---
title: Create a dataset
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > API Reference > Security Monitoring
---

> For the complete documentation index, see [llms.txt](https://docs.datadoghq.com/llms.txt).

# Create a dataset{% #create-a-dataset %}
Copy pageCopied
{% tab title="v2" %}
**Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
| Datadog site      | API endpoint                                                           |
| ----------------- | ---------------------------------------------------------------------- |
| ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/datasets |
| ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/security_monitoring/datasets |
| app.datadoghq.eu  | POST https://api.datadoghq.eu/api/v2/security_monitoring/datasets      |
| app.ddog-gov.com  | POST https://api.ddog-gov.com/api/v2/security_monitoring/datasets      |
| us2.ddog-gov.com  | POST https://api.us2.ddog-gov.com/api/v2/security_monitoring/datasets  |
| uk1.datadoghq.com | POST https://api.uk1.datadoghq.com/api/v2/security_monitoring/datasets |
| app.datadoghq.com | POST https://api.datadoghq.com/api/v2/security_monitoring/datasets     |
| us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/security_monitoring/datasets |
| us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/security_monitoring/datasets |

### Overview

Create a new Cloud SIEM dataset. A dataset bundles a data source, a set of indexes, and a search query that can be referenced from detection rules. This endpoint requires any of the following permissions:
`security_monitoring_rules_write``security_monitoring_dataset_write` 


OAuth apps require the `security_monitoring_rules_write` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint.



### Request

#### Body Data (required)



{% tab title="Model" %}

| Parent field | Field                         | Type     | Description                                                                                                                                                                                                                                                                        |
| ------------ | ----------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|              | data [*required*]        | object   | The data wrapper of a dataset create request.                                                                                                                                                                                                                                      |
| data         | attributes [*required*]  | object   | The attributes of a dataset create or update request.                                                                                                                                                                                                                              |
| attributes   | definition [*required*]  | object   | The definition of the dataset. The shape depends on the value of `data_source`. Use `reference_table` or `managed_resource` for a referential dataset, or one of the event platform sources (for example `logs`, `audit`, `events`, `spans`, `rum`) for an event platform dataset. |
| definition   | columns                       | [object] | For event platform datasets, the list of columns exposed by the dataset.                                                                                                                                                                                                           |
| columns      | column [*required*]      | string   | The name of the column.                                                                                                                                                                                                                                                            |
| columns      | type [*required*]        | string   | The type of the column value.                                                                                                                                                                                                                                                      |
| definition   | data_source [*required*] | string   | The data source backing this dataset definition.                                                                                                                                                                                                                                   |
| definition   | indexes                       | [string] | For event platform datasets, the list of indexes to query.                                                                                                                                                                                                                         |
| definition   | name [*required*]        | string   | The unique name of the dataset. Must start with a lowercase letter and contain only lowercase letters, digits, and underscores (max 255 characters).                                                                                                                               |
| definition   | query_filter                  | string   | For referential datasets, an optional filter expression applied to the table.                                                                                                                                                                                                      |
| definition   | search                        | object   | The search clause applied to an event platform dataset.                                                                                                                                                                                                                            |
| search       | query [*required*]       | string   | The search query expression.                                                                                                                                                                                                                                                       |
| definition   | storage                       | string   | Storage tier the dataset reads from. Applies to event platform datasets.                                                                                                                                                                                                           |
| definition   | table_name                    | string   | For referential datasets, the name of the underlying table.                                                                                                                                                                                                                        |
| definition   | time_window                   | object   | An optional time window that overrides the default query time range.                                                                                                                                                                                                               |
| time_window  | from                          | int64    | Inclusive start of the time window, in milliseconds since the Unix epoch.                                                                                                                                                                                                          |
| time_window  | to                            | int64    | Exclusive end of the time window, in milliseconds since the Unix epoch.                                                                                                                                                                                                            |
| attributes   | description                   | string   | The description of the dataset. Maximum 255 characters.                                                                                                                                                                                                                            |
| attributes   | version                       | int64    | The expected current version of the dataset for optimistic concurrency control on updates. If the dataset's current version does not match, the request is rejected with a 409 Conflict.                                                                                           |
| data         | type [*required*]        | enum     | The type of resource for a dataset create request. Allowed enum values: `datasetCreate`                                                                                                                                                                                            |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "attributes": {
      "definition": {
        "columns": [
          {
            "column": "message",
            "type": "string"
          }
        ],
        "data_source": "logs",
        "indexes": [],
        "name": "sample_dataset",
        "query_filter": "status = 'active'",
        "search": {
          "query": "*"
        },
        "storage": "hot",
        "table_name": "my_reference_table",
        "time_window": {
          "from": 1700000000000,
          "to": 1700003600000
        }
      },
      "description": "A sample dataset used for detection rules.",
      "version": 1
    },
    "type": "datasetCreate"
  }
}
```

{% /tab %}

### Response

{% tab title="201" %}
Created
{% tab title="Model" %}
Response returned after creating a dataset.

| Parent field | Field                  | Type   | Description                                                                 |
| ------------ | ---------------------- | ------ | --------------------------------------------------------------------------- |
|              | data [*required*] | object | The data wrapper of a dataset create response.                              |
| data         | id [*required*]   | string | The UUID of the newly created dataset.                                      |
| data         | type [*required*] | enum   | The type of resource for a dataset response. Allowed enum values: `dataset` |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "type": "dataset"
  }
}
```

{% /tab %}

{% /tab %}

{% tab title="400" %}
Bad Request
{% tab title="Model" %}
API error response.

| Parent field | Field                    | Type     | Description                                                                     |
| ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- |
|              | errors [*required*] | [object] | A list of errors.                                                               |
| errors       | detail                   | string   | A human-readable explanation specific to this occurrence of the error.          |
| errors       | meta                     | object   | Non-standard meta-information about the error                                   |
| errors       | source                   | object   | References to the source of the error.                                          |
| source       | header                   | string   | A string indicating the name of a single request header which caused the error. |
| source       | parameter                | string   | A string indicating which URI query parameter caused the error.                 |
| source       | pointer                  | string   | A JSON pointer to the value in the request document that caused the error.      |
| errors       | status                   | string   | Status code of the response.                                                    |
| errors       | title                    | string   | Short human-readable summary of the error.                                      |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="403" %}
Forbidden
{% tab title="Model" %}
API error response.

| Parent field | Field                    | Type     | Description                                                                     |
| ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- |
|              | errors [*required*] | [object] | A list of errors.                                                               |
| errors       | detail                   | string   | A human-readable explanation specific to this occurrence of the error.          |
| errors       | meta                     | object   | Non-standard meta-information about the error                                   |
| errors       | source                   | object   | References to the source of the error.                                          |
| source       | header                   | string   | A string indicating the name of a single request header which caused the error. |
| source       | parameter                | string   | A string indicating which URI query parameter caused the error.                 |
| source       | pointer                  | string   | A JSON pointer to the value in the request document that caused the error.      |
| errors       | status                   | string   | Status code of the response.                                                    |
| errors       | title                    | string   | Short human-readable summary of the error.                                      |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="409" %}
Conflict
{% tab title="Model" %}
API error response.

| Parent field | Field                    | Type     | Description                                                                     |
| ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- |
|              | errors [*required*] | [object] | A list of errors.                                                               |
| errors       | detail                   | string   | A human-readable explanation specific to this occurrence of the error.          |
| errors       | meta                     | object   | Non-standard meta-information about the error                                   |
| errors       | source                   | object   | References to the source of the error.                                          |
| source       | header                   | string   | A string indicating the name of a single request header which caused the error. |
| source       | parameter                | string   | A string indicating which URI query parameter caused the error.                 |
| source       | pointer                  | string   | A JSON pointer to the value in the request document that caused the error.      |
| errors       | status                   | string   | Status code of the response.                                                    |
| errors       | title                    | string   | Short human-readable summary of the error.                                      |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="429" %}
Too many requests
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

### Code Example

##### 
                  \## default
# 
 \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/security_monitoring/datasets" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "definition": {
        "columns": [
          {
            "column": "message",
            "type": "string"
          }
        ],
        "data_source": "logs",
        "indexes": [
          "main"
        ],
        "name": "sample_dataset",
        "search": {
          "query": "*"
        }
      },
      "description": "A sample dataset used for detection rules."
    },
    "type": "datasetCreate"
  }
}
EOF 
                
##### 

```python
"""
Create a dataset returns "Created" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_dataset_attributes_request import (
    SecurityMonitoringDatasetAttributesRequest,
)
from datadog_api_client.v2.model.security_monitoring_dataset_column import SecurityMonitoringDatasetColumn
from datadog_api_client.v2.model.security_monitoring_dataset_create_data import SecurityMonitoringDatasetCreateData
from datadog_api_client.v2.model.security_monitoring_dataset_create_request import (
    SecurityMonitoringDatasetCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_dataset_create_type import SecurityMonitoringDatasetCreateType
from datadog_api_client.v2.model.security_monitoring_dataset_definition import SecurityMonitoringDatasetDefinition
from datadog_api_client.v2.model.security_monitoring_dataset_search import SecurityMonitoringDatasetSearch
from datadog_api_client.v2.model.security_monitoring_dataset_time_window import SecurityMonitoringDatasetTimeWindow

body = SecurityMonitoringDatasetCreateRequest(
    data=SecurityMonitoringDatasetCreateData(
        attributes=SecurityMonitoringDatasetAttributesRequest(
            definition=SecurityMonitoringDatasetDefinition(
                columns=[
                    SecurityMonitoringDatasetColumn(
                        column="message",
                        type="string",
                    ),
                ],
                data_source="logs",
                indexes=[],
                name="sample_dataset",
                query_filter="status = 'active'",
                search=SecurityMonitoringDatasetSearch(
                    query="*",
                ),
                storage="hot",
                table_name="my_reference_table",
                time_window=SecurityMonitoringDatasetTimeWindow(
                    _from=1700000000000,
                    to=1700003600000,
                ),
            ),
            description="A sample dataset used for detection rules.",
            version=1,
        ),
        type=SecurityMonitoringDatasetCreateType.DATASET_CREATE,
    ),
)

configuration = Configuration()
configuration.unstable_operations["create_security_monitoring_dataset"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_security_monitoring_dataset(body=body)

    print(response)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
##### 

```ruby
# Create a dataset returns "Created" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.create_security_monitoring_dataset".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringDatasetCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringDatasetCreateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringDatasetAttributesRequest.new({
      definition: DatadogAPIClient::V2::SecurityMonitoringDatasetDefinition.new({
        columns: [
          DatadogAPIClient::V2::SecurityMonitoringDatasetColumn.new({
            column: "message",
            type: "string",
          }),
        ],
        data_source: "logs",
        indexes: [],
        name: "sample_dataset",
        query_filter: "status = 'active'",
        search: DatadogAPIClient::V2::SecurityMonitoringDatasetSearch.new({
          query: "*",
        }),
        storage: "hot",
        table_name: "my_reference_table",
        time_window: DatadogAPIClient::V2::SecurityMonitoringDatasetTimeWindow.new({
          from: 1700000000000,
          to: 1700003600000,
        }),
      }),
      description: "A sample dataset used for detection rules.",
      version: 1,
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringDatasetCreateType::DATASET_CREATE,
  }),
})
p api_instance.create_security_monitoring_dataset(body)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
##### 

```go
// Create a dataset returns "Created" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringDatasetCreateRequest{
		Data: datadogV2.SecurityMonitoringDatasetCreateData{
			Attributes: datadogV2.SecurityMonitoringDatasetAttributesRequest{
				Definition: datadogV2.SecurityMonitoringDatasetDefinition{
					Columns: []datadogV2.SecurityMonitoringDatasetColumn{
						{
							Column: "message",
							Type:   "string",
						},
					},
					DataSource:  "logs",
					Indexes:     []string{},
					Name:        "sample_dataset",
					QueryFilter: datadog.PtrString("status = 'active'"),
					Search: &datadogV2.SecurityMonitoringDatasetSearch{
						Query: "*",
					},
					Storage:   datadog.PtrString("hot"),
					TableName: datadog.PtrString("my_reference_table"),
					TimeWindow: &datadogV2.SecurityMonitoringDatasetTimeWindow{
						From: datadog.PtrInt64(1700000000000),
						To:   datadog.PtrInt64(1700003600000),
					},
				},
				Description: datadog.PtrString("A sample dataset used for detection rules."),
				Version:     datadog.PtrInt64(1),
			},
			Type: datadogV2.SECURITYMONITORINGDATASETCREATETYPE_DATASET_CREATE,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.CreateSecurityMonitoringDataset", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSecurityMonitoringDataset(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringDataset`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringDataset`:\n%s\n", responseContent)
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
##### 

```java
// Create a dataset returns "Created" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringDatasetAttributesRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringDatasetColumn;
import com.datadog.api.client.v2.model.SecurityMonitoringDatasetCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringDatasetCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringDatasetCreateResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringDatasetCreateType;
import com.datadog.api.client.v2.model.SecurityMonitoringDatasetDefinition;
import com.datadog.api.client.v2.model.SecurityMonitoringDatasetSearch;
import com.datadog.api.client.v2.model.SecurityMonitoringDatasetTimeWindow;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.createSecurityMonitoringDataset", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringDatasetCreateRequest body =
        new SecurityMonitoringDatasetCreateRequest()
            .data(
                new SecurityMonitoringDatasetCreateData()
                    .attributes(
                        new SecurityMonitoringDatasetAttributesRequest()
                            .definition(
                                new SecurityMonitoringDatasetDefinition()
                                    .columns(
                                        Collections.singletonList(
                                            new SecurityMonitoringDatasetColumn()
                                                .column("message")
                                                .type("string")))
                                    .dataSource("logs")
                                    .name("sample_dataset")
                                    .queryFilter("status = 'active'")
                                    .search(new SecurityMonitoringDatasetSearch().query("*"))
                                    .storage("hot")
                                    .tableName("my_reference_table")
                                    .timeWindow(
                                        new SecurityMonitoringDatasetTimeWindow()
                                            .from(1700000000000L)
                                            .to(1700003600000L)))
                            .description("A sample dataset used for detection rules.")
                            .version(1L))
                    .type(SecurityMonitoringDatasetCreateType.DATASET_CREATE));

    try {
      SecurityMonitoringDatasetCreateResponse result =
          apiInstance.createSecurityMonitoringDataset(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createSecurityMonitoringDataset");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
##### 

```rust
// Create a dataset returns "Created" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringDatasetAttributesRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringDatasetColumn;
use datadog_api_client::datadogV2::model::SecurityMonitoringDatasetCreateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringDatasetCreateRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringDatasetCreateType;
use datadog_api_client::datadogV2::model::SecurityMonitoringDatasetDefinition;
use datadog_api_client::datadogV2::model::SecurityMonitoringDatasetSearch;
use datadog_api_client::datadogV2::model::SecurityMonitoringDatasetTimeWindow;

#[tokio::main]
async fn main() {
    let body =
        SecurityMonitoringDatasetCreateRequest::new(SecurityMonitoringDatasetCreateData::new(
            SecurityMonitoringDatasetAttributesRequest::new(
                SecurityMonitoringDatasetDefinition::new(
                    "logs".to_string(),
                    "sample_dataset".to_string(),
                )
                .columns(vec![SecurityMonitoringDatasetColumn::new(
                    "message".to_string(),
                    "string".to_string(),
                )])
                .indexes(vec![])
                .query_filter("status = 'active'".to_string())
                .search(SecurityMonitoringDatasetSearch::new("*".to_string()))
                .storage("hot".to_string())
                .table_name("my_reference_table".to_string())
                .time_window(
                    SecurityMonitoringDatasetTimeWindow::new()
                        .from(1700000000000)
                        .to(1700003600000),
                ),
            )
            .description("A sample dataset used for detection rules.".to_string())
            .version(1),
            SecurityMonitoringDatasetCreateType::DATASET_CREATE,
        ));
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.CreateSecurityMonitoringDataset", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_dataset(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
##### 

```typescript
/**
 * Create a dataset returns "Created" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.createSecurityMonitoringDataset"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSecurityMonitoringDatasetRequest = {
  body: {
    data: {
      attributes: {
        definition: {
          columns: [
            {
              column: "message",
              type: "string",
            },
          ],
          dataSource: "logs",
          indexes: [],
          name: "sample_dataset",
          queryFilter: "status = 'active'",
          search: {
            query: "*",
          },
          storage: "hot",
          tableName: "my_reference_table",
          timeWindow: {
            from: 1700000000000,
            to: 1700003600000,
          },
        },
        description: "A sample dataset used for detection rules.",
        version: 1,
      },
      type: "datasetCreate",
    },
  },
};

apiInstance
  .createSecurityMonitoringDataset(params)
  .then((data: v2.SecurityMonitoringDatasetCreateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
{% /tab %}
