datadog.Incident.included.relationships.other_orgs.id | String | ID of the other organization. |
Datadog.Incident.included.relationships.other_users.id | String | A unique identifier that represents the user. |
Datadog.Incident.included.relationships.roles.id | String | The unique identifier of the role. |
#
Command example!datadog-incident-list limit=2
#
Context Example#
Human Readable Output#
Incidents List
ID Title Created Customer Impacted Customer Impact Duration Detected Resolved Time to Detect Time to Internal Response Time to Repair Time to Resolve Severity State Detection Method Root Cause Summary dc203d96-2c07-55f4-9312-5427468a8190 test-incident-i1 February 02, 2023 10:07 AM False 0 February 02, 2023 10:07 AM None 0 0 0 0 UNKNOWN resolved unknown None None e8d7e756-fc4b-5ae3-978b-dc6c081b0c38 test-incident-i1 February 03, 2023 06:36 AM False 0 February 03, 2023 06:36 AM None 0 0 0 0 UNKNOWN active unknown None None
#
datadog-time-series-point-queryQuery of sequence of data points that are collected over time intervals, allowing us to track changes over time.
#
Base Commanddatadog-time-series-point-query
#
InputArgument Name | Description | Required |
---|---|---|
from | Start of the queried time period. Format : YYYY-MM-dd’T’HH:mm:ssZ Or '-1days'. | Required |
to | End of the queried time period. Format : yyyy-MM-dd’T’HH:mm:ssZ Or '-1days'. | Required |
query | Query string. Ex : query="system.cpu.idle" A complete list of query string values are available here: https://app.datadoghq.com/metric/summary. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Datadog.TimeSeriesPoint.from_date | Date | Start of requested time window in milliseconds since Unix epoch. |
Datadog.TimeSeriesPoint.error | String | Message indicating the errors if status is not OK. |
Datadog.TimeSeriesPoint.group_by | Unknown | List of tag keys on which to group. |
Datadog.TimeSeriesPoint.message | String | Message indicating success if status is OK. |
Datadog.TimeSeriesPoint.query | String | Query string. |
Datadog.TimeSeriesPoint.res_type | String | Type of response. |
Datadog.TimeSeriesPoint.series.aggr | Unknown | Aggregation type. |
Datadog.TimeSeriesPoint.series.display_name | String | Display name of the metric. |
Datadog.TimeSeriesPoint.series.end | Date | End of the time window in milliseconds since Unix epoch. |
Datadog.TimeSeriesPoint.series.expression | String | Metric expression. |
Datadog.TimeSeriesPoint.series.interval | Number | Number of seconds between data samples. |
Datadog.TimeSeriesPoint.series.length | Number | Number of data samples. |
Datadog.TimeSeriesPoint.series.metric | String | Metric name. |
Datadog.TimeSeriesPoint.series.pointlist | Number | List of points of the time series. |
Datadog.TimeSeriesPoint.series.query_index | Number | The index of the series query within the request. |
Datadog.TimeSeriesPoint.series.scope | String | Metric scope, comma-separated list of tags. |
Datadog.TimeSeriesPoint.series.start | Date | Start of the time window in milliseconds since Unix epoch. |
Datadog.TimeSeriesPoint.series.tag_set | Unknown | Unique tags identifying this series. |
Datadog.TimeSeriesPoint.series.unit.family | String | Unit family allows for conversion between units of the same family, for scaling. |
Datadog.TimeSeriesPoint.series.unit.name | String | Unit name. |
Datadog.TimeSeriesPoint.series.unit.plural | String | Plural form of the unit's name. |
Datadog.TimeSeriesPoint.series.unit.scale_factor | Number | Factor for scaling between units of the same family. |
Datadog.TimeSeriesPoint.series.unit.short_name | String | Abbreviation of the unit. |
Datadog.TimeSeriesPoint.status | String | Status of the query. |
Datadog.TimeSeriesPoint.to_date | Date | End of requested time window in milliseconds since Unix epoch. |
#
Command example!datadog-time-series-point-query from="-2days" query="system.cpu.idle" to=now
#
Context Example#
Human Readable Output#
Query Timeseries Points