--- title: Create a monitor description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Monitors --- # Create a monitor{% #create-a-monitor %} Copy pageCopied {% tab title="v1" %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v1/monitor | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v1/monitor | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v1/monitor | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v1/monitor | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v1/monitor | | app.datadoghq.com | POST https://api.datadoghq.com/api/v1/monitor | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v1/monitor | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v1/monitor | ### Overview Create a monitor using the specified options. #### Monitor Types{% #monitor-types %} The type of monitor chosen from: - anomaly: `query alert` - APM: `query alert` or `trace-analytics alert` - composite: `composite` - custom: `service check` - forecast: `query alert` - host: `service check` - integration: `query alert` or `service check` - live process: `process alert` - logs: `log alert` - metric: `query alert` - network: `service check` - outlier: `query alert` - process: `service check` - rum: `rum alert` - SLO: `slo alert` - watchdog: `event-v2 alert` - event-v2: `event-v2 alert` - audit: `audit alert` - error-tracking: `error-tracking alert` - database-monitoring: `database-monitoring alert` - network-performance: `network-performance alert` - cloud cost: `cost alert` - network-path: `network-path alert` **Notes**: - Synthetic monitors are created through the Synthetics API. See the [Synthetics API](https://docs.datadoghq.com/api/latest/synthetics.md) documentation for more information. - Log monitors require an unscoped App Key. #### Query Types{% #query-types %} ##### Metric Alert Query{% #metric-alert-query %} Example: `time_aggr(time_window):space_aggr:metric{tags} [by {key}] operator #` - `time_aggr`: avg, sum, max, min, change, or pct_change - `time_window`: `last_#m` (with `#` between 1 and 10080 depending on the monitor type) or `last_#h`(with `#` between 1 and 168 depending on the monitor type) or `last_1d`, or `last_1w` - `space_aggr`: avg, sum, min, or max - `tags`: one or more tags (comma-separated), or * - `key`: a 'key' in key:value tag syntax; defines a separate alert for each tag in the group (multi-alert) - `operator`: <, <=, >, >=, ==, or != - `#`: an integer or decimal number used to set the threshold To use a dynamic threshold on a metric monitor with a formula query, replace `#` with the `threshold` keyword (for example, `... > threshold`) and provide the threshold as a query via `critical_query` on `options.thresholds`. This feature is in preview. If you are using the `_change_` or `_pct_change_` time aggregator, instead use `change_aggr(time_aggr(time_window), timeshift):space_aggr:metric{tags} [by {key}] operator #` with: - `change_aggr` change, pct_change - `time_aggr` avg, sum, max, min [Learn more](https://docs.datadoghq.com/monitors/create/types.md#define-the-conditions) - `time_window` last_#m (between 1 and 2880 depending on the monitor type), last_#h (between 1 and 48 depending on the monitor type), or last_#d (1 or 2) - `timeshift` #m_ago (5, 10, 15, or 30), #h_ago (1, 2, or 4), or 1d_ago Use this to create an outlier monitor using the following query: `avg(last_30m):outliers(avg:system.cpu.user{role:es-events-data} by {host}, 'dbscan', 7) > 0` ##### Service Check Query{% #service-check-query %} Example: `"check".over(tags).last(count).by(group).count_by_status()` - `check` name of the check, for example `datadog.agent.up` - `tags` one or more quoted tags (comma-separated), or "*". for example: `.over("env:prod", "role:db")`; `over` cannot be blank. - `count` must be at greater than or equal to your max threshold (defined in the `options`). It is limited to 100. For example, if you've specified to notify on 1 critical, 3 ok, and 2 warn statuses, `count` should be at least 3. - `group` must be specified for check monitors. Per-check grouping is already explicitly known for some service checks. For example, Postgres integration monitors are tagged by `db`, `host`, and `port`, and Network monitors by `host`, `instance`, and `url`. See [Service Checks](https://docs.datadoghq.com/api/latest/service-checks.md) documentation for more information. ##### Event Alert Query{% #event-alert-query %} **Note:** The Event Alert Query has been replaced by the Event V2 Alert Query. For more information, see the [Event Migration guide](https://docs.datadoghq.com/service_management/events/guides/migrating_to_new_events_features.md). ##### Event V2 Alert Query{% #event-v2-alert-query %} Example: `events(query).rollup(rollup_method[, measure]).last(time_window) operator #` - `query` The search query - following the [Log search syntax](https://docs.datadoghq.com/logs/search_syntax.md). - `rollup_method` The stats roll-up method - supports `count`, `avg` and `cardinality`. - `measure` For `avg` and cardinality `rollup_method` - specify the measure or the facet name you want to use. - `time_window` #m (between 1 and 2880), #h (between 1 and 48). - `operator` `<`, `<=`, `>`, `>=`, `==`, or `!=`. - `#` an integer or decimal number used to set the threshold. ##### Process Alert Query{% #process-alert-query %} Example: `processes(search).over(tags).rollup('count').last(timeframe) operator #` - `search` free text search string for querying processes. Matching processes match results on the [Live Processes](https://docs.datadoghq.com/infrastructure/process.md?tab=linuxwindows) page. - `tags` one or more tags (comma-separated) - `timeframe` the timeframe to roll up the counts. Examples: 10m, 4h. Supported timeframes: s, m, h and d - `operator` <, <=, >, >=, ==, or != - `#` an integer or decimal number used to set the threshold ##### Logs Alert Query{% #logs-alert-query %} Example: `logs(query).index(index_name).rollup(rollup_method[, measure]).last(time_window) operator #` - `query` The search query - following the [Log search syntax](https://docs.datadoghq.com/logs/search_syntax.md). - `index_name` For multi-index organizations, the log index in which the request is performed. - `rollup_method` The stats roll-up method - supports `count`, `avg` and `cardinality`. - `measure` For `avg` and cardinality `rollup_method` - specify the measure or the facet name you want to use. - `time_window` #m (between 1 and 2880), #h (between 1 and 48). - `operator` `<`, `<=`, `>`, `>=`, `==`, or `!=`. - `#` an integer or decimal number used to set the threshold. ##### Composite Query{% #composite-query %} Example: `12345 && 67890`, where `12345` and `67890` are the IDs of non-composite monitors - `name` [*required*, *default* = **dynamic, based on query**]: The name of the alert. - `message` [*required*, *default* = **dynamic, based on query**]: A message to include with notifications for this monitor. Email notifications can be sent to specific users by using the same '@username' notation as events. - `tags` [*optional*, *default* = **empty list**]: A list of tags to associate with your monitor. When getting all monitor details via the API, use the `monitor_tags` argument to filter results by these tags. It is only available via the API and isn't visible or editable in the Datadog UI. ##### SLO Alert Query{% #slo-alert-query %} Example: `error_budget("slo_id").over("time_window") operator #` - `slo_id`: The alphanumeric SLO ID of the SLO you are configuring the alert for. - `time_window`: The time window of the SLO target you wish to alert on. Valid options: `7d`, `30d`, `90d`. - `operator`: `>=` or `>` ##### Audit Alert Query{% #audit-alert-query %} Example: `audits(query).rollup(rollup_method[, measure]).last(time_window) operator #` - `query` The search query - following the [Log search syntax](https://docs.datadoghq.com/logs/search_syntax.md). - `rollup_method` The stats roll-up method - supports `count`, `avg` and `cardinality`. - `measure` For `avg` and cardinality `rollup_method` - specify the measure or the facet name you want to use. - `time_window` #m (between 1 and 2880), #h (between 1 and 48). - `operator` `<`, `<=`, `>`, `>=`, `==`, or `!=`. - `#` an integer or decimal number used to set the threshold. ##### CI Pipelines Alert Query{% #ci-pipelines-alert-query %} Example: `ci-pipelines(query).rollup(rollup_method[, measure]).last(time_window) operator #` - `query` The search query - following the [Log search syntax](https://docs.datadoghq.com/logs/search_syntax.md). - `rollup_method` The stats roll-up method - supports `count`, `avg`, and `cardinality`. - `measure` For `avg` and cardinality `rollup_method` - specify the measure or the facet name you want to use. - `time_window` #m (between 1 and 2880), #h (between 1 and 48). - `operator` `<`, `<=`, `>`, `>=`, `==`, or `!=`. - `#` an integer or decimal number used to set the threshold. ##### CI Tests Alert Query{% #ci-tests-alert-query %} Example: `ci-tests(query).rollup(rollup_method[, measure]).last(time_window) operator #` - `query` The search query - following the [Log search syntax](https://docs.datadoghq.com/logs/search_syntax.md). - `rollup_method` The stats roll-up method - supports `count`, `avg`, and `cardinality`. - `measure` For `avg` and cardinality `rollup_method` - specify the measure or the facet name you want to use. - `time_window` #m (between 1 and 2880), #h (between 1 and 48). - `operator` `<`, `<=`, `>`, `>=`, `==`, or `!=`. - `#` an integer or decimal number used to set the threshold. ##### Error Tracking Alert Query{% #error-tracking-alert-query %} "New issue" example: `error-tracking(query).source(issue_source).new().rollup(rollup_method[, measure]).by(group_by).last(time_window) operator #` "High impact issue" example: `error-tracking(query).source(issue_source).impact().rollup(rollup_method[, measure]).by(group_by).last(time_window) operator #` - `query` The search query - following the [Log search syntax](https://docs.datadoghq.com/logs/search_syntax.md). - `issue_source` The issue source - supports `all`, `browser`, `mobile` and `backend` and defaults to `all` if omitted. - `rollup_method` The stats roll-up method - supports `count`, `avg`, and `cardinality` and defaults to `count` if omitted. - `measure` For `avg` and cardinality `rollup_method` - specify the measure or the facet name you want to use. - `group by` Comma-separated list of attributes to group by - should contain at least `issue.id`. - `time_window` #m (between 1 and 2880), #h (between 1 and 48). - `operator` `<`, `<=`, `>`, `>=`, `==`, or `!=`. - `#` an integer or decimal number used to set the threshold. **Database Monitoring Alert Query** Example: `database-monitoring(query).rollup(rollup_method[, measure]).last(time_window) operator #` - `query` The search query - following the [Log search syntax](https://docs.datadoghq.com/logs/search_syntax.md). - `rollup_method` The stats roll-up method - supports `count`, `avg`, and `cardinality`. - `measure` For `avg` and cardinality `rollup_method` - specify the measure or the facet name you want to use. - `time_window` #m (between 1 and 2880), #h (between 1 and 48). - `operator` `<`, `<=`, `>`, `>=`, `==`, or `!=`. - `#` an integer or decimal number used to set the threshold. **Network Performance Alert Query** Example: `network-performance(query).rollup(rollup_method[, measure]).last(time_window) operator #` - `query` The search query - following the [Log search syntax](https://docs.datadoghq.com/logs/search_syntax.md). - `rollup_method` The stats roll-up method - supports `count`, `avg`, and `cardinality`. - `measure` For `avg` and cardinality `rollup_method` - specify the measure or the facet name you want to use. - `time_window` #m (between 1 and 2880), #h (between 1 and 48). - `operator` `<`, `<=`, `>`, `>=`, `==`, or `!=`. - `#` an integer or decimal number used to set the threshold. **Cost Alert Query** Example: `formula(query).timeframe_type(time_window).function(parameter) operator #` - `query` The search query - following the [Log search syntax](https://docs.datadoghq.com/logs/search_syntax.md). - `timeframe_type` The timeframe type to evaluate the cost - for `forecast` supports `current` - for `change`, `anomaly`, `threshold` supports `last` - `time_window` - supports daily roll-up e.g. `7d` - `function` - [optional, defaults to `threshold` monitor if omitted] supports `change`, `anomaly`, `forecast` - `parameter` Specify the parameter of the type - for `change`: - supports `relative`, `absolute` - [optional] supports `#`, where `#` is an integer or decimal number used to set the threshold - for `anomaly`: - supports `direction=both`, `direction=above`, `direction=below` - [optional] supports `threshold=#`, where `#` is an integer or decimal number used to set the threshold - `operator` - for `threshold` supports `<`, `<=`, `>`, `>=`, `==`, or `!=` - for `change` supports `>`, `<` - for `anomaly` supports `>=` - for `forecast` supports `>` - `#` an integer or decimal number used to set the threshold. **Network Path Alert Query** Example: `network-path(query).index(index_name).rollup(rollup_method[, measure]).last(time_window) operator #` - `query` The search query - following the [Log search syntax](https://docs.datadoghq.com/logs/search_syntax.md). - `index_name` The data type to monitor on - supports `netpath-path` and `netpath-hop`. - `rollup_method` The stats roll-up method - supports `count`, `avg`, and `cardinality`. - `measure` For `avg` and cardinality `rollup_method` - specify the measure or the facet name you want to use. - `time_window` #m (between 1 and 2880), #h (between 1 and 48). - `operator` `<`, `<=`, `>`, `>=`, `==`, or `!=`. - `#` an integer or decimal number used to set the threshold. This endpoint requires the `monitors_write` permission. OAuth apps require the `monitors_write` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#monitors) to access this endpoint. ### Request #### Body Data (required) Create a monitor request body. {% tab title="Model" %} | Parent field | Field | Type | Description | | -------------------- | ----------------------------------- | --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | assets | [object] | The list of monitor assets tied to a monitor, which represents key links for users to take action on monitor alerts (for example, runbooks). | | assets | category [*required*] | enum | Indicates the type of asset this entity represents on a monitor. Allowed enum values: `runbook` | | assets | name [*required*] | string | Name for the monitor asset | | assets | resource_key | string | Represents the identifier of the internal Datadog resource that this asset represents. IDs in this field should be passed in as strings. | | assets | resource_type | enum | Type of internal Datadog resource associated with a monitor asset. Allowed enum values: `notebook` | | assets | url [*required*] | string | URL link for the asset. For links with an internal resource type set, this should be the relative path to where the Datadog domain is appended internally. For external links, this should be the full URL path. | | | created | date-time | Timestamp of the monitor creation. | | | creator | object | Object describing the creator of the shared element. | | creator | email | string | Email of the creator. | | creator | handle | string | Handle of the creator. | | creator | name | string | Name of the creator. | | | deleted | date-time | Whether or not the monitor is deleted. (Always `null`) | | | draft_status | enum | Indicates whether the monitor is in a draft or published state. | `draft`: The monitor appears as Draft and does not send notifications. `published`: The monitor is active and evaluates conditions and notify as configured. | This field is in preview. The draft value is only available to customers with the feature enabled. Allowed enum values: `draft,published` | | | id | int64 | ID of this monitor. | | | matching_downtimes | [object] | A list of active v1 downtimes that match this monitor. | | matching_downtimes | end | int64 | POSIX timestamp to end the downtime. | | matching_downtimes | id [*required*] | int64 | The downtime ID. | | matching_downtimes | scope | [string] | The scope(s) to which the downtime applies. Must be in `key:value` format. For example, `host:app2`. Provide multiple scopes as a comma-separated list like `env:dev,env:prod`. The resulting downtime applies to sources that matches ALL provided scopes (`env:dev` **AND** `env:prod`). | | matching_downtimes | start | int64 | POSIX timestamp to start the downtime. | | | message | string | A message to include with notifications for this monitor. | | | modified | date-time | Last timestamp when the monitor was edited. | | | multi | boolean | Whether or not the monitor is broken down on different groups. | | | name | string | The monitor name. | | | options | object | List of options associated with your monitor. | | options | aggregation | object | Type of aggregation performed in the monitor query. | | aggregation | group_by | string | Group to break down the monitor on. | | aggregation | metric | string | Metric name used in the monitor. | | aggregation | type | string | Metric type used in the monitor. | | options | device_ids | [string] | **DEPRECATED**: IDs of the device the Synthetics monitor is running on. | | options | enable_logs_sample | boolean | Whether or not to send a log sample when the log monitor triggers. | | options | enable_samples | boolean | Whether or not to send a list of samples when the monitor triggers. This is only used by CI Test and Pipeline monitors. | | options | escalation_message | string | We recommend using the [is_renotify](https://docs.datadoghq.com/monitors/notify.md?tab=is_alert#renotify), block in the original message instead. A message to include with a re-notification. Supports the `@username` notification we allow elsewhere. Not applicable if `renotify_interval` is `None`. | | options | evaluation_delay | int64 | Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to `300` (5min), the timeframe is set to `last_5m` and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. | | options | group_retention_duration | string | The time span after which groups with missing data are dropped from the monitor state. The minimum value is one hour, and the maximum value is 72 hours. Example values are: "60m", "1h", and "2d". This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors. | | options | groupby_simple_monitor | boolean | **DEPRECATED**: Whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. Use `notify_by` instead. | | options | include_tags | boolean | A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. | **Examples** | | options | locked | boolean | **DEPRECATED**: Whether or not the monitor is locked (only editable by creator and admins). Use `restricted_roles` instead. | | options | min_failure_duration | int64 | How long the test should be in failure before alerting (integer, number of seconds, max 7200). | | options | min_location_failed | int64 | The minimum number of locations in failure at the same time during at least one moment in the `min_failure_duration` period (`min_location_failed` and `min_failure_duration` are part of the advanced alerting rules - integer, >= 1). | | options | new_group_delay | int64 | Time (in seconds) to skip evaluations for new groups. | For example, this option can be used to skip evaluations for new hosts while they initialize. | Must be a non negative integer. | | options | new_host_delay | int64 | **DEPRECATED**: Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of monitor results. Should be a non negative integer. | Use new_group_delay instead. | | options | no_data_timeframe | int64 | The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the monitor timeframe for query alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe is used for query alerts, and 24 hours is used for service checks. | | options | notification_preset_name | enum | Toggles the display of additional content sent in the monitor notification. Allowed enum values: `show_all,hide_query,hide_handles,hide_all,hide_query_and_handles,show_only_snapshot,hide_handles_and_footer` | | options | notify_audit | boolean | A Boolean indicating whether tagged users is notified on changes to this monitor. | | options | notify_by | [string] | Controls what granularity a monitor alerts on. Only available for monitors with groupings. For instance, a monitor grouped by `cluster`, `namespace`, and `pod` can be configured to only notify on each new `cluster` violating the alert conditions by setting `notify_by` to `["cluster"]`. Tags mentioned in `notify_by` must be a subset of the grouping tags in the query. For example, a query grouped by `cluster` and `namespace` cannot notify on `region`. Setting `notify_by` to `["*"]` configures the monitor to notify as a simple-alert. | | options | notify_no_data | boolean | A Boolean indicating whether this monitor notifies when data stops reporting. Defaults to `false`. | | options | on_missing_data | enum | Controls how groups or monitors are treated if an evaluation does not return any data points. The default option results in different behavior depending on the monitor query type. For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors. Allowed enum values: `default,show_no_data,show_and_notify_no_data,resolve` | | options | renotify_interval | int64 | The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it's not resolved. | | options | renotify_occurrences | int64 | The number of times re-notification messages should be sent on the current status at the provided re-notification interval. | | options | renotify_statuses | [string] | The types of monitor statuses for which re-notification messages are sent. Default: **null** if `renotify_interval` is **null**. If `renotify_interval` is set, defaults to renotify on `Alert` and `No Data`. | | options | require_full_window | boolean | A Boolean indicating whether this monitor needs a full window of data before it's evaluated. We highly recommend you set this to `false` for sparse metrics, otherwise some evaluations are skipped. Default is false. This setting only applies to metric monitors. | | options | scheduling_options | object | Configuration options for scheduling. | | scheduling_options | custom_schedule | object | Configuration options for the custom schedule. **This feature is in private beta.** | | custom_schedule | recurrences | [object] | Array of custom schedule recurrences. | | recurrences | rrule | string | Defines the recurrence rule (RRULE) for a given schedule. | | recurrences | start | string | Defines the start date and time of the recurring schedule. | | recurrences | timezone | string | Defines the timezone the schedule runs on. | | scheduling_options | evaluation_window | object | Configuration options for the evaluation window. If `hour_starts` is set, no other fields may be set. Otherwise, `day_starts` and `month_starts` must be set together. | | evaluation_window | day_starts | string | The time of the day at which a one day cumulative evaluation window starts. | | evaluation_window | hour_starts | int32 | The minute of the hour at which a one hour cumulative evaluation window starts. | | evaluation_window | month_starts | int32 | The day of the month at which a one month cumulative evaluation window starts. | | evaluation_window | timezone | string | The timezone of the time of the day of the cumulative evaluation window start. | | options | silenced | object | **DEPRECATED**: Information about the downtime applied to the monitor. Only shows v1 downtimes. | | additionalProperties | | int64 | UTC epoch timestamp in seconds when the downtime for the group expires. | | options | synthetics_check_id | string | **DEPRECATED**: ID of the corresponding Synthetic check. | | options | threshold_windows | object | Alerting time window options. | | threshold_windows | recovery_window | string | Describes how long an anomalous metric must be normal before the alert recovers. | | threshold_windows | trigger_window | string | Describes how long a metric must be anomalous before an alert triggers. | | options | thresholds | object | List of the different monitor threshold available. | | thresholds | critical | double | The monitor `CRITICAL` threshold. | | thresholds | critical_query | string | Query evaluated as a dynamic `CRITICAL` threshold. Only supported on metric monitors with a formula query and options['variables']. Cannot be combined with static thresholds. This field is in preview. | | thresholds | critical_recovery | double | The monitor `CRITICAL` recovery threshold. | | thresholds | critical_recovery_query | string | Query evaluated as a dynamic `CRITICAL` recovery threshold. Only supported on metric monitors with a formula query and options['variables']. Cannot be combined with static thresholds. This field is in preview. | | thresholds | ok | double | The monitor `OK` threshold. | | thresholds | unknown | double | The monitor UNKNOWN threshold. | | thresholds | warning | double | The monitor `WARNING` threshold. | | thresholds | warning_recovery | double | The monitor `WARNING` recovery threshold. | | options | timeout_h | int64 | The number of hours of the monitor not reporting data before it automatically resolves from a triggered state. The minimum allowed value is 0 hours. The maximum allowed value is 24 hours. | | options | variables | [ ] | List of requests that can be used in the monitor query. **This feature is currently in beta.** | | variables | Option 1 | object | A formula and functions events query. | | Option 1 | compute [*required*] | object | Compute options. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 1 | data_source [*required*] | enum | Data source for event platform-based queries. Allowed enum values: `rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network,network_path` | | Option 1 | group_by | [object] | Group by options. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 1 | indexes | [string] | An array of index names to query in the stream. Omit or use `[]` to query all indexes at once. | | Option 1 | name [*required*] | string | Name of the query for use in formulas. | | Option 1 | search | object | Search options. | | search | query [*required*] | string | Events search string. | | variables | Option 2 | object | A formula and functions cost query. | | Option 2 | aggregator | enum | Aggregation methods for metric queries. Allowed enum values: `avg,sum,max,min,last,area,l2norm,percentile,stddev` | | Option 2 | data_source [*required*] | enum | Data source for cost queries. Allowed enum values: `metrics,cloud_cost,datadog_usage` | | Option 2 | name [*required*] | string | Name of the query for use in formulas. | | Option 2 | query [*required*] | string | The monitor query. | | variables | Option 3 | object | A formula and functions data quality query. | | Option 3 | data_source [*required*] | enum | Data source for data quality queries. Allowed enum values: `data_quality_metrics` | | Option 3 | filter [*required*] | string | Filter expression used to match on data entities. Uses Aastra query syntax. | | Option 3 | group_by | [string] | Optional grouping fields for aggregation. | | Option 3 | measure [*required*] | string | The data quality measure to query. Common values include: `bytes`, `cardinality`, `custom`, `freshness`, `max`, `mean`, `min`, `nullness`, `percent_negative`, `percent_zero`, `row_count`, `stddev`, `sum`, `uniqueness`. Additional values may be supported. | | Option 3 | monitor_options | object | Monitor configuration options for data quality queries. | | monitor_options | crontab_override | string | Crontab expression to override the default schedule. | | monitor_options | custom_sql | string | Custom SQL query for the monitor. | | monitor_options | custom_where | string | Custom WHERE clause for the query. | | monitor_options | group_by_columns | [string] | Columns to group results by. | | monitor_options | model_type_override | enum | Override for the model type used in anomaly detection. Allowed enum values: `freshness,percentage,any` | | Option 3 | name [*required*] | string | Name of the query for use in formulas. | | Option 3 | schema_version | string | Schema version for the data quality query. | | Option 3 | scope | string | Optional scoping expression to further filter metrics. Uses metrics filter syntax. This is useful when an entity has been configured to emit metrics with additional tags. | | variables | Option 4 | object | A formula and functions data jobs query. | | Option 4 | job_type [*required*] | string | The type of job being monitored. Valid values include: `databricks.job`, `spark.application`, `airflow.dag`, `dbt.job`, `dbt.model`, `dbt.test`, `glue.job`. Custom job types are supported with the `custom.ol.` prefix. | | Option 4 | jobs_query [*required*] | string | Filter expression used to select the jobs to monitor. | | Option 4 | name [*required*] | string | Name of the query for use in formulas. Must be `run_query`. | | Option 4 | query_dialect [*required*] | string | Query dialect for data jobs queries. Currently only `metric` is supported. | | variables | Option 5 | object | A formula and functions aggregate augmented query. Used to enrich base query results with data from a reference table. | | Option 5 | augment_query [*required*] | | Augment query for aggregate augmented queries. Can be an events query or a reference table query. | | augment_query | Option 1 | object | A formula and functions events query. | | Option 1 | compute [*required*] | object | Compute options. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 1 | data_source [*required*] | enum | Data source for event platform-based queries. Allowed enum values: `rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network,network_path` | | Option 1 | group_by | [object] | Group by options. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 1 | indexes | [string] | An array of index names to query in the stream. Omit or use `[]` to query all indexes at once. | | Option 1 | name [*required*] | string | Name of the query for use in formulas. | | Option 1 | search | object | Search options. | | search | query [*required*] | string | Events search string. | | augment_query | Option 2 | object | A reference table query for use in aggregate queries. | | Option 2 | columns | [object] | List of columns to retrieve from the reference table. | | columns | alias | string | Optional alias for the column. | | columns | name [*required*] | string | Name of the column. | | Option 2 | data_source [*required*] | enum | Data source for reference table queries. Allowed enum values: `reference_table` | | Option 2 | name | string | Name of the query. | | Option 2 | query_filter | string | Optional filter expression for the reference table query. | | Option 2 | table_name [*required*] | string | Name of the reference table. | | Option 5 | base_query [*required*] | | Base query for aggregate queries. Can be an events query or a metrics query. | | base_query | Option 1 | object | A formula and functions events query. | | Option 1 | compute [*required*] | object | Compute options. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 1 | data_source [*required*] | enum | Data source for event platform-based queries. Allowed enum values: `rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network,network_path` | | Option 1 | group_by | [object] | Group by options. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 1 | indexes | [string] | An array of index names to query in the stream. Omit or use `[]` to query all indexes at once. | | Option 1 | name [*required*] | string | Name of the query for use in formulas. | | Option 1 | search | object | Search options. | | search | query [*required*] | string | Events search string. | | base_query | Option 2 | object | A formula and functions metrics query for use in aggregate queries. | | Option 2 | aggregator | enum | Aggregator for metrics queries. Allowed enum values: `avg,min,max,sum,last,mean,area,l2norm,percentile,stddev` | | Option 2 | data_source [*required*] | enum | Data source for metrics queries. Allowed enum values: `metrics,cloud_cost,datadog_usage` | | Option 2 | name | string | Name of the query for use in formulas. | | Option 2 | query [*required*] | string | The metrics query definition. | | Option 5 | compute [*required*] | [object] | Compute options for the query. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 5 | data_source [*required*] | enum | Data source for aggregate augmented queries. Allowed enum values: `aggregate_augmented_query` | | Option 5 | group_by [*required*] | [object] | Group by options for the query. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 5 | join_condition [*required*] | object | Join condition for aggregate augmented queries. | | join_condition | augment_attribute [*required*] | string | Attribute from the augment query to join on. | | join_condition | base_attribute [*required*] | string | Attribute from the base query to join on. | | join_condition | join_type [*required*] | enum | Join type for aggregate query join conditions. Allowed enum values: `inner,left` | | Option 5 | name | string | Name of the query for use in formulas. | | variables | Option 6 | object | A formula and functions aggregate filtered query. Used to filter base query results using data from another source. | | Option 6 | base_query [*required*] | | Base query for aggregate queries. Can be an events query or a metrics query. | | base_query | Option 1 | object | A formula and functions events query. | | Option 1 | compute [*required*] | object | Compute options. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 1 | data_source [*required*] | enum | Data source for event platform-based queries. Allowed enum values: `rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network,network_path` | | Option 1 | group_by | [object] | Group by options. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 1 | indexes | [string] | An array of index names to query in the stream. Omit or use `[]` to query all indexes at once. | | Option 1 | name [*required*] | string | Name of the query for use in formulas. | | Option 1 | search | object | Search options. | | search | query [*required*] | string | Events search string. | | base_query | Option 2 | object | A formula and functions metrics query for use in aggregate queries. | | Option 2 | aggregator | enum | Aggregator for metrics queries. Allowed enum values: `avg,min,max,sum,last,mean,area,l2norm,percentile,stddev` | | Option 2 | data_source [*required*] | enum | Data source for metrics queries. Allowed enum values: `metrics,cloud_cost,datadog_usage` | | Option 2 | name | string | Name of the query for use in formulas. | | Option 2 | query [*required*] | string | The metrics query definition. | | Option 6 | compute | [object] | Compute options for the query. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 6 | data_source [*required*] | enum | Data source for aggregate filtered queries. Allowed enum values: `aggregate_filtered_query` | | Option 6 | filter_query [*required*] | | Filter query for aggregate filtered queries. Can be an events query or a reference table query. | | filter_query | Option 1 | object | A formula and functions events query. | | Option 1 | compute [*required*] | object | Compute options. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 1 | data_source [*required*] | enum | Data source for event platform-based queries. Allowed enum values: `rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network,network_path` | | Option 1 | group_by | [object] | Group by options. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 1 | indexes | [string] | An array of index names to query in the stream. Omit or use `[]` to query all indexes at once. | | Option 1 | name [*required*] | string | Name of the query for use in formulas. | | Option 1 | search | object | Search options. | | search | query [*required*] | string | Events search string. | | filter_query | Option 2 | object | A reference table query for use in aggregate queries. | | Option 2 | columns | [object] | List of columns to retrieve from the reference table. | | columns | alias | string | Optional alias for the column. | | columns | name [*required*] | string | Name of the column. | | Option 2 | data_source [*required*] | enum | Data source for reference table queries. Allowed enum values: `reference_table` | | Option 2 | name | string | Name of the query. | | Option 2 | query_filter | string | Optional filter expression for the reference table query. | | Option 2 | table_name [*required*] | string | Name of the reference table. | | Option 6 | filters [*required*] | [object] | Filter conditions for the query. | | filters | base_attribute [*required*] | string | Attribute from the base query to filter on. | | filters | exclude | boolean | Whether to exclude matching records instead of including them. | | filters | filter_attribute [*required*] | string | Attribute from the filter query to match against. | | Option 6 | group_by | [object] | Group by options for the query. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 6 | name | string | Name of the query for use in formulas. | | | overall_state | enum | The different states your monitor can be in. Allowed enum values: `Alert,Ignored,No Data,OK,Skipped,Unknown,Warn` | | | priority | int64 | Integer from 1 (high) to 5 (low) indicating alert severity. | | | query [*required*] | string | The monitor query. | | | restricted_roles | [string] | A list of unique role identifiers to define which roles are allowed to edit the monitor. The unique identifiers for all roles can be pulled from the [Roles API](https://docs.datadoghq.com/api/latest/roles.md#list-roles) and are located in the `data.id` field. Editing a monitor includes any updates to the monitor configuration, monitor deletion, and muting of the monitor for any amount of time. You can use the [Restriction Policies API](https://docs.datadoghq.com/api/latest/restriction-policies.md) to manage write authorization for individual monitors by teams and users, in addition to roles. | | | state | object | Wrapper object with the different monitor states. | | state | groups | object | Dictionary where the keys are groups (comma separated lists of tags) and the values are the list of groups your monitor is broken down on. | | additionalProperties | | object | Monitor state for a single group. | | | last_nodata_ts | int64 | Latest timestamp the monitor was in NO_DATA state. | | | last_notified_ts | int64 | Latest timestamp of the notification sent for this monitor group. | | | last_resolved_ts | int64 | Latest timestamp the monitor group was resolved. | | | last_triggered_ts | int64 | Latest timestamp the monitor group triggered. | | | name | string | The name of the monitor. | | | status | enum | The different states your monitor can be in. Allowed enum values: `Alert,Ignored,No Data,OK,Skipped,Unknown,Warn` | | | tags | [string] | Tags associated to your monitor. | | | type [*required*] | enum | The type of the monitor. For more information about `type`, see the [monitor options](https://docs.datadoghq.com/monitors/guide/monitor_api_options.md) docs. Allowed enum values: `composite,event alert,log alert,metric alert,process alert,query alert,rum alert,service check,synthetics alert,trace-analytics alert` | {% /tab %} {% tab title="Example" %} ##### ```json { "name": "Example Monitor", "type": "cost alert", "query": "formula(\"exclude_null(query1)\").last(\"7d\").anomaly(direction=\"above\", threshold=10) >= 5", "message": "some message Notify: @hipchat-channel", "tags": [ "test:examplemonitor", "env:ci" ], "priority": 3, "options": { "thresholds": { "critical": 5, "warning": 3 }, "variables": [ { "data_source": "cloud_cost", "query": "sum:aws.cost.net.amortized.shared.resources.allocated{aws_product IN (amplify ,athena, backup, bedrock ) } by {aws_product}.rollup(sum, 86400)", "name": "query1", "aggregator": "sum" } ], "include_tags": true } } ``` ##### ```json { "name": "Example-Monitor", "type": "data-jobs alert", "query": "formula(\"failed_runs(run_query)\").by(job_name,workspace_name).last(10d) > 0", "message": "Data jobs alert triggered", "tags": [ "test:examplemonitor", "env:ci" ], "options": { "thresholds": { "critical": 0 }, "variables": [ { "name": "run_query", "jobs_query": "job_name:*", "job_type": "databricks.job", "query_dialect": "metric" } ] } } ``` ##### ```json { "name": "Example-Monitor", "type": "data-quality alert", "query": "formula(\"query1\").last(\"5m\") > 100", "message": "Data quality alert triggered", "tags": [ "test:examplemonitor", "env:ci" ], "priority": 3, "options": { "thresholds": { "critical": 100 }, "variables": [ { "name": "query1", "data_source": "data_quality_metrics", "measure": "row_count", "filter": "search for column where `database:production AND table:users`", "group_by": [ "entity_id" ] } ] } } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} Object describing a monitor. | Parent field | Field | Type | Description | | -------------------- | ----------------------------------- | --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | assets | [object] | The list of monitor assets tied to a monitor, which represents key links for users to take action on monitor alerts (for example, runbooks). | | assets | category [*required*] | enum | Indicates the type of asset this entity represents on a monitor. Allowed enum values: `runbook` | | assets | name [*required*] | string | Name for the monitor asset | | assets | resource_key | string | Represents the identifier of the internal Datadog resource that this asset represents. IDs in this field should be passed in as strings. | | assets | resource_type | enum | Type of internal Datadog resource associated with a monitor asset. Allowed enum values: `notebook` | | assets | url [*required*] | string | URL link for the asset. For links with an internal resource type set, this should be the relative path to where the Datadog domain is appended internally. For external links, this should be the full URL path. | | | created | date-time | Timestamp of the monitor creation. | | | creator | object | Object describing the creator of the shared element. | | creator | email | string | Email of the creator. | | creator | handle | string | Handle of the creator. | | creator | name | string | Name of the creator. | | | deleted | date-time | Whether or not the monitor is deleted. (Always `null`) | | | draft_status | enum | Indicates whether the monitor is in a draft or published state. | `draft`: The monitor appears as Draft and does not send notifications. `published`: The monitor is active and evaluates conditions and notify as configured. | This field is in preview. The draft value is only available to customers with the feature enabled. Allowed enum values: `draft,published` | | | id | int64 | ID of this monitor. | | | matching_downtimes | [object] | A list of active v1 downtimes that match this monitor. | | matching_downtimes | end | int64 | POSIX timestamp to end the downtime. | | matching_downtimes | id [*required*] | int64 | The downtime ID. | | matching_downtimes | scope | [string] | The scope(s) to which the downtime applies. Must be in `key:value` format. For example, `host:app2`. Provide multiple scopes as a comma-separated list like `env:dev,env:prod`. The resulting downtime applies to sources that matches ALL provided scopes (`env:dev` **AND** `env:prod`). | | matching_downtimes | start | int64 | POSIX timestamp to start the downtime. | | | message | string | A message to include with notifications for this monitor. | | | modified | date-time | Last timestamp when the monitor was edited. | | | multi | boolean | Whether or not the monitor is broken down on different groups. | | | name | string | The monitor name. | | | options | object | List of options associated with your monitor. | | options | aggregation | object | Type of aggregation performed in the monitor query. | | aggregation | group_by | string | Group to break down the monitor on. | | aggregation | metric | string | Metric name used in the monitor. | | aggregation | type | string | Metric type used in the monitor. | | options | device_ids | [string] | **DEPRECATED**: IDs of the device the Synthetics monitor is running on. | | options | enable_logs_sample | boolean | Whether or not to send a log sample when the log monitor triggers. | | options | enable_samples | boolean | Whether or not to send a list of samples when the monitor triggers. This is only used by CI Test and Pipeline monitors. | | options | escalation_message | string | We recommend using the [is_renotify](https://docs.datadoghq.com/monitors/notify.md?tab=is_alert#renotify), block in the original message instead. A message to include with a re-notification. Supports the `@username` notification we allow elsewhere. Not applicable if `renotify_interval` is `None`. | | options | evaluation_delay | int64 | Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to `300` (5min), the timeframe is set to `last_5m` and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. | | options | group_retention_duration | string | The time span after which groups with missing data are dropped from the monitor state. The minimum value is one hour, and the maximum value is 72 hours. Example values are: "60m", "1h", and "2d". This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors. | | options | groupby_simple_monitor | boolean | **DEPRECATED**: Whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. Use `notify_by` instead. | | options | include_tags | boolean | A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. | **Examples** | | options | locked | boolean | **DEPRECATED**: Whether or not the monitor is locked (only editable by creator and admins). Use `restricted_roles` instead. | | options | min_failure_duration | int64 | How long the test should be in failure before alerting (integer, number of seconds, max 7200). | | options | min_location_failed | int64 | The minimum number of locations in failure at the same time during at least one moment in the `min_failure_duration` period (`min_location_failed` and `min_failure_duration` are part of the advanced alerting rules - integer, >= 1). | | options | new_group_delay | int64 | Time (in seconds) to skip evaluations for new groups. | For example, this option can be used to skip evaluations for new hosts while they initialize. | Must be a non negative integer. | | options | new_host_delay | int64 | **DEPRECATED**: Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of monitor results. Should be a non negative integer. | Use new_group_delay instead. | | options | no_data_timeframe | int64 | The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the monitor timeframe for query alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe is used for query alerts, and 24 hours is used for service checks. | | options | notification_preset_name | enum | Toggles the display of additional content sent in the monitor notification. Allowed enum values: `show_all,hide_query,hide_handles,hide_all,hide_query_and_handles,show_only_snapshot,hide_handles_and_footer` | | options | notify_audit | boolean | A Boolean indicating whether tagged users is notified on changes to this monitor. | | options | notify_by | [string] | Controls what granularity a monitor alerts on. Only available for monitors with groupings. For instance, a monitor grouped by `cluster`, `namespace`, and `pod` can be configured to only notify on each new `cluster` violating the alert conditions by setting `notify_by` to `["cluster"]`. Tags mentioned in `notify_by` must be a subset of the grouping tags in the query. For example, a query grouped by `cluster` and `namespace` cannot notify on `region`. Setting `notify_by` to `["*"]` configures the monitor to notify as a simple-alert. | | options | notify_no_data | boolean | A Boolean indicating whether this monitor notifies when data stops reporting. Defaults to `false`. | | options | on_missing_data | enum | Controls how groups or monitors are treated if an evaluation does not return any data points. The default option results in different behavior depending on the monitor query type. For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors. Allowed enum values: `default,show_no_data,show_and_notify_no_data,resolve` | | options | renotify_interval | int64 | The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it's not resolved. | | options | renotify_occurrences | int64 | The number of times re-notification messages should be sent on the current status at the provided re-notification interval. | | options | renotify_statuses | [string] | The types of monitor statuses for which re-notification messages are sent. Default: **null** if `renotify_interval` is **null**. If `renotify_interval` is set, defaults to renotify on `Alert` and `No Data`. | | options | require_full_window | boolean | A Boolean indicating whether this monitor needs a full window of data before it's evaluated. We highly recommend you set this to `false` for sparse metrics, otherwise some evaluations are skipped. Default is false. This setting only applies to metric monitors. | | options | scheduling_options | object | Configuration options for scheduling. | | scheduling_options | custom_schedule | object | Configuration options for the custom schedule. **This feature is in private beta.** | | custom_schedule | recurrences | [object] | Array of custom schedule recurrences. | | recurrences | rrule | string | Defines the recurrence rule (RRULE) for a given schedule. | | recurrences | start | string | Defines the start date and time of the recurring schedule. | | recurrences | timezone | string | Defines the timezone the schedule runs on. | | scheduling_options | evaluation_window | object | Configuration options for the evaluation window. If `hour_starts` is set, no other fields may be set. Otherwise, `day_starts` and `month_starts` must be set together. | | evaluation_window | day_starts | string | The time of the day at which a one day cumulative evaluation window starts. | | evaluation_window | hour_starts | int32 | The minute of the hour at which a one hour cumulative evaluation window starts. | | evaluation_window | month_starts | int32 | The day of the month at which a one month cumulative evaluation window starts. | | evaluation_window | timezone | string | The timezone of the time of the day of the cumulative evaluation window start. | | options | silenced | object | **DEPRECATED**: Information about the downtime applied to the monitor. Only shows v1 downtimes. | | additionalProperties | | int64 | UTC epoch timestamp in seconds when the downtime for the group expires. | | options | synthetics_check_id | string | **DEPRECATED**: ID of the corresponding Synthetic check. | | options | threshold_windows | object | Alerting time window options. | | threshold_windows | recovery_window | string | Describes how long an anomalous metric must be normal before the alert recovers. | | threshold_windows | trigger_window | string | Describes how long a metric must be anomalous before an alert triggers. | | options | thresholds | object | List of the different monitor threshold available. | | thresholds | critical | double | The monitor `CRITICAL` threshold. | | thresholds | critical_query | string | Query evaluated as a dynamic `CRITICAL` threshold. Only supported on metric monitors with a formula query and options['variables']. Cannot be combined with static thresholds. This field is in preview. | | thresholds | critical_recovery | double | The monitor `CRITICAL` recovery threshold. | | thresholds | critical_recovery_query | string | Query evaluated as a dynamic `CRITICAL` recovery threshold. Only supported on metric monitors with a formula query and options['variables']. Cannot be combined with static thresholds. This field is in preview. | | thresholds | ok | double | The monitor `OK` threshold. | | thresholds | unknown | double | The monitor UNKNOWN threshold. | | thresholds | warning | double | The monitor `WARNING` threshold. | | thresholds | warning_recovery | double | The monitor `WARNING` recovery threshold. | | options | timeout_h | int64 | The number of hours of the monitor not reporting data before it automatically resolves from a triggered state. The minimum allowed value is 0 hours. The maximum allowed value is 24 hours. | | options | variables | [ ] | List of requests that can be used in the monitor query. **This feature is currently in beta.** | | variables | Option 1 | object | A formula and functions events query. | | Option 1 | compute [*required*] | object | Compute options. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 1 | data_source [*required*] | enum | Data source for event platform-based queries. Allowed enum values: `rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network,network_path` | | Option 1 | group_by | [object] | Group by options. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 1 | indexes | [string] | An array of index names to query in the stream. Omit or use `[]` to query all indexes at once. | | Option 1 | name [*required*] | string | Name of the query for use in formulas. | | Option 1 | search | object | Search options. | | search | query [*required*] | string | Events search string. | | variables | Option 2 | object | A formula and functions cost query. | | Option 2 | aggregator | enum | Aggregation methods for metric queries. Allowed enum values: `avg,sum,max,min,last,area,l2norm,percentile,stddev` | | Option 2 | data_source [*required*] | enum | Data source for cost queries. Allowed enum values: `metrics,cloud_cost,datadog_usage` | | Option 2 | name [*required*] | string | Name of the query for use in formulas. | | Option 2 | query [*required*] | string | The monitor query. | | variables | Option 3 | object | A formula and functions data quality query. | | Option 3 | data_source [*required*] | enum | Data source for data quality queries. Allowed enum values: `data_quality_metrics` | | Option 3 | filter [*required*] | string | Filter expression used to match on data entities. Uses Aastra query syntax. | | Option 3 | group_by | [string] | Optional grouping fields for aggregation. | | Option 3 | measure [*required*] | string | The data quality measure to query. Common values include: `bytes`, `cardinality`, `custom`, `freshness`, `max`, `mean`, `min`, `nullness`, `percent_negative`, `percent_zero`, `row_count`, `stddev`, `sum`, `uniqueness`. Additional values may be supported. | | Option 3 | monitor_options | object | Monitor configuration options for data quality queries. | | monitor_options | crontab_override | string | Crontab expression to override the default schedule. | | monitor_options | custom_sql | string | Custom SQL query for the monitor. | | monitor_options | custom_where | string | Custom WHERE clause for the query. | | monitor_options | group_by_columns | [string] | Columns to group results by. | | monitor_options | model_type_override | enum | Override for the model type used in anomaly detection. Allowed enum values: `freshness,percentage,any` | | Option 3 | name [*required*] | string | Name of the query for use in formulas. | | Option 3 | schema_version | string | Schema version for the data quality query. | | Option 3 | scope | string | Optional scoping expression to further filter metrics. Uses metrics filter syntax. This is useful when an entity has been configured to emit metrics with additional tags. | | variables | Option 4 | object | A formula and functions data jobs query. | | Option 4 | job_type [*required*] | string | The type of job being monitored. Valid values include: `databricks.job`, `spark.application`, `airflow.dag`, `dbt.job`, `dbt.model`, `dbt.test`, `glue.job`. Custom job types are supported with the `custom.ol.` prefix. | | Option 4 | jobs_query [*required*] | string | Filter expression used to select the jobs to monitor. | | Option 4 | name [*required*] | string | Name of the query for use in formulas. Must be `run_query`. | | Option 4 | query_dialect [*required*] | string | Query dialect for data jobs queries. Currently only `metric` is supported. | | variables | Option 5 | object | A formula and functions aggregate augmented query. Used to enrich base query results with data from a reference table. | | Option 5 | augment_query [*required*] | | Augment query for aggregate augmented queries. Can be an events query or a reference table query. | | augment_query | Option 1 | object | A formula and functions events query. | | Option 1 | compute [*required*] | object | Compute options. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 1 | data_source [*required*] | enum | Data source for event platform-based queries. Allowed enum values: `rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network,network_path` | | Option 1 | group_by | [object] | Group by options. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 1 | indexes | [string] | An array of index names to query in the stream. Omit or use `[]` to query all indexes at once. | | Option 1 | name [*required*] | string | Name of the query for use in formulas. | | Option 1 | search | object | Search options. | | search | query [*required*] | string | Events search string. | | augment_query | Option 2 | object | A reference table query for use in aggregate queries. | | Option 2 | columns | [object] | List of columns to retrieve from the reference table. | | columns | alias | string | Optional alias for the column. | | columns | name [*required*] | string | Name of the column. | | Option 2 | data_source [*required*] | enum | Data source for reference table queries. Allowed enum values: `reference_table` | | Option 2 | name | string | Name of the query. | | Option 2 | query_filter | string | Optional filter expression for the reference table query. | | Option 2 | table_name [*required*] | string | Name of the reference table. | | Option 5 | base_query [*required*] | | Base query for aggregate queries. Can be an events query or a metrics query. | | base_query | Option 1 | object | A formula and functions events query. | | Option 1 | compute [*required*] | object | Compute options. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 1 | data_source [*required*] | enum | Data source for event platform-based queries. Allowed enum values: `rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network,network_path` | | Option 1 | group_by | [object] | Group by options. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 1 | indexes | [string] | An array of index names to query in the stream. Omit or use `[]` to query all indexes at once. | | Option 1 | name [*required*] | string | Name of the query for use in formulas. | | Option 1 | search | object | Search options. | | search | query [*required*] | string | Events search string. | | base_query | Option 2 | object | A formula and functions metrics query for use in aggregate queries. | | Option 2 | aggregator | enum | Aggregator for metrics queries. Allowed enum values: `avg,min,max,sum,last,mean,area,l2norm,percentile,stddev` | | Option 2 | data_source [*required*] | enum | Data source for metrics queries. Allowed enum values: `metrics,cloud_cost,datadog_usage` | | Option 2 | name | string | Name of the query for use in formulas. | | Option 2 | query [*required*] | string | The metrics query definition. | | Option 5 | compute [*required*] | [object] | Compute options for the query. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 5 | data_source [*required*] | enum | Data source for aggregate augmented queries. Allowed enum values: `aggregate_augmented_query` | | Option 5 | group_by [*required*] | [object] | Group by options for the query. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 5 | join_condition [*required*] | object | Join condition for aggregate augmented queries. | | join_condition | augment_attribute [*required*] | string | Attribute from the augment query to join on. | | join_condition | base_attribute [*required*] | string | Attribute from the base query to join on. | | join_condition | join_type [*required*] | enum | Join type for aggregate query join conditions. Allowed enum values: `inner,left` | | Option 5 | name | string | Name of the query for use in formulas. | | variables | Option 6 | object | A formula and functions aggregate filtered query. Used to filter base query results using data from another source. | | Option 6 | base_query [*required*] | | Base query for aggregate queries. Can be an events query or a metrics query. | | base_query | Option 1 | object | A formula and functions events query. | | Option 1 | compute [*required*] | object | Compute options. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 1 | data_source [*required*] | enum | Data source for event platform-based queries. Allowed enum values: `rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network,network_path` | | Option 1 | group_by | [object] | Group by options. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 1 | indexes | [string] | An array of index names to query in the stream. Omit or use `[]` to query all indexes at once. | | Option 1 | name [*required*] | string | Name of the query for use in formulas. | | Option 1 | search | object | Search options. | | search | query [*required*] | string | Events search string. | | base_query | Option 2 | object | A formula and functions metrics query for use in aggregate queries. | | Option 2 | aggregator | enum | Aggregator for metrics queries. Allowed enum values: `avg,min,max,sum,last,mean,area,l2norm,percentile,stddev` | | Option 2 | data_source [*required*] | enum | Data source for metrics queries. Allowed enum values: `metrics,cloud_cost,datadog_usage` | | Option 2 | name | string | Name of the query for use in formulas. | | Option 2 | query [*required*] | string | The metrics query definition. | | Option 6 | compute | [object] | Compute options for the query. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 6 | data_source [*required*] | enum | Data source for aggregate filtered queries. Allowed enum values: `aggregate_filtered_query` | | Option 6 | filter_query [*required*] | | Filter query for aggregate filtered queries. Can be an events query or a reference table query. | | filter_query | Option 1 | object | A formula and functions events query. | | Option 1 | compute [*required*] | object | Compute options. | | compute | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | compute | interval | int64 | A time interval in milliseconds. | | compute | metric | string | Measurable attribute to compute. | | compute | name | string | The name assigned to this aggregation, when multiple aggregations are defined for a query. | | compute | source | string | Source reference for composite query payloads. | | Option 1 | data_source [*required*] | enum | Data source for event platform-based queries. Allowed enum values: `rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network,network_path` | | Option 1 | group_by | [object] | Group by options. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 1 | indexes | [string] | An array of index names to query in the stream. Omit or use `[]` to query all indexes at once. | | Option 1 | name [*required*] | string | Name of the query for use in formulas. | | Option 1 | search | object | Search options. | | search | query [*required*] | string | Events search string. | | filter_query | Option 2 | object | A reference table query for use in aggregate queries. | | Option 2 | columns | [object] | List of columns to retrieve from the reference table. | | columns | alias | string | Optional alias for the column. | | columns | name [*required*] | string | Name of the column. | | Option 2 | data_source [*required*] | enum | Data source for reference table queries. Allowed enum values: `reference_table` | | Option 2 | name | string | Name of the query. | | Option 2 | query_filter | string | Optional filter expression for the reference table query. | | Option 2 | table_name [*required*] | string | Name of the reference table. | | Option 6 | filters [*required*] | [object] | Filter conditions for the query. | | filters | base_attribute [*required*] | string | Attribute from the base query to filter on. | | filters | exclude | boolean | Whether to exclude matching records instead of including them. | | filters | filter_attribute [*required*] | string | Attribute from the filter query to match against. | | Option 6 | group_by | [object] | Group by options for the query. | | group_by | facet [*required*] | string | Event facet. | | group_by | limit | int64 | Number of groups to return. | | group_by | sort | object | Options for sorting group by results. | | sort | aggregation [*required*] | enum | Aggregation methods for event platform queries. Allowed enum values: `count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min` | | sort | metric | string | Metric used for sorting group by results. | | sort | order | enum | Direction of sort. Allowed enum values: `asc,desc` | | group_by | source | string | Source reference for composite query payloads. | | Option 6 | name | string | Name of the query for use in formulas. | | | overall_state | enum | The different states your monitor can be in. Allowed enum values: `Alert,Ignored,No Data,OK,Skipped,Unknown,Warn` | | | priority | int64 | Integer from 1 (high) to 5 (low) indicating alert severity. | | | query [*required*] | string | The monitor query. | | | restricted_roles | [string] | A list of unique role identifiers to define which roles are allowed to edit the monitor. The unique identifiers for all roles can be pulled from the [Roles API](https://docs.datadoghq.com/api/latest/roles.md#list-roles) and are located in the `data.id` field. Editing a monitor includes any updates to the monitor configuration, monitor deletion, and muting of the monitor for any amount of time. You can use the [Restriction Policies API](https://docs.datadoghq.com/api/latest/restriction-policies.md) to manage write authorization for individual monitors by teams and users, in addition to roles. | | | state | object | Wrapper object with the different monitor states. | | state | groups | object | Dictionary where the keys are groups (comma separated lists of tags) and the values are the list of groups your monitor is broken down on. | | additionalProperties | | object | Monitor state for a single group. | | | last_nodata_ts | int64 | Latest timestamp the monitor was in NO_DATA state. | | | last_notified_ts | int64 | Latest timestamp of the notification sent for this monitor group. | | | last_resolved_ts | int64 | Latest timestamp the monitor group was resolved. | | | last_triggered_ts | int64 | Latest timestamp the monitor group triggered. | | | name | string | The name of the monitor. | | | status | enum | The different states your monitor can be in. Allowed enum values: `Alert,Ignored,No Data,OK,Skipped,Unknown,Warn` | | | tags | [string] | Tags associated to your monitor. | | | type [*required*] | enum | The type of the monitor. For more information about `type`, see the [monitor options](https://docs.datadoghq.com/monitors/guide/monitor_api_options.md) docs. Allowed enum values: `composite,event alert,log alert,metric alert,process alert,query alert,rum alert,service check,synthetics alert,trace-analytics alert` | {% /tab %} {% tab title="Example" %} ```json { "assets": [ { "category": "runbook", "name": "Monitor Runbook", "resource_key": "12345", "resource_type": "string", "url": "/notebooks/12345" } ], "created": "2019-09-19T10:00:00.000Z", "creator": { "email": "string", "handle": "string", "name": "string" }, "deleted": "2019-09-19T10:00:00.000Z", "draft_status": "string", "id": "integer", "matching_downtimes": [ { "end": 1412792983, "id": 1625, "scope": [ "env:staging" ], "start": 1412792983 } ], "message": "string", "modified": "2019-09-19T10:00:00.000Z", "multi": false, "name": "My monitor", "options": { "aggregation": { "group_by": "host", "metric": "metrics.name", "type": "count" }, "device_ids": [], "enable_logs_sample": false, "enable_samples": false, "escalation_message": "string", "evaluation_delay": "integer", "group_retention_duration": "string", "groupby_simple_monitor": false, "include_tags": false, "locked": false, "min_failure_duration": "integer", "min_location_failed": "integer", "new_group_delay": "integer", "new_host_delay": "integer", "no_data_timeframe": "integer", "notification_preset_name": "string", "notify_audit": false, "notify_by": [], "notify_no_data": false, "on_missing_data": "string", "renotify_interval": "integer", "renotify_occurrences": "integer", "renotify_statuses": [], "require_full_window": false, "scheduling_options": { "custom_schedule": { "recurrences": [ { "rrule": "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR", "start": "2023-08-31T16:30:00", "timezone": "Europe/Paris" } ] }, "evaluation_window": { "day_starts": "04:00", "hour_starts": 0, "month_starts": 1, "timezone": "Europe/Paris" } }, "silenced": { "": "integer" }, "synthetics_check_id": "string", "threshold_windows": { "recovery_window": "string", "trigger_window": "string" }, "thresholds": { "critical": "number", "critical_query": "formula(\"2 * query1\").rollup(\"avg\").last(\"6mo\")", "critical_recovery": "number", "critical_recovery_query": "formula(\"1.5 * query1\").rollup(\"avg\").last(\"3mo\")", "ok": "number", "unknown": "number", "warning": "number", "warning_recovery": "number" }, "timeout_h": "integer", "variables": [ { "compute": { "aggregation": "avg", "interval": 60000, "metric": "@duration", "name": "compute_result", "source": "filter_query" }, "data_source": "rum", "group_by": [ { "facet": "status", "limit": 10, "sort": { "aggregation": "avg", "metric": "string", "order": "string" }, "source": "filter_query" } ], "indexes": [ "days-3", "days-7" ], "name": "query_errors", "search": { "query": "service:query" } } ] }, "overall_state": "string", "priority": "integer", "query": "avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100", "restricted_roles": [], "state": { "groups": { "": { "last_nodata_ts": "integer", "last_notified_ts": "integer", "last_resolved_ts": "integer", "last_triggered_ts": "integer", "name": "string", "status": "string" } } }, "tags": [], "type": "query alert" } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} Error response object. | Field | Type | Description | | ------------------------ | -------- | ------------------------------------ | | errors [*required*] | [string] | Array of errors returned by the API. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Forbidden {% tab title="Model" %} Error response object. | Field | Type | Description | | ------------------------ | -------- | ------------------------------------ | | errors [*required*] | [string] | Array of errors returned by the API. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} Error response object. | Field | Type | Description | | ------------------------ | -------- | ------------------------------------ | | errors [*required*] | [string] | Array of errors returned by the API. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v1/monitor" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "message": "You may need to add web hosts if this is consistently high.", "name": "Bytes received on host0", "options": { "no_data_timeframe": 20, "notify_no_data": true }, "priority": 3, "query": "avg(last_5m):sum:system.net.bytes_rcvd{host:host0} \u003e 100", "tags": [ "app:webserver", "frontend" ], "type": "query alert" } EOF ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v1/monitor" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "message": "You may need to add web hosts if this is consistently high.", "name": "Bytes received on host0", "options": { "no_data_timeframe": 20, "notify_no_data": true }, "priority": 3, "query": "avg(last_5m):sum:system.net.bytes_rcvd{host:host0} \u003e 100", "tags": [ "app:webserver", "frontend" ], "type": "query alert" } EOF ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v1/monitor" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "message": "You may need to add web hosts if this is consistently high.", "name": "Bytes received on host0", "options": { "no_data_timeframe": 20, "notify_no_data": true }, "priority": 3, "query": "avg(last_5m):sum:system.net.bytes_rcvd{host:host0} \u003e 100", "tags": [ "app:webserver", "frontend" ], "type": "query alert" } EOF ##### ```go // Create a Cost Monitor returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV1" ) func main() { body := datadogV1.Monitor{ Name: datadog.PtrString("Example Monitor"), Type: datadogV1.MONITORTYPE_COST_ALERT, Query: `formula("exclude_null(query1)").last("7d").anomaly(direction="above", threshold=10) >= 5`, Message: datadog.PtrString("some message Notify: @hipchat-channel"), Tags: []string{ "test:examplemonitor", "env:ci", }, Priority: *datadog.NewNullableInt64(datadog.PtrInt64(3)), Options: &datadogV1.MonitorOptions{ Thresholds: &datadogV1.MonitorThresholds{ Critical: datadog.PtrFloat64(5), Warning: *datadog.NewNullableFloat64(datadog.PtrFloat64(3)), }, Variables: []datadogV1.MonitorFormulaAndFunctionQueryDefinition{ datadogV1.MonitorFormulaAndFunctionQueryDefinition{ MonitorFormulaAndFunctionCostQueryDefinition: &datadogV1.MonitorFormulaAndFunctionCostQueryDefinition{ DataSource: datadogV1.MONITORFORMULAANDFUNCTIONCOSTDATASOURCE_CLOUD_COST, Query: "sum:aws.cost.net.amortized.shared.resources.allocated{aws_product IN (amplify ,athena, backup, bedrock ) } by {aws_product}.rollup(sum, 86400)", Name: "query1", Aggregator: datadogV1.MONITORFORMULAANDFUNCTIONCOSTAGGREGATOR_SUM.Ptr(), }}, }, IncludeTags: datadog.PtrBool(true), }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV1.NewMonitorsApi(apiClient) resp, r, err := api.CreateMonitor(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `MonitorsApi.CreateMonitor`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `MonitorsApi.CreateMonitor`:\n%s\n", responseContent) } ``` ##### ```go // Create a Data Quality monitor returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV1" ) func main() { body := datadogV1.Monitor{ Name: datadog.PtrString("Example-Monitor"), Type: datadogV1.MONITORTYPE_DATA_QUALITY_ALERT, Query: `formula("query1").last("5m") > 100`, Message: datadog.PtrString("Data quality alert triggered"), Tags: []string{ "test:examplemonitor", "env:ci", }, Priority: *datadog.NewNullableInt64(datadog.PtrInt64(3)), Options: &datadogV1.MonitorOptions{ Thresholds: &datadogV1.MonitorThresholds{ Critical: datadog.PtrFloat64(100), }, Variables: []datadogV1.MonitorFormulaAndFunctionQueryDefinition{ datadogV1.MonitorFormulaAndFunctionQueryDefinition{ MonitorFormulaAndFunctionDataQualityQueryDefinition: &datadogV1.MonitorFormulaAndFunctionDataQualityQueryDefinition{ Name: "query1", DataSource: datadogV1.MONITORFORMULAANDFUNCTIONDATAQUALITYDATASOURCE_DATA_QUALITY_METRICS, Measure: "row_count", Filter: `search for column where ` + "`" + `database:production AND table:users` + "`", GroupBy: []string{ "entity_id", }, }}, }, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV1.NewMonitorsApi(apiClient) resp, r, err := api.CreateMonitor(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `MonitorsApi.CreateMonitor`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `MonitorsApi.CreateMonitor`:\n%s\n", responseContent) } ``` ##### ```go // Create a RUM formula and functions monitor returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV1" ) func main() { body := datadogV1.Monitor{ Name: datadog.PtrString("Example-Monitor"), Type: datadogV1.MONITORTYPE_RUM_ALERT, Query: `formula("query2 / query1 * 100").last("15m") >= 0.8`, Message: datadog.PtrString("some message Notify: @hipchat-channel"), Tags: []string{ "test:examplemonitor", "env:ci", }, Priority: *datadog.NewNullableInt64(datadog.PtrInt64(3)), Options: &datadogV1.MonitorOptions{ Thresholds: &datadogV1.MonitorThresholds{ Critical: datadog.PtrFloat64(0.8), }, Variables: []datadogV1.MonitorFormulaAndFunctionQueryDefinition{ datadogV1.MonitorFormulaAndFunctionQueryDefinition{ MonitorFormulaAndFunctionEventQueryDefinition: &datadogV1.MonitorFormulaAndFunctionEventQueryDefinition{ DataSource: datadogV1.MONITORFORMULAANDFUNCTIONEVENTSDATASOURCE_RUM, Name: "query2", Search: &datadogV1.MonitorFormulaAndFunctionEventQueryDefinitionSearch{ Query: "", }, Indexes: []string{ "*", }, Compute: datadogV1.MonitorFormulaAndFunctionEventQueryDefinitionCompute{ Aggregation: datadogV1.MONITORFORMULAANDFUNCTIONEVENTAGGREGATION_COUNT, }, GroupBy: []datadogV1.MonitorFormulaAndFunctionEventQueryGroupBy{}, }}, datadogV1.MonitorFormulaAndFunctionQueryDefinition{ MonitorFormulaAndFunctionEventQueryDefinition: &datadogV1.MonitorFormulaAndFunctionEventQueryDefinition{ DataSource: datadogV1.MONITORFORMULAANDFUNCTIONEVENTSDATASOURCE_RUM, Name: "query1", Search: &datadogV1.MonitorFormulaAndFunctionEventQueryDefinitionSearch{ Query: "status:error", }, Indexes: []string{ "*", }, Compute: datadogV1.MonitorFormulaAndFunctionEventQueryDefinitionCompute{ Aggregation: datadogV1.MONITORFORMULAANDFUNCTIONEVENTAGGREGATION_COUNT, }, GroupBy: []datadogV1.MonitorFormulaAndFunctionEventQueryGroupBy{}, }}, }, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV1.NewMonitorsApi(apiClient) resp, r, err := api.CreateMonitor(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `MonitorsApi.CreateMonitor`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `MonitorsApi.CreateMonitor`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Create a Cost Monitor returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v1.api.MonitorsApi; import com.datadog.api.client.v1.model.Monitor; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionCostAggregator; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionCostDataSource; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionCostQueryDefinition; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionQueryDefinition; import com.datadog.api.client.v1.model.MonitorOptions; import com.datadog.api.client.v1.model.MonitorThresholds; import com.datadog.api.client.v1.model.MonitorType; import java.util.Arrays; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); MonitorsApi apiInstance = new MonitorsApi(defaultClient); Monitor body = new Monitor() .name("Example Monitor") .type(MonitorType.COST_ALERT) .query( """ formula("exclude_null(query1)").last("7d").anomaly(direction="above", threshold=10) >= 5 """) .message("some message Notify: @hipchat-channel") .tags(Arrays.asList("test:examplemonitor", "env:ci")) .priority(3L) .options( new MonitorOptions() .thresholds(new MonitorThresholds().critical(5.0).warning(3.0)) .variables( Collections.singletonList( new MonitorFormulaAndFunctionQueryDefinition( new MonitorFormulaAndFunctionCostQueryDefinition() .dataSource(MonitorFormulaAndFunctionCostDataSource.CLOUD_COST) .query( "sum:aws.cost.net.amortized.shared.resources.allocated{aws_product" + " IN (amplify ,athena, backup, bedrock ) } by" + " {aws_product}.rollup(sum, 86400)") .name("query1") .aggregator(MonitorFormulaAndFunctionCostAggregator.SUM)))) .includeTags(true)); try { Monitor result = apiInstance.createMonitor(body); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling MonitorsApi#createMonitor"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` ##### ```java // Create a Data Quality monitor returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v1.api.MonitorsApi; import com.datadog.api.client.v1.model.Monitor; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionDataQualityDataSource; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionDataQualityQueryDefinition; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionQueryDefinition; import com.datadog.api.client.v1.model.MonitorOptions; import com.datadog.api.client.v1.model.MonitorThresholds; import com.datadog.api.client.v1.model.MonitorType; import java.util.Arrays; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); MonitorsApi apiInstance = new MonitorsApi(defaultClient); Monitor body = new Monitor() .name("Example-Monitor") .type(MonitorType.DATA_QUALITY_ALERT) .query(""" formula("query1").last("5m") > 100 """) .message("Data quality alert triggered") .tags(Arrays.asList("test:examplemonitor", "env:ci")) .priority(3L) .options( new MonitorOptions() .thresholds(new MonitorThresholds().critical(100.0)) .variables( Collections.singletonList( new MonitorFormulaAndFunctionQueryDefinition( new MonitorFormulaAndFunctionDataQualityQueryDefinition() .name("query1") .dataSource( MonitorFormulaAndFunctionDataQualityDataSource .DATA_QUALITY_METRICS) .measure("row_count") .filter( "search for column where `database:production AND" + " table:users`") .groupBy(Collections.singletonList("entity_id")))))); try { Monitor result = apiInstance.createMonitor(body); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling MonitorsApi#createMonitor"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` ##### ```java // Create a RUM formula and functions monitor returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v1.api.MonitorsApi; import com.datadog.api.client.v1.model.Monitor; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionEventAggregation; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionEventQueryDefinition; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionEventQueryDefinitionCompute; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionEventQueryDefinitionSearch; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionEventsDataSource; import com.datadog.api.client.v1.model.MonitorFormulaAndFunctionQueryDefinition; import com.datadog.api.client.v1.model.MonitorOptions; import com.datadog.api.client.v1.model.MonitorThresholds; import com.datadog.api.client.v1.model.MonitorType; import java.util.Arrays; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); MonitorsApi apiInstance = new MonitorsApi(defaultClient); Monitor body = new Monitor() .name("Example-Monitor") .type(MonitorType.RUM_ALERT) .query(""" formula("query2 / query1 * 100").last("15m") >= 0.8 """) .message("some message Notify: @hipchat-channel") .tags(Arrays.asList("test:examplemonitor", "env:ci")) .priority(3L) .options( new MonitorOptions() .thresholds(new MonitorThresholds().critical(0.8)) .variables( Arrays.asList( new MonitorFormulaAndFunctionQueryDefinition( new MonitorFormulaAndFunctionEventQueryDefinition() .dataSource(MonitorFormulaAndFunctionEventsDataSource.RUM) .name("query2") .search( new MonitorFormulaAndFunctionEventQueryDefinitionSearch() .query("")) .indexes(Collections.singletonList("*")) .compute( new MonitorFormulaAndFunctionEventQueryDefinitionCompute() .aggregation( MonitorFormulaAndFunctionEventAggregation.COUNT))), new MonitorFormulaAndFunctionQueryDefinition( new MonitorFormulaAndFunctionEventQueryDefinition() .dataSource(MonitorFormulaAndFunctionEventsDataSource.RUM) .name("query1") .search( new MonitorFormulaAndFunctionEventQueryDefinitionSearch() .query("status:error")) .indexes(Collections.singletonList("*")) .compute( new MonitorFormulaAndFunctionEventQueryDefinitionCompute() .aggregation( MonitorFormulaAndFunctionEventAggregation .COUNT)))))); try { Monitor result = apiInstance.createMonitor(body); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling MonitorsApi#createMonitor"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python from datadog import initialize, api options = { 'api_key': '', 'app_key': '' } initialize(**options) # Create a new monitor monitor_options = { "notify_no_data": True, "no_data_timeframe": 20 } tags = ["app:webserver", "frontend"] api.Monitor.create( type="query alert", query="avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100", name="Bytes received on host0", message="We may need to add web hosts if this is consistently high.", tags=tags, options=monitor_options ) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python-legacy) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python "example.py" ##### ```python """ Create a Cost Monitor returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v1.api.monitors_api import MonitorsApi from datadog_api_client.v1.model.monitor import Monitor from datadog_api_client.v1.model.monitor_formula_and_function_cost_aggregator import ( MonitorFormulaAndFunctionCostAggregator, ) from datadog_api_client.v1.model.monitor_formula_and_function_cost_data_source import ( MonitorFormulaAndFunctionCostDataSource, ) from datadog_api_client.v1.model.monitor_formula_and_function_cost_query_definition import ( MonitorFormulaAndFunctionCostQueryDefinition, ) from datadog_api_client.v1.model.monitor_options import MonitorOptions from datadog_api_client.v1.model.monitor_thresholds import MonitorThresholds from datadog_api_client.v1.model.monitor_type import MonitorType body = Monitor( name="Example Monitor", type=MonitorType.COST_ALERT, query='formula("exclude_null(query1)").last("7d").anomaly(direction="above", threshold=10) >= 5', message="some message Notify: @hipchat-channel", tags=[ "test:examplemonitor", "env:ci", ], priority=3, options=MonitorOptions( thresholds=MonitorThresholds( critical=5.0, warning=3.0, ), variables=[ MonitorFormulaAndFunctionCostQueryDefinition( data_source=MonitorFormulaAndFunctionCostDataSource.CLOUD_COST, query="sum:aws.cost.net.amortized.shared.resources.allocated{aws_product IN (amplify ,athena, backup, bedrock ) } by {aws_product}.rollup(sum, 86400)", name="query1", aggregator=MonitorFormulaAndFunctionCostAggregator.SUM, ), ], include_tags=True, ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = MonitorsApi(api_client) response = api_instance.create_monitor(body=body) print(response) ``` ##### ```python """ Create a Data Quality monitor returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v1.api.monitors_api import MonitorsApi from datadog_api_client.v1.model.monitor import Monitor from datadog_api_client.v1.model.monitor_formula_and_function_data_quality_data_source import ( MonitorFormulaAndFunctionDataQualityDataSource, ) from datadog_api_client.v1.model.monitor_formula_and_function_data_quality_query_definition import ( MonitorFormulaAndFunctionDataQualityQueryDefinition, ) from datadog_api_client.v1.model.monitor_options import MonitorOptions from datadog_api_client.v1.model.monitor_thresholds import MonitorThresholds from datadog_api_client.v1.model.monitor_type import MonitorType body = Monitor( name="Example-Monitor", type=MonitorType.DATA_QUALITY_ALERT, query='formula("query1").last("5m") > 100', message="Data quality alert triggered", tags=[ "test:examplemonitor", "env:ci", ], priority=3, options=MonitorOptions( thresholds=MonitorThresholds( critical=100.0, ), variables=[ MonitorFormulaAndFunctionDataQualityQueryDefinition( name="query1", data_source=MonitorFormulaAndFunctionDataQualityDataSource.DATA_QUALITY_METRICS, measure="row_count", filter="search for column where `database:production AND table:users`", group_by=[ "entity_id", ], ), ], ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = MonitorsApi(api_client) response = api_instance.create_monitor(body=body) print(response) ``` ##### ```python """ Create a RUM formula and functions monitor returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v1.api.monitors_api import MonitorsApi from datadog_api_client.v1.model.monitor import Monitor from datadog_api_client.v1.model.monitor_formula_and_function_event_aggregation import ( MonitorFormulaAndFunctionEventAggregation, ) from datadog_api_client.v1.model.monitor_formula_and_function_event_query_definition import ( MonitorFormulaAndFunctionEventQueryDefinition, ) from datadog_api_client.v1.model.monitor_formula_and_function_event_query_definition_compute import ( MonitorFormulaAndFunctionEventQueryDefinitionCompute, ) from datadog_api_client.v1.model.monitor_formula_and_function_event_query_definition_search import ( MonitorFormulaAndFunctionEventQueryDefinitionSearch, ) from datadog_api_client.v1.model.monitor_formula_and_function_events_data_source import ( MonitorFormulaAndFunctionEventsDataSource, ) from datadog_api_client.v1.model.monitor_options import MonitorOptions from datadog_api_client.v1.model.monitor_thresholds import MonitorThresholds from datadog_api_client.v1.model.monitor_type import MonitorType body = Monitor( name="Example-Monitor", type=MonitorType.RUM_ALERT, query='formula("query2 / query1 * 100").last("15m") >= 0.8', message="some message Notify: @hipchat-channel", tags=[ "test:examplemonitor", "env:ci", ], priority=3, options=MonitorOptions( thresholds=MonitorThresholds( critical=0.8, ), variables=[ MonitorFormulaAndFunctionEventQueryDefinition( data_source=MonitorFormulaAndFunctionEventsDataSource.RUM, name="query2", search=MonitorFormulaAndFunctionEventQueryDefinitionSearch( query="", ), indexes=[ "*", ], compute=MonitorFormulaAndFunctionEventQueryDefinitionCompute( aggregation=MonitorFormulaAndFunctionEventAggregation.COUNT, ), group_by=[], ), MonitorFormulaAndFunctionEventQueryDefinition( data_source=MonitorFormulaAndFunctionEventsDataSource.RUM, name="query1", search=MonitorFormulaAndFunctionEventQueryDefinitionSearch( query="status:error", ), indexes=[ "*", ], compute=MonitorFormulaAndFunctionEventQueryDefinitionCompute( aggregation=MonitorFormulaAndFunctionEventAggregation.COUNT, ), group_by=[], ), ], ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = MonitorsApi(api_client) response = api_instance.create_monitor(body=body) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby require 'dogapi' api_key = '' app_key = '' dog = Dogapi::Client.new(api_key, app_key) # Create a new monitor options = { 'notify_no_data' => true, 'no_data_timeframe' => 20 } tags = ['app:webserver', 'frontend'] dog.monitor( 'query alert', 'avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100', name: 'Bytes received on host0', message: 'We may need to add web hosts if this is consistently high.', tags: tags, options: options ) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby-legacy) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```ruby # Create a Cost Monitor returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V1::MonitorsAPI.new body = DatadogAPIClient::V1::Monitor.new({ name: "Example Monitor", type: DatadogAPIClient::V1::MonitorType::COST_ALERT, query: 'formula("exclude_null(query1)").last("7d").anomaly(direction="above", threshold=10) >= 5', message: "some message Notify: @hipchat-channel", tags: [ "test:examplemonitor", "env:ci", ], priority: 3, options: DatadogAPIClient::V1::MonitorOptions.new({ thresholds: DatadogAPIClient::V1::MonitorThresholds.new({ critical: 5, warning: 3, }), variables: [ DatadogAPIClient::V1::MonitorFormulaAndFunctionCostQueryDefinition.new({ data_source: DatadogAPIClient::V1::MonitorFormulaAndFunctionCostDataSource::CLOUD_COST, query: "sum:aws.cost.net.amortized.shared.resources.allocated{aws_product IN (amplify ,athena, backup, bedrock ) } by {aws_product}.rollup(sum, 86400)", name: "query1", aggregator: DatadogAPIClient::V1::MonitorFormulaAndFunctionCostAggregator::SUM, }), ], include_tags: true, }), }) p api_instance.create_monitor(body) ``` ##### ```ruby # Create a Data Quality monitor returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V1::MonitorsAPI.new body = DatadogAPIClient::V1::Monitor.new({ name: "Example-Monitor", type: DatadogAPIClient::V1::MonitorType::DATA_QUALITY_ALERT, query: 'formula("query1").last("5m") > 100', message: "Data quality alert triggered", tags: [ "test:examplemonitor", "env:ci", ], priority: 3, options: DatadogAPIClient::V1::MonitorOptions.new({ thresholds: DatadogAPIClient::V1::MonitorThresholds.new({ critical: 100, }), variables: [ DatadogAPIClient::V1::MonitorFormulaAndFunctionDataQualityQueryDefinition.new({ name: "query1", data_source: DatadogAPIClient::V1::MonitorFormulaAndFunctionDataQualityDataSource::DATA_QUALITY_METRICS, measure: "row_count", filter: "search for column where `database:production AND table:users`", group_by: [ "entity_id", ], }), ], }), }) p api_instance.create_monitor(body) ``` ##### ```ruby # Create a RUM formula and functions monitor returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V1::MonitorsAPI.new body = DatadogAPIClient::V1::Monitor.new({ name: "Example-Monitor", type: DatadogAPIClient::V1::MonitorType::RUM_ALERT, query: 'formula("query2 / query1 * 100").last("15m") >= 0.8', message: "some message Notify: @hipchat-channel", tags: [ "test:examplemonitor", "env:ci", ], priority: 3, options: DatadogAPIClient::V1::MonitorOptions.new({ thresholds: DatadogAPIClient::V1::MonitorThresholds.new({ critical: 0.8, }), variables: [ DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinition.new({ data_source: DatadogAPIClient::V1::MonitorFormulaAndFunctionEventsDataSource::RUM, name: "query2", search: DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionSearch.new({ query: "", }), indexes: [ "*", ], compute: DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionCompute.new({ aggregation: DatadogAPIClient::V1::MonitorFormulaAndFunctionEventAggregation::COUNT, }), group_by: [], }), DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinition.new({ data_source: DatadogAPIClient::V1::MonitorFormulaAndFunctionEventsDataSource::RUM, name: "query1", search: DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionSearch.new({ query: "status:error", }), indexes: [ "*", ], compute: DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionCompute.new({ aggregation: DatadogAPIClient::V1::MonitorFormulaAndFunctionEventAggregation::COUNT, }), group_by: [], }), ], }), }) p api_instance.create_monitor(body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Create a Cost Monitor returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV1::api_monitors::MonitorsAPI; use datadog_api_client::datadogV1::model::Monitor; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionCostAggregator; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionCostDataSource; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionCostQueryDefinition; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionQueryDefinition; use datadog_api_client::datadogV1::model::MonitorOptions; use datadog_api_client::datadogV1::model::MonitorThresholds; use datadog_api_client::datadogV1::model::MonitorType; #[tokio::main] async fn main() { let body = Monitor::new( r#"formula("exclude_null(query1)").last("7d").anomaly(direction="above", threshold=10) >= 5"#.to_string(), MonitorType::COST_ALERT, ) .message("some message Notify: @hipchat-channel".to_string()) .name("Example Monitor".to_string()) .options( MonitorOptions::new() .include_tags(true) .thresholds(MonitorThresholds::new().critical(5.0 as f64).warning(Some(3.0 as f64))) .variables( vec![ MonitorFormulaAndFunctionQueryDefinition::MonitorFormulaAndFunctionCostQueryDefinition( Box::new( MonitorFormulaAndFunctionCostQueryDefinition::new( MonitorFormulaAndFunctionCostDataSource::CLOUD_COST, "query1".to_string(), "sum:aws.cost.net.amortized.shared.resources.allocated{aws_product IN (amplify ,athena, backup, bedrock ) } by {aws_product}.rollup(sum, 86400)".to_string(), ).aggregator(MonitorFormulaAndFunctionCostAggregator::SUM), ), ) ], ), ) .priority(Some(3)) .tags(vec!["test:examplemonitor".to_string(), "env:ci".to_string()]); let configuration = datadog::Configuration::new(); let api = MonitorsAPI::with_config(configuration); let resp = api.create_monitor(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` ##### ```rust // Create a Data Quality monitor returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV1::api_monitors::MonitorsAPI; use datadog_api_client::datadogV1::model::Monitor; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionDataQualityDataSource; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionDataQualityQueryDefinition; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionQueryDefinition; use datadog_api_client::datadogV1::model::MonitorOptions; use datadog_api_client::datadogV1::model::MonitorThresholds; use datadog_api_client::datadogV1::model::MonitorType; #[tokio::main] async fn main() { let body = Monitor::new(r#"formula("query1").last("5m") > 100"#.to_string(), MonitorType::DATA_QUALITY_ALERT) .message("Data quality alert triggered".to_string()) .name("Example-Monitor".to_string()) .options( MonitorOptions::new() .thresholds(MonitorThresholds::new().critical(100.0 as f64)) .variables( vec![ MonitorFormulaAndFunctionQueryDefinition ::MonitorFormulaAndFunctionDataQualityQueryDefinition( Box::new( MonitorFormulaAndFunctionDataQualityQueryDefinition::new( MonitorFormulaAndFunctionDataQualityDataSource::DATA_QUALITY_METRICS, r#"search for column where `database:production AND table:users`"#.to_string(), "row_count".to_string(), "query1".to_string(), ).group_by(vec!["entity_id".to_string()]), ), ) ], ), ) .priority(Some(3)) .tags(vec!["test:examplemonitor".to_string(), "env:ci".to_string()]); let configuration = datadog::Configuration::new(); let api = MonitorsAPI::with_config(configuration); let resp = api.create_monitor(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` ##### ```rust // Create a RUM formula and functions monitor returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV1::api_monitors::MonitorsAPI; use datadog_api_client::datadogV1::model::Monitor; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionEventAggregation; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionEventQueryDefinition; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionEventQueryDefinitionCompute; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionEventQueryDefinitionSearch; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionEventsDataSource; use datadog_api_client::datadogV1::model::MonitorFormulaAndFunctionQueryDefinition; use datadog_api_client::datadogV1::model::MonitorOptions; use datadog_api_client::datadogV1::model::MonitorThresholds; use datadog_api_client::datadogV1::model::MonitorType; #[tokio::main] async fn main() { let body = Monitor::new(r#"formula("query2 / query1 * 100").last("15m") >= 0.8"#.to_string(), MonitorType::RUM_ALERT) .message("some message Notify: @hipchat-channel".to_string()) .name("Example-Monitor".to_string()) .options( MonitorOptions::new() .thresholds(MonitorThresholds::new().critical(0.8 as f64)) .variables( vec![ MonitorFormulaAndFunctionQueryDefinition::MonitorFormulaAndFunctionEventQueryDefinition( Box::new( MonitorFormulaAndFunctionEventQueryDefinition::new( MonitorFormulaAndFunctionEventQueryDefinitionCompute::new( MonitorFormulaAndFunctionEventAggregation::COUNT, ), MonitorFormulaAndFunctionEventsDataSource::RUM, "query2".to_string(), ) .group_by(vec![]) .indexes(vec!["*".to_string()]) .search( MonitorFormulaAndFunctionEventQueryDefinitionSearch::new("".to_string()), ), ), ), MonitorFormulaAndFunctionQueryDefinition::MonitorFormulaAndFunctionEventQueryDefinition( Box::new( MonitorFormulaAndFunctionEventQueryDefinition::new( MonitorFormulaAndFunctionEventQueryDefinitionCompute::new( MonitorFormulaAndFunctionEventAggregation::COUNT, ), MonitorFormulaAndFunctionEventsDataSource::RUM, "query1".to_string(), ) .group_by(vec![]) .indexes(vec!["*".to_string()]) .search( MonitorFormulaAndFunctionEventQueryDefinitionSearch::new( "status:error".to_string(), ), ), ), ) ], ), ) .priority(Some(3)) .tags(vec!["test:examplemonitor".to_string(), "env:ci".to_string()]); let configuration = datadog::Configuration::new(); let api = MonitorsAPI::with_config(configuration); let resp = api.create_monitor(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Create a Cost Monitor returns "OK" response */ import { client, v1 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v1.MonitorsApi(configuration); const params: v1.MonitorsApiCreateMonitorRequest = { body: { name: "Example Monitor", type: "cost alert", query: `formula("exclude_null(query1)").last("7d").anomaly(direction="above", threshold=10) >= 5`, message: "some message Notify: @hipchat-channel", tags: ["test:examplemonitor", "env:ci"], priority: 3, options: { thresholds: { critical: 5, warning: 3, }, variables: [ { dataSource: "cloud_cost", query: "sum:aws.cost.net.amortized.shared.resources.allocated{aws_product IN (amplify ,athena, backup, bedrock ) } by {aws_product}.rollup(sum, 86400)", name: "query1", aggregator: "sum", }, ], includeTags: true, }, }, }; apiInstance .createMonitor(params) .then((data: v1.Monitor) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` ##### ```typescript /** * Create a Data Quality monitor returns "OK" response */ import { client, v1 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v1.MonitorsApi(configuration); const params: v1.MonitorsApiCreateMonitorRequest = { body: { name: "Example-Monitor", type: "data-quality alert", query: `formula("query1").last("5m") > 100`, message: "Data quality alert triggered", tags: ["test:examplemonitor", "env:ci"], priority: 3, options: { thresholds: { critical: 100, }, variables: [ { name: "query1", dataSource: "data_quality_metrics", measure: "row_count", filter: `search for column where ` + "`" + `database:production AND table:users` + "`", groupBy: ["entity_id"], }, ], }, }, }; apiInstance .createMonitor(params) .then((data: v1.Monitor) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` ##### ```typescript /** * Create a RUM formula and functions monitor returns "OK" response */ import { client, v1 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v1.MonitorsApi(configuration); const params: v1.MonitorsApiCreateMonitorRequest = { body: { name: "Example-Monitor", type: "rum alert", query: `formula("query2 / query1 * 100").last("15m") >= 0.8`, message: "some message Notify: @hipchat-channel", tags: ["test:examplemonitor", "env:ci"], priority: 3, options: { thresholds: { critical: 0.8, }, variables: [ { dataSource: "rum", name: "query2", search: { query: "", }, indexes: ["*"], compute: { aggregation: "count", }, groupBy: [], }, { dataSource: "rum", name: "query1", search: { query: "status:error", }, indexes: ["*"], compute: { aggregation: "count", }, groupBy: [], }, ], }, }, }; apiInstance .createMonitor(params) .then((data: v1.Monitor) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}