Actions for Datadog #
-
Send Data to Datadog. Sends a custom set of Lucidum data to Datadog.
-
Create Incident. Create (declare) an incident in Datadog.
Use Cases #
Below are the possible use cases for these actions:
-
If you want to run Lucidum “headless”, you can send relevant data to Datadog on a regular schedule.
- You can send normalized, enriched Lucidum data to Datadog to be indexed, searched, and analyzed.
Prerequisites #
To execute Datadog actions, you must:
- Configure a Datadog API connection beforehand. The required parameters are described in the instructions for creating a Datadog connector in Lucidum https://lucidum.io/docs/datadog/.
NOTE. The specified account should have read and write permissions.
Workflows #
- Creating a new Configuration and a new Action
- Cloning an Existing Action
- Creating a new Action from the Location Results page
- Editing a Configuration
- Editing an Action
- Viewing Information about an Action
Datadog Configuration #
To create a configuration for Datadog actions:
-
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
- URL. The URL for the Datadog API server. For example, https://api.datadoghq.com/.
-
App Key. An application key for a Datadog account that has read and write access to API data. For details, see https://docs.datadoghq.com/account_management/api-app-keys/#add-application-keys.
-
API Key. An API key for a Datadog account that has read and write access to API data. For details, see https://docs.datadoghq.com/account_management/api-app-keys/#add-an-api-key-or-client-token.
- Max # of Records per Payload. The maximum number of records to send to Datadog in each action. The default value is “50”.
Create a New Action #
To create an action for Datadog:
-
Go to the Create a New Action page.
-
In the General step, enter values in these fields:
-
Action Type. Select Send Data or Create Incident.
-
Send Data. Create an event in Datadog that contains Lucidum data.
-
Create Incident. Create an incident in Datadog that contains Lucidum data.
-
-
Configuration Name. Select an action configuration from the pulldown options.
-
Action Name. Identifier for the action. This name will appear in the Lucidum Action Center.
-
Description. Description of the action.
-
-
Click the Next (>) icon.
-
In the Filters page, click Configure Filters.
/li>
-
The Build a Query page appears.
-
In the Build a Query page, you define the query for the assets or users that the action will act upon.
-
Click Next.
-
In the Build a Current Query page, enter the fields, operators, and values for the query. For existing actions, the query is already loaded in this page.
- For details on creating and editing queries in Lucidum, see the section on Building Queries.
NOTE: To optimize performance, the default time range is Current. If you need to access historical data, contact Lucidum Custom Success for help on using historical data without affecting performance.
-
Click the Apply (page and pencil) icon.
-
Click the Next (>) icon.
-
The Schedule page appears.
-
In the Schedule page, enter:
-
Schedule Type. Define the schedule for the action. Choices are:
-
Recurrence. Specify a frequency for the recurring schedule.
-
After Data Ingestion. The action is executed after data ingestion, which happens at least once every 24 hours and can also be triggered manually.
-
-
Do not trigger the action unless. Specify the number of results from Filters as a prerequisite for executing the action.
-
-
Click the Next (>) icon.
-
If you selected Send Data in the Action Type field, the Details step looks like this:
-
In the Details page, enter the following:
-
Output Fields. For the records selected with the Filters field, specify the columns to display. When creating or editing the query in the Filters field, you can select these fields in the Query Results page > Edit Column button.
-
Datadog Event Title. The name of the event associated with the Lucidum data.
-
Datadog Event Tag. A tag for the event.
-
Dedupe Previous Jobs. In this field, you specify whether you want duplicates of asset IDs (if your query is for assets) or user IDs (if your query is for users). You can specify integers starting at 0 (zero).
-
If you specify “0” (zero), Lucidum includes all the records from the query in each delivery to Datadog.
-
If you specify “1” (one), Lucidum examines the previous webhook payload and excludes records for asset IDs or user IDs that were sent in the delivery to Datadog.
-
If you specify “2” (two), Lucidum examines the last two webhook payloads and excludes records for asset IDs or user IDs that were sent in the previous two deliveries to Datadog.
-
-
-
If you selected Create Incident in the Action Type field, the Details step looks like this:
-
In the Details page, enter the following:
-
- Output Fields. For the records selected with the Filters field, specify the columns to display. When creating or editing the query in the Filters field, you can select these fields in the Query Results page > Edit Column button.
-
Incident Title. The name of the incident associated with the Lucidum data.
-
Incident State. State to assign to the incident associated with the Lucidum data. Choices are:
-
Active
-
Stable
-
Resolved
-
-
Incident Severity. Severity to assign to the incident associated with the Lucidum data. Choices are:
-
Unknown
-
Critical
-
High
-
Moderate
-
Low
-
Minor
-
-
Dedupe Previous Jobs. In this field, you specify whether you want duplicates of asset IDs (if your query is for assets) or user IDs (if your query is for users). You can specify integers starting at 0 (zero).
-
If you specify “0” (zero), Lucidum includes all the records from the query in each delivery to Datadog.
-
If you specify “1” (one), Lucidum examines the previous webhook payload and excludes records for asset IDs or user IDs that were sent in the delivery to Datadog.
-
If you specify “2” (two), Lucidum examines the last two webhook payloads and excludes records for asset IDs or user IDs that were sent in the previous two deliveries to Datadog.
-