Event Monitor

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Overview

Event monitors allow you to alert on events matching a search query.

Monitor creation

To create an event monitor in Datadog, navigate to Monitors > New Monitor > Event.

Note: There is a default limit of 1000 Event monitors per account. If you are encountering this limit, consider using multi alerts, or Contact Support.

Define the search query

As you define the search query, the top graph updates.

Construct a search query using the Event Explorer search syntax.
Choose to monitor over an event count, facet, or measure:
- Monitor over an event count: Use the search bar (optional) and do not select a facet or measure. Datadog evaluates the number of events over a selected time frame, then compares it to the threshold conditions.
- Monitor over a facet: If a facet is selected, the monitor alerts over the unique value count of the facet.
- Monitor over measure: If a measure is selected, the monitor alerts over the numerical value of the event facet (similar to a metric monitor) and aggregation needs to be selected (min, avg, sum, median, pc75, pc90, pc95, pc98, pc99, or max).
Configure the alert grouping strategy (optional):
- Simple-Alert: Simple alerts aggregate over all reporting sources. You receive one alert when the aggregated value meets the set conditions. This works best to monitor a metric from a single host or the sum of a metric across many hosts. This strategy may be selected to reduce notification noise.
- Multi Alert: Multi alerts apply the alert to each source according to your group parameters, up to 1000 matching groups. An alerting event is generated for each group that meets the set conditions. For example, you can group by host to receive separate alerts for each host.

Set alert conditions

The count was above, above or equal to, below, or below or equal to
<THRESHOLD_NUMBER>
during the last 5 minutes, 15 minutes, 1 hour, etc. or custom to set a value between 5 minutes and 48 hours.

Note: Some providers introduce a significant delay between when an event is posted, and when the event is initiated. In this case, Datadog back-dates the event to the time of occurrence, which could place an incoming event outside the current monitor evaluation window. Widening your evaluation window can help account for the time difference. If you need help adjusting your monitor settings appropriately, reach out to Datadog Support.

Advanced alert conditions

For detailed instructions on the advanced alert options (auto resolve, evaluation delay, etc.), see the Monitor configuration page.

Notifications

For detailed instructions on the Say what’s happening and Notify your team sections, see the Notifications page.

Event template variables

Event monitors have specific template variables you can include in the notification message:

Template variable	Definition
`{{event.id}}`	The ID of the event.
`{{event.title}}`	The title of the event.
`{{event.text}}`	The text of the event.
`{{event.host.name}}`	The name of the host that generated the event.
`{{event.tags}}`	A list of tags attached to the event.
`{{event.tags.<TAG_KEY>}}`	The value for a specific tag key attached to the event. See the example below.