Event Stream

The Event Stream is being replaced by the Event Explorer. The Event Stream is unavailable after May 5th, 2022. See the blog post for more details.

The event stream is a display of the most recent events generated by your infrastructure and the associated monitors.

Full text

Full text search works on all keywords provided in the search query after applying filters. Full text search looks inside the event text, title, tags, users who commented on the event, host names, and devices tied to the event.

Filter examples

Target specific event properties using these prefixes examples:

sources:github,chef
Show events from GitHub OR Chef.
tags:env-prod,db
Show events tagged with #env-prod OR #db.
hosts:i-0ade23e6,db.myapp.com
Show events from i-0ade23e6 OR db.myapp.com.
status:error
Show events with an error status (supports: error, warning, success).
priority:low
Show only low-priority events (supports low or normal, defaults to all).

Note: Filters perform an exact match search. Partial strings are not considered.

Event query language examples

For a more advanced search, use the Datadog event query language, for example:

tags:env-prod OR db
Show events tagged with #env-prod OR #db.
tags:security-group:sg-123 AND role:common-node
Show events tagged with #security-group:sg-123 AND #role:common-node.
cloud_provider:* NOT "azure"
Show all cloud providers except the ones tagged with “azure”.

Use tag search to find all events with the same key tag, for example:

tags:<KEY>:<VALUE>
Shows events with the <KEY>:<VALUE> tag.
<KEY>:*
Shows all events with the <KEY> attached.
<KEY>:<REGEX>
Shows all events with <KEY>:<VALUE> tag where the <VALUE> matches the <REGEX>.
tags:<KEY>
This is not a valid search.
<KEY>:<VALUE>
This is not a valid search.

To combine multiple terms into a complex query, use the following Boolean operators:

AND
Intersection: Both terms are in the selected events (for tags, if nothing is added, AND is the default).
Example: redis_* AND down
OR
Union: Either term is contained in the selected events. Use a comma (,) for tags.
Example: sources:nagios,chef directory OR Mixlib
NOT
Exclusion: The following term is NOT in the event. This operator works for strings only. Use - in front of tags.
Example: -tags:<KEY>:<VALUE> NOT "<STRING>"

Note: Some of the advanced query language features like Boolean logic work only in the event stream page, and are not available in graph tiles or dashboard widgets.

Combine prefixes to construct more complex searches. For example, to find all open chef or nagios errors that mention cassandra, use:

sources:nagios,chef status:error cassandra

Note: Do not use spaces after the colon or after a comma in these lists. Anything not attached to a prefix goes to full text search.

Aggregation

By default, related events are aggregated when displayed in the event stream. To show unaggregated events, clear the Aggregate related events box at the top right of your event stream:

Aggregated event stream

Notifications

Datadog supports @notifications, for example:

@support-datadog
Creates a Datadog support ticket when posted directly to your events (including comments).
@all
Sends a notification to all members of your organization.
@john
Notifies the user named john.
@test@example.com
Sends an email to test@example.com.
@slack-<SLACK_ACCOUNT>-<CHANNEL_NAME>
Posts the event or graph to the specified Slack channel.
@webhook
Alerts or triggers the webhook. See the blog post on webhooks.
@pagerduty
Sends an alert to Pagerduty. You can also use @pagerduty-acknowledge and @pagerduty-resolve.

Further Reading

Additional helpful documentation, links, and articles:

Datadog Events APIDOCUMENTATION more more Add an Event Stream widget to a dashboardDOCUMENTATION more more