Skip to main content

Overview

Datadog is a cloud-scale monitoring and security platform. Easyalert integrates with Datadog via webhooks, receiving alerts from monitors and creating incidents automatically.

Requirements

  • Datadog account
  • Easyalert account and active tenant
  • Access to Integrations → Webhooks in Datadog

Setup Instructions

1

Create Integration in Easyalert

  1. Go to Integrations page from left menu
  2. Click Add Integration button
  3. Select Datadog as Source Type
  4. Enter a name (e.g., Datadog Production)
  5. Click Create to save
  6. Copy the generated Webhook URL
Example: https://api.easyalert.io/api/v1/webhooks/ingest/wh_abc123...
2

Create Webhook in Datadog

Go to Integrations → Webhooks → New
FieldValue
Nameeasyalert
URLYour Easyalert webhook URL
PayloadCustom JSON (see below)
Custom HeadersContent-Type: application/json
3

Configure Payload Template

Use this recommended payload:
{
  "id": "$ID",
  "title": "$EVENT_TITLE",
  "hostname": "$HOSTNAME",
  "alertId": "$ALERT_ID",
  "alertMetric": "$ALERT_METRIC",
  "alertQuery": "$ALERT_QUERY",
  "alertStatus": "$ALERT_STATUS",
  "alertTransition": "$ALERT_TRANSITION",
  "alertType": "$ALERT_TYPE",
  "eventType": "$EVENT_TYPE",
  "eventMsg": "$EVENT_MSG",
  "tags": "$TAGS",
  "link": "$LINK",
  "date": "$DATE",
  "orgName": "$ORG_NAME",
  "customer": "YOUR_CUSTOMER_NAME",
  "team": "YOUR_TEAM_NAME",
  "environment": "production"
}
NOTE: Datadog uses $VARIABLE syntax (uppercase).
4

Add Webhook to Monitors

  1. Edit your monitor
  2. In Notify your team, add @webhook-easyalert
  3. Save the monitor
5

Test the Integration

Trigger a test alert from a monitor

Datadog Variables

Datadog provides these variables for webhooks:
VariableDescription
$IDEvent ID
$EVENT_TITLEEvent title
$HOSTNAMEHost name
$ALERT_IDMonitor ID
$ALERT_METRICMetric name
$ALERT_QUERYMonitor query
$ALERT_TRANSITIONTriggered, Recovered
$ALERT_TYPEerror, warning, info
$ALERT_STATUSCurrent status
$EVENT_TYPEEvent type
$EVENT_MSGFull alert message (HTML)
$TAGSTag list (key:value format)
$LINKDatadog UI link
$DATEAlert timestamp
$ORG_NAMEOrganization name

Field Mapping

Datadog FieldEasyalert Field
$ID / alertIdEvent ID
$EVENT_TITLE / titleTitle
$EVENT_MSGDescription
$ALERT_TYPESeverity mapping
$ALERT_TRANSITIONStatus
$HOSTNAMEHost
$LINKURL
$TAGSTags (parsed)

Severity Mapping

Alert Type Mapping

Datadog Alert TypeEasyalert Severity
errorCritical
warningWarning
infoInfo

Priority Mapping

If you use Datadog priorities:
Datadog PriorityEasyalert Severity
P1Critical
P2High
P3Warning
P4Info
P5Info

Status Handling

Datadog TransitionEasyalert StatusAction
TriggeredProblemCreates/updates incident
Re-TriggeredProblemUpdates incident
RecoveredOKResolves incident
No DataProblemCreates incident
No Data RecoveredOKResolves incident

Tags Parsing

Datadog tags in key:value format are automatically parsed: 
env:production,service:web,team:backend
Becomes:
  • tags.env = "production"
  • tags.service = "web"
  • tags.team = "backend"
These can be used in escalation routing rules.

Custom Field → Tag Mapping

Datadog Tags ($TAGS)

$TAGS variable brings host/monitor tags automatically: 
env:production,service:web,team:backend

Custom Fields

All custom fields added to the payload template become tags: 
{
  "customer": "AcmeCorp",
  "datacenter": "EU-West",
  "cost_center": "CC-1234"
}
In Easyalert: 
tags.customer = "AcmeCorp"
tags.datacenter = "EU-West"
tags.cost_center = "CC-1234"

Routing Examples

Escalation Routing: 
tags.customer equals "AcmeCorp" → Acme Policy
tags.env equals "production" → Production Policy
tags.team equals "backend" → Backend Team Policy
Notification Rules: 
tags.env equals "production" AND severity equals "critical" → call + sms + email
tags.env equals "staging" → email only

Monitor Configuration Tips

Adding Webhook to Monitors

In monitor notification settings: 
@webhook-easyalert

Including Specific Tags

Use template variables in your monitor message: 
{{#is_alert}}
Critical alert on {{host.name}}
{{/is_alert}}

{{#is_recovery}}
Recovered: {{host.name}} is back to normal
{{/is_recovery}}

Test

curl -X POST "YOUR_WEBHOOK_URL" \
  -H "Content-Type: application/json" \
  -d '{
    "id": "12345",
    "title": "[Triggered] High CPU",
    "hostname": "web-server-01",
    "alertId": "789",
    "alertTransition": "Triggered",
    "alertType": "error",
    "tags": "env:production,service:web",
    "date": 1733234400,
    "customer": "TestCustomer"
  }'

Troubleshooting

  1. Verify webhook URL in Datadog integrations 2. Check that @webhook-easyalert is in monitor notification 3. Test the webhook from Datadog UI 4. Review Datadog webhook delivery logs
  1. Verify field is added to webhook payload template 2. Check field name spelling 3. View webhook samples in Easyalert
  1. Ensure $VARIABLE is uppercase 2. Check if the variable is available for the monitor type 3. Some variables may be empty for certain alert types
  1. Verify monitor sends recovery notifications 2. Check alertTransition includes “Recovered” 3. Ensure alertId is consistent between alert and recovery
  1. Include $TAGS in webhook payload 2. Verify tags are set on the monitor or metric 3. Check tag format (should be key:value)

Best Practices

Set P1-P5 priority on monitors to ensure proper severity mapping in Easyalert.
Use the recommended payload template to capture all useful information.
Add tags like env, team, and service for better routing and filtering.
Ensure monitors send recovery notifications to automatically resolve incidents.
Set aggregation keys to help with incident deduplication.
Include customer, team, environment in payload for escalation routing.