Events

This dataset provides unified access to activity and change events collected across your Datadog environment. It enables analyzing and correlating operational changes, alerts, and workflow executions from multiple sources—including Kubernetes, monitors, and CI systems. By exposing the same data used in the Events Explorer, this dataset lets you investigate infrastructure changes, troubleshoot incidents, and build custom analytics or dashboards that connect events to performance, reliability, or cost data.

dd.events

Event Management Public Documentation

Event Management API Public Documentation

Events Usage Public Management

Query Parameters

This dataset uses a polymorphic table function. You must specify parameters when querying.

ParameterTypeRequiredDescription
columnsarray<string>YesList of field paths to return for each event (EVP syntax). (e.g., ’timestamp’, ‘message’, ‘@evt.type’, ‘@evt.category’).
filterstringNoOptional EVP search string. For example: filter => ‘@evt.category:change AND @evt.type:aws_security_group’.
from_timestampstringNoLower time bound for the query; defaults to query context if omitted.
to_timestampstringNoUpper time bound for the query; defaults to query context if omitted.

Example Queries

-- Fetch events in the month of October 2025 SELECT * FROM dd.events(
  columns => ARRAY[
    'timestamp',
    '@evt.type',
    '@evt.category',
    '@evt.source_id',
    'message',
    '@title',
    'status'
  ],
  filter => '@evt.category:change AND @evt.type:aws_security_group',
  from_timestamp => timestamp '2025-10-01 00:00:00.000+00:00',
  to_timestamp => timestamp '2025-10-31 00:00:00.000+00:00'
) AS (
  ts TIMESTAMP,
  evt_type VARCHAR,
  evt_category VARCHAR,
  source_id VARCHAR,
  message VARCHAR,
  title VARCHAR,
  status VARCHAR
);

Fields

TitleIDTypeData TypeDescription
TimestamptimestampcoretimestampTime the event was recorded (e.g., 1758787144000).
MessagemessagecorestringFree-text message/title describing the event (e.g., 'aws security group deleted').
StatusstatuscorestringEvent status/level (e.g., info, warn).
SourcesourcecorestringHigh-level producer/source label (e.g., change_tracking, kubernetes).
ServiceservicecorestringAssociated service, if provided (e.g., 'undefined').
Title@titleevent_attributestringEvent display title (e.g., 'dbm-agent-integration-sqlserver-access aws security group delete').
Priority@priorityevent_attributestringRelative importance level (e.g., normal).
HosthostcorestringOrigin host (e.g., i-069bb479095ca6bdf).
Sub-Category@sub_categoryevent_attributestringProducer-defined sub-category (e.g., kubernetes).
State@stateevent_attributestringProducer-defined state of the entity/process (e.g., crash_loop_backoff).
Aggregation Key@aggregation_keyevent_attributestringKey used to group related events for rollups.
Event Source ID@evt.source_idevent_attributeint64Producer/subject identifier (e.g., 374).
Integration ID@evt.integration_idevent_attributestringIntegration identifier emitting the event (e.g., 'kubernetes', 'circleci').
Producer Event ID@evt.idevent_attributestringEvent ID in the producer domain (e.g., 8306943339063535962).
Event Category@evt.categoryevent_attributestringHigh-level category (e.g., 'workflow', 'case', 'deployment', 'change').
Event Type@evt.typeevent_attributestringConcrete event subtype (path '@evt.type'; e.g., aws_security_group, kubernetes_apiserver).
TeamteamcorestringTeam ownership (e.g.,'workflow-automation')
Event IDidcorestringA unique identifier for the event.
Discovery Timestampdiscovery_timestampcoreint64The time when Datadog first received the event (milliseconds since Unix epoch). May differ from timestamp if there was an ingestion delay.
Tiebreakertiebreakercoreint64A value used to establish deterministic ordering among events that share the same timestamp.
Ingest Sizeingest_size_in_bytescoreint64The size of the event payload in bytes at the time of ingestion, before any processing.
Random Drawrandom_drawcorefloat64A random value between 0.0 and 1.0 assigned at ingestion, useful for consistent sampling across queries.