Events Explorer
The Events Explorer displays the most recent events generated by your infrastructure and services such as code deployments, service health, configuration changes, or monitoring alerts.
Navigate the Explorer
The Events Explorer displays all event types by default. You can filter your events by facets or search queries.
Event side panel
Click a row in the Events Explorer to open the event side panel, which shows tags and messages associated with the event.
Attributes tab
The attributes tab of the side panel lists event attributes as JSON. Click on an attribute to add it to or exclude it from the existing query, or to add a column for this attribute.
Events attributes can be normalized or enriched at intake with processing pipelines.
Options
Click Options to customize your Events Explorer:
- Adjust the columns displayed.
- Select list density from compact to expanded.
- Show absolute or relative timestamps. An absolute timestamp displays the time of the event in UTC (for example,
Aug 11 15:58.08.000). A relative timestamp displays the time elapsed since the event (for example, 20 seconds ago). - Show or hide tags in your results.
- Show or hide the top timeline graph.
Time range
The time frame selector controls the time range of events that are shown in the Explorer or Analytics, and sets the range of the timeline under the search bar.
Change the time range by selecting a preset range from the time frame dropdown, or by entering a custom time range.
Because all search parameters are contained within the URL, you can share your view by sharing the URL.
Search syntax
Events search uses the logs search syntax.
Like logs search, events search permits:
AND, OR and - operators- Wildcards
- Escape characters
- Searching tags and facet with
key:value - Searching within attributes with the
@ prefix
Example queries:
source:(github OR chef)- Show events from GitHub OR Chef.
host:(i-0ade23e6 AND db.myapp.com)- Show events from
i-0ade23e6 AND db.myapp.com. service:kafka- Show events from the
kafka service. status:error- Show events with an
error status (supports: error, warning, info, ok). availability-zone:us-east-1a- Show events in the
us-east-1a AWS availability zone (AZ). container_id:foo*- Show events from all containers with an ID beginning with
foo. @evt.name:foo- Show the events with attribute
evt.name equal to foo.
See Logs Search Syntax for more details.
Facets
Datadog indexes event attributes as facets that are accessible from the Event Explorer facet side-panel, analytics, and monitors.
A facet displays the distinct members of an attribute or a tag and provides basic analytics, such as the number of events represented. Facets allow you to pivot or filter your datasets based on a given attribute. To filter, select the values that you want to see.
Create a facet
To create a facet, use the “Add a facet” button in the left side panel.
Once you add the facet, the value of this attribute is stored for all new views, and you can use it in the search bar and facet side-panels. You can also use it to group by in event monitors and graph widgets.
Reserved attributes
This list describes automatically ingested reserved attributes with events.
| Attribute | Description |
|---|
host | The name of the originating host as defined in metrics. Datadog automatically retrieves corresponding host tags from the matching host in Datadog and applies them to your events. The Agent sets this value automatically. |
source | This corresponds to the integration name, or the technology from which the event originated. When it matches an integration name, Datadog automatically installs the corresponding parsers and facets. For example: nginx, postgresql, and more. |
status | This corresponds to the level or severity of an event. |
service | The name of the application or service generating the events. |
message | By default, Datadog ingests the value of the message attribute as the body of the event entry. |
To search a tag that has the same key as a reserved attribute, use the tags search syntax.
Example: tags:("status:<status>")
To create a facet on a tag that has the same key as a reserved attribute:
- Use the Remapper processor to remap the tag to another tag or attribute.
- Create a facet on the new tag/attribute.
Notifications
Datadog supports @notifications in the messages of events when posted by the API. For example:
@all- Sends a notification to all members of your organization.
@test@example.com- Sends an email to
test@example.com. @slack-<SLACK_ACCOUNT>-<CHANNEL_NAME>- Posts the event or graph to the specified Slack channel.
@webhook- Alerts or triggers the webhook. See the blog post on webhooks.
See Notifications to learn more.
Event Analytics
Event Analytics extends the Events Explorer page with views, data aggregation, and grouping capabilities for troubleshooting and monitoring. You can control:
- The query that filters the set of views to analyze.
- The dimensions over which to group data.
- The visualization method for aggregates and groups.
You can export analytics visualizations to create widgets in a dashboard or notebook.
Build an analytics query
Use the query to control what’s displayed in your Events Analytics:
- Choose an attribute or tag to graph, and add it as a facet. Graphing a facet displays the unique count of the variable.
- Use a facet to group your graph by. You must add an attribute as a facet to be able to use it here.
- Choose the time interval for your graph. Changing the global timeframe changes the list of available timestep values. You can display the results as a timeseries, table, or top list.
- Choose to display either the top or bottom values according to the selected measure.
Further reading
Additional helpful documentation, links, and articles:
