Crawler Crawler


Webhooks enable you to:

  • Connect to your services.
  • Alert your services when a metric alert is triggered.


Go to the Webhooks integration tile and enter the URL and name of the webhook you want to use.


To use your webhook, add @webhook-<WEBHOOK_NAME> in the text of the metric alert you want to trigger the webhook. It triggers a POST request to the URL you set with the following content in JSON format. The timeout for any individual request is 15 seconds. Datadog only issues a retry if there is an internal error (badly formed notification message), or if Datadog receives a 5XX response from the webhook endpoint. Missed connections are retried 5 times.

Note: Custom headers must be in JSON format.

To add your own custom fields to the request, you can also specify your own payload in the Payload field. If you want your payload to be URL-encoded, check the Encode as form checkbox and specify your payload in JSON format. Use the following variables:

ID to aggregate events belonging together.
Example: 9bd4ac313a4d1e8fae2482df7b77628
ID to link events from the time an alert triggers until it resolves.
ID of alert.
Example: 1234
Name of the metric if it’s an alert.
Example: system.load.1
Priority of the alerting monitor.
Example: P1, P2
Query of the monitor that triggered the webhook.
Comma-separated list of tags triggering the alert.
Example: availability-zone:us-east-1a, role:computing-node
Summary of the alert status.
Example: system.load.1 over host:my-host was > 0 at least once during the last 1m
Title of the alert.
Type of alert notification.
Example: Recovered, Triggered/Re-Triggered, No Data/Re-No Data, Warn/Re-Warn, Renotify
Type of the alert.
Date (epoch) where the event happened.
Example: 1406662672000
Email of the user posting the event that triggered the webhook.
Text of the event.
Example: @webhook-url Sending to the webhook
Title of the event.
Example: [Triggered] [Memory Alert]
Type of the event.
Example: metric_alert_monitor, event_alert, or service_check.
The hostname of the server associated with the event, if there is one.
ID of the event.
Example: 1234567
List of JSON objects with the incident’s attachments, such as postmortem and documents.
Example: [{"attachment_type": "postmortem", "attachment": {"url": "https://app.datadoghq.com/notebook/123","title": "Postmortem IR-1"}}]
JSON object with the incident commander’s handle, uuid, name, email, and icon.
JSON object with an incident’s customer impact status, duration, and scope.
Example: {"customer_impacted": true, "customer_impact_duration": 300 ,"customer_impact_scope": "scope here"}
JSON object mapping each of an incident’s fields to its values.
Example: {"state": "active", "datacenter": ["eu1", "us1"]}
Public ID of the associated incident.
Example: 123
Title of the incident.
URL of the incident.
Example: https://app.datadoghq.com/incidents/1
The message of the incident notification.
Date when the event was last updated.
URL of the event.
Example: https://app.datadoghq.com/event/jump_to?event_id=123456
Logs sample from log monitor alerts.
Namespace of the metric if it’s an alert.
ID of your organization.
Example: 11023
Name of your organization.
Example: Datadog
Priority of the event.
Example: normal or low
The name of the security rule.
The unique identifier of the signal.
The severity of the security signal.
Example: medium
The title of the security signal.
The message of the security signal.
The security signal attributes.
Example: {"network":{"client":{"ip":""}}}
The security rule ID.
Example: aaa-aaa-aaa
The query or queries associated with the security rule.
Example: ["@evt.name:authentication"]
The security group by key value pairs.
Example: {"@usr.name":"john.doe@your_domain.com"}
The security rule type.
Example: log_detection
URL of the image if the event contains a snapshot.
Example: https://p.datadoghq.com/path-to-snapshot
Name of the Synthetics test.
Name of the first failing step of the Synthetics test.
Summary of Synthetic test details.
  "result_id": "1871796423670117676",
  "test_type": "browser",
  "test_name": "Test name",
  "date": "Nov 05, 2021, 09:49AM UTC",
  "test_url": "https://app.datadoghq.com/synthetics/edit/apc-ki3-jwx",
  "result_url": "https://app.datadoghq.com/synthetics/details/anc-ki2-jwx?resultId=1871796423670117676",
  "location": "Frankfurt (AWS)",
  "browser": "Chrome",
  "device": "Laptop Large"
  "failing_steps": [
      "error_message": "Error: Element's content should contain given value.",
      "name": "Test span #title content",
      "is_critical": true,
      "number": "3.1"
Comma-separated list of the event tags.
Example: monitor, name:myService, role:computing-node
Text of the event without Markdown formatting.
User posting the event that triggered the webhook.
Example: rudy
Username of the user posting the event that triggered the webhook.


If you want to post your webhooks to a service requiring authentication, you can use basic HTTP authentication by modifying your URL from https://my.service.example.com to https://<USERNAME>:<PASSWORD>@my.service.example.com.

Multiple webhooks

In a monitor alert, if 2 or more webhook endpoints are notified, then a webhook queue is created on a per service level. For instance, if you reach out to PagerDuty and Slack, a retry on the Slack webhook does not affect the PagerDuty one.

However, in the PagerDuty scope, certain events always go before others—specifically, an “Acknowledge” payload always goes before “Resolution”. If an “Acknowledge” ping fails, the “Resolution” ping is queued due to the retry logic.


Sending SMS through Twilio

Use as URL: https://<ACCOUNT_ID>:<AUTH_TOKENT>@api.twilio.com/2010-04-01/Accounts/<ACCOUNT_ID>/Messages.json

and as a payload:

    "To": "+1347XXXXXXX",
    "From": "+1347XXXXXX",
    "Body": "$EVENT_TITLE \n Related Graph: $SNAPSHOT"

Replace To with your phone number and From with the one Twilio attributed to you. Check the Encode as form checkbox.

Creating an issue in Jira

Use as URL: https://<JIRA_USER_NAME>:<JIRA_PASSWORD>@<YOUR_DOMAIN>.atlassian.net/rest/api/2/issue

and as a payload:

    "fields": {
        "project": {
            "key": "YOUR-PROJECT-KEY"
        "issuetype": {
            "name": "Task"
        "description": "There's an issue. See the graph: $SNAPSHOT and event: $LINK",
        "summary": "$EVENT_TITLE"

Do not check the “Encode as form” checkbox.