Events Explorer

Events Explorer

The Event Explorer is in private beta. Contact Datadog support to request access.

The Events Explorer displays the most recent events generated by your infrastructure and services such as code deployments, service health, configuration changes, or monitoring alerts.

The Events Explorer displays all event types by default. You can filter your events by facets or search queries.

Event side panel

Clicking a row in the Events Explorer opens the event side panel

Click a row in the Events Explorer to open the event side panel, which shows tags and messages associated with the event.

Attributes tab

The attributes tab of the side panel lists event attributes as JSON. Click on an attribute to add it to or exclude it from the existing query, or to add a column for this attribute.

Events attributes can be normalized or enriched at intake with processing pipelines.

Options

Click Options to customize your Events Explorer:

  • Adjust the columns displayed.
  • Select list density from compact to expanded.
  • Show absolute or relative timestamps. An absolute timestamp displays the time of the event in UTC (for example, Aug 11 15:58.08.000). A relative timestamp displays the time elapsed since the event (for example, 20 seconds ago).
  • Show or hide tags in your results.
  • Show or hide the top timeline graph.

Time range

The time frame selector controls the time range of events that are shown in the Explorer or Analytics, and sets the range of the timeline under the search bar.

Change the time range by selecting a preset range from the time frame dropdown, or by entering a custom time range.

Because all search parameters are contained within the URL, you can share your view by sharing the URL.

Search syntax

Events search uses the logs search syntax.

Like logs search, events search permits:

  • AND, OR and - operators
  • Wildcards
  • Escape characters
  • Searching tags and facet with key:value
  • Searching within attributes with the @ prefix

Example queries:

source:(github OR chef)
Show events from GitHub OR Chef.
host:(i-0ade23e6 AND db.myapp.com)
Show events from i-0ade23e6 AND db.myapp.com.
service:kafka
Show events from the kafka service.
status:error
Show events with an error status (supports: error, warning, info, ok).
availability-zone:us-east-1a
Show events in the us-east-1a AWS availability zone (AZ).
container_id:foo*
Show events from all containers with an ID beginning with foo.
@evt.name:foo
Show the events with attribute evt.name equal to foo.

See Logs Search Syntax for more details.

Facets

Datadog indexes event attributes as facets or measures that are accessible from the Event Explorer facet side-panel, analytics, and monitors.

A facet displays the distinct members of an attribute or a tag and provides basic analytics, such as the number of events represented. Facets allow you to pivot or filter your datasets based on a given attribute. To filter, select the values that you want to see.

Create a facet

To create a facet, use the “Add a facet” button in the left side panel.

Once you add the facet, the value of this attribute is stored for all new views, and you can use it in the search bar and facet side-panels. You can also use it to group by in event monitors and graph widgets.

Notifications

Datadog supports @notifications in the messages of events when posted by the API. For example:

@all
Sends a notification to all members of your organization.
@test@example.com
Sends an email to test@example.com.
@slack-<SLACK_ACCOUNT>-<CHANNEL_NAME>
Posts the event or graph to the specified Slack channel.
@webhook
Alerts or triggers the webhook. See the blog post on webhooks.

See Notifications to learn more.

Event Analytics

Event Analytics extends the Events Explorer page with views, data aggregation, and grouping capabilities for troubleshooting and monitoring. You can control:

  • The query that filters the set of views to analyze.
  • The dimensions over which to group data.
  • The visualization method for aggregates and groups.

You can export analytics visualizations to create widgets in a dashboard or notebook.

Build an analytics query

Use the query to control what’s displayed in your Events Analytics:

  1. Choose an attribute or tag to graph, and add it as a facet. Graphing a facet displays the unique count of the variable.
  2. Use a facet to group your graph by. You must add an attribute as a facet to be able to use it here.
  3. Choose the time interval for your graph. Changing the global timeframe changes the list of available timestep values. You can display the results as a timeseries, table, or top list.
  4. Choose to display either the top or bottom values according to the selected measure.

Further reading

Additional helpful documentation, links, and articles: