Les monitors vous permettent de surveiller une métrique ou un check qui vous intéresse, en envoyant une notification à votre équipe lorsqu’un seuil défini est dépassé.
Requête d’alerte de métrique
Exemple : time_aggr(time_window):space_aggr:metric{tags} [by {key}] operator #
time_aggr : avg, sum, max, min, change ou pct_change.
time_window : last_#m (# doit être compris entre 1 et 2880 selon le type de monitor), last_#h (# doit être compris entre 1 et 48 selon le type de monitor) ou last_1d.
space_aggr : avg, sum, min ou max.
tags : un ou plusieurs tags (séparés par des virgules) ou *.
key : la ‘key’ de la syntaxe de tag key:value. Définit une alerte distincte pour chaque tag du groupe (alertes multiples).
operator : <, <=, >, >=, == ou !=.
# : un nombre entier ou décimal utilisé pour définir le seuil.
Si vous utilisez l’agrégateur temporel _change_ ou _pct_change_, utilisez plutôt change_aggr(time_aggr(time_window), timeshift):space_aggr:metric{tags} [by {key}] operator # avec :
time_window : last_#m (entre 1 et 2880 selon le type de monitor), last_#h (entre 1 et 48 selon le type de monitor) ou last_#d (1 ou 2).
timeshift : #m_ago (5, 10, 15, ou 30), #h_ago (1, 2, ou 4) ou 1d_ago.
Pour créer un monitor outlier, utilisez la requête suivante :
avg(last_30m):outliers(avg:system.cpu.user{role:es-events-data} by {host}, 'dbscan', 7) > 0
Requête de check de service
Exemple : "check".over(tags).last(count).count_by_status()
check : le nom du check, par exemple datadog.agent.up.
tags : un ou plusieurs tags entre guillemets (séparés par des virgules) ou “*”. Exemple : .over("env:prod", "role:db").
count : doit être supérieur ou égal à votre seuil maximum (défini dans options). Valeur maximale : 100.
Par exemple, si vous souhaitez recevoir une notification à partir d’un statut critical, de trois statuts ok, et de deux statuts warn, count doit prendre pour valeur 3.
Requête d’alerte d’événement
Exemple : events('sources:nagios status:error,warning priority:normal tags: "string query"').rollup("count").last("1h")"
event : la chaîne de requête de l’événement.
string_query : la requête en texte libre à comparer au titre et au texte de l’événement.
sources : les sources des événements (séparées par des virgules).
status : les statuts des événements (séparés par des virgules). Valeur autorisées : error, warn et info.
priority : les priorités des événements (séparées par des virgules). Valeurs autorisées : low, normal ou all.
host : les hosts transmettant des événements (séparés par des virgules).
tags : les tags des événements (séparés par des virgules).
excluded_tags : les tags des événements exclus (séparés par des virgules).
rollup : la méthode de cumul des statistiques. count est actuellement la seule méthode prise en charge.
last : l’intervalle sur lequel les totaux doivent être cumulés. Exemples : 45m, 4h. Unités de temps prises en charge : m, h et d (jour). Cette valeur ne doit pas dépasser 48 heures.
REMARQUE : uniquement disponible sur les sites US1 et EU.
Requête d’alerte d’événement v2
Exemple : events(query).rollup(rollup_method[, measure]).last(time_window) operator #
rollup_method : la méthode de cumul des statistiques ; les méthodes count, avg et cardinality sont prises en charge.
measure - pour les rollup_methodavg et cardinality : indiquez la mesure ou le nom de la facette à utiliser.
time_window : #m (5, 10, 15 ou 30) ou #h (1, 2, 4 ou 24).
operator : <, <=, >, >=, == ou !=.
# : un nombre entier ou décimal utilisé pour définir le seuil.
REMARQUE : uniquement disponible sur les sites US1-FED et US3, en bêta fermée sur les sites EU et US1.
Requête d’alerte de processus
Exemple : processes(search).over(tags).rollup('count').last(timeframe) operator #
search : chaîne de recherche en texte libre pour interroger les processus.
Les processus renvoyés correspondent aux résultats de la page Live Processes page.
tags : un ou plusieurs tags (séparés par des virgules)
timeframe : l’intervalle sur lequel les totaux doivent être cumulés. Exemples : 10m, 4h. Unités de temps prises en charge : s, m, h et d (jour)
operator : <, <=, >, >=, == ou !=.
# : un nombre entier ou décimal utilisé pour définir le seuil.
Requête d’alerte de logs
Exemple : logs(query).index(index_name).rollup(rollup_method[, measure]).last(time_window) operator #
index_name : pour les organisations avec plusieurs index, l’index de log sur lequel la requête porte.
rollup_method : la méthode de cumul des statistiques ; les méthodes count, avg et cardinality sont prises en charge.
measure - pour les rollup_methodavg et cardinality : indiquez la mesure ou le nom de la facette à utiliser.
time_window : #m (entre 1 et 2880) ou #h (entre 1 et 48).
operator : <, <=, >, >=, == ou !=.
# : un nombre entier ou décimal utilisé pour définir le seuil.
Requête de monitor composite
Exemple : 12345 && 67890, où 12345 et 67890 sont les identifiants de monitors non composites.
name [requis, valeur par défaut = dynamique, en fonction de la requête] : le nom de l’alerte.
message [requis, valeur par défaut = dynamique, en fonction de la requête] : un message à inclure avec les notifications pour ce monitor.
Des notifications par e-mail peuvent être envoyées à des utilisateurs spécifiques, en utilisant la même notation « ‘@nomutilisateur » que pour les événements.
tags [facultatif, valeur par défaut = liste vide] : la liste des tags à associer à votre monitor.
Lorsque vous récupérez tous les détails des monitors via l’API, utilisez l’argument monitor_tags pour filtrer les résultats en fonction de ces tags.
Ces valeurs ne peuvent être obtenues qu’avec l’API et ne sont ni visibles ni modifiables dans l’interface Datadog.
Requête d’alerte SLO
Exemple : error_budget("slo_id").over("time_window") operator #
slo_id : l’ID alphanumérique du SLO pour lequel vous configurez l’alerte.
time_window : l’intervalle du SLO cible pour lequel vous souhaitez envoyer une alerte. Valeurs autorisées : 7d, 30d ou 90d.
operator : >= ou >.
This endpoint requires the monitors_write permission.
OAuth apps require the monitors_write authorization scope to access this endpoint.
Object describing the creator of the shared element.
email
string
Email of the creator.
handle
string
Handle of the creator.
name
string
Name of the creator.
deleted
date-time
Whether or not the monitor is deleted. (Always null)
id
int64
ID of this monitor.
matching_downtimes
[object]
A list of active v1 downtimes that match this monitor.
end
int64
POSIX timestamp to end the downtime.
id [required]
int64
The downtime ID.
scope
[string]
The scope(s) to which the downtime applies. Must be in key:value format. For example, host:app2.
Provide multiple scopes as a comma-separated list like env:dev,env:prod.
The resulting downtime applies to sources that matches ALL provided scopes (env:devANDenv:prod).
start
int64
POSIX timestamp to start the downtime.
message
string
A message to include with notifications for this monitor.
modified
date-time
Last timestamp when the monitor was edited.
multi
boolean
Whether or not the monitor is broken down on different groups.
name
string
The monitor name.
options
object
List of options associated with your monitor.
aggregation
object
Type of aggregation performed in the monitor query.
group_by
string
Group to break down the monitor on.
metric
string
Metric name used in the monitor.
type
string
Metric type used in the monitor.
device_ids
[string]
DEPRECATED: IDs of the device the Synthetics monitor is running on.
enable_logs_sample
boolean
Whether or not to send a log sample when the log monitor triggers.
enable_samples
boolean
Whether or not to send a list of samples when the monitor triggers. This is only used by CI Test and Pipeline monitors.
escalation_message
string
We recommend using the is_renotify,
block in the original message instead.
A message to include with a re-notification. Supports the @username notification we allow elsewhere.
Not applicable if renotify_interval is None.
evaluation_delay
int64
Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min),
the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55.
This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation.
group_retention_duration
string
The time span after which groups with missing data are dropped from the monitor state.
The minimum value is one hour, and the maximum value is 72 hours.
Example values are: "60m", "1h", and "2d".
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
groupby_simple_monitor
boolean
DEPRECATED: Whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. Use notify_by instead.
include_tags
boolean
A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title.
Examples
If True, [Triggered on {host:h1}] Monitor Title
If False, [Triggered] Monitor Title
default: true
locked
boolean
DEPRECATED: Whether or not the monitor is locked (only editable by creator and admins). Use restricted_roles instead.
min_failure_duration
int64
How long the test should be in failure before alerting (integer, number of seconds, max 7200).
min_location_failed
int64
The minimum number of locations in failure at the same time during
at least one moment in the min_failure_duration period (min_location_failed and min_failure_duration
are part of the advanced alerting rules - integer, >= 1).
default: 1
new_group_delay
int64
Time (in seconds) to skip evaluations for new groups.
For example, this option can be used to skip evaluations for new hosts while they initialize.
Must be a non negative integer.
new_host_delay
int64
DEPRECATED: Time (in seconds) to allow a host to boot and applications
to fully start before starting the evaluation of monitor results.
Should be a non negative integer.
Use new_group_delay instead.
default: 300
no_data_timeframe
int64
The number of minutes before a monitor notifies after data stops reporting.
Datadog recommends at least 2x the monitor timeframe for query alerts or 2 minutes for service checks.
If omitted, 2x the evaluation timeframe is used for query alerts, and 24 hours is used for service checks.
notification_preset_name
enum
Toggles the display of additional content sent in the monitor notification.
Allowed enum values: show_all,hide_query,hide_handles,hide_all
default: show_all
notify_audit
boolean
A Boolean indicating whether tagged users is notified on changes to this monitor.
notify_by
[string]
Controls what granularity a monitor alerts on. Only available for monitors with groupings.
For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each
new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned
in notify_by must be a subset of the grouping tags in the query.
For example, a query grouped by cluster and namespace cannot notify on region.
Setting notify_by to [*] configures the monitor to notify as a simple-alert.
notify_no_data
boolean
A Boolean indicating whether this monitor notifies when data stops reporting. Defaults to false.
on_missing_data
enum
Controls how groups or monitors are treated if an evaluation does not return any data points.
The default option results in different behavior depending on the monitor query type.
For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions.
For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status.
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
Allowed enum values: default,show_no_data,show_and_notify_no_data,resolve
renotify_interval
int64
The number of minutes after the last notification before a monitor re-notifies on the current status.
It only re-notifies if it’s not resolved.
renotify_occurrences
int64
The number of times re-notification messages should be sent on the current status at the provided re-notification interval.
renotify_statuses
[string]
The types of monitor statuses for which re-notification messages are sent.
Default: null if renotify_interval is null.
If renotify_interval is set, defaults to renotify on Alert and No Data.
require_full_window
boolean
A Boolean indicating whether this monitor needs a full window of data before it’s evaluated.
We highly recommend you set this to false for sparse metrics,
otherwise some evaluations are skipped. Default is false. This setting only applies to
metric monitors.
scheduling_options
object
Configuration options for scheduling.
custom_schedule
object
Configuration options for the custom schedule. This feature is in private beta.
recurrences
[object]
Array of custom schedule recurrences.
rrule
string
Defines the recurrence rule (RRULE) for a given schedule.
start
string
Defines the start date and time of the recurring schedule.
timezone
string
Defines the timezone the schedule runs on.
evaluation_window
object
Configuration options for the evaluation window. If hour_starts is set, no other fields may be set. Otherwise, day_starts and month_starts must be set together.
day_starts
string
The time of the day at which a one day cumulative evaluation window starts. Must be defined in UTC time in HH:mm format.
hour_starts
int32
The minute of the hour at which a one hour cumulative evaluation window starts.
month_starts
int32
The day of the month at which a one month cumulative evaluation window starts.
silenced
object
DEPRECATED: Information about the downtime applied to the monitor. Only shows v1 downtimes.
<any-key>
int64
UTC epoch timestamp in seconds when the downtime for the group expires.
synthetics_check_id
string
DEPRECATED: ID of the corresponding Synthetic check.
threshold_windows
object
Alerting time window options.
recovery_window
string
Describes how long an anomalous metric must be normal before the alert recovers.
trigger_window
string
Describes how long a metric must be anomalous before an alert triggers.
thresholds
object
List of the different monitor threshold available.
critical
double
The monitor CRITICAL threshold.
critical_recovery
double
The monitor CRITICAL recovery threshold.
ok
double
The monitor OK threshold.
unknown
double
The monitor UNKNOWN threshold.
warning
double
The monitor WARNING threshold.
warning_recovery
double
The monitor WARNING recovery threshold.
timeout_h
int64
The number of hours of the monitor not reporting data before it automatically resolves from a triggered state. The minimum allowed value is 0 hours. The maximum allowed value is 24 hours.
variables
[ <oneOf>]
List of requests that can be used in the monitor query. This feature is currently in beta.
Option 1
object
A formula and functions events query.
compute [required]
object
Compute options.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
interval
int64
A time interval in milliseconds.
metric
string
Measurable attribute to compute.
data_source [required]
enum
Data source for event platform-based queries.
Allowed enum values: rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network
group_by
[object]
Group by options.
facet [required]
string
Event facet.
limit
int64
Number of groups to return.
sort
object
Options for sorting group by results.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
metric
string
Metric used for sorting group by results.
order
enum
Direction of sort.
Allowed enum values: asc,desc
default: desc
indexes
[string]
An array of index names to query in the stream. Omit or use [] to query all indexes at once.
name [required]
string
Name of the query for use in formulas.
search
object
Search options.
query [required]
string
Events search string.
overall_state
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
priority
int64
Integer from 1 (high) to 5 (low) indicating alert severity.
query [required]
string
The monitor query.
restricted_roles
[string]
A list of unique role identifiers to define which roles are allowed to edit the monitor. The unique identifiers for all roles can be pulled from the Roles API and are located in the data.id field. Editing a monitor includes any updates to the monitor configuration, monitor deletion, and muting of the monitor for any amount of time. You can use the Restriction Policies API to manage write authorization for individual monitors by teams and users, in addition to roles.
state
object
Wrapper object with the different monitor states.
groups
object
Dictionary where the keys are groups (comma separated lists of tags) and the values are
the list of groups your monitor is broken down on.
<any-key>
object
Monitor state for a single group.
last_nodata_ts
int64
Latest timestamp the monitor was in NO_DATA state.
last_notified_ts
int64
Latest timestamp of the notification sent for this monitor group.
last_resolved_ts
int64
Latest timestamp the monitor group was resolved.
last_triggered_ts
int64
Latest timestamp the monitor group triggered.
name
string
The name of the monitor.
status
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
tags
[string]
Tags associated to your monitor.
type [required]
enum
The type of the monitor. For more information about type, see the monitor options docs.
Allowed enum values: composite,event alert,log alert,metric alert,process alert,query alert,rum alert,service check,synthetics alert,trace-analytics alert,slo alert,event-v2 alert,audit alert,ci-pipelines alert,ci-tests alert,error-tracking alert,database-monitoring alert,network-performance alert
Object describing the creator of the shared element.
email
string
Email of the creator.
handle
string
Handle of the creator.
name
string
Name of the creator.
deleted
date-time
Whether or not the monitor is deleted. (Always null)
id
int64
ID of this monitor.
matching_downtimes
[object]
A list of active v1 downtimes that match this monitor.
end
int64
POSIX timestamp to end the downtime.
id [required]
int64
The downtime ID.
scope
[string]
The scope(s) to which the downtime applies. Must be in key:value format. For example, host:app2.
Provide multiple scopes as a comma-separated list like env:dev,env:prod.
The resulting downtime applies to sources that matches ALL provided scopes (env:devANDenv:prod).
start
int64
POSIX timestamp to start the downtime.
message
string
A message to include with notifications for this monitor.
modified
date-time
Last timestamp when the monitor was edited.
multi
boolean
Whether or not the monitor is broken down on different groups.
name
string
The monitor name.
options
object
List of options associated with your monitor.
aggregation
object
Type of aggregation performed in the monitor query.
group_by
string
Group to break down the monitor on.
metric
string
Metric name used in the monitor.
type
string
Metric type used in the monitor.
device_ids
[string]
DEPRECATED: IDs of the device the Synthetics monitor is running on.
enable_logs_sample
boolean
Whether or not to send a log sample when the log monitor triggers.
enable_samples
boolean
Whether or not to send a list of samples when the monitor triggers. This is only used by CI Test and Pipeline monitors.
escalation_message
string
We recommend using the is_renotify,
block in the original message instead.
A message to include with a re-notification. Supports the @username notification we allow elsewhere.
Not applicable if renotify_interval is None.
evaluation_delay
int64
Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min),
the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55.
This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation.
group_retention_duration
string
The time span after which groups with missing data are dropped from the monitor state.
The minimum value is one hour, and the maximum value is 72 hours.
Example values are: "60m", "1h", and "2d".
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
groupby_simple_monitor
boolean
DEPRECATED: Whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. Use notify_by instead.
include_tags
boolean
A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title.
Examples
If True, [Triggered on {host:h1}] Monitor Title
If False, [Triggered] Monitor Title
default: true
locked
boolean
DEPRECATED: Whether or not the monitor is locked (only editable by creator and admins). Use restricted_roles instead.
min_failure_duration
int64
How long the test should be in failure before alerting (integer, number of seconds, max 7200).
min_location_failed
int64
The minimum number of locations in failure at the same time during
at least one moment in the min_failure_duration period (min_location_failed and min_failure_duration
are part of the advanced alerting rules - integer, >= 1).
default: 1
new_group_delay
int64
Time (in seconds) to skip evaluations for new groups.
For example, this option can be used to skip evaluations for new hosts while they initialize.
Must be a non negative integer.
new_host_delay
int64
DEPRECATED: Time (in seconds) to allow a host to boot and applications
to fully start before starting the evaluation of monitor results.
Should be a non negative integer.
Use new_group_delay instead.
default: 300
no_data_timeframe
int64
The number of minutes before a monitor notifies after data stops reporting.
Datadog recommends at least 2x the monitor timeframe for query alerts or 2 minutes for service checks.
If omitted, 2x the evaluation timeframe is used for query alerts, and 24 hours is used for service checks.
notification_preset_name
enum
Toggles the display of additional content sent in the monitor notification.
Allowed enum values: show_all,hide_query,hide_handles,hide_all
default: show_all
notify_audit
boolean
A Boolean indicating whether tagged users is notified on changes to this monitor.
notify_by
[string]
Controls what granularity a monitor alerts on. Only available for monitors with groupings.
For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each
new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned
in notify_by must be a subset of the grouping tags in the query.
For example, a query grouped by cluster and namespace cannot notify on region.
Setting notify_by to [*] configures the monitor to notify as a simple-alert.
notify_no_data
boolean
A Boolean indicating whether this monitor notifies when data stops reporting. Defaults to false.
on_missing_data
enum
Controls how groups or monitors are treated if an evaluation does not return any data points.
The default option results in different behavior depending on the monitor query type.
For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions.
For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status.
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
Allowed enum values: default,show_no_data,show_and_notify_no_data,resolve
renotify_interval
int64
The number of minutes after the last notification before a monitor re-notifies on the current status.
It only re-notifies if it’s not resolved.
renotify_occurrences
int64
The number of times re-notification messages should be sent on the current status at the provided re-notification interval.
renotify_statuses
[string]
The types of monitor statuses for which re-notification messages are sent.
Default: null if renotify_interval is null.
If renotify_interval is set, defaults to renotify on Alert and No Data.
require_full_window
boolean
A Boolean indicating whether this monitor needs a full window of data before it’s evaluated.
We highly recommend you set this to false for sparse metrics,
otherwise some evaluations are skipped. Default is false. This setting only applies to
metric monitors.
scheduling_options
object
Configuration options for scheduling.
custom_schedule
object
Configuration options for the custom schedule. This feature is in private beta.
recurrences
[object]
Array of custom schedule recurrences.
rrule
string
Defines the recurrence rule (RRULE) for a given schedule.
start
string
Defines the start date and time of the recurring schedule.
timezone
string
Defines the timezone the schedule runs on.
evaluation_window
object
Configuration options for the evaluation window. If hour_starts is set, no other fields may be set. Otherwise, day_starts and month_starts must be set together.
day_starts
string
The time of the day at which a one day cumulative evaluation window starts. Must be defined in UTC time in HH:mm format.
hour_starts
int32
The minute of the hour at which a one hour cumulative evaluation window starts.
month_starts
int32
The day of the month at which a one month cumulative evaluation window starts.
silenced
object
DEPRECATED: Information about the downtime applied to the monitor. Only shows v1 downtimes.
<any-key>
int64
UTC epoch timestamp in seconds when the downtime for the group expires.
synthetics_check_id
string
DEPRECATED: ID of the corresponding Synthetic check.
threshold_windows
object
Alerting time window options.
recovery_window
string
Describes how long an anomalous metric must be normal before the alert recovers.
trigger_window
string
Describes how long a metric must be anomalous before an alert triggers.
thresholds
object
List of the different monitor threshold available.
critical
double
The monitor CRITICAL threshold.
critical_recovery
double
The monitor CRITICAL recovery threshold.
ok
double
The monitor OK threshold.
unknown
double
The monitor UNKNOWN threshold.
warning
double
The monitor WARNING threshold.
warning_recovery
double
The monitor WARNING recovery threshold.
timeout_h
int64
The number of hours of the monitor not reporting data before it automatically resolves from a triggered state. The minimum allowed value is 0 hours. The maximum allowed value is 24 hours.
variables
[ <oneOf>]
List of requests that can be used in the monitor query. This feature is currently in beta.
Option 1
object
A formula and functions events query.
compute [required]
object
Compute options.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
interval
int64
A time interval in milliseconds.
metric
string
Measurable attribute to compute.
data_source [required]
enum
Data source for event platform-based queries.
Allowed enum values: rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network
group_by
[object]
Group by options.
facet [required]
string
Event facet.
limit
int64
Number of groups to return.
sort
object
Options for sorting group by results.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
metric
string
Metric used for sorting group by results.
order
enum
Direction of sort.
Allowed enum values: asc,desc
default: desc
indexes
[string]
An array of index names to query in the stream. Omit or use [] to query all indexes at once.
name [required]
string
Name of the query for use in formulas.
search
object
Search options.
query [required]
string
Events search string.
overall_state
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
priority
int64
Integer from 1 (high) to 5 (low) indicating alert severity.
query [required]
string
The monitor query.
restricted_roles
[string]
A list of unique role identifiers to define which roles are allowed to edit the monitor. The unique identifiers for all roles can be pulled from the Roles API and are located in the data.id field. Editing a monitor includes any updates to the monitor configuration, monitor deletion, and muting of the monitor for any amount of time. You can use the Restriction Policies API to manage write authorization for individual monitors by teams and users, in addition to roles.
state
object
Wrapper object with the different monitor states.
groups
object
Dictionary where the keys are groups (comma separated lists of tags) and the values are
the list of groups your monitor is broken down on.
<any-key>
object
Monitor state for a single group.
last_nodata_ts
int64
Latest timestamp the monitor was in NO_DATA state.
last_notified_ts
int64
Latest timestamp of the notification sent for this monitor group.
last_resolved_ts
int64
Latest timestamp the monitor group was resolved.
last_triggered_ts
int64
Latest timestamp the monitor group triggered.
name
string
The name of the monitor.
status
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
tags
[string]
Tags associated to your monitor.
type [required]
enum
The type of the monitor. For more information about type, see the monitor options docs.
Allowed enum values: composite,event alert,log alert,metric alert,process alert,query alert,rum alert,service check,synthetics alert,trace-analytics alert,slo alert,event-v2 alert,audit alert,ci-pipelines alert,ci-tests alert,error-tracking alert,database-monitoring alert,network-performance alert
fromdatadogimportinitialize,apioptions={'api_key':'<DATADOG_API_KEY>','app_key':'<DATADOG_APPLICATION_KEY>'}initialize(**options)# Create a new monitormonitor_options={"notify_no_data":True,"no_data_timeframe":20}tags=["app:webserver","frontend"]api.Monitor.create(type="query alert",query="avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100",name="Bytes received on host0",message="We may need to add web hosts if this is consistently high.",tags=tags,options=monitor_options)
require'dogapi'api_key='<DATADOG_API_KEY>'app_key='<DATADOG_APPLICATION_KEY>'dog=Dogapi::Client.new(api_key,app_key)# Create a new monitoroptions={'notify_no_data'=>true,'no_data_timeframe'=>20}tags=['app:webserver','frontend']dog.monitor('query alert','avg(last_5m):sum:system.net.bytes_rcvd{host:host0} > 100',name:'Bytes received on host0',message:'We may need to add web hosts if this is consistently high.',tags:tags,options:options)
# Create a RUM formula and functions monitor returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V1::MonitorsAPI.newbody=DatadogAPIClient::V1::Monitor.new({name:"Example-Monitor",type:DatadogAPIClient::V1::MonitorType::RUM_ALERT,query:'formula("query2 / query1 * 100").last("15m") >= 0.8',message:"some message Notify: @hipchat-channel",tags:["test:examplemonitor","env:ci",],priority:3,options:DatadogAPIClient::V1::MonitorOptions.new({thresholds:DatadogAPIClient::V1::MonitorThresholds.new({critical:0.8,}),variables:[DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinition.new({data_source:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventsDataSource::RUM,name:"query2",search:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionSearch.new({query:"",}),indexes:["*",],compute:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionCompute.new({aggregation:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventAggregation::COUNT,}),group_by:[],}),DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinition.new({data_source:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventsDataSource::RUM,name:"query1",search:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionSearch.new({query:"status:error",}),indexes:["*",],compute:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionCompute.new({aggregation:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventAggregation::COUNT,}),group_by:[],}),],}),})papi_instance.create_monitor(body)
# Create a ci-pipelines formula and functions monitor returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V1::MonitorsAPI.newbody=DatadogAPIClient::V1::Monitor.new({name:"Example-Monitor",type:DatadogAPIClient::V1::MonitorType::CI_PIPELINES_ALERT,query:'formula("query1 / query2 * 100").last("15m") >= 0.8',message:"some message Notify: @hipchat-channel",tags:["test:examplemonitor","env:ci",],priority:3,options:DatadogAPIClient::V1::MonitorOptions.new({thresholds:DatadogAPIClient::V1::MonitorThresholds.new({critical:0.8,}),variables:[DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinition.new({data_source:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventsDataSource::CI_PIPELINES,name:"query1",search:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionSearch.new({query:"@ci.status:error",}),indexes:["*",],compute:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionCompute.new({aggregation:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventAggregation::COUNT,}),group_by:[],}),DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinition.new({data_source:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventsDataSource::CI_PIPELINES,name:"query2",search:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionSearch.new({query:"",}),indexes:["*",],compute:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventQueryDefinitionCompute.new({aggregation:DatadogAPIClient::V1::MonitorFormulaAndFunctionEventAggregation::COUNT,}),group_by:[],}),],}),})papi_instance.create_monitor(body)
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<DD_API_KEY>"DD_APP_KEY="<DD_APP_KEY>"cargo run
/**
* Create a RUM formula and functions monitor returns "OK" response
*/import{client,v1}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv1.MonitorsApi(configuration);constparams: v1.MonitorsApiCreateMonitorRequest={body:{name:"Example-Monitor",type:"rum alert",query:`formula("query2 / query1 * 100").last("15m") >= 0.8`,message:"some message Notify: @hipchat-channel",tags:["test:examplemonitor","env:ci"],priority: 3,options:{thresholds:{critical: 0.8,},variables:[{dataSource:"rum",name:"query2",search:{query:"",},indexes:["*"],compute:{aggregation:"count",},groupBy:[],},{dataSource:"rum",name:"query1",search:{query:"status:error",},indexes:["*"],compute:{aggregation:"count",},groupBy:[],},],},},};apiInstance.createMonitor(params).then((data: v1.Monitor)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
/**
* Create a ci-pipelines formula and functions monitor returns "OK" response
*/import{client,v1}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv1.MonitorsApi(configuration);constparams: v1.MonitorsApiCreateMonitorRequest={body:{name:"Example-Monitor",type:"ci-pipelines alert",query:`formula("query1 / query2 * 100").last("15m") >= 0.8`,message:"some message Notify: @hipchat-channel",tags:["test:examplemonitor","env:ci"],priority: 3,options:{thresholds:{critical: 0.8,},variables:[{dataSource:"ci_pipelines",name:"query1",search:{query:"@ci.status:error",},indexes:["*"],compute:{aggregation:"count",},groupBy:[],},{dataSource:"ci_pipelines",name:"query2",search:{query:"",},indexes:["*"],compute:{aggregation:"count",},groupBy:[],},],},},};apiInstance.createMonitor(params).then((data: v1.Monitor)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
/**
* Create a ci-pipelines monitor returns "OK" response
*/import{client,v1}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv1.MonitorsApi(configuration);constparams: v1.MonitorsApiCreateMonitorRequest={body:{name:"Example-Monitor",type:"ci-pipelines alert",query:`ci-pipelines("ci_level:pipeline @git.branch:staging* @ci.status:error").rollup("count").by("@git.branch,@ci.pipeline.name").last("5m") >= 1`,message:"some message Notify: @hipchat-channel",tags:["test:examplemonitor","env:ci"],priority: 3,options:{thresholds:{critical: 1,},},},};apiInstance.createMonitor(params).then((data: v1.Monitor)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
Recherchez et filtrez vos monitors.
This endpoint requires the monitors_read permission.
OAuth apps require the monitors_read authorization scope to access this endpoint.
Arguments
Chaînes de requête
Nom
Type
Description
query
string
After entering a search query in your Manage Monitor page use the query parameter value in the
URL of the page as value for this parameter. Consult the dedicated manage monitor documentation
page to learn more.
The query can contain any number of space-separated monitor attributes, for instance query="type:metric status:alert".
page
integer
Page to start paginating from.
per_page
integer
Number of monitors to return per page.
sort
string
String for sort order, composed of field and sort order separate by a comma, for example name,asc. Supported sort directions: asc, desc. Supported fields:
The number of found monitors with the listed value.
name
The facet value.
status
[object]
Search facets.
count
int64
The number of found monitors with the listed value.
name
The facet value.
tag
[object]
Search facets.
count
int64
The number of found monitors with the listed value.
name
The facet value.
type
[object]
Search facets.
count
int64
The number of found monitors with the listed value.
name
The facet value.
metadata
object
Metadata about the response.
page
int64
The page to start paginating from.
page_count
int64
The number of pages.
per_page
int64
The number of monitors to return per page.
total_count
int64
The total number of monitors.
monitors
[object]
The list of found monitors.
classification
string
Classification of the monitor.
creator
object
Object describing the creator of the shared element.
email
string
Email of the creator.
handle
string
Handle of the creator.
name
string
Name of the creator.
id
int64
ID of the monitor.
last_triggered_ts
int64
Latest timestamp the monitor triggered.
metrics
[string]
Metrics used by the monitor.
name
string
The monitor name.
notifications
[object]
The notification triggered by the monitor.
handle
string
The email address that received the notification.
name
string
The username receiving the notification
org_id
int64
The ID of the organization.
query
string
The monitor query.
scopes
[string]
The scope(s) to which the downtime applies, for example host:app2.
Provide multiple scopes as a comma-separated list, for example env:dev,env:prod.
The resulting downtime applies to sources that matches ALL provided scopes
(that is env:dev AND env:prod), NOT any of them.
status
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
tags
[string]
Tags associated with the monitor.
type
enum
The type of the monitor. For more information about type, see the monitor options docs.
Allowed enum values: composite,event alert,log alert,metric alert,process alert,query alert,rum alert,service check,synthetics alert,trace-analytics alert,slo alert,event-v2 alert,audit alert,ci-pipelines alert,ci-tests alert,error-tracking alert,database-monitoring alert,network-performance alert
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<DD_API_KEY>"DD_APP_KEY="<DD_APP_KEY>"cargo run
/**
* Monitors search returns "OK" response
*/import{client,v1}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv1.MonitorsApi(configuration);apiInstance.searchMonitors().then((data: v1.MonitorSearchResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
Object describing the creator of the shared element.
email
string
Email of the creator.
handle
string
Handle of the creator.
name
string
Name of the creator.
deleted
date-time
Whether or not the monitor is deleted. (Always null)
id
int64
ID of this monitor.
matching_downtimes
[object]
A list of active v1 downtimes that match this monitor.
end
int64
POSIX timestamp to end the downtime.
id [required]
int64
The downtime ID.
scope
[string]
The scope(s) to which the downtime applies. Must be in key:value format. For example, host:app2.
Provide multiple scopes as a comma-separated list like env:dev,env:prod.
The resulting downtime applies to sources that matches ALL provided scopes (env:devANDenv:prod).
start
int64
POSIX timestamp to start the downtime.
message
string
A message to include with notifications for this monitor.
modified
date-time
Last timestamp when the monitor was edited.
multi
boolean
Whether or not the monitor is broken down on different groups.
name
string
The monitor name.
options
object
List of options associated with your monitor.
aggregation
object
Type of aggregation performed in the monitor query.
group_by
string
Group to break down the monitor on.
metric
string
Metric name used in the monitor.
type
string
Metric type used in the monitor.
device_ids
[string]
DEPRECATED: IDs of the device the Synthetics monitor is running on.
enable_logs_sample
boolean
Whether or not to send a log sample when the log monitor triggers.
enable_samples
boolean
Whether or not to send a list of samples when the monitor triggers. This is only used by CI Test and Pipeline monitors.
escalation_message
string
We recommend using the is_renotify,
block in the original message instead.
A message to include with a re-notification. Supports the @username notification we allow elsewhere.
Not applicable if renotify_interval is None.
evaluation_delay
int64
Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min),
the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55.
This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation.
group_retention_duration
string
The time span after which groups with missing data are dropped from the monitor state.
The minimum value is one hour, and the maximum value is 72 hours.
Example values are: "60m", "1h", and "2d".
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
groupby_simple_monitor
boolean
DEPRECATED: Whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. Use notify_by instead.
include_tags
boolean
A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title.
Examples
If True, [Triggered on {host:h1}] Monitor Title
If False, [Triggered] Monitor Title
default: true
locked
boolean
DEPRECATED: Whether or not the monitor is locked (only editable by creator and admins). Use restricted_roles instead.
min_failure_duration
int64
How long the test should be in failure before alerting (integer, number of seconds, max 7200).
min_location_failed
int64
The minimum number of locations in failure at the same time during
at least one moment in the min_failure_duration period (min_location_failed and min_failure_duration
are part of the advanced alerting rules - integer, >= 1).
default: 1
new_group_delay
int64
Time (in seconds) to skip evaluations for new groups.
For example, this option can be used to skip evaluations for new hosts while they initialize.
Must be a non negative integer.
new_host_delay
int64
DEPRECATED: Time (in seconds) to allow a host to boot and applications
to fully start before starting the evaluation of monitor results.
Should be a non negative integer.
Use new_group_delay instead.
default: 300
no_data_timeframe
int64
The number of minutes before a monitor notifies after data stops reporting.
Datadog recommends at least 2x the monitor timeframe for query alerts or 2 minutes for service checks.
If omitted, 2x the evaluation timeframe is used for query alerts, and 24 hours is used for service checks.
notification_preset_name
enum
Toggles the display of additional content sent in the monitor notification.
Allowed enum values: show_all,hide_query,hide_handles,hide_all
default: show_all
notify_audit
boolean
A Boolean indicating whether tagged users is notified on changes to this monitor.
notify_by
[string]
Controls what granularity a monitor alerts on. Only available for monitors with groupings.
For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each
new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned
in notify_by must be a subset of the grouping tags in the query.
For example, a query grouped by cluster and namespace cannot notify on region.
Setting notify_by to [*] configures the monitor to notify as a simple-alert.
notify_no_data
boolean
A Boolean indicating whether this monitor notifies when data stops reporting. Defaults to false.
on_missing_data
enum
Controls how groups or monitors are treated if an evaluation does not return any data points.
The default option results in different behavior depending on the monitor query type.
For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions.
For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status.
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
Allowed enum values: default,show_no_data,show_and_notify_no_data,resolve
renotify_interval
int64
The number of minutes after the last notification before a monitor re-notifies on the current status.
It only re-notifies if it’s not resolved.
renotify_occurrences
int64
The number of times re-notification messages should be sent on the current status at the provided re-notification interval.
renotify_statuses
[string]
The types of monitor statuses for which re-notification messages are sent.
Default: null if renotify_interval is null.
If renotify_interval is set, defaults to renotify on Alert and No Data.
require_full_window
boolean
A Boolean indicating whether this monitor needs a full window of data before it’s evaluated.
We highly recommend you set this to false for sparse metrics,
otherwise some evaluations are skipped. Default is false. This setting only applies to
metric monitors.
scheduling_options
object
Configuration options for scheduling.
custom_schedule
object
Configuration options for the custom schedule. This feature is in private beta.
recurrences
[object]
Array of custom schedule recurrences.
rrule
string
Defines the recurrence rule (RRULE) for a given schedule.
start
string
Defines the start date and time of the recurring schedule.
timezone
string
Defines the timezone the schedule runs on.
evaluation_window
object
Configuration options for the evaluation window. If hour_starts is set, no other fields may be set. Otherwise, day_starts and month_starts must be set together.
day_starts
string
The time of the day at which a one day cumulative evaluation window starts. Must be defined in UTC time in HH:mm format.
hour_starts
int32
The minute of the hour at which a one hour cumulative evaluation window starts.
month_starts
int32
The day of the month at which a one month cumulative evaluation window starts.
silenced
object
DEPRECATED: Information about the downtime applied to the monitor. Only shows v1 downtimes.
<any-key>
int64
UTC epoch timestamp in seconds when the downtime for the group expires.
synthetics_check_id
string
DEPRECATED: ID of the corresponding Synthetic check.
threshold_windows
object
Alerting time window options.
recovery_window
string
Describes how long an anomalous metric must be normal before the alert recovers.
trigger_window
string
Describes how long a metric must be anomalous before an alert triggers.
thresholds
object
List of the different monitor threshold available.
critical
double
The monitor CRITICAL threshold.
critical_recovery
double
The monitor CRITICAL recovery threshold.
ok
double
The monitor OK threshold.
unknown
double
The monitor UNKNOWN threshold.
warning
double
The monitor WARNING threshold.
warning_recovery
double
The monitor WARNING recovery threshold.
timeout_h
int64
The number of hours of the monitor not reporting data before it automatically resolves from a triggered state. The minimum allowed value is 0 hours. The maximum allowed value is 24 hours.
variables
[ <oneOf>]
List of requests that can be used in the monitor query. This feature is currently in beta.
Option 1
object
A formula and functions events query.
compute [required]
object
Compute options.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
interval
int64
A time interval in milliseconds.
metric
string
Measurable attribute to compute.
data_source [required]
enum
Data source for event platform-based queries.
Allowed enum values: rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network
group_by
[object]
Group by options.
facet [required]
string
Event facet.
limit
int64
Number of groups to return.
sort
object
Options for sorting group by results.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
metric
string
Metric used for sorting group by results.
order
enum
Direction of sort.
Allowed enum values: asc,desc
default: desc
indexes
[string]
An array of index names to query in the stream. Omit or use [] to query all indexes at once.
name [required]
string
Name of the query for use in formulas.
search
object
Search options.
query [required]
string
Events search string.
overall_state
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
priority
int64
Integer from 1 (high) to 5 (low) indicating alert severity.
query [required]
string
The monitor query.
restricted_roles
[string]
A list of unique role identifiers to define which roles are allowed to edit the monitor. The unique identifiers for all roles can be pulled from the Roles API and are located in the data.id field. Editing a monitor includes any updates to the monitor configuration, monitor deletion, and muting of the monitor for any amount of time. You can use the Restriction Policies API to manage write authorization for individual monitors by teams and users, in addition to roles.
state
object
Wrapper object with the different monitor states.
groups
object
Dictionary where the keys are groups (comma separated lists of tags) and the values are
the list of groups your monitor is broken down on.
<any-key>
object
Monitor state for a single group.
last_nodata_ts
int64
Latest timestamp the monitor was in NO_DATA state.
last_notified_ts
int64
Latest timestamp of the notification sent for this monitor group.
last_resolved_ts
int64
Latest timestamp the monitor group was resolved.
last_triggered_ts
int64
Latest timestamp the monitor group triggered.
name
string
The name of the monitor.
status
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
tags
[string]
Tags associated to your monitor.
type [required]
enum
The type of the monitor. For more information about type, see the monitor options docs.
Allowed enum values: composite,event alert,log alert,metric alert,process alert,query alert,rum alert,service check,synthetics alert,trace-analytics alert,slo alert,event-v2 alert,audit alert,ci-pipelines alert,ci-tests alert,error-tracking alert,database-monitoring alert,network-performance alert
require'dogapi'api_key='<DATADOG_API_KEY>'app_key='<DATADOG_APPLICATION_KEY>'dog=Dogapi::Client.new(api_key,app_key)# Unmute an alertdog.unmute_monitor(62_628)
fromdatadogimportinitialize,apioptions={'api_key':'<DATADOG_API_KEY>','app_key':'<DATADOG_APPLICATION_KEY>'}initialize(**options)# Unmute all alertsapi.Monitor.unmute(2088)
Récupérez les détails du monitor de votre organisation spécifié.
This endpoint requires the monitors_read permission.
OAuth apps require the monitors_read authorization scope to access this endpoint.
Arguments
Chaînes de requête
Nom
Type
Description
group_states
string
When specified, shows additional information about the group states.
Choose one or more from all, alert, warn, and no data.
name
string
A string to filter monitors by name.
tags
string
A comma separated list indicating what tags, if any, should be used to filter the list of monitors by scope.
For example, host:host0.
monitor_tags
string
A comma separated list indicating what service and/or custom tags, if any, should be used to filter the list of monitors.
Tags created in the Datadog UI automatically have the service key prepended. For example, service:my-app.
with_downtimes
boolean
If this argument is set to true, then the returned data includes all current active downtimes for each monitor.
id_offset
integer
Use this parameter for paginating through large sets of monitors. Start with a value of zero, make a request, set the value to the last ID of result set, and then repeat until the response is empty.
page
integer
The page to start paginating from. If this argument is not specified, the request returns all monitors without pagination.
page_size
integer
The number of monitors to return per page. If the page argument is not specified, the default behavior returns all monitors without a page_size limit. However, if page is specified and page_size is not, the argument defaults to 100.
Object describing the creator of the shared element.
email
string
Email of the creator.
handle
string
Handle of the creator.
name
string
Name of the creator.
deleted
date-time
Whether or not the monitor is deleted. (Always null)
id
int64
ID of this monitor.
matching_downtimes
[object]
A list of active v1 downtimes that match this monitor.
end
int64
POSIX timestamp to end the downtime.
id [required]
int64
The downtime ID.
scope
[string]
The scope(s) to which the downtime applies. Must be in key:value format. For example, host:app2.
Provide multiple scopes as a comma-separated list like env:dev,env:prod.
The resulting downtime applies to sources that matches ALL provided scopes (env:devANDenv:prod).
start
int64
POSIX timestamp to start the downtime.
message
string
A message to include with notifications for this monitor.
modified
date-time
Last timestamp when the monitor was edited.
multi
boolean
Whether or not the monitor is broken down on different groups.
name
string
The monitor name.
options
object
List of options associated with your monitor.
aggregation
object
Type of aggregation performed in the monitor query.
group_by
string
Group to break down the monitor on.
metric
string
Metric name used in the monitor.
type
string
Metric type used in the monitor.
device_ids
[string]
DEPRECATED: IDs of the device the Synthetics monitor is running on.
enable_logs_sample
boolean
Whether or not to send a log sample when the log monitor triggers.
enable_samples
boolean
Whether or not to send a list of samples when the monitor triggers. This is only used by CI Test and Pipeline monitors.
escalation_message
string
We recommend using the is_renotify,
block in the original message instead.
A message to include with a re-notification. Supports the @username notification we allow elsewhere.
Not applicable if renotify_interval is None.
evaluation_delay
int64
Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min),
the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55.
This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation.
group_retention_duration
string
The time span after which groups with missing data are dropped from the monitor state.
The minimum value is one hour, and the maximum value is 72 hours.
Example values are: "60m", "1h", and "2d".
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
groupby_simple_monitor
boolean
DEPRECATED: Whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. Use notify_by instead.
include_tags
boolean
A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title.
Examples
If True, [Triggered on {host:h1}] Monitor Title
If False, [Triggered] Monitor Title
default: true
locked
boolean
DEPRECATED: Whether or not the monitor is locked (only editable by creator and admins). Use restricted_roles instead.
min_failure_duration
int64
How long the test should be in failure before alerting (integer, number of seconds, max 7200).
min_location_failed
int64
The minimum number of locations in failure at the same time during
at least one moment in the min_failure_duration period (min_location_failed and min_failure_duration
are part of the advanced alerting rules - integer, >= 1).
default: 1
new_group_delay
int64
Time (in seconds) to skip evaluations for new groups.
For example, this option can be used to skip evaluations for new hosts while they initialize.
Must be a non negative integer.
new_host_delay
int64
DEPRECATED: Time (in seconds) to allow a host to boot and applications
to fully start before starting the evaluation of monitor results.
Should be a non negative integer.
Use new_group_delay instead.
default: 300
no_data_timeframe
int64
The number of minutes before a monitor notifies after data stops reporting.
Datadog recommends at least 2x the monitor timeframe for query alerts or 2 minutes for service checks.
If omitted, 2x the evaluation timeframe is used for query alerts, and 24 hours is used for service checks.
notification_preset_name
enum
Toggles the display of additional content sent in the monitor notification.
Allowed enum values: show_all,hide_query,hide_handles,hide_all
default: show_all
notify_audit
boolean
A Boolean indicating whether tagged users is notified on changes to this monitor.
notify_by
[string]
Controls what granularity a monitor alerts on. Only available for monitors with groupings.
For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each
new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned
in notify_by must be a subset of the grouping tags in the query.
For example, a query grouped by cluster and namespace cannot notify on region.
Setting notify_by to [*] configures the monitor to notify as a simple-alert.
notify_no_data
boolean
A Boolean indicating whether this monitor notifies when data stops reporting. Defaults to false.
on_missing_data
enum
Controls how groups or monitors are treated if an evaluation does not return any data points.
The default option results in different behavior depending on the monitor query type.
For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions.
For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status.
This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors.
Allowed enum values: default,show_no_data,show_and_notify_no_data,resolve
renotify_interval
int64
The number of minutes after the last notification before a monitor re-notifies on the current status.
It only re-notifies if it’s not resolved.
renotify_occurrences
int64
The number of times re-notification messages should be sent on the current status at the provided re-notification interval.
renotify_statuses
[string]
The types of monitor statuses for which re-notification messages are sent.
Default: null if renotify_interval is null.
If renotify_interval is set, defaults to renotify on Alert and No Data.
require_full_window
boolean
A Boolean indicating whether this monitor needs a full window of data before it’s evaluated.
We highly recommend you set this to false for sparse metrics,
otherwise some evaluations are skipped. Default is false. This setting only applies to
metric monitors.
scheduling_options
object
Configuration options for scheduling.
custom_schedule
object
Configuration options for the custom schedule. This feature is in private beta.
recurrences
[object]
Array of custom schedule recurrences.
rrule
string
Defines the recurrence rule (RRULE) for a given schedule.
start
string
Defines the start date and time of the recurring schedule.
timezone
string
Defines the timezone the schedule runs on.
evaluation_window
object
Configuration options for the evaluation window. If hour_starts is set, no other fields may be set. Otherwise, day_starts and month_starts must be set together.
day_starts
string
The time of the day at which a one day cumulative evaluation window starts. Must be defined in UTC time in HH:mm format.
hour_starts
int32
The minute of the hour at which a one hour cumulative evaluation window starts.
month_starts
int32
The day of the month at which a one month cumulative evaluation window starts.
silenced
object
DEPRECATED: Information about the downtime applied to the monitor. Only shows v1 downtimes.
<any-key>
int64
UTC epoch timestamp in seconds when the downtime for the group expires.
synthetics_check_id
string
DEPRECATED: ID of the corresponding Synthetic check.
threshold_windows
object
Alerting time window options.
recovery_window
string
Describes how long an anomalous metric must be normal before the alert recovers.
trigger_window
string
Describes how long a metric must be anomalous before an alert triggers.
thresholds
object
List of the different monitor threshold available.
critical
double
The monitor CRITICAL threshold.
critical_recovery
double
The monitor CRITICAL recovery threshold.
ok
double
The monitor OK threshold.
unknown
double
The monitor UNKNOWN threshold.
warning
double
The monitor WARNING threshold.
warning_recovery
double
The monitor WARNING recovery threshold.
timeout_h
int64
The number of hours of the monitor not reporting data before it automatically resolves from a triggered state. The minimum allowed value is 0 hours. The maximum allowed value is 24 hours.
variables
[ <oneOf>]
List of requests that can be used in the monitor query. This feature is currently in beta.
Option 1
object
A formula and functions events query.
compute [required]
object
Compute options.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
interval
int64
A time interval in milliseconds.
metric
string
Measurable attribute to compute.
data_source [required]
enum
Data source for event platform-based queries.
Allowed enum values: rum,ci_pipelines,ci_tests,audit,events,logs,spans,database_queries,network
group_by
[object]
Group by options.
facet [required]
string
Event facet.
limit
int64
Number of groups to return.
sort
object
Options for sorting group by results.
aggregation [required]
enum
Aggregation methods for event platform queries.
Allowed enum values: count,cardinality,median,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg
metric
string
Metric used for sorting group by results.
order
enum
Direction of sort.
Allowed enum values: asc,desc
default: desc
indexes
[string]
An array of index names to query in the stream. Omit or use [] to query all indexes at once.
name [required]
string
Name of the query for use in formulas.
search
object
Search options.
query [required]
string
Events search string.
overall_state
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
priority
int64
Integer from 1 (high) to 5 (low) indicating alert severity.
query
string
The monitor query.
restricted_roles
[string]
A list of unique role identifiers to define which roles are allowed to edit the monitor. The unique identifiers for all roles can be pulled from the Roles API and are located in the data.id field. Editing a monitor includes any updates to the monitor configuration, monitor deletion, and muting of the monitor for any amount of time. You can use the Restriction Policies API to manage write authorization for individual monitors by teams and users, in addition to roles.
state
object
Wrapper object with the different monitor states.
groups
object
Dictionary where the keys are groups (comma separated lists of tags) and the values are
the list of groups your monitor is broken down on.
<any-key>
object
Monitor state for a single group.
last_nodata_ts
int64
Latest timestamp the monitor was in NO_DATA state.
last_notified_ts
int64
Latest timestamp of the notification sent for this monitor group.
last_resolved_ts
int64
Latest timestamp the monitor group was resolved.
last_triggered_ts
int64
Latest timestamp the monitor group triggered.
name
string
The name of the monitor.
status
enum
The different states your monitor can be in.
Allowed enum values: Alert,Ignored,No Data,OK,Skipped,Unknown,Warn
tags
[string]
Tags associated to your monitor.
type
enum
The type of the monitor. For more information about type, see the monitor options docs.
Allowed enum values: composite,event alert,log alert,metric alert,process alert,query alert,rum alert,service check,synthetics alert,trace-analytics alert,slo alert,event-v2 alert,audit alert,ci-pipelines alert,ci-tests alert,error-tracking alert,database-monitoring alert,network-performance alert