Datadog
Connect Datadog Logs to SigSentry using API and Application keys
The Datadog adapter uses the Logs Search API v2 to query during analyses. You'll need a paired API key and Application key from your Datadog account.
Prerequisites
| Need | Notes |
|---|---|
| Datadog account | Any plan that includes Logs |
| API key | Generated under Account Settings → API keys |
| Application key | Generated under Account Settings → Application keys |
| Site | Default datadoghq.com; change for EU or other regions |
Setup walkthrough
Generate an API key
In Datadog: Account Settings → API keys → New key. Name it
something like sigsentry-readonly. Copy the key — it won't be shown
again.
Generate an Application key
In Datadog: Account Settings → Application keys → New key. The Application key is what authorizes API requests against the user's permission scope; pair it with the API key you just generated.
The user creating the Application key only needs Logs Read in Datadog. Don't grant admin or write permissions.
Add the log source in SigSentry
Project → Log Sources → Add log source. Pick Datadog and name
it descriptively, e.g. datadog-prod.
Enter credentials
| Field | Value |
|---|---|
| API key | The DD-API-KEY value |
| Application key | The DD-APPLICATION-KEY value |
| Site | Optional. datadoghq.com (default), datadoghq.eu, us3.datadoghq.com, etc. |
Add facets to query
Datadog uses facets (service, source, host, status) for filtering. Paste facet values into the Sources textarea, one per line. These are the services or sources SigSentry will query during analyses:
service:checkout-api
service:billing-worker
source:nginxClick Load sources to autocomplete services from your Datadog account.
Test and save
Click Test connection to query a small recent window. You should see a Connected indicator plus sample log lines. Click Save.
What you'll see in results
Each Datadog log line shown in an analysis includes:
- Timestamp
- Log level (mapped from Datadog
status) - Service name (from the
servicefacet) - Message
- Custom attributes (
@user.id,@request.id, etc.) carried through as metadata
Quirks
| Quirk | Notes |
|---|---|
| EU region | Set Site to datadoghq.eu; the API endpoint differs |
| Index scoping | Optional Index field restricts queries to a specific index instead of all-logs |
| Status mapping | If your services log levels differently, override via project AI context |
Datadog Application keys are tied to the user who created them. If that user leaves or has their permissions changed, the key stops working. Use a service account or shared admin user for production keys.
Troubleshooting
| Error | Fix |
|---|---|
403 Forbidden | API or Application key invalid; regenerate both |
400 Bad Request: invalid query | A facet value contains a Datadog reserved character; quote it or remove |
| Sample logs empty in test | Last 5 minutes had no logs matching your facets; widen scope |
| Slow queries | Reduce the number of facets or scope to a single index |