Case Management

View all your cases on the main Case Management page

Overview

Datadog Case Management provides a centralized place to track, triage, and troubleshoot issues. Create cases from alerts, security signals, and Error Tracking issues that you want to investigate.

You can assign cases to users or teams, establishing clear lines of ownership that persist throughout the lifespan of the case. Populate your cases with graphs, logs, and other telemetry data from across Datadog alongside information from external tools, such as messaging and issue-tracking apps.

Create or update a case

On the Case Management page, click the New Case button to create a new case.

You can create or update cases from several other locations in Datadog:

Create a caseInstructions
MonitorsFrom the individual Monitor status page, click the Escalate dropdown menu and select the + Create a case option.
Security SignalsClick into a Security Signal to open up the side panel. From the side panel, click the Escalate Investigation dropdown menu and select Create a Case.
Error TrackingClick into an individual Error Tracking issue to open the side panel. From the side panel, click Create Case or update the existing case.

View, filter, and manage

Find Case Management in the Service Management menu.

Filter cases with Inboxes

Use Inboxes to filter the list of cases to the ones most relevant to your work. Datadog automatically creates inboxes with filters for cases assigned to you, created by you, or associated with your Teams.

Inboxes left panel highlighting the option to add new inboxes

To filter cases based on a search query, create a custom inbox:

  1. On the Case Management page, next to Other Inboxes, click Add. The Create a new inbox page appears.
  2. Give the inbox a Name
  3. In the search box, enter a query. The Inbox Preview refreshes to show you the cases that match the current search query.
  4. (Optional) Send a notification with third-party tools such as Slack, PagerDuty, or Webhooks. Click + Add Recipient Type and select from the pre-configured channels or recipients. A notification is sent every time a case matching the query is created.
  5. Click Save Inbox.
Inbox configuration displaying third-party notification options

Bulk actions

Make bulk edits to cases from the Case Management page:

  1. Use the checkboxes to select one or more cases. The top of the list updates to show bulk edit options.
  2. Use the drop-down menus to Set status, Assign, Set priority, or perform More actions. Or, click Archive.

View case details

Case detail view of an example case that was escalated

The Case Details view acts as a single source of truth of what is going on with the investigation. Click on a case to view the associated alerts, issues, timeline, and status. This page also provides information on the associated monitor, security signal, or Error Tracking issue, as well as the teams working on the case.

View case details in the activity timeline

Each case automatically creates an activity timeline to capture real-time updates to status, assignee, priority, notes, insights, and integration tickets.

Retention policy

By default, cases have a 15-month retention policy which can be extended if needed.

Workflow automation

Automate the creation of cases. In a new or existing workflow, add a step in the workflow builder and search for “case management”. Select the Create Case action or Update the status from a Case.

To attach associated monitors to your case, add the monitor URL link in the Workflows Create Case action in the Attachment Links field.

Add monitor links in the Workflows Create Case action in the Attachment Links field

If the case is created from a Monitor or Security signal trigger, the URL is available in the Source tab of the trigger.

Take action

Use Case Management to gather information, context, and resources to determine the proper action. This includes further investigation, escalating to an incident, or closing out a case.

Close a case by updating the status to Closed

From an individual case:

  • Declare Incident: Escalate a case to an incident.
  • Investigation Notebook: Gather investigation information.
  • Link to integration: Create Jira or ServiceNow tickets.
  • Close a case: Let the team know that no further action is needed. Select Closed to update the status.

Further reading