Datadog

Receive alerts from Datadog monitoring platform

Overview

Datadog is a cloud-scale monitoring and security platform. Easyalert integrates with Datadog via webhooks, receiving alerts from monitors and creating incidents automatically.

Requirements

Datadog account
Easyalert account and active tenant
Access to Integrations → Webhooks in Datadog

Setup Instructions

Step 1: Create Integration in Easyalert

Go to Integrations page from left menu
Click Add Integration button
Select Datadog as Source Type
Enter a name (e.g., Datadog Production)
Click Create to save
Copy the generated Webhook URL

Example: https://api.easyalert.io/api/v1/webhooks/ingest/wh_abc123...

Step 2: Create Webhook in Datadog

Go to Integrations → Webhooks → New

Field	Value
Name	`easyalert`
URL	Your Easyalert webhook URL
Payload	Custom JSON (see below)
Custom Headers	`Content-Type: application/json`

Step 3: Configure Payload Template

Use this recommended payload:

{
  "id": "$ID",
  "title": "$EVENT_TITLE",
  "hostname": "$HOSTNAME",
  "alertId": "$ALERT_ID",
  "alertMetric": "$ALERT_METRIC",
  "alertQuery": "$ALERT_QUERY",
  "alertStatus": "$ALERT_STATUS",
  "alertTransition": "$ALERT_TRANSITION",
  "alertType": "$ALERT_TYPE",
  "eventType": "$EVENT_TYPE",
  "eventMsg": "$EVENT_MSG",
  "tags": "$TAGS",
  "link": "$LINK",
  "date": "$DATE",
  "orgName": "$ORG_NAME",
  "customer": "YOUR_CUSTOMER_NAME",
  "team": "YOUR_TEAM_NAME",
  "environment": "production"
}

NOTE: Datadog uses $VARIABLE syntax (uppercase).

Step 4: Add Webhook to Monitors

Edit your monitor
In Notify your team, add @webhook-easyalert
Save the monitor

Step 5: Test the Integration

Trigger a test alert from a monitor.

Datadog Variables

Datadog provides these variables for webhooks:

Variable	Description
`$ID`	Event ID
`$EVENT_TITLE`	Event title
`$HOSTNAME`	Host name
`$ALERT_ID`	Monitor ID
`$ALERT_METRIC`	Metric name
`$ALERT_QUERY`	Monitor query
`$ALERT_TRANSITION`	Triggered, Recovered
`$ALERT_TYPE`	error, warning, info
`$ALERT_STATUS`	Current status
`$EVENT_TYPE`	Event type
`$EVENT_MSG`	Full alert message (HTML)
`$TAGS`	Tag list (key:value format)
`$LINK`	Datadog UI link
`$DATE`	Alert timestamp
`$ORG_NAME`	Organization name

Field Mapping

Datadog Field	Easyalert Field
`$ID` / `alertId`	Event ID
`$EVENT_TITLE` / `title`	Title
`$EVENT_MSG`	Description
`$ALERT_TYPE`	Severity mapping
`$ALERT_TRANSITION`	Status
`$HOSTNAME`	Host
`$LINK`	URL
`$TAGS`	Tags (parsed)

Severity Mapping

Alert Type Mapping

Datadog Alert Type	Easyalert Severity
error	Critical
warning	Warning
info	Info

Priority Mapping

If you use Datadog priorities:

Datadog Priority	Easyalert Severity
P1	Critical
P2	High
P3	Warning
P4	Info
P5	Info

Status Handling

Datadog Transition	Easyalert Status	Action
Triggered	Problem	Creates/updates incident
Re-Triggered	Problem	Updates incident
Recovered	OK	Resolves incident
No Data	Problem	Creates incident
No Data Recovered	OK	Resolves incident

Tags Parsing

Datadog tags in key:value format are automatically parsed:

env:production,service:web,team:backend

Becomes:

tags.env = "production"
tags.service = "web"
tags.team = "backend"

These can be used in escalation routing rules.

Custom Field → Tag Mapping

Datadog Tags ($TAGS)

$TAGS variable brings host/monitor tags automatically:

env:production,service:web,team:backend

Custom Fields

All custom fields added to the payload template become tags:

{
  "customer": "AcmeCorp",
  "datacenter": "EU-West",
  "cost_center": "CC-1234"
}

In Easyalert:

tags.customer = "AcmeCorp"
tags.datacenter = "EU-West"
tags.cost_center = "CC-1234"

Routing Examples

Escalation Routing:

tags.customer equals "AcmeCorp" → Acme Policy
tags.env equals "production" → Production Policy
tags.team equals "backend" → Backend Team Policy

Notification Rules:

tags.env equals "production" AND severity equals "critical" → call + sms + email
tags.env equals "staging" → email only

Monitor Configuration Tips

Adding Webhook to Monitors

In monitor notification settings:

@webhook-easyalert

Including Specific Tags

Use template variables in your monitor message:

{{#is_alert}}
Critical alert on {{host.name}}
{{/is_alert}}

{{#is_recovery}}
Recovered: {{host.name}} is back to normal
{{/is_recovery}}

Test

curl -X POST "YOUR_WEBHOOK_URL" \
  -H "Content-Type: application/json" \
  -d '{
    "id": "12345",
    "title": "[Triggered] High CPU",
    "hostname": "web-server-01",
    "alertId": "789",
    "alertTransition": "Triggered",
    "alertType": "error",
    "tags": "env:production,service:web",
    "date": 1733234400,
    "customer": "TestCustomer"
  }'

Troubleshooting

Alerts not being received

Verify webhook URL in Datadog integrations
Check that @webhook-easyalert is in monitor notification
Test the webhook from Datadog UI
Review Datadog webhook delivery logs

Custom fields not becoming tags

Verify field is added to webhook payload template
Check field name spelling
View webhook samples in Easyalert

Empty values

Ensure $VARIABLE is uppercase
Check if the variable is available for the monitor type
Some variables may be empty for certain alert types

Recovery not resolving incidents

Verify monitor sends recovery notifications
Check alertTransition includes "Recovered"
Ensure alertId is consistent between alert and recovery

Tags not appearing

Include $TAGS in webhook payload
Verify tags are set on the monitor or metric
Check tag format (should be key:value)

Best Practices

Use Priority Levels: Set P1-P5 priority on monitors to ensure proper severity mapping in Easyalert.

Include All Variables: Use the recommended payload template to capture all useful information.

Tag Your Monitors: Add tags like env, team, and service for better routing and filtering.

Configure Recovery Notifications: Ensure monitors send recovery notifications to automatically resolve incidents.

Use Aggregation Keys: Set aggregation keys to help with incident deduplication.

Add Custom Fields for Routing: Include customer, team, environment in payload for escalation routing.