# Datadog Datadog is a monitoring and analytics platform for cloud-scale infrastructure, applications, and logs. The Sling Datadog connector extracts data from the Datadog REST API, supporting monitors, dashboards, events, users, synthetics tests, SLOs, downtimes, incidents, audit logs, and metrics. {% hint style="success" %} **CLI Pro Required**: APIs require a [CLI Pro token](/sling-cli/cli-pro.md) or [Platform Plan](/sling-platform/platform.md). {% endhint %} ## Setup The following credentials and inputs are accepted: **Secrets:** * `api_key` **(required)** -> Your Datadog API key * `app_key` **(required)** -> Your Datadog Application key * `site` (optional) -> Your Datadog site domain (default: `datadoghq.com`). Use `datadoghq.eu` for EU, `us3.datadoghq.com`, `us5.datadoghq.com`, `ap1.datadoghq.com`, or `ddog-gov.com` for other regions. **Inputs:** * `anchor_date` (optional) -> The starting date for historical data extraction (default: 1 year ago). Format: `YYYY-MM-DD` * `events_filter_query` (optional) -> Filter query for the events endpoint using [Datadog search syntax](https://docs.datadoghq.com/logs/explorer/search_syntax/) (e.g., `source:kubernetes`, `status:error`) * `audit_filter_query` (optional) -> Filter query for the audit logs endpoint (e.g., `@action:login`, `@user.email:admin@company.com`) * `monitor_tags` (optional) -> Comma-separated tags to filter monitors (e.g., `env:prod,team:backend`) * `monitor_name` (optional) -> Filter monitors by name substring (e.g., `cpu`) * `host_filter` (optional) -> Filter hosts by name, alias, or tag (e.g., `env:prod`) * `include_hosts_metadata` (optional) -> Include additional host metadata like agent version and platform (`true`/`false`) * `metrics_host` (optional) -> Filter active metrics to a specific hostname * `metrics_tag_filter` (optional) -> Filter metrics by tags with boolean/wildcard support (e.g., `env:production AND service:api`) ### Getting Your API Key 1. Log in to your [Datadog Dashboard](https://app.datadoghq.com/) 2. Go to **Organization Settings** > **API Keys** 3. Click **+ New Key**, give it a name, and copy the key ### Getting Your Application Key 1. In the Datadog Dashboard, go to **Organization Settings** > **Application Keys** 2. Click **+ New Key**, give it a name, and copy the key {% hint style="warning" %} **Important:** Both an API key and an Application key are required. The API key alone is not sufficient for most read endpoints. {% endhint %} ### Using `sling conns` {% code overflow="wrap" %} ```bash sling conns set DATADOG type=api spec=datadog secrets='{ api_key: your_api_key, app_key: your_app_key }' ``` {% endcode %} ### Environment Variable See [here](https://docs.slingdata.io/connections/api-connections/pages/eAdVs2BHCgdr6RS8GoJC#dot-env-file-.env.sling) to learn more about the `.env.sling` file. {% code overflow="wrap" %} ```bash export DATADOG='{ type: api, spec: datadog, secrets: { api_key: "your_api_key", app_key: "your_app_key" } }' ``` {% endcode %} ### Sling Env File YAML See [here](https://docs.slingdata.io/connections/api-connections/pages/eAdVs2BHCgdr6RS8GoJC#sling-env-file-env.yaml) to learn more about the sling `env.yaml` file. ```yaml connections: DATADOG: type: api spec: datadog secrets: api_key: "your_api_key" app_key: "your_app_key" ``` **For EU or other regional sites:** ```yaml connections: DATADOG: type: api spec: datadog secrets: api_key: "your_api_key" app_key: "your_app_key" site: "datadoghq.eu" ``` ## Replication Here's an example replication configuration to sync Datadog data to a PostgreSQL database: ```yaml source: DATADOG target: MY_POSTGRES defaults: mode: full-refresh object: datadog.{stream_name} streams: # sync all endpoints '*': # incremental sync for event-based endpoints events: mode: incremental audit_logs: mode: incremental ``` ## Endpoints ### Core Monitoring | Endpoint | Description | Incremental | | ------------ | ------------------------------------------------------ | ----------- | | `monitors` | Alert monitors and their configurations | No | | `dashboards` | Dashboard summaries | No | | `events` | Events with timestamp-based incremental sync | Yes | | `audit_logs` | Audit log events with timestamp-based incremental sync | Yes | ### Infrastructure & Testing | Endpoint | Description | Incremental | | ------------------ | -------------------------- | ----------- | | `hosts` | Hosts in the organization | No | | `synthetics_tests` | Synthetic monitoring tests | No | | `metrics` | Active metric names | No | ### Operational | Endpoint | Description | Incremental | | ----------- | ------------------------ | ----------- | | `slos` | Service Level Objectives | No | | `downtimes` | Scheduled downtimes | No | | `users` | Organization users | No | | `incidents` | Incidents | No | To discover available endpoints: ```bash sling conns discover DATADOG ``` ## Filtering Several endpoints support optional filter parameters to narrow down results. Filters can be set in two ways: 1. **Connection inputs** — set globally on the connection (applies to all replications) 2. **Replication store hooks** — set per-replication (overrides connection inputs) ### Via Connection Inputs ```yaml connections: DATADOG: type: api spec: datadog secrets: api_key: "your_api_key" app_key: "your_app_key" inputs: events_filter_query: "source:datadog" monitor_tags: "env:prod,team:backend" metrics_tag_filter: "env:production" ``` ### Via Replication Store Hooks Use `store` hooks to set filters per-replication without modifying the connection: ```yaml source: DATADOG target: MY_POSTGRES defaults: mode: full-refresh object: datadog.{stream_name} hooks: start: - type: store map: events_filter_query: "source:kubernetes" monitor_name: "CPU" streams: events: monitors: ``` Store values take priority over connection inputs, so you can set defaults in the connection and override per-replication. ### Available Filters | Filter | Endpoint | Description | | ------------------------ | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | | `events_filter_query` | `events` | [Datadog search syntax](https://docs.datadoghq.com/logs/explorer/search_syntax/) (e.g., `source:kubernetes`, `status:error`, `tags:env:production`) | | `audit_filter_query` | `audit_logs` | Search audit events (e.g., `@action:login`, `@user.email:admin@company.com`) | | `monitor_tags` | `monitors` | Comma-separated scope tags (e.g., `env:prod,role:web`) | | `monitor_name` | `monitors` | Substring match on monitor name (e.g., `cpu`) | | `host_filter` | `hosts` | Filter by name, alias, or tag (e.g., `env:prod`) | | `include_hosts_metadata` | `hosts` | Include additional host metadata like agent version and platform (`true`/`false`) | | `metrics_host` | `metrics` | Filter to metrics from a specific host | | `metrics_tag_filter` | `metrics` | Tag filter with boolean/wildcard support (e.g., `env:production AND service:api`) | ## Incremental Sync The `events` and `audit_logs` endpoints support incremental sync via timestamp: * **First run:** Fetches all records from `anchor_date` (default: 1 year ago) to present * **Subsequent runs:** Only fetches records created after the last sync timestamp ## Regional Sites Datadog operates in multiple regions. Set the `site` secret to use a different region: | Region | Site Value | | ------------- | ------------------- | | US1 (default) | `datadoghq.com` | | US3 | `us3.datadoghq.com` | | US5 | `us5.datadoghq.com` | | EU | `datadoghq.eu` | | AP1 | `ap1.datadoghq.com` | | US1-FED | `ddog-gov.com` | ## Rate Limiting The Datadog API has rate limits that vary by endpoint. The connector automatically: * Uses conservative rate limiting (5 requests/second) * Retries with exponential backoff on 429 (rate limit) responses * Retries on 5xx server errors with linear backoff If you are facing issues connecting, please reach out to us at , on [discord](https://discord.gg/q5xtaSNDvp) or open a Github Issue [here](https://github.com/slingdata-io/sling-cli/issues). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.slingdata.io/connections/api-connections/datadog.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.