time_aggr: avg, sum, max, min, change, or pct_change
time_window: last_#m (with # between 1 and 10080 depending on the monitor type) or last_#h(with # between 1 and 168 depending on the monitor type) or last_1d, or last_1w
space_aggr: avg, sum, min, or max
tags: one or more tags (comma-separated), or *
key: a ‘key’ in key:value tag syntax; defines a separate alert for each tag in the group (multi-alert)
operator: <, <=, >, >=, ==, or !=
#: an integer or decimal number used to set the threshold
If you are using the _change_ or _pct_change_ time aggregator, instead use change_aggr(time_aggr(time_window), timeshift):space_aggr:metric{tags} [by {key}] operator # with:
time_window last_#m (between 1 and 2880 depending on the monitor type), last_#h (between 1 and 48 depending on the monitor type), or last_#d (1 or 2)
timeshift #m_ago (5, 10, 15, or 30), #h_ago (1, 2, or 4), or 1d_ago
Use this to create an outlier monitor using the following query:
avg(last_30m):outliers(avg:system.cpu.user{role:es-events-data} by {host}, 'dbscan', 7) > 0
check name of the check, for example datadog.agent.up
tags one or more quoted tags (comma-separated), or “*”. for example: .over("env:prod", "role:db"); over cannot be blank.
count must be at greater than or equal to your max threshold (defined in the options). It is limited to 100.
For example, if you’ve specified to notify on 1 critical, 3 ok, and 2 warn statuses, count should be at least 3.
group must be specified for check monitors. Per-check grouping is already explicitly known for some service checks.
For example, Postgres integration monitors are tagged by db, host, and port, and Network monitors by host, instance, and url. See Service Checks documentation for more information.
Example: 12345 && 67890, where 12345 and 67890 are the IDs of non-composite monitors
name [required, default = dynamic, based on query]: The name of the alert.
message [required, default = dynamic, based on query]: A message to include with notifications for this monitor.
Email notifications can be sent to specific users by using the same ‘@username’ notation as events.
tags [optional, default = empty list]: A list of tags to associate with your monitor.
When getting all monitor details via the API, use the monitor_tags argument to filter results by these tags.
It is only available via the API and isn’t visible or editable in the Datadog UI.
Object describing the creator of the shared element.
email
string
Email of the creator.
handle
string
Handle of the creator.
name
string
Name of the creator.
deleted
date-time
Whether or not the monitor is deleted. (Always null)
id
int64
ID of this monitor.
matching_downtimes
[object]
A list of active v1 downtimes that match this monitor.
end
int64
POSIX timestamp to end the downtime.
id [required]
int64
The downtime ID.
scope
[string]
The scope(s) to which the downtime applies. Must be in key:value format. For example, host:app2.
Provide multiple scopes as a comma-separated list like env:dev,env:prod.
The resulting downtime applies to sources that matches ALL provided scopes (env:devANDenv:prod).
start
int64
POSIX timestamp to start the downtime.
message
string
A message to include with notifications for this monitor.
modified
date-time
Last timestamp when the monitor was edited.
multi
boolean
Whether or not the monitor is broken down on different groups.
name
string
The monitor name.
options
object
List of options associated with your monitor.
aggregation
object
Type of aggregation performed in the monitor query.
group_by
string
Group to break down the monitor on.
metric
string
Metric name used in the monitor.
type
string
Metric type used in the monitor.
device_ids
[string]
DEPRECATED: IDs of the device the Synthetics monitor is running on.
enable_logs_sample
boolean
Whether or not to send a log sample when the log monitor triggers.
enable_samples
boolean
Whether or not to send a list of samples when the monitor triggers. This is only used by CI Test and Pipeline monitors.
escalation_message
string
We recommend using the is_renotify,
block in the original message instead.
A message to include with a re-notification. Supports the @username notification we allow elsewhere.
Not applicable if renotify_interval is None.
evaluation_delay
int64
Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min),
the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55.
This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation.
group_retention_duration
string
The time span after which groups with missing data are dropped from the monitor state.
The minimum value is one hour, and the maximum value is 72 hours.
Example values are: "60m", "1h", and "2d".
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
groupby_simple_monitor
boolean
DEPRECATED: Whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. Use notify_by instead.
include_tags
boolean
A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title.
Examples
If True, [Triggered on {host:h1}] Monitor Title
If False, [Triggered] Monitor Title
default: true
locked
boolean
DEPRECATED: Whether or not the monitor is locked (only editable by creator and admins). Use restricted_roles instead.
min_failure_duration
int64
How long the test should be in failure before alerting (integer, number of seconds, max 7200).
min_location_failed
int64
The minimum number of locations in failure at the same time during
at least one moment in the min_failure_duration period (min_location_failed and min_failure_duration
are part of the advanced alerting rules - integer, >= 1).
default: 1
new_group_delay
int64
Time (in seconds) to skip evaluations for new groups.
For example, this option can be used to skip evaluations for new hosts while they initialize.
Must be a non negative integer.
new_host_delay
int64
DEPRECATED: Time (in seconds) to allow a host to boot and applications
to fully start before starting the evaluation of monitor results.
Should be a non negative integer.
Use new_group_delay instead.
default: 300
no_data_timeframe
int64
The number of minutes before a monitor notifies after data stops reporting.
Datadog recommends at least 2x the monitor timeframe for query alerts or 2 minutes for service checks.
If omitted, 2x the evaluation timeframe is used for query alerts, and 24 hours is used for service checks.
notification_preset_name
enum
Toggles the display of additional content sent in the monitor notification.
Allowed enum values: show_all,hide_query,hide_handles,hide_all
default: show_all
notify_audit
boolean
A Boolean indicating whether tagged users is notified on changes to this monitor.
notify_by
[string]
Controls what granularity a monitor alerts on. Only available for monitors with groupings.
For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each
new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned
in notify_by must be a subset of the grouping tags in the query.
For example, a query grouped by cluster and namespace cannot notify on region.
Setting notify_by to [*] configures the monitor to notify as a simple-alert.
notify_no_data
boolean
A Boolean indicating whether this monitor notifies when data stops reporting. Defaults to false.
on_missing_data
enum
Controls how groups or monitors are treated if an evaluation does not return any data points.
The default option results in different behavior depending on the monitor query type.
For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions.
For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status.
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
Allowed enum values: default,show_no_data,show_and_notify_no_data,resolve
renotify_interval
int64
The number of minutes after the last notification before a monitor re-notifies on the current status.
It only re-notifies if it’s not resolved.
renotify_occurrences
int64
The number of times re-notification messages should be sent on the current status at the provided re-notification interval.
renotify_statuses
[string]
The types of monitor statuses for which re-notification messages are sent.
Default: null if renotify_interval is null.
If renotify_interval is set, defaults to renotify on Alert and No Data.
require_full_window
boolean
A Boolean indicating whether this monitor needs a full window of data before it’s evaluated.
We highly recommend you set this to false for sparse metrics,
otherwise some evaluations are skipped. Default is false. This setting only applies to
metric monitors.
scheduling_options
object
Configuration options for scheduling.
custom_schedule
object
Configuration options for the custom schedule. This feature is in private beta.
recurrences
[object]
Array of custom schedule recurrences.
rrule
string
Defines the recurrence rule (RRULE) for a given schedule.
start
string
Defines the start date and time of the recurring schedule.
timezone
string
Defines the timezone the schedule runs on.
evaluation_window
object
Configuration options for the evaluation window. If hour_starts is set, no other fields may be set. Otherwise, day_starts and month_starts must be set together.
day_starts
string
The time of the day at which a one day cumulative evaluation window starts. Must be defined in UTC time in HH:mm format.
hour_starts
int32
The minute of the hour at which a one hour cumulative evaluation window starts.
month_starts
int32
The day of the month at which a one month cumulative evaluation window starts.
silenced
object
DEPRECATED: Information about the downtime applied to the monitor. Only shows v1 downtimes.
<any-key>
int64
UTC epoch timestamp in seconds when the downtime for the group expires.
synthetics_check_id
string
DEPRECATED: ID of the corresponding Synthetic check.
threshold_windows
object
Alerting time window options.
recovery_window
string
Describes how long an anomalous metric must be normal before the alert recovers.
trigger_window
string
Describes how long a metric must be anomalous before an alert triggers.
thresholds
object
List of the different monitor threshold available.
critical
double
The monitor CRITICAL threshold.
critical_recovery
double
The monitor CRITICAL recovery threshold.
ok
double
The monitor OK threshold.
unknown
double
The monitor UNKNOWN threshold.
warning
double
The monitor WARNING threshold.
warning_recovery
double
The monitor WARNING recovery threshold.
timeout_h
int64
The number of hours of the monitor not reporting data before it automatically resolves from a triggered state. The minimum allowed value is 0 hours. The maximum allowed value is 24 hours.
variables
[ <oneOf>]
List of requests that can be used in the monitor query. This feature is currently in beta.
Option 1
object
A formula and functions events query.
compute [required]
object
Compute options.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
interval
int64
A time interval in milliseconds.
metric
string
Measurable attribute to compute.
data_source [required]
enum
Data source for event platform-based queries.
Allowed enum values: rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network
group_by
[object]
Group by options.
facet [required]
string
Event facet.
limit
int64
Number of groups to return.
sort
object
Options for sorting group by results.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
metric
string
Metric used for sorting group by results.
order
enum
Direction of sort.
Allowed enum values: asc,desc
default: desc
indexes
[string]
An array of index names to query in the stream. Omit or use [] to query all indexes at once.
name [required]
string
Name of the query for use in formulas.
search
object
Search options.
query [required]
string
Events search string.
overall_state
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
priority
int64
Integer from 1 (high) to 5 (low) indicating alert severity.
query [required]
string
The monitor query.
restricted_roles
[string]
A list of unique role identifiers to define which roles are allowed to edit the monitor. The unique identifiers for all roles can be pulled from the Roles API and are located in the data.id field. Editing a monitor includes any updates to the monitor configuration, monitor deletion, and muting of the monitor for any amount of time. You can use the Restriction Policies API to manage write authorization for individual monitors by teams and users, in addition to roles.
state
object
Wrapper object with the different monitor states.
groups
object
Dictionary where the keys are groups (comma separated lists of tags) and the values are
the list of groups your monitor is broken down on.
<any-key>
object
Monitor state for a single group.
last_nodata_ts
int64
Latest timestamp the monitor was in NO_DATA state.
last_notified_ts
int64
Latest timestamp of the notification sent for this monitor group.
last_resolved_ts
int64
Latest timestamp the monitor group was resolved.
last_triggered_ts
int64
Latest timestamp the monitor group triggered.
name
string
The name of the monitor.
status
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
tags
[string]
Tags associated to your monitor.
type [required]
enum
The type of the monitor. For more information about type, see the monitor options docs.
Allowed enum values: composite,event alert,log alert,metric alert,process alert,query alert,rum alert,service check,synthetics alert,trace-analytics alert,slo alert,event-v2 alert,audit alert,ci-pipelines alert,ci-tests alert,error-tracking alert,database-monitoring alert,network-performance alert
Object describing the creator of the shared element.
email
string
Email of the creator.
handle
string
Handle of the creator.
name
string
Name of the creator.
deleted
date-time
Whether or not the monitor is deleted. (Always null)
id
int64
ID of this monitor.
matching_downtimes
[object]
A list of active v1 downtimes that match this monitor.
end
int64
POSIX timestamp to end the downtime.
id [required]
int64
The downtime ID.
scope
[string]
The scope(s) to which the downtime applies. Must be in key:value format. For example, host:app2.
Provide multiple scopes as a comma-separated list like env:dev,env:prod.
The resulting downtime applies to sources that matches ALL provided scopes (env:devANDenv:prod).
start
int64
POSIX timestamp to start the downtime.
message
string
A message to include with notifications for this monitor.
modified
date-time
Last timestamp when the monitor was edited.
multi
boolean
Whether or not the monitor is broken down on different groups.
name
string
The monitor name.
options
object
List of options associated with your monitor.
aggregation
object
Type of aggregation performed in the monitor query.
group_by
string
Group to break down the monitor on.
metric
string
Metric name used in the monitor.
type
string
Metric type used in the monitor.
device_ids
[string]
DEPRECATED: IDs of the device the Synthetics monitor is running on.
enable_logs_sample
boolean
Whether or not to send a log sample when the log monitor triggers.
enable_samples
boolean
Whether or not to send a list of samples when the monitor triggers. This is only used by CI Test and Pipeline monitors.
escalation_message
string
We recommend using the is_renotify,
block in the original message instead.
A message to include with a re-notification. Supports the @username notification we allow elsewhere.
Not applicable if renotify_interval is None.
evaluation_delay
int64
Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min),
the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55.
This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation.
group_retention_duration
string
The time span after which groups with missing data are dropped from the monitor state.
The minimum value is one hour, and the maximum value is 72 hours.
Example values are: "60m", "1h", and "2d".
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
groupby_simple_monitor
boolean
DEPRECATED: Whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. Use notify_by instead.
include_tags
boolean
A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title.
Examples
If True, [Triggered on {host:h1}] Monitor Title
If False, [Triggered] Monitor Title
default: true
locked
boolean
DEPRECATED: Whether or not the monitor is locked (only editable by creator and admins). Use restricted_roles instead.
min_failure_duration
int64
How long the test should be in failure before alerting (integer, number of seconds, max 7200).
min_location_failed
int64
The minimum number of locations in failure at the same time during
at least one moment in the min_failure_duration period (min_location_failed and min_failure_duration
are part of the advanced alerting rules - integer, >= 1).
default: 1
new_group_delay
int64
Time (in seconds) to skip evaluations for new groups.
For example, this option can be used to skip evaluations for new hosts while they initialize.
Must be a non negative integer.
new_host_delay
int64
DEPRECATED: Time (in seconds) to allow a host to boot and applications
to fully start before starting the evaluation of monitor results.
Should be a non negative integer.
Use new_group_delay instead.
default: 300
no_data_timeframe
int64
The number of minutes before a monitor notifies after data stops reporting.
Datadog recommends at least 2x the monitor timeframe for query alerts or 2 minutes for service checks.
If omitted, 2x the evaluation timeframe is used for query alerts, and 24 hours is used for service checks.
notification_preset_name
enum
Toggles the display of additional content sent in the monitor notification.
Allowed enum values: show_all,hide_query,hide_handles,hide_all
default: show_all
notify_audit
boolean
A Boolean indicating whether tagged users is notified on changes to this monitor.
notify_by
[string]
Controls what granularity a monitor alerts on. Only available for monitors with groupings.
For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each
new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned
in notify_by must be a subset of the grouping tags in the query.
For example, a query grouped by cluster and namespace cannot notify on region.
Setting notify_by to [*] configures the monitor to notify as a simple-alert.
notify_no_data
boolean
A Boolean indicating whether this monitor notifies when data stops reporting. Defaults to false.
on_missing_data
enum
Controls how groups or monitors are treated if an evaluation does not return any data points.
The default option results in different behavior depending on the monitor query type.
For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions.
For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status.
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
Allowed enum values: default,show_no_data,show_and_notify_no_data,resolve
renotify_interval
int64
The number of minutes after the last notification before a monitor re-notifies on the current status.
It only re-notifies if it’s not resolved.
renotify_occurrences
int64
The number of times re-notification messages should be sent on the current status at the provided re-notification interval.
renotify_statuses
[string]
The types of monitor statuses for which re-notification messages are sent.
Default: null if renotify_interval is null.
If renotify_interval is set, defaults to renotify on Alert and No Data.
require_full_window
boolean
A Boolean indicating whether this monitor needs a full window of data before it’s evaluated.
We highly recommend you set this to false for sparse metrics,
otherwise some evaluations are skipped. Default is false. This setting only applies to
metric monitors.
scheduling_options
object
Configuration options for scheduling.
custom_schedule
object
Configuration options for the custom schedule. This feature is in private beta.
recurrences
[object]
Array of custom schedule recurrences.
rrule
string
Defines the recurrence rule (RRULE) for a given schedule.
start
string
Defines the start date and time of the recurring schedule.
timezone
string
Defines the timezone the schedule runs on.
evaluation_window
object
Configuration options for the evaluation window. If hour_starts is set, no other fields may be set. Otherwise, day_starts and month_starts must be set together.
day_starts
string
The time of the day at which a one day cumulative evaluation window starts. Must be defined in UTC time in HH:mm format.
hour_starts
int32
The minute of the hour at which a one hour cumulative evaluation window starts.
month_starts
int32
The day of the month at which a one month cumulative evaluation window starts.
silenced
object
DEPRECATED: Information about the downtime applied to the monitor. Only shows v1 downtimes.
<any-key>
int64
UTC epoch timestamp in seconds when the downtime for the group expires.
synthetics_check_id
string
DEPRECATED: ID of the corresponding Synthetic check.
threshold_windows
object
Alerting time window options.
recovery_window
string
Describes how long an anomalous metric must be normal before the alert recovers.
trigger_window
string
Describes how long a metric must be anomalous before an alert triggers.
thresholds
object
List of the different monitor threshold available.
critical
double
The monitor CRITICAL threshold.
critical_recovery
double
The monitor CRITICAL recovery threshold.
ok
double
The monitor OK threshold.
unknown
double
The monitor UNKNOWN threshold.
warning
double
The monitor WARNING threshold.
warning_recovery
double
The monitor WARNING recovery threshold.
timeout_h
int64
The number of hours of the monitor not reporting data before it automatically resolves from a triggered state. The minimum allowed value is 0 hours. The maximum allowed value is 24 hours.
variables
[ <oneOf>]
List of requests that can be used in the monitor query. This feature is currently in beta.
Option 1
object
A formula and functions events query.
compute [required]
object
Compute options.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
interval
int64
A time interval in milliseconds.
metric
string
Measurable attribute to compute.
data_source [required]
enum
Data source for event platform-based queries.
Allowed enum values: rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network
group_by
[object]
Group by options.
facet [required]
string
Event facet.
limit
int64
Number of groups to return.
sort
object
Options for sorting group by results.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
metric
string
Metric used for sorting group by results.
order
enum
Direction of sort.
Allowed enum values: asc,desc
default: desc
indexes
[string]
An array of index names to query in the stream. Omit or use [] to query all indexes at once.
name [required]
string
Name of the query for use in formulas.
search
object
Search options.
query [required]
string
Events search string.
overall_state
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
priority
int64
Integer from 1 (high) to 5 (low) indicating alert severity.
query [required]
string
The monitor query.
restricted_roles
[string]
A list of unique role identifiers to define which roles are allowed to edit the monitor. The unique identifiers for all roles can be pulled from the Roles API and are located in the data.id field. Editing a monitor includes any updates to the monitor configuration, monitor deletion, and muting of the monitor for any amount of time. You can use the Restriction Policies API to manage write authorization for individual monitors by teams and users, in addition to roles.
state
object
Wrapper object with the different monitor states.
groups
object
Dictionary where the keys are groups (comma separated lists of tags) and the values are
the list of groups your monitor is broken down on.
<any-key>
object
Monitor state for a single group.
last_nodata_ts
int64
Latest timestamp the monitor was in NO_DATA state.
last_notified_ts
int64
Latest timestamp of the notification sent for this monitor group.
last_resolved_ts
int64
Latest timestamp the monitor group was resolved.
last_triggered_ts
int64
Latest timestamp the monitor group triggered.
name
string
The name of the monitor.
status
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
tags
[string]
Tags associated to your monitor.
type [required]
enum
The type of the monitor. For more information about type, see the monitor options docs.
Allowed enum values: composite,event alert,log alert,metric alert,process alert,query alert,rum alert,service check,synthetics alert,trace-analytics alert,slo alert,event-v2 alert,audit alert,ci-pipelines alert,ci-tests alert,error-tracking alert,database-monitoring alert,network-performance alert
fromdatadogimportinitialize,apioptions={'api_key':'<DATADOG_API_KEY>','app_key':'<DATADOG_APPLICATION_KEY>'}initialize(**options)# Create a new monitormonitor_options={"notify_no_data":True,"no_data_timeframe":20}tags=["app:webserver","frontend"]api.Monitor.create(type="query alert",query="avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100",name="Bytes received on host0",message="We may need to add web hosts if this is consistently high.",tags=tags,options=monitor_options)
require'dogapi'api_key='<DATADOG_API_KEY>'app_key='<DATADOG_APPLICATION_KEY>'dog=Dogapi::Client.new(api_key,app_key)# Create a new monitoroptions={'notify_no_data'=>true,'no_data_timeframe'=>20}tags=['app:webserver','frontend']dog.monitor('query alert','avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100',name:'Bytes received on host0',message:'We may need to add web hosts if this is consistently high.',tags:tags,options:options)
# Create a RUM formula and functions monitor returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V1::MonitorsAPI.newbody=DatadogAPIClient::V1::Monitor.new({name:"Example-Monitor",type:DatadogAPIClient::V1::MonitorType::RUM_ALERT,query:'formula("query2 / query1 * 100").last("15m") >= 0.8',message:"some message Notify: @hipchat-channel",tags:["test:examplemonitor","env:ci",],priority:3,options:DatadogAPIClient::V1::MonitorOptions.new({thresholds:DatadogAPIClient::V1::MonitorThresholds.new({critical:0.8,}),variables:[DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinition.new({data_source:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventsDataSource::RUM,name:"query2",search:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionSearch.new({query:"",}),indexes:["*",],compute:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionCompute.new({aggregation:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventAggregation::COUNT,}),group_by:[],}),DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinition.new({data_source:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventsDataSource::RUM,name:"query1",search:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionSearch.new({query:"status:error",}),indexes:["*",],compute:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionCompute.new({aggregation:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventAggregation::COUNT,}),group_by:[],}),],}),})papi_instance.create_monitor(body)
# Create a ci-pipelines formula and functions monitor returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V1::MonitorsAPI.newbody=DatadogAPIClient::V1::Monitor.new({name:"Example-Monitor",type:DatadogAPIClient::V1::MonitorType::CI_PIPELINES_ALERT,query:'formula("query1 / query2 * 100").last("15m") >= 0.8',message:"some message Notify: @hipchat-channel",tags:["test:examplemonitor","env:ci",],priority:3,options:DatadogAPIClient::V1::MonitorOptions.new({thresholds:DatadogAPIClient::V1::MonitorThresholds.new({critical:0.8,}),variables:[DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinition.new({data_source:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventsDataSource::CI_PIPELINES,name:"query1",search:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionSearch.new({query:"@ci.status:error",}),indexes:["*",],compute:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionCompute.new({aggregation:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventAggregation::COUNT,}),group_by:[],}),DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinition.new({data_source:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventsDataSource::CI_PIPELINES,name:"query2",search:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionSearch.new({query:"",}),indexes:["*",],compute:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionCompute.new({aggregation:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventAggregation::COUNT,}),group_by:[],}),],}),})papi_instance.create_monitor(body)
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<DD_API_KEY>"DD_APP_KEY="<DD_APP_KEY>"cargo run
/**
* Create a RUM formula and functions monitor returns "OK" response
*/import{client,v1}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv1.MonitorsApi(configuration);constparams: v1.MonitorsApiCreateMonitorRequest={body:{name:"Example-Monitor",type:"rum alert",query:`formula("query2 / query1 * 100").last("15m") >= 0.8`,message:"some message Notify: @hipchat-channel",tags:["test:examplemonitor","env:ci"],priority: 3,options:{thresholds:{critical: 0.8,},variables:[{dataSource:"rum",name:"query2",search:{query:"",},indexes:["*"],compute:{aggregation:"count",},groupBy:[],},{dataSource:"rum",name:"query1",search:{query:"status:error",},indexes:["*"],compute:{aggregation:"count",},groupBy:[],},],},},};apiInstance.createMonitor(params).then((data: v1.Monitor)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
/**
* Create a ci-pipelines formula and functions monitor returns "OK" response
*/import{client,v1}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv1.MonitorsApi(configuration);constparams: v1.MonitorsApiCreateMonitorRequest={body:{name:"Example-Monitor",type:"ci-pipelines alert",query:`formula("query1 / query2 * 100").last("15m") >= 0.8`,message:"some message Notify: @hipchat-channel",tags:["test:examplemonitor","env:ci"],priority: 3,options:{thresholds:{critical: 0.8,},variables:[{dataSource:"ci_pipelines",name:"query1",search:{query:"@ci.status:error",},indexes:["*"],compute:{aggregation:"count",},groupBy:[],},{dataSource:"ci_pipelines",name:"query2",search:{query:"",},indexes:["*"],compute:{aggregation:"count",},groupBy:[],},],},},};apiInstance.createMonitor(params).then((data: v1.Monitor)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
/**
* Create a ci-pipelines monitor returns "OK" response
*/import{client,v1}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv1.MonitorsApi(configuration);constparams: v1.MonitorsApiCreateMonitorRequest={body:{name:"Example-Monitor",type:"ci-pipelines alert",query:`ci-pipelines("ci_level:pipeline @git.branch:staging* @ci.status:error").rollup("count").by("@git.branch,@ci.pipeline.name").last("5m") >= 1`,message:"some message Notify: @hipchat-channel",tags:["test:examplemonitor","env:ci"],priority: 3,options:{thresholds:{critical: 1,},},},};apiInstance.createMonitor(params).then((data: v1.Monitor)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
Search and filter your monitors details.
This endpoint requires the monitors_read permission.
OAuth apps require the monitors_read authorization scope to access this endpoint.
Arguments
Query Strings
Name
Type
Description
query
string
After entering a search query in your Manage Monitor page use the query parameter value in the
URL of the page as value for this parameter. Consult the dedicated manage monitor documentation
page to learn more.
The query can contain any number of space-separated monitor attributes, for instance query="type:metric status:alert".
page
integer
Page to start paginating from.
per_page
integer
Number of monitors to return per page.
sort
string
String for sort order, composed of field and sort order separate by a comma, for example name,asc. Supported sort directions: asc, desc. Supported fields:
The number of found monitors with the listed value.
name
The facet value.
status
[object]
Search facets.
count
int64
The number of found monitors with the listed value.
name
The facet value.
tag
[object]
Search facets.
count
int64
The number of found monitors with the listed value.
name
The facet value.
type
[object]
Search facets.
count
int64
The number of found monitors with the listed value.
name
The facet value.
metadata
object
Metadata about the response.
page
int64
The page to start paginating from.
page_count
int64
The number of pages.
per_page
int64
The number of monitors to return per page.
total_count
int64
The total number of monitors.
monitors
[object]
The list of found monitors.
classification
string
Classification of the monitor.
creator
object
Object describing the creator of the shared element.
email
string
Email of the creator.
handle
string
Handle of the creator.
name
string
Name of the creator.
id
int64
ID of the monitor.
last_triggered_ts
int64
Latest timestamp the monitor triggered.
metrics
[string]
Metrics used by the monitor.
name
string
The monitor name.
notifications
[object]
The notification triggered by the monitor.
handle
string
The email address that received the notification.
name
string
The username receiving the notification
org_id
int64
The ID of the organization.
query
string
The monitor query.
scopes
[string]
The scope(s) to which the downtime applies, for example host:app2.
Provide multiple scopes as a comma-separated list, for example env:dev,env:prod.
The resulting downtime applies to sources that matches ALL provided scopes
(that is env:dev AND env:prod), NOT any of them.
status
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
tags
[string]
Tags associated with the monitor.
type
enum
The type of the monitor. For more information about type, see the monitor options docs.
Allowed enum values: composite,event alert,log alert,metric alert,process alert,query alert,rum alert,service check,synthetics alert,trace-analytics alert,slo alert,event-v2 alert,audit alert,ci-pipelines alert,ci-tests alert,error-tracking alert,database-monitoring alert,network-performance alert
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<DD_API_KEY>"DD_APP_KEY="<DD_APP_KEY>"cargo run
/**
* Monitors search returns "OK" response
*/import{client,v1}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv1.MonitorsApi(configuration);apiInstance.searchMonitors().then((data: v1.MonitorSearchResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
Object describing the creator of the shared element.
email
string
Email of the creator.
handle
string
Handle of the creator.
name
string
Name of the creator.
deleted
date-time
Whether or not the monitor is deleted. (Always null)
id
int64
ID of this monitor.
matching_downtimes
[object]
A list of active v1 downtimes that match this monitor.
end
int64
POSIX timestamp to end the downtime.
id [required]
int64
The downtime ID.
scope
[string]
The scope(s) to which the downtime applies. Must be in key:value format. For example, host:app2.
Provide multiple scopes as a comma-separated list like env:dev,env:prod.
The resulting downtime applies to sources that matches ALL provided scopes (env:devANDenv:prod).
start
int64
POSIX timestamp to start the downtime.
message
string
A message to include with notifications for this monitor.
modified
date-time
Last timestamp when the monitor was edited.
multi
boolean
Whether or not the monitor is broken down on different groups.
name
string
The monitor name.
options
object
List of options associated with your monitor.
aggregation
object
Type of aggregation performed in the monitor query.
group_by
string
Group to break down the monitor on.
metric
string
Metric name used in the monitor.
type
string
Metric type used in the monitor.
device_ids
[string]
DEPRECATED: IDs of the device the Synthetics monitor is running on.
enable_logs_sample
boolean
Whether or not to send a log sample when the log monitor triggers.
enable_samples
boolean
Whether or not to send a list of samples when the monitor triggers. This is only used by CI Test and Pipeline monitors.
escalation_message
string
We recommend using the is_renotify,
block in the original message instead.
A message to include with a re-notification. Supports the @username notification we allow elsewhere.
Not applicable if renotify_interval is None.
evaluation_delay
int64
Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min),
the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55.
This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation.
group_retention_duration
string
The time span after which groups with missing data are dropped from the monitor state.
The minimum value is one hour, and the maximum value is 72 hours.
Example values are: "60m", "1h", and "2d".
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
groupby_simple_monitor
boolean
DEPRECATED: Whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. Use notify_by instead.
include_tags
boolean
A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title.
Examples
If True, [Triggered on {host:h1}] Monitor Title
If False, [Triggered] Monitor Title
default: true
locked
boolean
DEPRECATED: Whether or not the monitor is locked (only editable by creator and admins). Use restricted_roles instead.
min_failure_duration
int64
How long the test should be in failure before alerting (integer, number of seconds, max 7200).
min_location_failed
int64
The minimum number of locations in failure at the same time during
at least one moment in the min_failure_duration period (min_location_failed and min_failure_duration
are part of the advanced alerting rules - integer, >= 1).
default: 1
new_group_delay
int64
Time (in seconds) to skip evaluations for new groups.
For example, this option can be used to skip evaluations for new hosts while they initialize.
Must be a non negative integer.
new_host_delay
int64
DEPRECATED: Time (in seconds) to allow a host to boot and applications
to fully start before starting the evaluation of monitor results.
Should be a non negative integer.
Use new_group_delay instead.
default: 300
no_data_timeframe
int64
The number of minutes before a monitor notifies after data stops reporting.
Datadog recommends at least 2x the monitor timeframe for query alerts or 2 minutes for service checks.
If omitted, 2x the evaluation timeframe is used for query alerts, and 24 hours is used for service checks.
notification_preset_name
enum
Toggles the display of additional content sent in the monitor notification.
Allowed enum values: show_all,hide_query,hide_handles,hide_all
default: show_all
notify_audit
boolean
A Boolean indicating whether tagged users is notified on changes to this monitor.
notify_by
[string]
Controls what granularity a monitor alerts on. Only available for monitors with groupings.
For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each
new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned
in notify_by must be a subset of the grouping tags in the query.
For example, a query grouped by cluster and namespace cannot notify on region.
Setting notify_by to [*] configures the monitor to notify as a simple-alert.
notify_no_data
boolean
A Boolean indicating whether this monitor notifies when data stops reporting. Defaults to false.
on_missing_data
enum
Controls how groups or monitors are treated if an evaluation does not return any data points.
The default option results in different behavior depending on the monitor query type.
For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions.
For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status.
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
Allowed enum values: default,show_no_data,show_and_notify_no_data,resolve
renotify_interval
int64
The number of minutes after the last notification before a monitor re-notifies on the current status.
It only re-notifies if it’s not resolved.
renotify_occurrences
int64
The number of times re-notification messages should be sent on the current status at the provided re-notification interval.
renotify_statuses
[string]
The types of monitor statuses for which re-notification messages are sent.
Default: null if renotify_interval is null.
If renotify_interval is set, defaults to renotify on Alert and No Data.
require_full_window
boolean
A Boolean indicating whether this monitor needs a full window of data before it’s evaluated.
We highly recommend you set this to false for sparse metrics,
otherwise some evaluations are skipped. Default is false. This setting only applies to
metric monitors.
scheduling_options
object
Configuration options for scheduling.
custom_schedule
object
Configuration options for the custom schedule. This feature is in private beta.
recurrences
[object]
Array of custom schedule recurrences.
rrule
string
Defines the recurrence rule (RRULE) for a given schedule.
start
string
Defines the start date and time of the recurring schedule.
timezone
string
Defines the timezone the schedule runs on.
evaluation_window
object
Configuration options for the evaluation window. If hour_starts is set, no other fields may be set. Otherwise, day_starts and month_starts must be set together.
day_starts
string
The time of the day at which a one day cumulative evaluation window starts. Must be defined in UTC time in HH:mm format.
hour_starts
int32
The minute of the hour at which a one hour cumulative evaluation window starts.
month_starts
int32
The day of the month at which a one month cumulative evaluation window starts.
silenced
object
DEPRECATED: Information about the downtime applied to the monitor. Only shows v1 downtimes.
<any-key>
int64
UTC epoch timestamp in seconds when the downtime for the group expires.
synthetics_check_id
string
DEPRECATED: ID of the corresponding Synthetic check.
threshold_windows
object
Alerting time window options.
recovery_window
string
Describes how long an anomalous metric must be normal before the alert recovers.
trigger_window
string
Describes how long a metric must be anomalous before an alert triggers.
thresholds
object
List of the different monitor threshold available.
critical
double
The monitor CRITICAL threshold.
critical_recovery
double
The monitor CRITICAL recovery threshold.
ok
double
The monitor OK threshold.
unknown
double
The monitor UNKNOWN threshold.
warning
double
The monitor WARNING threshold.
warning_recovery
double
The monitor WARNING recovery threshold.
timeout_h
int64
The number of hours of the monitor not reporting data before it automatically resolves from a triggered state. The minimum allowed value is 0 hours. The maximum allowed value is 24 hours.
variables
[ <oneOf>]
List of requests that can be used in the monitor query. This feature is currently in beta.
Option 1
object
A formula and functions events query.
compute [required]
object
Compute options.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
interval
int64
A time interval in milliseconds.
metric
string
Measurable attribute to compute.
data_source [required]
enum
Data source for event platform-based queries.
Allowed enum values: rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network
group_by
[object]
Group by options.
facet [required]
string
Event facet.
limit
int64
Number of groups to return.
sort
object
Options for sorting group by results.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
metric
string
Metric used for sorting group by results.
order
enum
Direction of sort.
Allowed enum values: asc,desc
default: desc
indexes
[string]
An array of index names to query in the stream. Omit or use [] to query all indexes at once.
name [required]
string
Name of the query for use in formulas.
search
object
Search options.
query [required]
string
Events search string.
overall_state
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
priority
int64
Integer from 1 (high) to 5 (low) indicating alert severity.
query [required]
string
The monitor query.
restricted_roles
[string]
A list of unique role identifiers to define which roles are allowed to edit the monitor. The unique identifiers for all roles can be pulled from the Roles API and are located in the data.id field. Editing a monitor includes any updates to the monitor configuration, monitor deletion, and muting of the monitor for any amount of time. You can use the Restriction Policies API to manage write authorization for individual monitors by teams and users, in addition to roles.
state
object
Wrapper object with the different monitor states.
groups
object
Dictionary where the keys are groups (comma separated lists of tags) and the values are
the list of groups your monitor is broken down on.
<any-key>
object
Monitor state for a single group.
last_nodata_ts
int64
Latest timestamp the monitor was in NO_DATA state.
last_notified_ts
int64
Latest timestamp of the notification sent for this monitor group.
last_resolved_ts
int64
Latest timestamp the monitor group was resolved.
last_triggered_ts
int64
Latest timestamp the monitor group triggered.
name
string
The name of the monitor.
status
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
tags
[string]
Tags associated to your monitor.
type [required]
enum
The type of the monitor. For more information about type, see the monitor options docs.
Allowed enum values: composite,event alert,log alert,metric alert,process alert,query alert,rum alert,service check,synthetics alert,trace-analytics alert,slo alert,event-v2 alert,audit alert,ci-pipelines alert,ci-tests alert,error-tracking alert,database-monitoring alert,network-performance alert
require'dogapi'api_key='<DATADOG_API_KEY>'app_key='<DATADOG_APPLICATION_KEY>'dog=Dogapi::Client.new(api_key,app_key)# Unmute an alertdog.unmute_monitor(62_628)
fromdatadogimportinitialize,apioptions={'api_key':'<DATADOG_API_KEY>','app_key':'<DATADOG_APPLICATION_KEY>'}initialize(**options)# Unmute all alertsapi.Monitor.unmute(2088)
Get details about the specified monitor from your organization.
This endpoint requires the monitors_read permission.
OAuth apps require the monitors_read authorization scope to access this endpoint.
Arguments
Query Strings
Name
Type
Description
group_states
string
When specified, shows additional information about the group states.
Choose one or more from all, alert, warn, and no data.
name
string
A string to filter monitors by name.
tags
string
A comma separated list indicating what tags, if any, should be used to filter the list of monitors by scope.
For example, host:host0.
monitor_tags
string
A comma separated list indicating what service and/or custom tags, if any, should be used to filter the list of monitors.
Tags created in the Datadog UI automatically have the service key prepended. For example, service:my-app.
with_downtimes
boolean
If this argument is set to true, then the returned data includes all current active downtimes for each monitor.
id_offset
integer
Use this parameter for paginating through large sets of monitors. Start with a value of zero, make a request, set the value to the last ID of result set, and then repeat until the response is empty.
page
integer
The page to start paginating from. If this argument is not specified, the request returns all monitors without pagination.
page_size
integer
The number of monitors to return per page. If the page argument is not specified, the default behavior returns all monitors without a page_size limit. However, if page is specified and page_size is not, the argument defaults to 100.
Object describing the creator of the shared element.
email
string
Email of the creator.
handle
string
Handle of the creator.
name
string
Name of the creator.
deleted
date-time
Whether or not the monitor is deleted. (Always null)
id
int64
ID of this monitor.
matching_downtimes
[object]
A list of active v1 downtimes that match this monitor.
end
int64
POSIX timestamp to end the downtime.
id [required]
int64
The downtime ID.
scope
[string]
The scope(s) to which the downtime applies. Must be in key:value format. For example, host:app2.
Provide multiple scopes as a comma-separated list like env:dev,env:prod.
The resulting downtime applies to sources that matches ALL provided scopes (env:devANDenv:prod).
start
int64
POSIX timestamp to start the downtime.
message
string
A message to include with notifications for this monitor.
modified
date-time
Last timestamp when the monitor was edited.
multi
boolean
Whether or not the monitor is broken down on different groups.
name
string
The monitor name.
options
object
List of options associated with your monitor.
aggregation
object
Type of aggregation performed in the monitor query.
group_by
string
Group to break down the monitor on.
metric
string
Metric name used in the monitor.
type
string
Metric type used in the monitor.
device_ids
[string]
DEPRECATED: IDs of the device the Synthetics monitor is running on.
enable_logs_sample
boolean
Whether or not to send a log sample when the log monitor triggers.
enable_samples
boolean
Whether or not to send a list of samples when the monitor triggers. This is only used by CI Test and Pipeline monitors.
escalation_message
string
We recommend using the is_renotify,
block in the original message instead.
A message to include with a re-notification. Supports the @username notification we allow elsewhere.
Not applicable if renotify_interval is None.
evaluation_delay
int64
Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min),
the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55.
This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation.
group_retention_duration
string
The time span after which groups with missing data are dropped from the monitor state.
The minimum value is one hour, and the maximum value is 72 hours.
Example values are: "60m", "1h", and "2d".
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
groupby_simple_monitor
boolean
DEPRECATED: Whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. Use notify_by instead.
include_tags
boolean
A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title.
Examples
If True, [Triggered on {host:h1}] Monitor Title
If False, [Triggered] Monitor Title
default: true
locked
boolean
DEPRECATED: Whether or not the monitor is locked (only editable by creator and admins). Use restricted_roles instead.
min_failure_duration
int64
How long the test should be in failure before alerting (integer, number of seconds, max 7200).
min_location_failed
int64
The minimum number of locations in failure at the same time during
at least one moment in the min_failure_duration period (min_location_failed and min_failure_duration
are part of the advanced alerting rules - integer, >= 1).
default: 1
new_group_delay
int64
Time (in seconds) to skip evaluations for new groups.
For example, this option can be used to skip evaluations for new hosts while they initialize.
Must be a non negative integer.
new_host_delay
int64
DEPRECATED: Time (in seconds) to allow a host to boot and applications
to fully start before starting the evaluation of monitor results.
Should be a non negative integer.
Use new_group_delay instead.
default: 300
no_data_timeframe
int64
The number of minutes before a monitor notifies after data stops reporting.
Datadog recommends at least 2x the monitor timeframe for query alerts or 2 minutes for service checks.
If omitted, 2x the evaluation timeframe is used for query alerts, and 24 hours is used for service checks.
notification_preset_name
enum
Toggles the display of additional content sent in the monitor notification.
Allowed enum values: show_all,hide_query,hide_handles,hide_all
default: show_all
notify_audit
boolean
A Boolean indicating whether tagged users is notified on changes to this monitor.
notify_by
[string]
Controls what granularity a monitor alerts on. Only available for monitors with groupings.
For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each
new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned
in notify_by must be a subset of the grouping tags in the query.
For example, a query grouped by cluster and namespace cannot notify on region.
Setting notify_by to [*] configures the monitor to notify as a simple-alert.
notify_no_data
boolean
A Boolean indicating whether this monitor notifies when data stops reporting. Defaults to false.
on_missing_data
enum
Controls how groups or monitors are treated if an evaluation does not return any data points.
The default option results in different behavior depending on the monitor query type.
For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions.
For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status.
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
Allowed enum values: default,show_no_data,show_and_notify_no_data,resolve
renotify_interval
int64
The number of minutes after the last notification before a monitor re-notifies on the current status.
It only re-notifies if it’s not resolved.
renotify_occurrences
int64
The number of times re-notification messages should be sent on the current status at the provided re-notification interval.
renotify_statuses
[string]
The types of monitor statuses for which re-notification messages are sent.
Default: null if renotify_interval is null.
If renotify_interval is set, defaults to renotify on Alert and No Data.
require_full_window
boolean
A Boolean indicating whether this monitor needs a full window of data before it’s evaluated.
We highly recommend you set this to false for sparse metrics,
otherwise some evaluations are skipped. Default is false. This setting only applies to
metric monitors.
scheduling_options
object
Configuration options for scheduling.
custom_schedule
object
Configuration options for the custom schedule. This feature is in private beta.
recurrences
[object]
Array of custom schedule recurrences.
rrule
string
Defines the recurrence rule (RRULE) for a given schedule.
start
string
Defines the start date and time of the recurring schedule.
timezone
string
Defines the timezone the schedule runs on.
evaluation_window
object
Configuration options for the evaluation window. If hour_starts is set, no other fields may be set. Otherwise, day_starts and month_starts must be set together.
day_starts
string
The time of the day at which a one day cumulative evaluation window starts. Must be defined in UTC time in HH:mm format.
hour_starts
int32
The minute of the hour at which a one hour cumulative evaluation window starts.
month_starts
int32
The day of the month at which a one month cumulative evaluation window starts.
silenced
object
DEPRECATED: Information about the downtime applied to the monitor. Only shows v1 downtimes.
<any-key>
int64
UTC epoch timestamp in seconds when the downtime for the group expires.
synthetics_check_id
string
DEPRECATED: ID of the corresponding Synthetic check.
threshold_windows
object
Alerting time window options.
recovery_window
string
Describes how long an anomalous metric must be normal before the alert recovers.
trigger_window
string
Describes how long a metric must be anomalous before an alert triggers.
thresholds
object
List of the different monitor threshold available.
critical
double
The monitor CRITICAL threshold.
critical_recovery
double
The monitor CRITICAL recovery threshold.
ok
double
The monitor OK threshold.
unknown
double
The monitor UNKNOWN threshold.
warning
double
The monitor WARNING threshold.
warning_recovery
double
The monitor WARNING recovery threshold.
timeout_h
int64
The number of hours of the monitor not reporting data before it automatically resolves from a triggered state. The minimum allowed value is 0 hours. The maximum allowed value is 24 hours.
variables
[ <oneOf>]
List of requests that can be used in the monitor query. This feature is currently in beta.
Option 1
object
A formula and functions events query.
compute [required]
object
Compute options.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
interval
int64
A time interval in milliseconds.
metric
string
Measurable attribute to compute.
data_source [required]
enum
Data source for event platform-based queries.
Allowed enum values: rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network
group_by
[object]
Group by options.
facet [required]
string
Event facet.
limit
int64
Number of groups to return.
sort
object
Options for sorting group by results.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
metric
string
Metric used for sorting group by results.
order
enum
Direction of sort.
Allowed enum values: asc,desc
default: desc
indexes
[string]
An array of index names to query in the stream. Omit or use [] to query all indexes at once.
name [required]
string
Name of the query for use in formulas.
search
object
Search options.
query [required]
string
Events search string.
overall_state
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
priority
int64
Integer from 1 (high) to 5 (low) indicating alert severity.
query
string
The monitor query.
restricted_roles
[string]
A list of unique role identifiers to define which roles are allowed to edit the monitor. The unique identifiers for all roles can be pulled from the Roles API and are located in the data.id field. Editing a monitor includes any updates to the monitor configuration, monitor deletion, and muting of the monitor for any amount of time. You can use the Restriction Policies API to manage write authorization for individual monitors by teams and users, in addition to roles.
state
object
Wrapper object with the different monitor states.
groups
object
Dictionary where the keys are groups (comma separated lists of tags) and the values are
the list of groups your monitor is broken down on.
<any-key>
object
Monitor state for a single group.
last_nodata_ts
int64
Latest timestamp the monitor was in NO_DATA state.
last_notified_ts
int64
Latest timestamp of the notification sent for this monitor group.
last_resolved_ts
int64
Latest timestamp the monitor group was resolved.
last_triggered_ts
int64
Latest timestamp the monitor group triggered.
name
string
The name of the monitor.
status
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
tags
[string]
Tags associated to your monitor.
type
enum
The type of the monitor. For more information about type, see the monitor options docs.
Allowed enum values: composite,event alert,log alert,metric alert,process alert,query alert,rum alert,service check,synthetics alert,trace-analytics alert,slo alert,event-v2 alert,audit alert,ci-pipelines alert,ci-tests alert,error-tracking alert,database-monitoring alert,network-performance alert