Datadog syntax

From wikinotes

Documentation

facets https://docs.datadoghq.com/logs/explorer/facets/#manage-facets
functions https://docs.datadoghq.com/dashboards/functions/#overview

Example

Perform queries

# there is the JSON query syntax (described here)
# and a UI-assisted JSON query syntax where the code is abstracted.
Notebooks:
  - New Notebook:
    - </>  # on the far right of the query, this toggles interactive "json-syntax" queries
sum:my_metric{*}.as_count()  # sum counts per-sample of `my_metric`
sum:my_metric{env:prod}      # `my_metric`, where tag `env=prod`

Components

Queries are composed of a term and an operator.

terms

facet:  @host, @url           # provided by the application, applies to all metrics
tag:    status, perform_time  # assigned to your specific metric when emitted

operator

Datatypes

Metrics are assigned datatypes

Operators

You can do operator math.

node.avail_memory / node.total_memory
*  # multiply
/  # divide
+  # add
-  # subtract

Filters

Glob/Wildcard

You can glob-match metrics.

jobs:*{*}   # jobs.* with no tag matchers

Tag-Search

Tag-Search lets you conditionally match metrics by tag.

AND  # metric with both tags
OR   # metric with either tag
-    # (AND|OR) exclude results with another matcher
perform_time{(env:prod AND env:staging)}
perform_time{(env:prod AND -user:test)}

Comparison/Ranges

Exclude records by numerical operators, or ranges

foo.response_time:>100
foo.response_time:[100 TO 200]

Aggregation (Samples)

rollup lets you change the sample-size, to a time period in seconds.

avg:perform_time{*}.rollup(avg, 60)  # average-perform time, within 60s windows

You cannot use numeric filters on aggregated samples, but there are helpful functions.

cutoff_min(avg:perform_time{*}.rollup(avg, 60), 10)  # only show samples that exceed 10

Functions

Several functions are available. See docs

https://docs.datadoghq.com/dashboards/functions/#overview