User Guide

Synapse-Datadog User Guide

Synapse-Datadog adds new Storm commands to allow you to query the Datadog API using your existing API key.

Getting Started

Check with your Admin to enable permissions and find out if you need a personal API key.

Examples

Setting your personal API key

To set-up a personal use API key:

> datadog.setup.apikey --self myapikey
Setting Synapse-Datadog API key for the current user.

Setting your personal application key

To set-up a personal use application key

> datadog.setup.appkey --self myappkey
Setting Synapse-Datadog application key for the current user.

Query the Datadog API for logs

Create it:log:event nodes from the results:

> datadog.logs.search --query "service:web* AND @http.status_code:[200 TO 299]" --yield
it:log:event=93e866c3853fb984346be15d1de84eea
        .created = 2024/04/26 15:53:44.521
        :data = {'attributes': {'attributes': ({},), 'host': 'i-0123', 'message': 'Host connected to remote', 'service': 'agent', 'status': 'INFO', 'tags': ('team:A',), 'timestamp': '2019-01-02T09:42:36.320Z'}, 'id': 'AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA', 'type': 'log'}
        :host = 673165c1be7178b0fd86a5aa790383ad
        :mesg = Host connected to remote
        :severity = info
        :time = 2019/01/02 09:42:36.320

Print raw events and do not create nodes:

> datadog.logs.search --query "service:web* AND @http.status_code:[200 TO 299]" --dryrun
id: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA
type: log
timestamp: 2019-01-02T09:42:36.320Z
host: i-0123
message: Host connected to remote
service: agent
status: INFO
tags:
    team:A
attributes:
    {}

Use of meta:source nodes

Synapse-Datadog uses a meta:source node and -(seen)> light weight edges to track nodes observed from the Datadog API.

> meta:source=f2ede873981c258bd03bfc154abac607
meta:source=f2ede873981c258bd03bfc154abac607
        .created = 2024/04/26 15:53:44.468
        :name = datadog api

Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse-Datadog. The following example shows how to filter the results of a query to include only results observed by Synapse-Datadog:

> it:log:event +{ <(seen)- meta:source=f2ede873981c258bd03bfc154abac607 }
it:log:event=93e866c3853fb984346be15d1de84eea
        .created = 2024/04/26 15:53:44.521
        :data = {'attributes': {'attributes': ({},), 'host': 'i-0123', 'message': 'Host connected to remote', 'service': 'agent', 'status': 'INFO', 'tags': ('team:A',), 'timestamp': '2019-01-02T09:42:36.320Z'}, 'id': 'AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA', 'type': 'log'}
        :host = 673165c1be7178b0fd86a5aa790383ad
        :mesg = Host connected to remote
        :severity = info
        :time = 2019/01/02 09:42:36.320