--- title: Add insights to a case description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Case Management --- # Add insights to a case{% #add-insights-to-a-case %} Copy pageCopied {% tab title="v2" %} **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). | Datadog site | API endpoint | | ----------------- | ----------------------------------------------------------------- | | ap1.datadoghq.com | PUT https://api.ap1.datadoghq.com/api/v2/cases/{case_id}/insights | | ap2.datadoghq.com | PUT https://api.ap2.datadoghq.com/api/v2/cases/{case_id}/insights | | app.datadoghq.eu | PUT https://api.datadoghq.eu/api/v2/cases/{case_id}/insights | | app.ddog-gov.com | PUT https://api.ddog-gov.com/api/v2/cases/{case_id}/insights | | us2.ddog-gov.com | PUT https://api.us2.ddog-gov.com/api/v2/cases/{case_id}/insights | | app.datadoghq.com | PUT https://api.datadoghq.com/api/v2/cases/{case_id}/insights | | us3.datadoghq.com | PUT https://api.us3.datadoghq.com/api/v2/cases/{case_id}/insights | | us5.datadoghq.com | PUT https://api.us5.datadoghq.com/api/v2/cases/{case_id}/insights | ### Overview Adds one or more insights to a case. Insights are references to related Datadog resources (such as monitors, security signals, incidents, or error tracking issues) that provide investigative context. Up to 100 insights can be added per request. Each insight requires a type (see `CaseInsightType` for allowed values), a ref (URL path to the resource), and a resource_id. OAuth apps require the `cases_write` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#case-management) to access this endpoint. ### Arguments #### Path Parameters | Name | Type | Description | | ------------------------- | ------ | ------------------ | | case_id [*required*] | string | Case's UUID or key | ### Request #### Body Data (required) Case insights request. {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | ----------------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | Data object containing the insights to add or remove. | | data | attributes [*required*] | object | Attributes for adding or removing insights from a case. | | attributes | insights [*required*] | [object] | Array of insights to add to or remove from a case. | | insights | ref [*required*] | string | The URL path or deep link to the insight resource within Datadog (for example, `/monitors/12345?q=total`). | | insights | resource_id [*required*] | string | The unique identifier of the referenced Datadog resource (for example, a monitor ID, incident ID, or signal ID). | | insights | type [*required*] | enum | The type of Datadog resource linked to the case as contextual evidence. Each type corresponds to a different Datadog product signal (for example, a security finding, a monitor alert, or an incident). Allowed enum values: `SECURITY_SIGNAL,MONITOR,EVENT_CORRELATION,ERROR_TRACKING,CLOUD_COST_RECOMMENDATION,INCIDENT,SENSITIVE_DATA_SCANNER_ISSUE,EVENT,WATCHDOG_STORY,WIDGET` | | data | type [*required*] | enum | JSON:API resource type for cases. Allowed enum values: `case` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "insights": [ { "ref": "/monitors/12345?q=total", "resource_id": "12345", "type": "SECURITY_SIGNAL" } ] }, "type": "case" } } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} Case response | Parent field | Field | Type | Description | | -------------------- | ---------------------------- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data | object | A case | | data | attributes [*required*] | object | Case resource attributes | | attributes | archived_at | date-time | Timestamp of when the case was archived | | attributes | attributes | object | Key-value pairs of case attributes. Each key maps to an array of string values, used for flexible metadata such as labels or tags. | | additionalProperties | | [string] | | attributes | closed_at | date-time | Timestamp of when the case was closed | | attributes | created_at | date-time | Timestamp of when the case was created | | attributes | custom_attributes | object | Case custom attributes | | additionalProperties | | object | A typed value for a custom attribute on a specific case. | | | is_multi [*required*] | boolean | If true, value must be an array | | | type [*required*] | enum | The data type of the custom attribute, which determines the allowed values and UI input control. Allowed enum values: `URL,TEXT,NUMBER,SELECT` | | | value [*required*] | | The value of a custom attribute. The accepted format depends on the attribute's type and whether it accepts multiple values. | | value | Option 1 | string | A string value for a TEXT, URL, or SELECT-type custom attribute. | | value | Option 2 | [string] | An array of string values for a multi-value TEXT, URL, or SELECT-type custom attribute. | | value | Option 3 | double | A numeric value for a NUMBER-type custom attribute. | | value | Option 4 | [number] | An array of numeric values for a multi-value NUMBER-type custom attribute. | | attributes | description | string | Description | | attributes | jira_issue | object | Jira issue attached to case | | jira_issue | result | object | Jira issue information | | result | issue_id | string | Jira issue ID | | result | issue_key | string | Jira issue key | | result | issue_url | string | Jira issue URL | | result | project_key | string | Jira project key | | jira_issue | status | enum | Case status Allowed enum values: `IN_PROGRESS,COMPLETED,FAILED` | | attributes | key | string | Key | | attributes | modified_at | date-time | Timestamp of when the case was last modified | | attributes | priority | enum | Case priority Allowed enum values: `NOT_DEFINED,P1,P2,P3,P4,P5` | | attributes | service_now_ticket | object | ServiceNow ticket attached to case | | service_now_ticket | result | object | ServiceNow ticket information | | result | sys_target_link | string | Link to the Incident created on ServiceNow | | service_now_ticket | status | enum | Case status Allowed enum values: `IN_PROGRESS,COMPLETED,FAILED` | | attributes | status | enum | **DEPRECATED**: Deprecated way of representing the case status, which only supports OPEN, IN_PROGRESS, and CLOSED statuses. Use `status_name` instead. Allowed enum values: `OPEN,IN_PROGRESS,CLOSED` | | attributes | status_group | enum | Status group of the case. Allowed enum values: `SG_OPEN,SG_IN_PROGRESS,SG_CLOSED` | | attributes | status_name | string | Status of the case. Must be one of the existing statuses for the case's type. | | attributes | title | string | Title | | attributes | type | enum | **DEPRECATED**: Case type Allowed enum values: `STANDARD` | | attributes | type_id | string | Case type UUID | | data | id [*required*] | string | Case's identifier | | data | relationships | object | Resources related to a case | | relationships | assignee | object | Relationship to user. | | assignee | data [*required*] | object | Relationship to user object. | | data | id [*required*] | string | A unique identifier that represents the user. | | data | type [*required*] | enum | User resource type. Allowed enum values: `user` | | relationships | created_by | object | Relationship to user. | | created_by | data [*required*] | object | Relationship to user object. | | data | id [*required*] | string | A unique identifier that represents the user. | | data | type [*required*] | enum | User resource type. Allowed enum values: `user` | | relationships | modified_by | object | Relationship to user. | | modified_by | data [*required*] | object | Relationship to user object. | | data | id [*required*] | string | A unique identifier that represents the user. | | data | type [*required*] | enum | User resource type. Allowed enum values: `user` | | relationships | project | object | Relationship to project. | | project | data [*required*] | object | Relationship to project object. | | data | id [*required*] | string | A unique identifier that represents the project. | | data | type [*required*] | enum | Project resource type. Allowed enum values: `project` | | data | type [*required*] | enum | JSON:API resource type for cases. Allowed enum values: `case` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "archived_at": "2019-09-19T10:00:00.000Z", "attributes": { "": [] }, "closed_at": "2019-09-19T10:00:00.000Z", "created_at": "2019-09-19T10:00:00.000Z", "custom_attributes": { "": { "is_multi": false, "type": "NUMBER", "value": { "description": "", "type": "" } } }, "description": "string", "jira_issue": { "result": { "issue_id": "string", "issue_key": "string", "issue_url": "string", "project_key": "string" }, "status": "COMPLETED" }, "key": "CASEM-4523", "modified_at": "2019-09-19T10:00:00.000Z", "priority": "NOT_DEFINED", "service_now_ticket": { "result": { "sys_target_link": "string" }, "status": "COMPLETED" }, "status": "OPEN", "status_group": "SG_OPEN", "status_name": "Open", "title": "Memory leak investigation on API", "type": "STANDARD", "type_id": "3b010bde-09ce-4449-b745-71dd5f861963" }, "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001", "relationships": { "assignee": { "data": { "id": "00000000-0000-0000-0000-000000000000", "type": "user" } }, "created_by": { "data": { "id": "00000000-0000-0000-0000-000000000000", "type": "user" } }, "modified_by": { "data": { "id": "00000000-0000-0000-0000-000000000000", "type": "user" } }, "project": { "data": { "id": "e555e290-ed65-49bd-ae18-8acbfcf18db7", "type": "project" } } }, "type": "case" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="401" %} Unauthorized {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Forbidden {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="404" %} Not Found {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Path parameters export case_id="f98a5a5b-e0ff-45d4-b2f5-afe6e74de504" \# Curl command curl -X PUT "https://api.datadoghq.com/api/v2/cases/${case_id}/insights" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "insights": [ { "ref": "/monitors/12345?q=total", "resource_id": "12345", "type": "SECURITY_SIGNAL" } ] }, "type": "case" } } EOF {% /tab %}