> ## Documentation Index
> Fetch the complete documentation index at: https://docs.easyalert.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Datadog

> Receive alerts from Datadog monitoring platform

## Overview

Datadog is a cloud-scale monitoring and security platform. Easyalert integrates with Datadog via webhooks, receiving alerts from monitors and creating incidents automatically.

***

## Requirements

* **Datadog** account
* **Easyalert account** and active tenant
* Access to **Integrations → Webhooks** in Datadog

***

## Setup Instructions

<Steps>
  <Step title="Create Integration in Easyalert">
    1. Go to **Integrations** page from left menu
    2. Click **Add Integration** button
    3. Select **Datadog** as **Source Type**
    4. Enter a name (e.g., `Datadog Production`)
    5. Click **Create** to save
    6. Copy the generated **Webhook URL**

    > **Example:** `https://api.easyalert.io/api/v1/webhooks/ingest/wh_abc123...`
  </Step>

  <Step title="Create Webhook in Datadog">
    Go to **Integrations → Webhooks → New**

    | Field              | Value                            |
    | ------------------ | -------------------------------- |
    | **Name**           | `easyalert`                      |
    | **URL**            | Your Easyalert webhook URL       |
    | **Payload**        | Custom JSON (see below)          |
    | **Custom Headers** | `Content-Type: application/json` |
  </Step>

  <Step title="Configure Payload Template">
    Use this recommended payload:

    ```json theme={null}
    {
      "id": "$ID",
      "title": "$EVENT_TITLE",
      "hostname": "$HOSTNAME",
      "alertId": "$ALERT_ID",
      "alertMetric": "$ALERT_METRIC",
      "alertQuery": "$ALERT_QUERY",
      "alertStatus": "$ALERT_STATUS",
      "alertTransition": "$ALERT_TRANSITION",
      "alertType": "$ALERT_TYPE",
      "eventType": "$EVENT_TYPE",
      "eventMsg": "$EVENT_MSG",
      "tags": "$TAGS",
      "link": "$LINK",
      "date": "$DATE",
      "orgName": "$ORG_NAME",
      "customer": "YOUR_CUSTOMER_NAME",
      "team": "YOUR_TEAM_NAME",
      "environment": "production"
    }
    ```

    > **NOTE:** Datadog uses `$VARIABLE` syntax (uppercase).
  </Step>

  <Step title="Add Webhook to Monitors">
    1. Edit your monitor
    2. In **Notify your team**, add `@webhook-easyalert`
    3. Save the monitor
  </Step>

  <Step title="Test the Integration">
    Trigger a test alert from a monitor
  </Step>
</Steps>

***

## Datadog Variables

Datadog provides these variables for webhooks:

| Variable            | Description                 |
| ------------------- | --------------------------- |
| `$ID`               | Event ID                    |
| `$EVENT_TITLE`      | Event title                 |
| `$HOSTNAME`         | Host name                   |
| `$ALERT_ID`         | Monitor ID                  |
| `$ALERT_METRIC`     | Metric name                 |
| `$ALERT_QUERY`      | Monitor query               |
| `$ALERT_TRANSITION` | Triggered, Recovered        |
| `$ALERT_TYPE`       | error, warning, info        |
| `$ALERT_STATUS`     | Current status              |
| `$EVENT_TYPE`       | Event type                  |
| `$EVENT_MSG`        | Full alert message (HTML)   |
| `$TAGS`             | Tag list (key:value format) |
| `$LINK`             | Datadog UI link             |
| `$DATE`             | Alert timestamp             |
| `$ORG_NAME`         | Organization name           |

***

## Field Mapping

| Datadog Field            | Easyalert Field  |
| ------------------------ | ---------------- |
| `$ID` / `alertId`        | Event ID         |
| `$EVENT_TITLE` / `title` | Title            |
| `$EVENT_MSG`             | Description      |
| `$ALERT_TYPE`            | Severity mapping |
| `$ALERT_TRANSITION`      | Status           |
| `$HOSTNAME`              | Host             |
| `$LINK`                  | URL              |
| `$TAGS`                  | Tags (parsed)    |

***

## Severity Mapping

### Alert Type Mapping

| Datadog Alert Type | Easyalert Severity |
| ------------------ | ------------------ |
| error              | Critical           |
| warning            | Warning            |
| info               | Info               |

### Priority Mapping

If you use Datadog priorities:

| Datadog Priority | Easyalert Severity |
| ---------------- | ------------------ |
| P1               | Critical           |
| P2               | High               |
| P3               | Warning            |
| P4               | Info               |
| P5               | Info               |

***

## Status Handling

| Datadog Transition | Easyalert Status | Action                   |
| ------------------ | ---------------- | ------------------------ |
| Triggered          | Problem          | Creates/updates incident |
| Re-Triggered       | Problem          | Updates incident         |
| Recovered          | OK               | Resolves incident        |
| No Data            | Problem          | Creates incident         |
| No Data Recovered  | OK               | Resolves incident        |

***

## Tags Parsing

Datadog tags in `key:value` format are automatically parsed:

```
env:production,service:web,team:backend
```

Becomes:

* `tags.env = "production"`
* `tags.service = "web"`
* `tags.team = "backend"`

These can be used in escalation routing rules.

***

## Custom Field → Tag Mapping

### Datadog Tags (\$TAGS)

`$TAGS` variable brings host/monitor tags automatically:

```
env:production,service:web,team:backend
```

### Custom Fields

All custom fields added to the payload template become tags:

```json theme={null}
{
  "customer": "AcmeCorp",
  "datacenter": "EU-West",
  "cost_center": "CC-1234"
}
```

In Easyalert:

```
tags.customer = "AcmeCorp"
tags.datacenter = "EU-West"
tags.cost_center = "CC-1234"
```

***

## Routing Examples

**Escalation Routing:**

```
tags.customer equals "AcmeCorp" → Acme Policy
tags.env equals "production" → Production Policy
tags.team equals "backend" → Backend Team Policy
```

**Notification Rules:**

```
tags.env equals "production" AND severity equals "critical" → call + sms + email
tags.env equals "staging" → email only
```

***

## Monitor Configuration Tips

### Adding Webhook to Monitors

In monitor notification settings:

```
@webhook-easyalert
```

### Including Specific Tags

Use template variables in your monitor message:

```
{{#is_alert}}
Critical alert on {{host.name}}
{{/is_alert}}

{{#is_recovery}}
Recovered: {{host.name}} is back to normal
{{/is_recovery}}
```

***

## Test

```bash theme={null}
curl -X POST "YOUR_WEBHOOK_URL" \
  -H "Content-Type: application/json" \
  -d '{
    "id": "12345",
    "title": "[Triggered] High CPU",
    "hostname": "web-server-01",
    "alertId": "789",
    "alertTransition": "Triggered",
    "alertType": "error",
    "tags": "env:production,service:web",
    "date": 1733234400,
    "customer": "TestCustomer"
  }'
```

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Alerts not being received">
    1. Verify webhook URL in Datadog integrations 2. Check that
       `@webhook-easyalert` is in monitor notification 3. Test the webhook from
       Datadog UI 4. Review Datadog webhook delivery logs
  </Accordion>

  <Accordion title="Custom fields not becoming tags">
    1. Verify field is added to webhook payload template 2. Check field name
       spelling 3. View webhook samples in Easyalert
  </Accordion>

  <Accordion title="Empty values">
    1. Ensure `$VARIABLE` is uppercase 2. Check if the variable is available for
       the monitor type 3. Some variables may be empty for certain alert types
  </Accordion>

  <Accordion title="Recovery not resolving incidents">
    1. Verify monitor sends recovery notifications 2. Check `alertTransition`
       includes "Recovered" 3. Ensure `alertId` is consistent between alert and
       recovery
  </Accordion>

  <Accordion title="Tags not appearing">
    1. Include `$TAGS` in webhook payload 2. Verify tags are set on the monitor
       or metric 3. Check tag format (should be `key:value`)
  </Accordion>
</AccordionGroup>

***

## Best Practices

<AccordionGroup>
  <Accordion title="Use Priority Levels">
    Set P1-P5 priority on monitors to ensure proper severity mapping in
    Easyalert.
  </Accordion>

  <Accordion title="Include All Variables">
    Use the recommended payload template to capture all useful information.
  </Accordion>

  <Accordion title="Tag Your Monitors">
    Add tags like `env`, `team`, and `service` for better routing and filtering.
  </Accordion>

  <Accordion title="Configure Recovery Notifications">
    Ensure monitors send recovery notifications to automatically resolve
    incidents.
  </Accordion>

  <Accordion title="Use Aggregation Keys">
    Set aggregation keys to help with incident deduplication.
  </Accordion>

  <Accordion title="Add Custom Fields for Routing">
    Include `customer`, `team`, `environment` in payload for escalation routing.
  </Accordion>
</AccordionGroup>