components: callbacks: {} examples: {} headers: {} links: {} parameters: APIKeyFilterCreatedAtEndParameter: description: Only include API keys created on or before the specified date. in: query name: filter[created_at][end] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string APIKeyFilterCreatedAtStartParameter: description: Only include API keys created on or after the specified date. in: query name: filter[created_at][start] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string APIKeyFilterModifiedAtEndParameter: description: Only include API keys modified on or before the specified date. in: query name: filter[modified_at][end] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string APIKeyFilterModifiedAtStartParameter: description: Only include API keys modified on or after the specified date. in: query name: filter[modified_at][start] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string APIKeyFilterParameter: description: Filter API keys by the specified string. in: query name: filter required: false schema: type: string APIKeyId: description: The ID of the API key. in: path name: api_key_id required: true schema: type: string APIKeyIncludeParameter: description: Comma separated list of resource paths for related resources to include in the response. Supported resource paths are `created_by` and `modified_by`. in: query name: include required: false schema: example: created_by,modified_by type: string APIKeysSortParameter: description: 'API key attribute used to sort results. Sort order is ascending by default. In order to specify a descending sort, prefix the attribute with a minus sign.' in: query name: sort required: false schema: $ref: '#/components/schemas/APIKeysSort' ApplicationKeyFilterCreatedAtEndParameter: description: Only include application keys created on or before the specified date. in: query name: filter[created_at][end] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string ApplicationKeyFilterCreatedAtStartParameter: description: Only include application keys created on or after the specified date. in: query name: filter[created_at][start] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string ApplicationKeyFilterParameter: description: Filter application keys by the specified string. in: query name: filter required: false schema: type: string ApplicationKeyID: description: The ID of the application key. in: path name: app_key_id required: true schema: type: string ApplicationKeyIncludeParameter: description: Resource path for related resources to include in the response. Only `owned_by` is supported. in: query name: include required: false schema: example: owned_by type: string ApplicationKeysSortParameter: description: 'Application key attribute used to sort results. Sort order is ascending by default. In order to specify a descending sort, prefix the attribute with a minus sign.' in: query name: sort required: false schema: $ref: '#/components/schemas/ApplicationKeysSort' ArchiveID: description: The ID of the archive. in: path name: archive_id required: true schema: type: string AuthNMappingID: description: The UUID of the AuthN Mapping. in: path name: authn_mapping_id required: true schema: type: string CloudWorkloadSecurityAgentRuleID: description: The ID of the Agent rule. example: 3b5-v82-ns6 in: path name: agent_rule_id required: true schema: type: string IncidentAttachmentFilterQueryParameter: description: Specifies which types of attachments are included in the response. explode: false in: query name: filter[attachment_type] required: false schema: items: $ref: '#/components/schemas/IncidentAttachmentAttachmentType' type: array IncidentAttachmentIncludeQueryParameter: description: Specifies which types of related objects are included in the response. explode: false in: query name: include required: false schema: items: $ref: '#/components/schemas/IncidentAttachmentRelatedObject' type: array IncidentIDPathParameter: description: The UUID of the incident. in: path name: incident_id required: true schema: type: string IncidentIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. explode: false in: query name: include required: false schema: items: $ref: '#/components/schemas/IncidentRelatedObject' type: array IncidentServiceIDPathParameter: description: The ID of the incident service. in: path name: service_id required: true schema: type: string IncidentServiceIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. in: query name: include required: false schema: $ref: '#/components/schemas/IncidentRelatedObject' IncidentServiceSearchQueryParameter: description: A search query that filters services by name. in: query name: filter required: false schema: example: ExampleServiceName type: string IncidentTeamIDPathParameter: description: The ID of the incident team. in: path name: team_id required: true schema: type: string IncidentTeamIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. in: query name: include required: false schema: $ref: '#/components/schemas/IncidentRelatedObject' IncidentTeamSearchQueryParameter: description: A search query that filters teams by name. in: query name: filter required: false schema: example: ExampleTeamName type: string MetricID: description: The name of the log-based metric. in: path name: metric_id required: true schema: type: string MetricName: description: The name of the metric. example: dist.http.endpoint.request in: path name: metric_name required: true schema: type: string OpsgenieServiceIDPathParameter: description: The UUID of the service. in: path name: integration_service_id required: true schema: type: string PageNumber: description: Specific page number to return. in: query name: page[number] required: false schema: default: 0 example: 0 format: int64 type: integer PageOffset: description: Specific offset to use as the beginning of the returned page. in: query name: page[offset] required: false schema: default: 0 example: 0 format: int64 type: integer PageSize: description: Size for a given page. in: query name: page[size] required: false schema: default: 10 example: 10 format: int64 type: integer RoleID: description: The unique identifier of the role. in: path name: role_id required: true schema: type: string SecurityFilterID: description: The ID of the security filter. in: path name: security_filter_id required: true schema: type: string SecurityMonitoringRuleID: description: The ID of the rule. in: path name: rule_id required: true schema: type: string ServiceAccountID: description: The ID of the service account. in: path name: service_account_id required: true schema: example: 00000000-0000-1234-0000-000000000000 type: string SignalID: description: The ID of the signal. in: path name: signal_id required: true schema: type: string UserID: description: The ID of the user. in: path name: user_id required: true schema: example: 00000000-0000-9999-0000-000000000000 type: string requestBodies: {} responses: BadRequestResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request ConcurrentModificationResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Concurrent Modification ConflictResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Conflict ForbiddenResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden NotAuthorizedResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Authorized NotFoundResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found TooManyRequestsResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests UnauthorizedResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unauthorized schemas: APIErrorResponse: description: API error response. properties: errors: description: A list of errors. items: description: A list of items. example: Bad Request type: string type: array required: - errors type: object APIKeyCreateAttributes: description: Attributes used to create an API Key. properties: name: description: Name of the API key. example: API Key for submitting metrics type: string required: - name type: object APIKeyCreateData: description: Object used to create an API key. properties: attributes: $ref: '#/components/schemas/APIKeyCreateAttributes' type: $ref: '#/components/schemas/APIKeysType' required: - attributes - type type: object APIKeyCreateRequest: description: Request used to create an API key. properties: data: $ref: '#/components/schemas/APIKeyCreateData' required: - data type: object APIKeyRelationships: description: Resources related to the API key. properties: created_by: $ref: '#/components/schemas/RelationshipToUser' modified_by: $ref: '#/components/schemas/RelationshipToUser' type: object APIKeyResponse: description: Response for retrieving an API key. properties: data: $ref: '#/components/schemas/FullAPIKey' included: description: Array of objects related to the API key. items: $ref: '#/components/schemas/APIKeyResponseIncludedItem' type: array type: object APIKeyResponseIncludedItem: description: An object related to an API key. oneOf: - $ref: '#/components/schemas/User' type: object APIKeyUpdateAttributes: description: Attributes used to update an API Key. properties: name: description: Name of the API key. example: API Key for submitting metrics type: string required: - name type: object APIKeyUpdateData: description: Object used to update an API key. properties: attributes: $ref: '#/components/schemas/APIKeyUpdateAttributes' id: description: ID of the API key. example: 00112233-4455-6677-8899-aabbccddeeff type: string type: $ref: '#/components/schemas/APIKeysType' required: - attributes - id - type type: object APIKeyUpdateRequest: description: Request used to update an API key. properties: data: $ref: '#/components/schemas/APIKeyUpdateData' required: - data type: object APIKeysResponse: description: Response for a list of API keys. properties: data: description: Array of API keys. items: $ref: '#/components/schemas/PartialAPIKey' type: array included: description: Array of objects related to the API key. items: $ref: '#/components/schemas/APIKeyResponseIncludedItem' type: array type: object APIKeysSort: default: name description: Sorting options enum: - created_at - -created_at - last4 - -last4 - modified_at - -modified_at - name - -name type: string x-enum-varnames: - CREATED_AT_ASCENDING - CREATED_AT_DESCENDING - LAST4_ASCENDING - LAST4_DESCENDING - MODIFIED_AT_ASCENDING - MODIFIED_AT_DESCENDING - NAME_ASCENDING - NAME_DESCENDING APIKeysType: default: api_keys description: API Keys resource type. enum: - api_keys example: api_keys type: string x-enum-varnames: - API_KEYS ApplicationKeyCreateAttributes: description: Attributes used to create an application Key. properties: name: description: Name of the application key. example: Application Key for managing dashboards type: string scopes: description: Array of scopes to grant the application key. This feature is in private beta, please contact Datadog support to enable scopes for your application keys. example: - dashboards_read - dashboards_write - dashboards_public_share items: description: Name of scope. type: string nullable: true type: array required: - name type: object ApplicationKeyCreateData: description: Object used to create an application key. properties: attributes: $ref: '#/components/schemas/ApplicationKeyCreateAttributes' type: $ref: '#/components/schemas/ApplicationKeysType' required: - attributes - type type: object ApplicationKeyCreateRequest: description: Request used to create an application key. properties: data: $ref: '#/components/schemas/ApplicationKeyCreateData' required: - data type: object ApplicationKeyRelationships: description: Resources related to the application key. properties: owned_by: $ref: '#/components/schemas/RelationshipToUser' type: object ApplicationKeyResponse: description: Response for retrieving an application key. properties: data: $ref: '#/components/schemas/FullApplicationKey' included: description: Array of objects related to the application key. items: $ref: '#/components/schemas/ApplicationKeyResponseIncludedItem' type: array type: object ApplicationKeyResponseIncludedItem: description: An object related to an application key. oneOf: - $ref: '#/components/schemas/User' - $ref: '#/components/schemas/Role' type: object ApplicationKeyUpdateAttributes: description: Attributes used to update an application Key. properties: name: description: Name of the application key. example: Application Key for managing dashboards type: string scopes: description: Array of scopes to grant the application key. This feature is in private beta, please contact Datadog support to enable scopes for your application keys. example: - dashboards_read - dashboards_write - dashboards_public_share items: description: Name of scope. type: string nullable: true type: array type: object ApplicationKeyUpdateData: description: Object used to update an application key. properties: attributes: $ref: '#/components/schemas/ApplicationKeyUpdateAttributes' id: description: ID of the application key. example: 00112233-4455-6677-8899-aabbccddeeff type: string type: $ref: '#/components/schemas/ApplicationKeysType' required: - attributes - id - type type: object ApplicationKeyUpdateRequest: description: Request used to update an application key. properties: data: $ref: '#/components/schemas/ApplicationKeyUpdateData' required: - data type: object ApplicationKeysSort: default: name description: Sorting options enum: - created_at - -created_at - last4 - -last4 - name - -name type: string x-enum-varnames: - CREATED_AT_ASCENDING - CREATED_AT_DESCENDING - LAST4_ASCENDING - LAST4_DESCENDING - NAME_ASCENDING - NAME_DESCENDING ApplicationKeysType: default: application_keys description: Application Keys resource type. enum: - application_keys example: application_keys type: string x-enum-varnames: - APPLICATION_KEYS AuditLogsEvent: description: Object description of an Audit Logs event after it is processed and stored by Datadog. properties: attributes: $ref: '#/components/schemas/AuditLogsEventAttributes' id: description: Unique ID of the event. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/AuditLogsEventType' type: object AuditLogsEventAttributes: description: JSON object containing all event attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from Audit Logs events. example: customAttribute: 123 duration: 2345 type: object service: description: 'Name of the application or service generating Audit Logs events. This name is used to correlate Audit Logs to APM, so make sure you specify the same value when you use both products.' example: web-app type: string tags: description: Array of tags associated with your event. example: - team:A items: description: Tag associated with your event. type: string type: array timestamp: description: Timestamp of your event. example: '2019-01-02T09:42:36.320Z' format: date-time type: string type: object AuditLogsEventType: default: audit description: Type of the event. enum: - audit example: audit type: string x-enum-varnames: - Audit AuditLogsEventsResponse: description: Response object with all events matching the request and pagination information. properties: data: description: Array of events matching the request. items: $ref: '#/components/schemas/AuditLogsEvent' type: array links: $ref: '#/components/schemas/AuditLogsResponseLinks' meta: $ref: '#/components/schemas/AuditLogsResponseMetadata' type: object AuditLogsQueryFilter: description: Search and filter query settings. properties: from: default: now-15m description: Minimum time for the requested events. Supports date, math, and regular timestamps (in milliseconds). example: now-15m type: string query: default: '*' description: Search query following the Audit Logs search syntax. example: '@type:session AND @session.type:user' type: string to: default: now description: Maximum time for the requested events. Supports date, math, and regular timestamps (in milliseconds). example: now type: string type: object AuditLogsQueryOptions: description: 'Global query options that are used during the query. Note: Specify either timezone or time offset, not both. Otherwise, the query fails.' properties: time_offset: description: Time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: UTC description: 'Timezone code. Can be specified as an offset, for example: "UTC+03:00".' example: GMT type: string type: object AuditLogsQueryPageOptions: description: Paging attributes for listing events. properties: cursor: description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: Maximum number of events in the response. example: 25 format: int32 maximum: 1000 type: integer type: object AuditLogsResponseLinks: description: Links attributes. properties: next: description: 'Link for the next set of results. Note that the request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/audit/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object AuditLogsResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: Time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: '#/components/schemas/AuditLogsResponsePage' request_id: description: The identifier of the request. example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string status: $ref: '#/components/schemas/AuditLogsResponseStatus' warnings: description: 'A list of warnings (non-fatal errors) encountered. Partial results may return if warnings are present in the response.' items: $ref: '#/components/schemas/AuditLogsWarning' type: array type: object AuditLogsResponsePage: description: Paging attributes. properties: after: description: The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of `page[cursor]`. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object AuditLogsResponseStatus: description: The status of the response. enum: - done - timeout example: done type: string x-enum-varnames: - DONE - TIMEOUT AuditLogsSearchEventsRequest: description: The request for a Audit Logs events list. properties: filter: $ref: '#/components/schemas/AuditLogsQueryFilter' options: $ref: '#/components/schemas/AuditLogsQueryOptions' page: $ref: '#/components/schemas/AuditLogsQueryPageOptions' sort: $ref: '#/components/schemas/AuditLogsSort' type: object AuditLogsSort: description: Sort parameters when querying events. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING AuditLogsWarning: description: Warning message indicating something that went wrong with the query. properties: code: description: Unique code for this type of warning. example: unknown_index type: string detail: description: Detailed explanation of this specific warning. example: 'indexes: foo, bar' type: string title: description: Short human-readable summary of the warning. example: One or several indexes are missing or invalid, results hold data from the other indexes type: string type: object AuthNMapping: description: The AuthN Mapping object returned by API. properties: attributes: $ref: '#/components/schemas/AuthNMappingAttributes' id: description: ID of the AuthN Mapping. example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string relationships: $ref: '#/components/schemas/AuthNMappingRelationships' type: $ref: '#/components/schemas/AuthNMappingsType' required: - id - type type: object AuthNMappingAttributes: description: Attributes of AuthN Mapping. properties: attribute_key: description: Key portion of a key/value pair of the attribute sent from the Identity Provider. example: member-of type: string attribute_value: description: Value portion of a key/value pair of the attribute sent from the Identity Provider. example: Development type: string created_at: description: Creation time of the AuthN Mapping. format: date-time readOnly: true type: string modified_at: description: Time of last AuthN Mapping modification. format: date-time readOnly: true type: string saml_assertion_attribute_id: description: The ID of the SAML assertion attribute. example: '0' type: string type: object AuthNMappingCreateAttributes: description: Key/Value pair of attributes used for create request. properties: attribute_key: description: Key portion of a key/value pair of the attribute sent from the Identity Provider. example: member-of type: string attribute_value: description: Value portion of a key/value pair of the attribute sent from the Identity Provider. example: Development type: string type: object AuthNMappingCreateData: description: Data for creating an AuthN Mapping. properties: attributes: $ref: '#/components/schemas/AuthNMappingCreateAttributes' relationships: $ref: '#/components/schemas/AuthNMappingCreateRelationships' type: $ref: '#/components/schemas/AuthNMappingsType' required: - type type: object AuthNMappingCreateRelationships: description: Relationship of AuthN Mapping create object to Role. properties: role: $ref: '#/components/schemas/RelationshipToRole' type: object AuthNMappingCreateRequest: description: Request for creating an AuthN Mapping. properties: data: $ref: '#/components/schemas/AuthNMappingCreateData' required: - data type: object AuthNMappingIncluded: description: Included data in the AuthN Mapping response. oneOf: - $ref: '#/components/schemas/SAMLAssertionAttribute' - $ref: '#/components/schemas/Role' properties: {} type: object AuthNMappingRelationships: description: All relationships associated with AuthN Mapping. properties: role: $ref: '#/components/schemas/RelationshipToRole' saml_assertion_attribute: $ref: '#/components/schemas/RelationshipToSAMLAssertionAttribute' type: object AuthNMappingResponse: description: AuthN Mapping response from the API. properties: data: $ref: '#/components/schemas/AuthNMapping' included: description: Included data in the AuthN Mapping response. items: $ref: '#/components/schemas/AuthNMappingIncluded' type: array type: object AuthNMappingUpdateAttributes: description: Key/Value pair of attributes used for update request. properties: attribute_key: description: Key portion of a key/value pair of the attribute sent from the Identity Provider. example: member-of type: string attribute_value: description: Value portion of a key/value pair of the attribute sent from the Identity Provider. example: Development type: string type: object AuthNMappingUpdateData: description: Data for updating an AuthN Mapping. properties: attributes: $ref: '#/components/schemas/AuthNMappingUpdateAttributes' id: description: ID of the AuthN Mapping. example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string relationships: $ref: '#/components/schemas/AuthNMappingUpdateRelationships' type: $ref: '#/components/schemas/AuthNMappingsType' required: - id - type type: object AuthNMappingUpdateRelationships: description: Relationship of AuthN Mapping update object to Role. properties: role: $ref: '#/components/schemas/RelationshipToRole' type: object AuthNMappingUpdateRequest: description: Request to update an AuthN Mapping. properties: data: $ref: '#/components/schemas/AuthNMappingUpdateData' required: - data type: object AuthNMappingsResponse: description: Array of AuthN Mappings response. properties: data: description: Array of returned AuthN Mappings. items: $ref: '#/components/schemas/AuthNMapping' type: array included: description: Included data in the AuthN Mapping response. items: $ref: '#/components/schemas/AuthNMappingIncluded' type: array meta: $ref: '#/components/schemas/ResponseMetaAttributes' type: object AuthNMappingsSort: description: Sorting options for AuthN Mappings. enum: - created_at - -created_at - role_id - -role_id - saml_assertion_attribute_id - -saml_assertion_attribute_id - role.name - -role.name - saml_assertion_attribute.attribute_key - -saml_assertion_attribute.attribute_key - saml_assertion_attribute.attribute_value - -saml_assertion_attribute.attribute_value type: string x-enum-varnames: - CREATED_AT_ASCENDING - CREATED_AT_DESCENDING - ROLE_ID_ASCENDING - ROLE_ID_DESCENDING - SAML_ASSERTION_ATTRIBUTE_ID_ASCENDING - SAML_ASSERTION_ATTRIBUTE_ID_DESCENDING - ROLE_NAME_ASCENDING - ROLE_NAME_DESCENDING - SAML_ASSERTION_ATTRIBUTE_KEY_ASCENDING - SAML_ASSERTION_ATTRIBUTE_KEY_DESCENDING - SAML_ASSERTION_ATTRIBUTE_VALUE_ASCENDING - SAML_ASSERTION_ATTRIBUTE_VALUE_DESCENDING AuthNMappingsType: default: authn_mappings description: AuthN Mappings resource type. enum: - authn_mappings example: authn_mappings type: string x-enum-varnames: - AUTHN_MAPPINGS ChargebackBreakdown: description: Charges breakdown. properties: charge_type: description: The type of charge for a particular product. example: on_demand type: string cost: description: The cost for a particular product and charge type during a given month. format: double type: number product_name: description: The product for which cost is being reported. example: infra_host type: string type: object CloudWorkloadSecurityAgentRuleAttributes: description: A Cloud Workload Security Agent rule returned by the API. properties: category: description: The category of the Agent rule. example: Process Activity type: string creationDate: description: When the Agent rule was created, timestamp in milliseconds. example: 1624366480320 format: int64 type: integer creator: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreatorAttributes' defaultRule: description: Whether the rule is included by default. example: false type: boolean description: description: The description of the Agent rule. example: My Agent rule type: string enabled: description: Whether the Agent rule is enabled. example: true type: boolean expression: description: The SECL expression of the Agent rule. example: exec.file.name == \"sh\" type: string name: description: The name of the Agent rule. example: my_agent_rule type: string updatedAt: description: When the Agent rule was last updated, timestamp in milliseconds. example: 1624366480320 format: int64 type: integer updater: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdaterAttributes' version: description: The version of the Agent rule. example: 23 format: int64 type: integer type: object CloudWorkloadSecurityAgentRuleCreateAttributes: description: Create a new Cloud Workload Security Agent rule. properties: description: description: The description of the Agent rule. example: My Agent rule type: string enabled: description: Whether the Agent rule is enabled. example: true type: boolean expression: description: The SECL expression of the Agent rule. example: exec.file.name == \"sh\" type: string name: description: The name of the Agent rule. example: my_agent_rule type: string required: - name - expression type: object CloudWorkloadSecurityAgentRuleCreateData: description: Object for a single Agent rule. properties: attributes: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateAttributes' type: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType' required: - attributes - type type: object CloudWorkloadSecurityAgentRuleCreateRequest: description: Request object that includes the Agent rule to create. properties: data: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateData' required: - data type: object CloudWorkloadSecurityAgentRuleCreatorAttributes: description: The attributes of the user who created the Agent rule. properties: handle: description: The handle of the user. example: datadog.user@example.com type: string name: description: The name of the user. example: Datadog User type: string type: object CloudWorkloadSecurityAgentRuleData: description: Object for a single Agent rule. properties: attributes: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleAttributes' id: description: The ID of the Agent rule. example: 3dd-0uc-h1s type: string type: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType' type: object CloudWorkloadSecurityAgentRuleResponse: description: Response object that includes an Agent rule. properties: data: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleData' type: object CloudWorkloadSecurityAgentRuleType: default: agent_rule description: The type of the resource. The value should always be `agent_rule`. enum: - agent_rule example: agent_rule type: string x-enum-varnames: - AGENT_RULE CloudWorkloadSecurityAgentRuleUpdateAttributes: description: Update an existing Cloud Workload Security Agent rule. properties: description: description: The description of the Agent rule. example: My Agent rule type: string enabled: description: Whether the Agent rule is enabled. example: true type: boolean expression: description: The SECL expression of the Agent rule. example: exec.file.name == \"sh\" type: string type: object CloudWorkloadSecurityAgentRuleUpdateData: description: Object for a single Agent rule. properties: attributes: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateAttributes' type: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType' required: - attributes - type type: object CloudWorkloadSecurityAgentRuleUpdateRequest: description: Request object that includes the Agent rule with the attributes to update. properties: data: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateData' required: - data type: object CloudWorkloadSecurityAgentRuleUpdaterAttributes: description: The attributes of the user who last updated the Agent rule. properties: handle: description: The handle of the user. example: datadog.user@example.com type: string name: description: The name of the user. example: Datadog User type: string type: object CloudWorkloadSecurityAgentRulesListResponse: description: Response object that includes a list of Agent rule. properties: data: description: A list of Agent rules objects. items: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleData' type: array type: object ContentEncoding: description: HTTP header used to compress the media-type. enum: - identity - gzip - deflate type: string x-enum-varnames: - IDENTITY - GZIP - DEFLATE CostByOrg: description: Cost data. properties: attributes: $ref: '#/components/schemas/CostByOrgAttributes' id: description: Unique ID of the response. type: string type: $ref: '#/components/schemas/CostByOrgType' type: object CostByOrgAttributes: description: Cost attributes data. properties: charges: description: List of charges data reported for the requested month. items: $ref: '#/components/schemas/ChargebackBreakdown' type: array date: description: The month requested. format: date-time type: string org_name: description: The organization name. type: string public_id: description: The organization public ID. type: string total_cost: description: The total cost of products for the month. format: double type: number type: object CostByOrgResponse: description: Chargeback Summary response. properties: data: description: Response containing Chargeback Summary. items: $ref: '#/components/schemas/CostByOrg' type: array type: object CostByOrgType: default: cost_by_org description: Type of cost data. enum: - cost_by_org example: cost_by_org type: string x-enum-varnames: - COST_BY_ORG Creator: description: Creator of the object. properties: email: description: Email of the creator. type: string handle: description: Handle of the creator. type: string name: description: Name of the creator. type: string type: object DashboardListAddItemsRequest: description: Request containing a list of dashboards to add. properties: dashboards: description: List of dashboards to add the dashboard list. items: $ref: '#/components/schemas/DashboardListItemRequest' type: array type: object DashboardListAddItemsResponse: description: Response containing a list of added dashboards. properties: added_dashboards_to_list: description: List of dashboards added to the dashboard list. items: $ref: '#/components/schemas/DashboardListItemResponse' type: array type: object DashboardListDeleteItemsRequest: description: Request containing a list of dashboards to delete. properties: dashboards: description: List of dashboards to delete from the dashboard list. items: $ref: '#/components/schemas/DashboardListItemRequest' type: array type: object DashboardListDeleteItemsResponse: description: Response containing a list of deleted dashboards. properties: deleted_dashboards_from_list: description: List of dashboards deleted from the dashboard list. items: $ref: '#/components/schemas/DashboardListItemResponse' type: array type: object DashboardListItem: description: A dashboard within a list. properties: author: $ref: '#/components/schemas/Creator' created: description: Date of creation of the dashboard. format: date-time readOnly: true type: string icon: description: URL to the icon of the dashboard. readOnly: true type: string id: description: ID of the dashboard. example: q5j-nti-fv6 type: string is_favorite: description: Whether or not the dashboard is in the favorites. readOnly: true type: boolean is_read_only: description: Whether or not the dashboard is read only. readOnly: true type: boolean is_shared: description: Whether the dashboard is publicly shared or not. readOnly: true type: boolean modified: description: Date of last edition of the dashboard. format: date-time readOnly: true type: string popularity: description: Popularity of the dashboard. format: int32 maximum: 5 readOnly: true type: integer title: description: Title of the dashboard. readOnly: true type: string type: $ref: '#/components/schemas/DashboardType' url: description: URL path to the dashboard. readOnly: true type: string required: - type - id type: object DashboardListItemRequest: description: A dashboard within a list. properties: id: description: ID of the dashboard. example: q5j-nti-fv6 type: string type: $ref: '#/components/schemas/DashboardType' required: - type - id type: object DashboardListItemResponse: description: A dashboard within a list. properties: id: description: ID of the dashboard. example: q5j-nti-fv6 readOnly: true type: string type: $ref: '#/components/schemas/DashboardType' required: - type - id type: object DashboardListItems: description: Dashboards within a list. properties: dashboards: description: List of dashboards in the dashboard list. example: [] items: $ref: '#/components/schemas/DashboardListItem' type: array total: description: Number of dashboards in the dashboard list. format: int64 readOnly: true type: integer required: - dashboards type: object DashboardListUpdateItemsRequest: description: Request containing the list of dashboards to update to. properties: dashboards: description: List of dashboards to update the dashboard list to. items: $ref: '#/components/schemas/DashboardListItemRequest' type: array type: object DashboardListUpdateItemsResponse: description: Response containing a list of updated dashboards. properties: dashboards: description: List of dashboards in the dashboard list. items: $ref: '#/components/schemas/DashboardListItemResponse' type: array type: object DashboardType: description: The type of the dashboard. enum: - custom_timeboard - custom_screenboard - integration_screenboard - integration_timeboard - host_timeboard example: host_timeboard type: string x-enum-varnames: - CUSTOM_TIMEBOARD - CUSTOM_SCREENBOARD - INTEGRATION_SCREENBOARD - INTEGRATION_TIMEBOARD - HOST_TIMEBOARD Event: description: The metadata associated with a request. properties: id: description: Event ID. example: '6509751066204996294' type: string name: description: The event name. type: string source_id: description: Event source ID. example: 36 type: integer type: description: Event type. example: error_tracking_alert type: string type: object EventAttributes: description: Object description of attributes from your event. properties: aggregation_key: description: Aggregation key of the event. type: string date_happened: description: 'POSIX timestamp of the event. Must be sent as an integer (no quotation marks). Limited to events no older than 18 hours.' format: int64 type: integer device_name: description: A device name. type: string duration: description: The duration between the triggering of the event and its recovery in nanoseconds. format: int64 type: integer event_object: description: The event title. example: Did you hear the news today? type: string evt: $ref: '#/components/schemas/Event' hostname: description: 'Host name to associate with the event. Any tags associated with the host are also applied to this event.' type: string monitor: $ref: '#/components/schemas/MonitorType' monitor_groups: description: List of groups referred to in the event. items: description: Group referred to in the event. type: string nullable: true type: array monitor_id: description: ID of the monitor that triggered the event. When an event isn't related to a monitor, this field is empty. nullable: true type: integer priority: $ref: '#/components/schemas/EventPriority' related_event_id: description: Related event ID. type: integer service: description: Service that triggered the event. example: datadog-api type: string source_type_name: description: 'The type of event being posted. For example, `nagios`, `hudson`, `jenkins`, `my_apps`, `chef`, `puppet`, `git` or `bitbucket`. The list of standard source attribute values is [available here](https://docs.datadoghq.com/integrations/faq/list-of-api-source-attribute-value).' type: string sourcecategory: description: Identifier for the source of the event, such as a monitor alert, an externally-submitted event, or an integration. type: string status: $ref: '#/components/schemas/EventStatusType' tags: description: A list of tags to apply to the event. example: - environment:test items: description: A tag. type: string type: array timestamp: description: POSIX timestamp of your event in milliseconds. example: 1652274265000 format: int64 type: integer title: description: The event title. example: Oh boy! type: string type: object EventPriority: description: The priority of the event's monitor. For example, `normal` or `low`. enum: - normal - low example: normal nullable: true type: string x-enum-varnames: - NORMAL - LOW EventResponse: description: The object description of an event after being processed and stored by Datadog. properties: attributes: $ref: '#/components/schemas/EventResponseAttributes' id: description: the unique ID of the event. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/EventType' type: object EventResponseAttributes: description: The object description of an event response attribute. properties: attributes: $ref: '#/components/schemas/EventAttributes' tags: description: An array of tags associated with the event. example: - team:A items: description: The tag associated with the event. type: string type: array timestamp: description: The timestamp of the event. example: '2019-01-02T09:42:36.320Z' format: date-time type: string type: object EventStatusType: description: 'If an alert event is enabled, its status is one of the following: `failure`, `error`, `warning`, `info`, `success`, `user_update`, `recommendation`, or `snapshot`.' enum: - failure - error - warning - info - success - user_update - recommendation - snapshot example: info type: string x-enum-varnames: - FAILURE - ERROR - WARNING - INFO - SUCCESS - USER_UPDATE - RECOMMENDATION - SNAPSHOT EventType: default: event description: Type of the event. enum: - event example: event type: string x-enum-varnames: - EVENT EventsListRequest: description: The object sent with the request to retrieve a list of events from your organization. properties: filter: $ref: '#/components/schemas/EventsQueryFilter' options: $ref: '#/components/schemas/EventsQueryOptions' page: $ref: '#/components/schemas/EventsRequestPage' sort: $ref: '#/components/schemas/EventsSort' type: object EventsListResponse: description: The response object with all events matching the request and pagination information. properties: data: description: An array of events matching the request. items: $ref: '#/components/schemas/EventResponse' type: array links: $ref: '#/components/schemas/EventsListResponseLinks' meta: $ref: '#/components/schemas/EventsResponseMetadata' type: object EventsListResponseLinks: description: Links attributes. properties: next: description: 'Link for the next set of results. Note that the request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/events?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object EventsQueryFilter: description: The search and filter query settings. properties: from: default: now-15m description: The minimum time for the requested events. Supports date math and regular timestamps in milliseconds. example: now-15m type: string query: default: '*' description: The search query following the event search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string to: default: now description: The maximum time for the requested events. Supports date math and regular timestamps in milliseconds. example: now type: string type: object EventsQueryOptions: description: 'The global query options that are used. Either provide a timezone or a time offset but not both, otherwise the query fails.' properties: timeOffset: description: The time offset to apply to the query in seconds. format: int64 type: integer timezone: default: UTC description: 'The timezone can be specified as an offset, for example: `UTC+03:00`.' example: GMT type: string type: object EventsRequestPage: description: Pagination settings. properties: cursor: description: The returned paging point to use to get the next results. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: The maximum number of logs in the response. example: 25 format: int32 maximum: 1000 type: integer type: object EventsResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: '#/components/schemas/EventsResponseMetadataPage' request_id: description: The identifier of the request. example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string warnings: description: 'A list of warnings (non-fatal errors) encountered. Partial results might be returned if warnings are present in the response.' items: $ref: '#/components/schemas/EventsWarning' type: array type: object EventsResponseMetadataPage: description: Pagination attributes. properties: after: description: 'The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`.' example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object EventsSort: description: The sort parameters when querying events. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING EventsWarning: description: A warning message indicating something is wrong with the query. properties: code: description: A unique code for this type of warning. example: unknown_index type: string detail: description: A detailed explanation of this specific warning. example: 'indexes: foo, bar' type: string title: description: A short human-readable summary of the warning. example: One or several indexes are missing or invalid. Results hold data from the other indexes. type: string type: object FullAPIKey: description: Datadog API key. properties: attributes: $ref: '#/components/schemas/FullAPIKeyAttributes' id: description: ID of the API key. type: string relationships: $ref: '#/components/schemas/APIKeyRelationships' type: $ref: '#/components/schemas/APIKeysType' type: object FullAPIKeyAttributes: description: Attributes of a full API key. properties: created_at: description: Creation date of the API key. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string key: description: The API key. readOnly: true type: string last4: description: The last four characters of the API key. example: abcd maxLength: 4 minLength: 4 readOnly: true type: string modified_at: description: Date the API key was last modified. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string name: description: Name of the API key. example: API Key for submitting metrics type: string type: object FullApplicationKey: description: Datadog application key. properties: attributes: $ref: '#/components/schemas/FullApplicationKeyAttributes' id: description: ID of the application key. type: string relationships: $ref: '#/components/schemas/ApplicationKeyRelationships' type: $ref: '#/components/schemas/ApplicationKeysType' type: object FullApplicationKeyAttributes: description: Attributes of a full application key. properties: created_at: description: Creation date of the application key. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string key: description: The application key. readOnly: true type: string last4: description: The last four characters of the application key. example: abcd maxLength: 4 minLength: 4 readOnly: true type: string name: description: Name of the application key. example: Application Key for managing dashboards type: string scopes: description: Array of scopes to grant the application key. This feature is in private beta, please contact Datadog support to enable scopes for your application keys. example: - dashboards_read - dashboards_write - dashboards_public_share items: description: Name of scope. type: string nullable: true type: array type: object HTTPLog: description: Structured log message. items: $ref: '#/components/schemas/HTTPLogItem' type: array HTTPLogError: description: List of errors. properties: detail: description: Error message. example: Malformed payload type: string status: description: Error code. example: '400' type: string title: description: Error title. example: Bad Request type: string type: object HTTPLogErrors: description: Invalid query performed. properties: errors: description: Structured errors. items: $ref: '#/components/schemas/HTTPLogError' type: array type: object HTTPLogItem: additionalProperties: description: Additional log attributes. type: string description: Logs that are sent over HTTP. properties: ddsource: description: 'The integration name associated with your log: the technology from which the log originated. When it matches an integration name, Datadog automatically installs the corresponding parsers and facets. See [reserved attributes](https://docs.datadoghq.com/logs/log_collection/#reserved-attributes).' example: nginx type: string ddtags: description: Tags associated with your logs. example: env:staging,version:5.1 type: string hostname: description: The name of the originating host of the log. example: i-012345678 type: string message: description: 'The message [reserved attribute](https://docs.datadoghq.com/logs/log_collection/#reserved-attributes) of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search.' example: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World type: string service: description: 'The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products. See [reserved attributes](https://docs.datadoghq.com/logs/log_collection/#reserved-attributes).' example: payment type: string required: - message type: object HourlyUsage: description: Hourly usage for a product family for an org. properties: attributes: $ref: '#/components/schemas/HourlyUsageAttributes' id: description: Unique ID of the response. type: string type: $ref: '#/components/schemas/UsageTimeSeriesType' type: object HourlyUsageAttributes: description: Attributes of hourly usage for a product family for an org for a time period. properties: measurements: description: List of the measured usage values for the product family for the org for the time period. items: $ref: '#/components/schemas/HourlyUsageMeasurement' type: array org_name: description: The organization name. type: string product_family: description: The product for which usage is being reported. type: string public_id: description: The organization public ID. type: string region: description: The region of the Datadog instance that the organization belongs to. type: string timestamp: description: Datetime in ISO-8601 format, UTC. The hour for the usage. format: date-time type: string type: object HourlyUsageMeasurement: description: Usage amount for a given usage type. properties: usage_type: description: Type of usage. type: string value: description: Contains the number measured for the given usage_type during the hour. format: int64 nullable: true type: integer type: object HourlyUsageMetadata: description: The object containing document metadata. properties: pagination: $ref: '#/components/schemas/HourlyUsagePagination' type: object HourlyUsagePagination: description: The metadata for the current pagination. properties: next_record_id: description: The cursor to get the next results (if any). To make the next request, use the same parameters and add `next_record_id`. nullable: true type: string type: object HourlyUsageResponse: description: Hourly usage response. properties: data: description: Response containing hourly usage. items: $ref: '#/components/schemas/HourlyUsage' type: array meta: $ref: '#/components/schemas/HourlyUsageMetadata' type: object HourlyUsageType: description: Usage type that is being measured. enum: - app_sec_host_count - observability_pipelines_bytes_processed - lambda_traced_invocations_count example: observability_pipelines_bytes_processed type: string x-enum-varnames: - APP_SEC_HOST_COUNT - OBSERVABILITY_PIPELINES_BYTES_PROCESSSED - LAMBDA_TRACED_INVOCATIONS_COUNT IdPMetadataFormData: description: The form data submitted to upload IdP metadata properties: idp_file: description: The IdP metadata XML file format: binary type: string x-mimetype: application/xml type: object IncidentAttachmentAttachmentType: description: The type of the incident attachment attributes. enum: - link - postmortem example: link type: string x-enum-varnames: - LINK - POSTMORTEM IncidentAttachmentAttributes: description: The attributes object for an attachment. oneOf: - $ref: '#/components/schemas/IncidentAttachmentPostmortemAttributes' - $ref: '#/components/schemas/IncidentAttachmentLinkAttributes' type: object IncidentAttachmentData: description: A single incident attachment. example: attributes: attachment: documentUrl: '' title: Postmortem IR-123 attachment_type: postmortem id: 00000000-abcd-0002-0000-000000000000 relationships: last_modified_by_user: data: id: 00000000-0000-0000-cccc-000000000000 type: users type: incident_attachments properties: attributes: $ref: '#/components/schemas/IncidentAttachmentAttributes' id: description: A unique identifier that represents the incident attachment. example: 00000000-abcd-0001-0000-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentAttachmentRelationships' type: $ref: '#/components/schemas/IncidentAttachmentType' required: - type - attributes - id - relationships type: object IncidentAttachmentLinkAttachmentType: default: link description: The type of link attachment attributes. enum: - link example: link type: string x-enum-varnames: - LINK IncidentAttachmentLinkAttributes: description: The attributes object for a link attachment. properties: attachment: $ref: '#/components/schemas/IncidentAttachmentLinkAttributesAttachmentObject' attachment_type: $ref: '#/components/schemas/IncidentAttachmentLinkAttachmentType' required: - attachment_type - attachment type: object IncidentAttachmentLinkAttributesAttachmentObject: description: The link attachment. properties: documentUrl: description: The URL of this link attachment. example: https://www.example.com/webstore-failure-runbook type: string title: description: The title of this link attachment. example: Runbook for webstore service failures type: string required: - documentUrl - title type: object IncidentAttachmentPostmortemAttachmentType: default: postmortem description: The type of postmortem attachment attributes. enum: - postmortem example: postmortem type: string x-enum-varnames: - POSTMORTEM IncidentAttachmentPostmortemAttributes: description: The attributes object for a postmortem attachment. properties: attachment: $ref: '#/components/schemas/IncidentAttachmentsPostmortemAttributesAttachmentObject' attachment_type: $ref: '#/components/schemas/IncidentAttachmentPostmortemAttachmentType' required: - attachment_type - attachment type: object IncidentAttachmentRelatedObject: description: The object related to an incident attachment. enum: - users type: string x-enum-varnames: - USERS IncidentAttachmentRelationships: description: The incident attachment's relationships. properties: last_modified_by_user: $ref: '#/components/schemas/RelationshipToUser' type: object IncidentAttachmentType: default: incident_attachments description: The incident attachment resource type. enum: - incident_attachments example: incident_attachments type: string x-enum-varnames: - INCIDENT_ATTACHMENTS IncidentAttachmentUpdateAttributes: description: Incident attachment attributes. oneOf: - $ref: '#/components/schemas/IncidentAttachmentPostmortemAttributes' - $ref: '#/components/schemas/IncidentAttachmentLinkAttributes' type: object IncidentAttachmentUpdateData: description: A single incident attachment. properties: attributes: $ref: '#/components/schemas/IncidentAttachmentUpdateAttributes' id: description: A unique identifier that represents the incident attachment. example: 00000000-abcd-0001-0000-000000000000 type: string type: $ref: '#/components/schemas/IncidentAttachmentType' required: - type type: object IncidentAttachmentUpdateRequest: description: The update request for an incident's attachments. properties: data: description: 'An array of incident attachments. An attachment object without an "id" key indicates that you want to create that attachment. An attachment object without an "attributes" key indicates that you want to delete that attachment. An attachment object with both the "id" key and a populated "attributes" object indicates that you want to update that attachment.' example: - attributes: attachment: documentUrl: https://app.datadoghq.com/notebook/123 title: Postmortem IR-123 attachment_type: postmortem id: 00000000-abcd-0002-0000-000000000000 type: incident_attachments - attributes: attachment: documentUrl: https://www.example.com/webstore-failure-runbook title: Runbook for webstore service failures attachment_type: link type: incident_attachments - id: 00000000-abcd-0003-0000-000000000000 type: incident_attachments items: $ref: '#/components/schemas/IncidentAttachmentUpdateData' type: array required: - data type: object IncidentAttachmentUpdateResponse: description: The response object containing the created or updated incident attachments. properties: data: description: 'An array of incident attachments. Only the attachments that were created or updated by the request are returned.' items: $ref: '#/components/schemas/IncidentAttachmentData' type: array included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentAttachmentsResponseIncludedItem' type: array required: - data type: object IncidentAttachmentsPostmortemAttributesAttachmentObject: description: The postmortem attachment. properties: documentUrl: description: The URL of this notebook attachment. example: https://app.datadoghq.com/notebook/123 type: string title: description: The title of this postmortem attachment. example: Postmortem IR-123 type: string required: - documentUrl - title type: object IncidentAttachmentsResponse: description: The response object containing an incident's attachments. properties: data: description: An array of incident attachments. items: $ref: '#/components/schemas/IncidentAttachmentData' type: array included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentAttachmentsResponseIncludedItem' type: array required: - data type: object IncidentAttachmentsResponseIncludedItem: description: An object related to an attachment that is included in the response. oneOf: - $ref: '#/components/schemas/User' type: object IncidentCreateAttributes: description: The incident's attributes for a create request. properties: customer_impacted: description: A flag indicating whether the incident caused customer impact. example: false type: boolean fields: additionalProperties: $ref: '#/components/schemas/IncidentFieldAttributes' description: A condensed view of the user-defined fields for which to create initial selections. example: severity: type: dropdown value: SEV-5 type: object initial_cells: description: An array of initial timeline cells to be placed at the beginning of the incident timeline. items: $ref: '#/components/schemas/IncidentTimelineCellCreateAttributes' type: array notification_handles: description: Notification handles that will be notified of the incident at creation. items: $ref: '#/components/schemas/IncidentNotificationHandle' type: array title: description: The title of the incident, which summarizes what happened. example: A test incident title type: string required: - title - customer_impacted type: object IncidentCreateData: description: Incident data for a create request. properties: attributes: $ref: '#/components/schemas/IncidentCreateAttributes' relationships: $ref: '#/components/schemas/IncidentCreateRelationships' type: $ref: '#/components/schemas/IncidentType' required: - type - attributes type: object IncidentCreateRelationships: description: The relationships the incident will have with other resources once created. properties: commander_user: $ref: '#/components/schemas/NullableRelationshipToUser' required: - commander_user type: object IncidentCreateRequest: description: Create request for an incident. properties: data: $ref: '#/components/schemas/IncidentCreateData' required: - data type: object IncidentFieldAttributes: description: Dynamic fields for which selections can be made, with field names as keys. oneOf: - $ref: '#/components/schemas/IncidentFieldAttributesSingleValue' - $ref: '#/components/schemas/IncidentFieldAttributesMultipleValue' required: - type type: object IncidentFieldAttributesMultipleValue: description: A field with potentially multiple values selected. properties: type: $ref: '#/components/schemas/IncidentFieldAttributesValueType' value: description: The multiple values selected for this field. example: - '1.0' - '1.1' items: description: A value which has been selected for the parent field. example: '1.1' type: string nullable: true type: array type: object IncidentFieldAttributesSingleValue: description: A field with a single value selected. properties: type: $ref: '#/components/schemas/IncidentFieldAttributesSingleValueType' value: description: The single value selected for this field. example: SEV-1 nullable: true type: string type: object IncidentFieldAttributesSingleValueType: default: dropdown description: Type of the single value field definitions. enum: - dropdown - textbox example: dropdown type: string x-enum-varnames: - DROPDOWN - TEXTBOX IncidentFieldAttributesValueType: default: multiselect description: Type of the multiple value field definitions. enum: - multiselect - textarray - metrictag - autocomplete example: multiselect type: string x-enum-varnames: - MULTISELECT - TEXTARRAY - METRICTAG - AUTOCOMPLETE IncidentIntegrationMetadataType: default: incident_integrations description: Integration metadata resource type. enum: - incident_integrations example: incident_integrations type: string x-enum-varnames: - INCIDENT_INTEGRATIONS IncidentNotificationHandle: description: A notification handle that will be notified at incident creation. properties: display_name: description: The name of the notified handle. example: Jane Doe type: string handle: description: The email address used for the notification. example: '@test.user@test.com' type: string type: object IncidentPostmortemType: default: incident_postmortems description: Incident postmortem resource type. enum: - incident_postmortems example: incident_postmortems type: string x-enum-varnames: - INCIDENT_POSTMORTEMS IncidentRelatedObject: description: Object related to an incident. enum: - users - attachments type: string x-enum-varnames: - USERS - ATTACHMENTS IncidentResponse: description: Response with an incident. properties: data: $ref: '#/components/schemas/IncidentResponseData' included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentResponseIncludedItem' readOnly: true type: array required: - data type: object IncidentResponseAttributes: description: The incident's attributes from a response. properties: created: description: Timestamp when the incident was created. format: date-time readOnly: true type: string customer_impact_duration: description: 'Length of the incident''s customer impact in seconds. Equals the difference between `customer_impact_start` and `customer_impact_end`.' format: int64 readOnly: true type: integer customer_impact_end: description: Timestamp when customers were no longer impacted by the incident. format: date-time nullable: true type: string customer_impact_scope: description: A summary of the impact customers experienced during the incident. example: An example customer impact scope nullable: true type: string customer_impact_start: description: Timestamp when customers began being impacted by the incident. format: date-time nullable: true type: string customer_impacted: description: A flag indicating whether the incident caused customer impact. example: false type: boolean detected: description: Timestamp when the incident was detected. format: date-time nullable: true type: string fields: additionalProperties: $ref: '#/components/schemas/IncidentFieldAttributes' description: A condensed view of the user-defined fields attached to incidents. example: severity: type: dropdown value: SEV-5 type: object modified: description: Timestamp when the incident was last modified. format: date-time readOnly: true type: string notification_handles: description: Notification handles that will be notified of the incident during update. items: $ref: '#/components/schemas/IncidentNotificationHandle' nullable: true type: array public_id: description: The monotonically increasing integer ID for the incident. example: 1 format: int64 type: integer resolved: description: Timestamp when the incident's state was set to resolved. format: date-time nullable: true type: string time_to_detect: description: 'The amount of time in seconds to detect the incident. Equals the difference between `customer_impact_start` and `detected`.' format: int64 readOnly: true type: integer time_to_internal_response: description: The amount of time in seconds to call incident after detection. Equals the difference of `detected` and `created`. format: int64 readOnly: true type: integer time_to_repair: description: The amount of time in seconds to resolve customer impact after detecting the issue. Equals the difference between `customer_impact_end` and `detected`. format: int64 readOnly: true type: integer time_to_resolve: description: The amount of time in seconds to resolve the incident after it was created. Equals the difference between `created` and `resolved`. format: int64 readOnly: true type: integer title: description: The title of the incident, which summarizes what happened. example: A test incident title type: string required: - title type: object IncidentResponseData: description: Incident data from a response. properties: attributes: $ref: '#/components/schemas/IncidentResponseAttributes' id: description: The incident's ID. example: 00000000-0000-0000-1234-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentResponseRelationships' type: $ref: '#/components/schemas/IncidentType' required: - id - type type: object IncidentResponseIncludedItem: description: An object related to an incident that is included in the response. oneOf: - $ref: '#/components/schemas/User' - $ref: '#/components/schemas/IncidentAttachmentData' type: object IncidentResponseMeta: description: The metadata object containing pagination metadata. properties: pagination: $ref: '#/components/schemas/IncidentResponseMetaPagination' readOnly: true type: object IncidentResponseMetaPagination: description: Pagination properties. properties: next_offset: description: The index of the first element in the next page of results. Equal to page size added to the current offset. example: 1000 format: int64 type: integer offset: description: The index of the first element in the results. example: 10 format: int64 type: integer size: description: Maximum size of pages to return. example: 1000 format: int64 type: integer type: object IncidentResponseRelationships: description: The incident's relationships from a response. properties: attachments: $ref: '#/components/schemas/RelationshipToIncidentAttachment' commander_user: $ref: '#/components/schemas/NullableRelationshipToUser' created_by_user: $ref: '#/components/schemas/RelationshipToUser' integrations: $ref: '#/components/schemas/RelationshipToIncidentIntegrationMetadatas' last_modified_by_user: $ref: '#/components/schemas/RelationshipToUser' type: object IncidentServiceCreateAttributes: description: The incident service's attributes for a create request. properties: name: description: Name of the incident service. example: an example service name type: string required: - name type: object IncidentServiceCreateData: description: Incident Service payload for create requests. properties: attributes: $ref: '#/components/schemas/IncidentServiceCreateAttributes' relationships: $ref: '#/components/schemas/IncidentServiceRelationships' type: $ref: '#/components/schemas/IncidentServiceType' required: - type type: object IncidentServiceCreateRequest: description: Create request with an incident service payload. properties: data: $ref: '#/components/schemas/IncidentServiceCreateData' required: - data type: object IncidentServiceIncludedItems: description: An object related to an incident service which is present in the included payload. oneOf: - $ref: '#/components/schemas/User' type: object IncidentServiceRelationships: description: The incident service's relationships. properties: created_by: $ref: '#/components/schemas/RelationshipToUser' last_modified_by: $ref: '#/components/schemas/RelationshipToUser' readOnly: true type: object IncidentServiceResponse: description: Response with an incident service payload. properties: data: $ref: '#/components/schemas/IncidentServiceResponseData' included: description: Included objects from relationships. items: $ref: '#/components/schemas/IncidentServiceIncludedItems' readOnly: true type: array required: - data type: object IncidentServiceResponseAttributes: description: The incident service's attributes from a response. properties: created: description: Timestamp of when the incident service was created. format: date-time readOnly: true type: string modified: description: Timestamp of when the incident service was modified. format: date-time readOnly: true type: string name: description: Name of the incident service. example: service name type: string type: object IncidentServiceResponseData: description: Incident Service data from responses. properties: attributes: $ref: '#/components/schemas/IncidentServiceResponseAttributes' id: description: The incident service's ID. example: 00000000-0000-0000-0000-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentServiceRelationships' type: $ref: '#/components/schemas/IncidentServiceType' required: - id - type type: object IncidentServiceType: default: services description: Incident service resource type. enum: - services example: services type: string x-enum-varnames: - SERVICES IncidentServiceUpdateAttributes: description: The incident service's attributes for an update request. properties: name: description: Name of the incident service. example: an example service name type: string required: - name type: object IncidentServiceUpdateData: description: Incident Service payload for update requests. properties: attributes: $ref: '#/components/schemas/IncidentServiceUpdateAttributes' id: description: The incident service's ID. example: 00000000-0000-0000-0000-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentServiceRelationships' type: $ref: '#/components/schemas/IncidentServiceType' required: - type type: object IncidentServiceUpdateRequest: description: Update request with an incident service payload. properties: data: $ref: '#/components/schemas/IncidentServiceUpdateData' required: - data type: object IncidentServicesResponse: description: Response with a list of incident service payloads. properties: data: description: An array of incident services. example: - id: 00000000-0000-0000-0000-000000000000 type: services items: $ref: '#/components/schemas/IncidentServiceResponseData' type: array included: description: Included related resources which the user requested. items: $ref: '#/components/schemas/IncidentServiceIncludedItems' readOnly: true type: array meta: $ref: '#/components/schemas/IncidentResponseMeta' required: - data type: object IncidentTeamCreateAttributes: description: The incident team's attributes for a create request. properties: name: description: Name of the incident team. example: team name type: string required: - name type: object IncidentTeamCreateData: description: Incident Team data for a create request. properties: attributes: $ref: '#/components/schemas/IncidentTeamCreateAttributes' relationships: $ref: '#/components/schemas/IncidentTeamRelationships' type: $ref: '#/components/schemas/IncidentTeamType' required: - type type: object IncidentTeamCreateRequest: description: Create request with an incident team payload. properties: data: $ref: '#/components/schemas/IncidentTeamCreateData' required: - data type: object IncidentTeamIncludedItems: description: An object related to an incident team which is present in the included payload. oneOf: - $ref: '#/components/schemas/User' type: object IncidentTeamRelationships: description: The incident team's relationships. properties: created_by: $ref: '#/components/schemas/RelationshipToUser' last_modified_by: $ref: '#/components/schemas/RelationshipToUser' readOnly: true type: object IncidentTeamResponse: description: Response with an incident team payload. properties: data: $ref: '#/components/schemas/IncidentTeamResponseData' included: description: Included objects from relationships. items: $ref: '#/components/schemas/IncidentTeamIncludedItems' readOnly: true type: array required: - data type: object IncidentTeamResponseAttributes: description: The incident team's attributes from a response. properties: created: description: Timestamp of when the incident team was created. format: date-time readOnly: true type: string modified: description: Timestamp of when the incident team was modified. format: date-time readOnly: true type: string name: description: Name of the incident team. example: team name type: string type: object IncidentTeamResponseData: description: Incident Team data from a response. properties: attributes: $ref: '#/components/schemas/IncidentTeamResponseAttributes' id: description: The incident team's ID. example: 00000000-7ea3-0000-000a-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentTeamRelationships' type: $ref: '#/components/schemas/IncidentTeamType' type: object IncidentTeamType: default: teams description: Incident Team resource type. enum: - teams example: teams type: string x-enum-varnames: - TEAMS IncidentTeamUpdateAttributes: description: The incident team's attributes for an update request. properties: name: description: Name of the incident team. example: team name type: string required: - name type: object IncidentTeamUpdateData: description: Incident Team data for an update request. properties: attributes: $ref: '#/components/schemas/IncidentTeamUpdateAttributes' id: description: The incident team's ID. example: 00000000-7ea3-0000-0001-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentTeamRelationships' type: $ref: '#/components/schemas/IncidentTeamType' required: - type type: object IncidentTeamUpdateRequest: description: Update request with an incident team payload. properties: data: $ref: '#/components/schemas/IncidentTeamUpdateData' required: - data type: object IncidentTeamsResponse: description: Response with a list of incident team payloads. properties: data: description: An array of incident teams. example: - attributes: name: team name id: 00000000-7ea3-0000-0000-000000000000 type: teams items: $ref: '#/components/schemas/IncidentTeamResponseData' type: array included: description: Included related resources which the user requested. items: $ref: '#/components/schemas/IncidentTeamIncludedItems' readOnly: true type: array meta: $ref: '#/components/schemas/IncidentResponseMeta' required: - data type: object IncidentTimelineCellCreateAttributes: description: The timeline cell's attributes for a create request. oneOf: - $ref: '#/components/schemas/IncidentTimelineCellMarkdownCreateAttributes' type: object IncidentTimelineCellMarkdownContentType: default: markdown description: Type of the Markdown timeline cell. enum: - markdown example: markdown type: string x-enum-varnames: - MARKDOWN IncidentTimelineCellMarkdownCreateAttributes: description: Timeline cell data for Markdown timeline cells for a create request. properties: cell_type: $ref: '#/components/schemas/IncidentTimelineCellMarkdownContentType' content: $ref: '#/components/schemas/IncidentTimelineCellMarkdownCreateAttributesContent' important: default: false description: A flag indicating whether the timeline cell is important and should be highlighted. example: false type: boolean required: - content - cell_type type: object IncidentTimelineCellMarkdownCreateAttributesContent: description: The Markdown timeline cell contents. properties: content: description: The Markdown content of the cell. example: An example timeline cell message. nullable: false type: string type: object IncidentType: default: incidents description: Incident resource type. enum: - incidents example: incidents type: string x-enum-varnames: - INCIDENTS IncidentUpdateAttributes: description: The incident's attributes for an update request. properties: customer_impact_end: description: Timestamp when customers were no longer impacted by the incident. format: date-time nullable: true type: string customer_impact_scope: description: A summary of the impact customers experienced during the incident. example: Example customer impact scope type: string customer_impact_start: description: Timestamp when customers began being impacted by the incident. format: date-time nullable: true type: string customer_impacted: description: A flag indicating whether the incident caused customer impact. example: false type: boolean detected: description: Timestamp when the incident was detected. format: date-time nullable: true type: string fields: additionalProperties: $ref: '#/components/schemas/IncidentFieldAttributes' description: A condensed view of the user-defined fields for which to update selections. example: severity: type: dropdown value: SEV-5 type: object notification_handles: description: Notification handles that will be notified of the incident during update. items: $ref: '#/components/schemas/IncidentNotificationHandle' type: array resolved: description: Timestamp when the incident's state was set to resolved. format: date-time nullable: true type: string title: description: The title of the incident, which summarizes what happened. example: A test incident title type: string type: object IncidentUpdateData: description: Incident data for an update request. properties: attributes: $ref: '#/components/schemas/IncidentUpdateAttributes' id: description: The team's ID. example: 00000000-0000-0000-4567-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentUpdateRelationships' type: $ref: '#/components/schemas/IncidentType' required: - id - type type: object IncidentUpdateRelationships: description: The incident's relationships for an update request. properties: commander_user: $ref: '#/components/schemas/NullableRelationshipToUser' integrations: $ref: '#/components/schemas/RelationshipToIncidentIntegrationMetadatas' postmortem: $ref: '#/components/schemas/RelationshipToIncidentPostmortem' type: object IncidentUpdateRequest: description: Update request for an incident. properties: data: $ref: '#/components/schemas/IncidentUpdateData' required: - data type: object IncidentsResponse: description: Response with a list of incidents. properties: data: description: An array of incidents. example: - attributes: created: '2020-04-21T15:34:08.627205+00:00' creation_idempotency_key: null customer_impact_duration: 0 customer_impact_end: null customer_impact_scope: null customer_impact_start: null customer_impacted: false detected: '2020-04-14T00:00:00+00:00' modified: '2020-09-17T14:16:58.696424+00:00' public_id: 1 resolved: null severity: SEV-1 time_to_detect: 0 time_to_internal_response: 0 time_to_repair: 0 time_to_resolve: 0 title: Example Incident id: 00000000-aaaa-0000-0000-000000000000 relationships: attachments: data: - id: 00000000-9999-0000-0000-000000000000 type: incident_attachments - id: 00000000-1234-0000-0000-000000000000 type: incident_attachments commander_user: data: id: 00000000-0000-0000-cccc-000000000000 type: users created_by_user: data: id: 00000000-0000-0000-cccc-000000000000 type: users integrations: data: - id: 00000000-0000-0000-4444-000000000000 type: incident_integrations - id: 00000000-0000-0000-5555-000000000000 type: incident_integrations last_modified_by_user: data: id: 00000000-0000-0000-cccc-000000000000 type: users type: incidents - attributes: created: '2020-04-21T15:34:08.627205+00:00' creation_idempotency_key: null customer_impact_duration: 0 customer_impact_end: null customer_impact_scope: null customer_impact_start: null customer_impacted: false detected: '2020-04-14T00:00:00+00:00' modified: '2020-09-17T14:16:58.696424+00:00' public_id: 2 resolved: null severity: SEV-5 time_to_detect: 0 time_to_internal_response: 0 time_to_repair: 0 time_to_resolve: 0 title: Example Incident 2 id: 00000000-1111-0000-0000-000000000000 relationships: attachments: data: - id: 00000000-9999-0000-0000-000000000000 type: incident_attachments commander_user: data: id: 00000000-aaaa-0000-0000-000000000000 type: users created_by_user: data: id: 00000000-aaaa-0000-0000-000000000000 type: users integrations: data: - id: 00000000-0000-0000-0001-000000000000 type: incident_integrations - id: 00000000-0000-0000-0002-000000000000 type: incident_integrations last_modified_by_user: data: id: 00000000-aaaa-0000-0000-000000000000 type: users type: incidents items: $ref: '#/components/schemas/IncidentResponseData' type: array included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentResponseIncludedItem' readOnly: true type: array meta: $ref: '#/components/schemas/IncidentResponseMeta' required: - data type: object IntakePayloadAccepted: description: The payload accepted for intake. properties: errors: description: A list of errors. items: description: An empty error list. type: string type: array type: object ListApplicationKeysResponse: description: Response for a list of application keys. properties: data: description: Array of application keys. items: $ref: '#/components/schemas/PartialApplicationKey' type: array included: description: Array of objects related to the application key. items: $ref: '#/components/schemas/ApplicationKeyResponseIncludedItem' type: array type: object Log: description: Object description of a log after being processed and stored by Datadog. properties: attributes: $ref: '#/components/schemas/LogAttributes' id: description: Unique ID of the Log. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/LogType' type: object LogAttributes: description: JSON object containing all log attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from your log. example: customAttribute: 123 duration: 2345 type: object host: description: Name of the machine from where the logs are being sent. example: i-0123 type: string message: description: 'The message [reserved attribute](https://docs.datadoghq.com/logs/log_collection/#reserved-attributes) of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search.' example: Host connected to remote type: string service: description: 'The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products.' example: agent type: string status: description: Status of the message associated with your log. example: INFO type: string tags: description: Array of tags associated with your log. example: - team:A items: description: Tag associated with your log. type: string type: array timestamp: description: Timestamp of your log. example: '2019-01-02T09:42:36.320Z' format: date-time type: string type: object LogType: default: log description: Type of the event. enum: - log example: log type: string x-enum-varnames: - LOG LogsAggregateBucket: description: A bucket values properties: by: additionalProperties: description: The values for each group by type: string description: The key, value pairs for each group by example: '@state': success '@version': abc type: object computes: additionalProperties: $ref: '#/components/schemas/LogsAggregateBucketValue' description: A map of the metric name -> value for regular compute or list of values for a timeseries type: object type: object LogsAggregateBucketValue: description: A bucket value, can be either a timeseries or a single value oneOf: - $ref: '#/components/schemas/LogsAggregateBucketValueSingleString' - $ref: '#/components/schemas/LogsAggregateBucketValueSingleNumber' - $ref: '#/components/schemas/LogsAggregateBucketValueTimeseries' LogsAggregateBucketValueSingleNumber: description: A single number value format: double type: number LogsAggregateBucketValueSingleString: description: A single string value type: string LogsAggregateBucketValueTimeseries: description: A timeseries array items: $ref: '#/components/schemas/LogsAggregateBucketValueTimeseriesPoint' type: array x-generate-alias-as-model: true LogsAggregateBucketValueTimeseriesPoint: description: A timeseries point properties: time: description: The time value for this point example: '2020-06-08T11:55:00Z' type: string value: description: The value for this point example: 19 format: double type: number type: object LogsAggregateRequest: description: The object sent with the request to retrieve a list of logs from your organization. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: '#/components/schemas/LogsCompute' type: array filter: $ref: '#/components/schemas/LogsQueryFilter' group_by: description: The rules for the group by items: $ref: '#/components/schemas/LogsGroupBy' type: array options: $ref: '#/components/schemas/LogsQueryOptions' page: $ref: '#/components/schemas/LogsAggregateRequestPage' type: object LogsAggregateRequestPage: description: Paging settings properties: cursor: description: The returned paging point to use to get the next results example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object LogsAggregateResponse: description: The response object for the logs aggregate API endpoint properties: data: $ref: '#/components/schemas/LogsAggregateResponseData' meta: $ref: '#/components/schemas/LogsResponseMetadata' type: object LogsAggregateResponseData: description: The query results properties: buckets: description: The list of matching buckets, one item per bucket items: $ref: '#/components/schemas/LogsAggregateBucket' type: array type: object LogsAggregateResponseStatus: description: The status of the response enum: - done - timeout example: done type: string x-enum-varnames: - DONE - TIMEOUT LogsAggregateSort: description: A sort rule example: aggregation: count order: asc properties: aggregation: $ref: '#/components/schemas/LogsAggregationFunction' metric: description: The metric to sort by (only used for `type=measure`) example: '@duration' type: string order: $ref: '#/components/schemas/LogsSortOrder' type: $ref: '#/components/schemas/LogsAggregateSortType' type: object LogsAggregateSortType: default: alphabetical description: The type of sorting algorithm enum: - alphabetical - measure type: string x-enum-varnames: - ALPHABETICAL - MEASURE LogsAggregationFunction: description: An aggregation function enum: - count - cardinality - pc75 - pc90 - pc95 - pc98 - pc99 - sum - min - max - avg - median example: pc90 type: string x-enum-varnames: - COUNT - CARDINALITY - PERCENTILE_75 - PERCENTILE_90 - PERCENTILE_95 - PERCENTILE_98 - PERCENTILE_99 - SUM - MIN - MAX - AVG - MEDIAN LogsArchive: description: The logs archive. properties: data: $ref: '#/components/schemas/LogsArchiveDefinition' type: object LogsArchiveAttributes: description: The attributes associated with the archive. properties: destination: $ref: '#/components/schemas/LogsArchiveDestination' include_tags: default: false description: 'To store the tags in the archive, set the value "true". If it is set to "false", the tags will be deleted when the logs are sent to the archive.' example: false type: boolean name: description: The archive name. example: Nginx Archive type: string query: description: The archive query/filter. Logs matching this query are included in the archive. example: source:nginx type: string rehydration_max_scan_size_in_gb: description: Maximum scan size for rehydration from this archive. example: 100 format: int64 nullable: true type: integer rehydration_tags: description: An array of tags to add to rehydrated logs from an archive. example: - team:intake - team:app items: description: A given tag in the `:` format. type: string type: array state: $ref: '#/components/schemas/LogsArchiveState' required: - name - query - destination type: object LogsArchiveCreateRequest: description: The logs archive. properties: data: $ref: '#/components/schemas/LogsArchiveCreateRequestDefinition' type: object LogsArchiveCreateRequestAttributes: description: The attributes associated with the archive. properties: destination: $ref: '#/components/schemas/LogsArchiveCreateRequestDestination' include_tags: default: false description: 'To store the tags in the archive, set the value "true". If it is set to "false", the tags will be deleted when the logs are sent to the archive.' example: false type: boolean name: description: The archive name. example: Nginx Archive type: string query: description: The archive query/filter. Logs matching this query are included in the archive. example: source:nginx type: string rehydration_max_scan_size_in_gb: description: Maximum scan size for rehydration from this archive. example: 100 format: int64 nullable: true type: integer rehydration_tags: description: An array of tags to add to rehydrated logs from an archive. example: - team:intake - team:app items: description: A given tag in the `:` format. type: string type: array required: - name - query - destination type: object LogsArchiveCreateRequestDefinition: description: The definition of an archive. properties: attributes: $ref: '#/components/schemas/LogsArchiveCreateRequestAttributes' type: default: archives description: The type of the resource. The value should always be archives. example: archives type: string required: - type type: object LogsArchiveCreateRequestDestination: description: An archive's destination. oneOf: - $ref: '#/components/schemas/LogsArchiveDestinationAzure' - $ref: '#/components/schemas/LogsArchiveDestinationGCS' - $ref: '#/components/schemas/LogsArchiveDestinationS3' required: - type - integration type: object LogsArchiveDefinition: description: The definition of an archive. properties: attributes: $ref: '#/components/schemas/LogsArchiveAttributes' id: description: The archive ID. example: a2zcMylnM4OCHpYusxIi3g readOnly: true type: string type: default: archives description: The type of the resource. The value should always be archives. example: archives readOnly: true type: string required: - type type: object LogsArchiveDestination: description: An archive's destination. nullable: true oneOf: - $ref: '#/components/schemas/LogsArchiveDestinationAzure' - $ref: '#/components/schemas/LogsArchiveDestinationGCS' - $ref: '#/components/schemas/LogsArchiveDestinationS3' required: - type - integration type: object LogsArchiveDestinationAzure: description: The Azure archive destination. properties: container: description: The container where the archive will be stored. example: container-name type: string integration: $ref: '#/components/schemas/LogsArchiveIntegrationAzure' path: description: The archive path. type: string region: description: The region where the archive will be stored. type: string storage_account: description: The associated storage account. example: account-name type: string type: $ref: '#/components/schemas/LogsArchiveDestinationAzureType' required: - storage_account - container - integration - type type: object LogsArchiveDestinationAzureType: default: azure description: Type of the Azure archive destination. enum: - azure example: azure type: string x-enum-varnames: - AZURE LogsArchiveDestinationGCS: description: The GCS archive destination. properties: bucket: description: The bucket where the archive will be stored. example: bucket-name type: string integration: $ref: '#/components/schemas/LogsArchiveIntegrationGCS' path: description: The archive path. type: string type: $ref: '#/components/schemas/LogsArchiveDestinationGCSType' required: - bucket - integration - type type: object LogsArchiveDestinationGCSType: default: gcs description: Type of the GCS archive destination. enum: - gcs example: gcs type: string x-enum-varnames: - GCS LogsArchiveDestinationS3: description: The S3 archive destination. properties: bucket: description: The bucket where the archive will be stored. example: bucket-name type: string integration: $ref: '#/components/schemas/LogsArchiveIntegrationS3' path: description: The archive path. type: string type: $ref: '#/components/schemas/LogsArchiveDestinationS3Type' required: - bucket - integration - type type: object LogsArchiveDestinationS3Type: default: s3 description: Type of the S3 archive destination. enum: - s3 example: s3 type: string x-enum-varnames: - S3 LogsArchiveIntegrationAzure: description: The Azure archive's integration destination. properties: client_id: description: A client ID. example: aaaaaaaa-1a1a-1a1a-1a1a-aaaaaaaaaaaa type: string tenant_id: description: A tenant ID. example: aaaaaaaa-1a1a-1a1a-1a1a-aaaaaaaaaaaa type: string required: - tenant_id - client_id type: object LogsArchiveIntegrationGCS: description: The GCS archive's integration destination. properties: client_email: description: A client email. example: youremail@example.com type: string project_id: description: A project ID. example: project-id type: string required: - project_id - client_email type: object LogsArchiveIntegrationS3: description: The S3 Archive's integration destination. properties: account_id: description: The account ID for the integration. example: '123456789012' type: string role_name: description: The path of the integration. example: role-name type: string required: - role_name - account_id type: object LogsArchiveOrder: description: A ordered list of archive IDs. properties: data: $ref: '#/components/schemas/LogsArchiveOrderDefinition' type: object LogsArchiveOrderAttributes: description: The attributes associated with the archive order. properties: archive_ids: description: 'An ordered array of `` strings, the order of archive IDs in the array define the overall archives order for Datadog.' example: - a2zcMylnM4OCHpYusxIi1g - a2zcMylnM4OCHpYusxIi2g - a2zcMylnM4OCHpYusxIi3g items: description: A given archive ID. type: string type: array required: - archive_ids type: object LogsArchiveOrderDefinition: description: The definition of an archive order. properties: attributes: $ref: '#/components/schemas/LogsArchiveOrderAttributes' type: $ref: '#/components/schemas/LogsArchiveOrderDefinitionType' required: - type - attributes type: object LogsArchiveOrderDefinitionType: default: archive_order description: Type of the archive order definition. enum: - archive_order example: archive_order type: string x-enum-varnames: - ARCHIVE_ORDER LogsArchiveState: description: The state of the archive. enum: - UNKNOWN - WORKING - FAILING - WORKING_AUTH_LEGACY example: WORKING type: string x-enum-varnames: - UNKNOWN - WORKING - FAILING - WORKING_AUTH_LEGACY LogsArchives: description: The available archives. properties: data: description: A list of archives. items: $ref: '#/components/schemas/LogsArchiveDefinition' type: array type: object LogsCompute: description: A compute rule to compute metrics or timeseries properties: aggregation: $ref: '#/components/schemas/LogsAggregationFunction' interval: description: 'The time buckets'' size (only used for type=timeseries) Defaults to a resolution of 150 points' example: 5m type: string metric: description: The metric to use example: '@duration' type: string type: $ref: '#/components/schemas/LogsComputeType' required: - aggregation type: object LogsComputeType: default: total description: The type of compute enum: - timeseries - total type: string x-enum-varnames: - TIMESERIES - TOTAL LogsGroupBy: description: A group by rule properties: facet: description: The name of the facet to use (required) example: host type: string histogram: $ref: '#/components/schemas/LogsGroupByHistogram' limit: default: 10 description: The maximum buckets to return for this group by format: int64 type: integer missing: $ref: '#/components/schemas/LogsGroupByMissing' sort: $ref: '#/components/schemas/LogsAggregateSort' total: $ref: '#/components/schemas/LogsGroupByTotal' required: - facet type: object LogsGroupByHistogram: description: 'Used to perform a histogram computation (only for measure facets). Note: At most 100 buckets are allowed, the number of buckets is (max - min)/interval.' properties: interval: description: The bin size of the histogram buckets example: 10 format: double type: number max: description: 'The maximum value for the measure used in the histogram (values greater than this one are filtered out)' example: 100 format: double type: number min: description: 'The minimum value for the measure used in the histogram (values smaller than this one are filtered out)' example: 50 format: double type: number required: - interval - min - max type: object LogsGroupByMissing: description: The value to use for logs that don't have the facet used to group by oneOf: - $ref: '#/components/schemas/LogsGroupByMissingString' - $ref: '#/components/schemas/LogsGroupByMissingNumber' LogsGroupByMissingNumber: description: The missing value to use if there is a number valued facet. format: double type: number LogsGroupByMissingString: description: The missing value to use if there is string valued facet. type: string LogsGroupByTotal: default: false description: A resulting object to put the given computes in over all the matching records. oneOf: - $ref: '#/components/schemas/LogsGroupByTotalBoolean' - $ref: '#/components/schemas/LogsGroupByTotalString' - $ref: '#/components/schemas/LogsGroupByTotalNumber' LogsGroupByTotalBoolean: description: If set to true, creates an additional bucket labeled "$facet_total" type: boolean LogsGroupByTotalNumber: description: A number to use as the key value for the total bucket format: double type: number LogsGroupByTotalString: description: A string to use as the key value for the total bucket type: string LogsListRequest: description: The request for a logs list. properties: filter: $ref: '#/components/schemas/LogsQueryFilter' options: $ref: '#/components/schemas/LogsQueryOptions' page: $ref: '#/components/schemas/LogsListRequestPage' sort: $ref: '#/components/schemas/LogsSort' type: object LogsListRequestPage: description: Paging attributes for listing logs. properties: cursor: description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: Maximum number of logs in the response. example: 25 format: int32 maximum: 1000 type: integer type: object LogsListResponse: description: Response object with all logs matching the request and pagination information. properties: data: description: Array of logs matching the request. items: $ref: '#/components/schemas/Log' type: array links: $ref: '#/components/schemas/LogsListResponseLinks' meta: $ref: '#/components/schemas/LogsResponseMetadata' type: object LogsListResponseLinks: description: Links attributes. properties: next: description: 'Link for the next set of results. Note that the request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/logs/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object LogsMetricCompute: description: The compute rule to compute the log-based metric. properties: aggregation_type: $ref: '#/components/schemas/LogsMetricComputeAggregationType' path: description: The path to the value the log-based metric will aggregate on (only used if the aggregation type is a "distribution"). example: '@duration' type: string required: - aggregation_type type: object LogsMetricComputeAggregationType: description: The type of aggregation to use. enum: - count - distribution example: distribution type: string x-enum-varnames: - COUNT - DISTRIBUTION LogsMetricCreateAttributes: description: The object describing the Datadog log-based metric to create. properties: compute: $ref: '#/components/schemas/LogsMetricCompute' filter: $ref: '#/components/schemas/LogsMetricFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/LogsMetricGroupBy' type: array required: - compute type: object LogsMetricCreateData: description: The new log-based metric properties. properties: attributes: $ref: '#/components/schemas/LogsMetricCreateAttributes' id: $ref: '#/components/schemas/LogsMetricID' type: $ref: '#/components/schemas/LogsMetricType' required: - id - type - attributes type: object LogsMetricCreateRequest: description: The new log-based metric body. properties: data: $ref: '#/components/schemas/LogsMetricCreateData' required: - data type: object LogsMetricFilter: description: The log-based metric filter. Logs matching this filter will be aggregated in this metric. properties: query: default: '*' description: The search query - following the log search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string type: object LogsMetricGroupBy: description: A group by rule. properties: path: description: The path to the value the log-based metric will be aggregated over. example: '@http.status_code' type: string tag_name: description: Eventual name of the tag that gets created. By default, the path attribute is used as the tag name. example: status_code type: string required: - path type: object LogsMetricID: description: The name of the log-based metric. example: logs.page.load.count type: string LogsMetricResponse: description: The log-based metric object. properties: data: $ref: '#/components/schemas/LogsMetricResponseData' type: object LogsMetricResponseAttributes: description: The object describing a Datadog log-based metric. properties: compute: $ref: '#/components/schemas/LogsMetricResponseCompute' filter: $ref: '#/components/schemas/LogsMetricResponseFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/LogsMetricResponseGroupBy' type: array type: object LogsMetricResponseCompute: description: The compute rule to compute the log-based metric. properties: aggregation_type: $ref: '#/components/schemas/LogsMetricResponseComputeAggregationType' path: description: The path to the value the log-based metric will aggregate on (only used if the aggregation type is a "distribution"). example: '@duration' type: string type: object LogsMetricResponseComputeAggregationType: description: The type of aggregation to use. enum: - count - distribution example: distribution type: string x-enum-varnames: - COUNT - DISTRIBUTION LogsMetricResponseData: description: The log-based metric properties. properties: attributes: $ref: '#/components/schemas/LogsMetricResponseAttributes' id: $ref: '#/components/schemas/LogsMetricID' type: $ref: '#/components/schemas/LogsMetricType' type: object LogsMetricResponseFilter: description: The log-based metric filter. Logs matching this filter will be aggregated in this metric. properties: query: description: The search query - following the log search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string type: object LogsMetricResponseGroupBy: description: A group by rule. properties: path: description: The path to the value the log-based metric will be aggregated over. example: '@http.status_code' type: string tag_name: description: Eventual name of the tag that gets created. By default, the path attribute is used as the tag name. example: status_code type: string type: object LogsMetricType: default: logs_metrics description: The type of the resource. The value should always be logs_metrics. enum: - logs_metrics example: logs_metrics type: string x-enum-varnames: - LOGS_METRICS LogsMetricUpdateAttributes: description: The log-based metric properties that will be updated. properties: filter: $ref: '#/components/schemas/LogsMetricFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/LogsMetricGroupBy' type: array type: object LogsMetricUpdateData: description: The new log-based metric properties. properties: attributes: $ref: '#/components/schemas/LogsMetricUpdateAttributes' type: $ref: '#/components/schemas/LogsMetricType' required: - type - attributes type: object LogsMetricUpdateRequest: description: The new log-based metric body. properties: data: $ref: '#/components/schemas/LogsMetricUpdateData' required: - data type: object LogsMetricsResponse: description: All the available log-based metric objects. properties: data: description: A list of log-based metric objects. items: $ref: '#/components/schemas/LogsMetricResponseData' type: array type: object LogsQueryFilter: description: The search and filter query settings properties: from: default: now-15m description: The minimum time for the requested logs, supports date math and regular timestamps (milliseconds). example: now-15m type: string indexes: default: - '*' description: For customers with multiple indexes, the indexes to search. Defaults to ['*'] which means all indexes. example: - main - web items: description: The name of a log index. type: string type: array query: default: '*' description: The search query - following the log search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string to: default: now description: The maximum time for the requested logs, supports date math and regular timestamps (milliseconds). example: now type: string type: object LogsQueryOptions: description: 'Global query options that are used during the query. Note: You should only supply timezone or time offset but not both otherwise the query will fail.' properties: timeOffset: description: The time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: UTC description: 'The timezone can be specified both as an offset, for example: "UTC+03:00".' example: GMT type: string type: object LogsResponseMetadata: description: The metadata associated with a request properties: elapsed: description: The time elapsed in milliseconds example: 132 format: int64 type: integer page: $ref: '#/components/schemas/LogsResponseMetadataPage' request_id: description: The identifier of the request example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string status: $ref: '#/components/schemas/LogsAggregateResponseStatus' warnings: description: 'A list of warnings (non fatal errors) encountered, partial results might be returned if warnings are present in the response.' items: $ref: '#/components/schemas/LogsWarning' type: array type: object LogsResponseMetadataPage: description: Paging attributes. properties: after: description: 'The cursor to use to get the next results, if any. To make the next request, use the same. parameters with the addition of the `page[cursor]`.' example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object LogsSort: description: Sort parameters when querying logs. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING LogsSortOrder: description: The order to use, ascending or descending enum: - asc - desc example: asc type: string x-enum-varnames: - ASCENDING - DESCENDING LogsWarning: description: A warning message indicating something that went wrong with the query properties: code: description: A unique code for this type of warning example: unknown_index type: string detail: description: A detailed explanation of this specific warning example: 'indexes: foo, bar' type: string title: description: A short human-readable summary of the warning example: One or several indexes are missing or invalid, results hold data from the other indexes type: string type: object Metric: description: Object for a single metric tag configuration. example: id: metric.foo.bar type: metrics properties: id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricType' type: object MetricActiveConfigurationType: default: actively_queried_configurations description: The metric actively queried configuration resource type. enum: - actively_queried_configurations example: actively_queried_configurations type: string x-enum-varnames: - ACTIVELY_QUERIED_CONFIGURATIONS MetricAllTags: description: Object for a single metric's indexed tags. properties: attributes: $ref: '#/components/schemas/MetricAllTagsAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricType' type: object MetricAllTagsAttributes: description: Object containing the definition of a metric's tags. properties: tags: description: List of indexed tag value pairs. example: - sport:golf - sport:football - animal:dog items: description: Tag key-value pairs. type: string type: array type: object MetricAllTagsResponse: description: Response object that includes a single metric's indexed tags. properties: data: $ref: '#/components/schemas/MetricAllTags' readOnly: true type: object MetricBulkConfigureTagsType: default: metric_bulk_configure_tags description: The metric bulk configure tags resource. enum: - metric_bulk_configure_tags example: metric_bulk_configure_tags type: string x-enum-varnames: - BULK_MANAGE_TAGS MetricBulkTagConfigCreate: description: Request object to bulk configure tags for metrics matching the given prefix. properties: attributes: $ref: '#/components/schemas/MetricBulkTagConfigCreateAttributes' id: $ref: '#/components/schemas/MetricBulkTagConfigNamePrefix' type: $ref: '#/components/schemas/MetricBulkConfigureTagsType' required: - id - type type: object MetricBulkTagConfigCreateAttributes: description: Optional parameters for bulk creating metric tag configurations. properties: emails: $ref: '#/components/schemas/MetricBulkTagConfigEmailList' tags: $ref: '#/components/schemas/MetricBulkTagConfigTagNameList' type: object MetricBulkTagConfigCreateRequest: description: Wrapper object for a single bulk tag configuration request. properties: data: $ref: '#/components/schemas/MetricBulkTagConfigCreate' required: - data type: object MetricBulkTagConfigDelete: description: Request object to bulk delete all tag configurations for metrics matching the given prefix. properties: attributes: $ref: '#/components/schemas/MetricBulkTagConfigDeleteAttributes' id: $ref: '#/components/schemas/MetricBulkTagConfigNamePrefix' type: $ref: '#/components/schemas/MetricBulkConfigureTagsType' required: - id - type type: object MetricBulkTagConfigDeleteAttributes: description: Optional parameters for bulk deleting metric tag configurations. properties: emails: $ref: '#/components/schemas/MetricBulkTagConfigEmailList' type: object MetricBulkTagConfigDeleteRequest: description: Wrapper object for a single bulk tag deletion request. properties: data: $ref: '#/components/schemas/MetricBulkTagConfigDelete' required: - data type: object MetricBulkTagConfigEmailList: description: A list of account emails to notify when the configuration is applied. example: - sue@example.com - bob@example.com items: description: An email address. format: email type: string type: array MetricBulkTagConfigNamePrefix: description: A text prefix to match against metric names. example: kafka.lag type: string MetricBulkTagConfigResponse: description: Wrapper for a single bulk tag configuration status response. properties: data: $ref: '#/components/schemas/MetricBulkTagConfigStatus' type: object MetricBulkTagConfigStatus: description: 'The status of a request to bulk configure metric tags. It contains the fields from the original request for reference.' properties: attributes: $ref: '#/components/schemas/MetricBulkTagConfigStatusAttributes' id: $ref: '#/components/schemas/MetricBulkTagConfigNamePrefix' type: $ref: '#/components/schemas/MetricBulkConfigureTagsType' required: - id - type type: object MetricBulkTagConfigStatusAttributes: description: Optional attributes for the status of a bulk tag configuration request. properties: emails: $ref: '#/components/schemas/MetricBulkTagConfigEmailList' status: description: The status of the request. example: Accepted type: string tags: $ref: '#/components/schemas/MetricBulkTagConfigTagNameList' type: object MetricBulkTagConfigTagNameList: description: A list of tag names to apply to the configuration. example: - host - pod_name - is_shadow items: description: A metric tag name. maxLength: 200 pattern: ^[A-Za-z][A-Za-z0-9\.\-\_:\/]*$ type: string type: array MetricContentEncoding: default: deflate description: HTTP header used to compress the media-type. enum: - deflate - zstd1 - gzip example: deflate type: string x-enum-varnames: - DEFLATE - ZSTD1 - GZIP MetricCustomAggregation: description: A time and space aggregation combination for use in query. example: space: sum time: sum properties: space: $ref: '#/components/schemas/MetricCustomSpaceAggregation' time: $ref: '#/components/schemas/MetricCustomTimeAggregation' required: - time - space type: object MetricCustomAggregations: description: 'A list of queryable aggregation combinations for a count, rate, or gauge metric. By default, count and rate metrics require the (time: sum, space: sum) aggregation and Gauge metrics require the (time: avg, space: avg) aggregation. Additional time & space combinations are also available: - time: avg, space: avg - time: avg, space: max - time: avg, space: min - time: avg, space: sum - time: count, space: sum - time: max, space: max - time: min, space: min - time: sum, space: avg - time: sum, space: sum Can only be applied to metrics that have a `metric_type` of `count`, `rate`, or `gauge`.' example: - space: sum time: sum - space: sum time: count items: $ref: '#/components/schemas/MetricCustomAggregation' type: array MetricCustomSpaceAggregation: description: A space aggregation for use in query. enum: - avg - max - min - sum example: sum type: string x-enum-varnames: - AVG - MAX - MIN - SUM MetricCustomTimeAggregation: description: A time aggregation for use in query. enum: - avg - count - max - min - sum example: sum type: string x-enum-varnames: - AVG - COUNT - MAX - MIN - SUM MetricDistinctVolume: description: Object for a single metric's distinct volume. properties: attributes: $ref: '#/components/schemas/MetricDistinctVolumeAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricDistinctVolumeType' type: object MetricDistinctVolumeAttributes: description: Object containing the definition of a metric's distinct volume. properties: distinct_volume: description: Distinct volume for the given metric. example: 10 format: int64 type: integer type: object MetricDistinctVolumeType: default: distinct_metric_volumes description: The metric distinct volume type. enum: - distinct_metric_volumes example: distinct_metric_volumes type: string x-enum-varnames: - DISTINCT_METRIC_VOLUMES MetricEstimate: description: Object for a metric cardinality estimate. properties: attributes: $ref: '#/components/schemas/MetricEstimateAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricEstimateResourceType' type: object MetricEstimateAttributes: description: Object containing the definition of a metric estimate attribute. properties: estimate_type: $ref: '#/components/schemas/MetricEstimateType' estimated_at: description: Timestamp when the cardinality estimate was requested. example: '2022-04-27T09:48:37.463835Z' format: date-time type: string estimated_output_series: description: Estimated cardinality of the metric based on the queried configuration. example: 50 format: int64 type: integer type: object MetricEstimateResourceType: default: metric_cardinality_estimate description: The metric estimate resource type. enum: - metric_cardinality_estimate example: metric_cardinality_estimate type: string x-enum-varnames: - METRIC_CARDINALITY_ESTIMATE MetricEstimateResponse: description: Response object that includes metric cardinality estimates. properties: data: $ref: '#/components/schemas/MetricEstimate' type: object MetricEstimateType: default: count_or_gauge description: Estimate type based on the queried configuration. By default, `count_or_gauge` is returned. `distribution` is returned for distribution metrics without percentiles enabled. Lastly, `percentile` is returned if `filter[pct]=true` is queried with a distribution metric. enum: - count_or_gauge - distribution - percentile example: distribution type: string x-enum-varnames: - COUNT_OR_GAUGE - DISTRIBUTION - PERCENTILE MetricIngestedIndexedVolume: description: Object for a single metric's ingested and indexed volume. properties: attributes: $ref: '#/components/schemas/MetricIngestedIndexedVolumeAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricIngestedIndexedVolumeType' type: object MetricIngestedIndexedVolumeAttributes: description: Object containing the definition of a metric's ingested and indexed volume. properties: indexed_volume: description: Indexed volume for the given metric. example: 10 format: int64 type: integer ingested_volume: description: Ingested volume for the given metric. example: 20 format: int64 type: integer type: object MetricIngestedIndexedVolumeType: default: metric_volumes description: The metric ingested and indexed volume type. enum: - metric_volumes example: metric_volumes type: string x-enum-varnames: - METRIC_VOLUMES MetricIntakeType: description: The type of metric. The available types are `0` (unspecified), `1` (count), `2` (rate), and `3` (gauge). enum: - 0 - 1 - 2 - 3 format: int32 type: integer x-enum-varnames: - UNSPECIFIED - COUNT - RATE - GAUGE MetricMetadata: description: Metadata for the metric. properties: origin: $ref: '#/components/schemas/MetricOrigin' type: object MetricName: description: The metric name for this resource. example: test.metric.latency type: string MetricOrigin: description: Metric origin information. properties: metric_type: default: 0 description: The origin metric type code format: int32 maximum: 1000 type: integer product: default: 0 description: The origin product code format: int32 maximum: 1000 type: integer service: default: 0 description: The origin service code format: int32 maximum: 1000 type: integer type: object MetricPayload: description: The metrics' payload. properties: series: description: A list of time series to submit to Datadog. example: - metric: system.load.1 points: - timestamp: 1475317847 value: 0.7 resources: - name: dummyhost type: host items: $ref: '#/components/schemas/MetricSeries' type: array required: - series type: object MetricPoint: description: A point object is of the form `{POSIX_timestamp, numeric_value}`. example: timestamp: 1575317847 value: 0.5 properties: timestamp: description: 'The timestamp should be in seconds and current. Current is defined as not more than 10 minutes in the future or more than 1 hour in the past.' format: int64 type: integer value: description: The numeric value format should be a 64bit float gauge-type value. format: double type: number type: object MetricResource: description: Metric resource. example: name: dummyhost type: host properties: name: description: The name of the resource. type: string type: description: The type of the resource. type: string type: object MetricSeries: description: 'A metric to submit to Datadog. See [Datadog metrics](https://docs.datadoghq.com/developers/metrics/#custom-metrics-properties).' properties: interval: description: If the type of the metric is rate or count, define the corresponding interval. example: 20 format: int64 type: integer metadata: $ref: '#/components/schemas/MetricMetadata' metric: description: The name of the timeseries. example: system.load.1 type: string points: description: Points relating to a metric. All points must be objects with timestamp and a scalar value (cannot be a string). Timestamps should be in POSIX time in seconds, and cannot be more than ten minutes in the future or more than one hour in the past. items: $ref: '#/components/schemas/MetricPoint' type: array resources: description: A list of resources to associate with this metric. items: $ref: '#/components/schemas/MetricResource' type: array source_type_name: description: The source type name. example: datadog type: string tags: description: A list of tags associated with the metric. example: - environment:test items: description: Individual tags. type: string type: array type: $ref: '#/components/schemas/MetricIntakeType' unit: description: The unit of point value. example: second type: string required: - metric - points type: object MetricSuggestedAggregations: description: List of aggregation combinations that have been actively queried. example: - space: sum time: sum - space: sum time: count items: $ref: '#/components/schemas/MetricCustomAggregation' type: array MetricSuggestedTagsAndAggregations: description: Object for a single metric's actively queried tags and aggregations. properties: attributes: $ref: '#/components/schemas/MetricSuggestedTagsAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricActiveConfigurationType' type: object MetricSuggestedTagsAndAggregationsResponse: description: Response object that includes a single metric's actively queried tags and aggregations. properties: data: $ref: '#/components/schemas/MetricSuggestedTagsAndAggregations' readOnly: true type: object MetricSuggestedTagsAttributes: description: Object containing the definition of a metric's actively queried tags and aggregations. properties: active_aggregations: $ref: '#/components/schemas/MetricSuggestedAggregations' active_tags: description: List of tag keys that have been actively queried. example: - app - datacenter items: description: Actively queried tag keys. type: string type: array type: object MetricTagConfiguration: description: Object for a single metric tag configuration. example: attributes: aggregations: - space: avg time: avg created_at: '2020-03-25T09:48:37.463835Z' metric_type: gauge modified_at: '2020-04-25T09:48:37.463835Z' tags: - app - datacenter id: http.request.latency type: manage_tags properties: attributes: $ref: '#/components/schemas/MetricTagConfigurationAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricTagConfigurationType' type: object MetricTagConfigurationAttributes: description: Object containing the definition of a metric tag configuration attributes. properties: aggregations: $ref: '#/components/schemas/MetricCustomAggregations' created_at: description: Timestamp when the tag configuration was created. example: '2020-03-25T09:48:37.463835Z' format: date-time type: string include_percentiles: description: 'Toggle to turn on/off percentile aggregations for distribution metrics. Only present when the `metric_type` is `distribution`.' example: true type: boolean metric_type: $ref: '#/components/schemas/MetricTagConfigurationMetricTypes' modified_at: description: Timestamp when the tag configuration was last modified. example: '2020-03-25T09:48:37.463835Z' format: date-time type: string tags: description: List of tag keys on which to group. example: - app - datacenter items: description: Tag keys to group by. type: string type: array type: object MetricTagConfigurationCreateAttributes: description: Object containing the definition of a metric tag configuration to be created. properties: aggregations: $ref: '#/components/schemas/MetricCustomAggregations' include_percentiles: description: 'Toggle to include/exclude percentiles for a distribution metric. Defaults to false. Can only be applied to metrics that have a `metric_type` of `distribution`.' example: true type: boolean metric_type: $ref: '#/components/schemas/MetricTagConfigurationMetricTypes' tags: default: [] description: A list of tag keys that will be queryable for your metric. example: - app - datacenter items: description: Tag keys to group by. type: string type: array required: - tags - metric_type type: object MetricTagConfigurationCreateData: description: Object for a single metric to be configure tags on. example: attributes: include_percentiles: false metric_type: distribution tags: - app - datacenter id: http.endpoint.request type: manage_tags properties: attributes: $ref: '#/components/schemas/MetricTagConfigurationCreateAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricTagConfigurationType' required: - id - type type: object MetricTagConfigurationCreateRequest: description: Request object that includes the metric that you would like to configure tags for. properties: data: $ref: '#/components/schemas/MetricTagConfigurationCreateData' required: - data type: object MetricTagConfigurationMetricTypes: default: gauge description: The metric's type. enum: - gauge - count - rate - distribution example: count type: string x-enum-varnames: - GAUGE - COUNT - RATE - DISTRIBUTION MetricTagConfigurationResponse: description: Response object which includes a single metric's tag configuration. properties: data: $ref: '#/components/schemas/MetricTagConfiguration' readOnly: true type: object MetricTagConfigurationType: default: manage_tags description: The metric tag configuration resource type. enum: - manage_tags example: manage_tags type: string x-enum-varnames: - MANAGE_TAGS MetricTagConfigurationUpdateAttributes: description: Object containing the definition of a metric tag configuration to be updated. properties: aggregations: $ref: '#/components/schemas/MetricCustomAggregations' include_percentiles: description: 'Toggle to include/exclude percentiles for a distribution metric. Defaults to false. Can only be applied to metrics that have a `metric_type` of `distribution`.' example: true type: boolean tags: default: [] description: A list of tag keys that will be queryable for your metric. example: - app - datacenter items: description: Tag keys to group by. type: string type: array type: object MetricTagConfigurationUpdateData: description: Object for a single tag configuration to be edited. example: attributes: group_by: - app - datacenter include_percentiles: false id: http.endpoint.request type: manage_tags properties: attributes: $ref: '#/components/schemas/MetricTagConfigurationUpdateAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricTagConfigurationType' required: - id - type type: object MetricTagConfigurationUpdateRequest: description: Request object that includes the metric that you would like to edit the tag configuration on. properties: data: $ref: '#/components/schemas/MetricTagConfigurationUpdateData' required: - data type: object MetricType: default: metrics description: The metric resource type. enum: - metrics example: metrics type: string x-enum-varnames: - METRICS MetricVolumes: description: Possible response objects for a metric's volume. oneOf: - $ref: '#/components/schemas/MetricDistinctVolume' - $ref: '#/components/schemas/MetricIngestedIndexedVolume' type: object MetricVolumesResponse: description: Response object which includes a single metric's volume. properties: data: $ref: '#/components/schemas/MetricVolumes' readOnly: true type: object MetricsAndMetricTagConfigurations: description: Object for a metrics and metric tag configurations. oneOf: - $ref: '#/components/schemas/Metric' - $ref: '#/components/schemas/MetricTagConfiguration' type: object MetricsAndMetricTagConfigurationsResponse: description: Response object that includes metrics and metric tag configurations. properties: data: description: Array of metrics and metric tag configurations. items: $ref: '#/components/schemas/MetricsAndMetricTagConfigurations' type: array readOnly: true type: object MonitorType: description: Attributes from the monitor that triggered the event. nullable: true properties: created_at: description: The POSIX timestamp of the monitor's creation in nanoseconds. example: 1646318692000 type: integer group_status: description: Monitor group status used when there is no `result_groups`. type: integer groups: description: Groups to which the monitor belongs. items: description: A group. type: string type: array id: description: The monitor ID. type: integer message: description: The monitor message. type: string modified: description: The monitor's last-modified timestamp. type: integer name: description: The monitor name. type: string query: description: The query that triggers the alert. type: string tags: description: A list of tags attached to the monitor. example: - environment:test items: description: A tag. type: string type: array templated_name: description: The templated name of the monitor before resolving any template variables. type: string type: description: The monitor type. type: string type: object NullableRelationshipToUser: description: Relationship to user. properties: data: $ref: '#/components/schemas/NullableRelationshipToUserData' required: - data type: object NullableRelationshipToUserData: description: Relationship to user object. nullable: true properties: id: description: A unique identifier that represents the user. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/UsersType' required: - id - type type: object OpsgenieServiceCreateAttributes: description: The Opsgenie service attributes for a create request. properties: custom_url: description: The custom URL for a custom region. example: https://example.com type: string name: description: The name for the Opsgenie service. example: fake-opsgenie-service-name type: string opsgenie_api_key: description: The Opsgenie API key for your Opsgenie service. example: 00000000-0000-0000-0000-000000000000 type: string region: $ref: '#/components/schemas/OpsgenieServiceRegionType' required: - name - opsgenie_api_key - region type: object OpsgenieServiceCreateData: description: Opsgenie service data for a create request. properties: attributes: $ref: '#/components/schemas/OpsgenieServiceCreateAttributes' type: $ref: '#/components/schemas/OpsgenieServiceType' required: - type - attributes type: object OpsgenieServiceCreateRequest: description: Create request for an Opsgenie service. properties: data: $ref: '#/components/schemas/OpsgenieServiceCreateData' required: - data type: object OpsgenieServiceRegionType: description: The region for the Opsgenie service. enum: - us - eu - custom example: us type: string x-enum-varnames: - US - EU - CUSTOM OpsgenieServiceResponse: description: Response of an Opsgenie service. properties: data: $ref: '#/components/schemas/OpsgenieServiceResponseData' required: - data type: object OpsgenieServiceResponseAttributes: description: The attributes from an Opsgenie service response. properties: custom_url: description: The custom URL for a custom region. example: null nullable: true type: string name: description: The name for the Opsgenie service. example: fake-opsgenie-service-name type: string region: $ref: '#/components/schemas/OpsgenieServiceRegionType' type: object OpsgenieServiceResponseData: description: Opsgenie service data from a response. properties: attributes: $ref: '#/components/schemas/OpsgenieServiceResponseAttributes' id: description: The ID of the Opsgenie service. example: 596da4af-0563-4097-90ff-07230c3f9db3 type: string type: $ref: '#/components/schemas/OpsgenieServiceType' required: - id - type - attributes type: object OpsgenieServiceType: default: opsgenie-service description: Opsgenie service resource type. enum: - opsgenie-service example: opsgenie-service type: string x-enum-varnames: - OPSGENIE_SERVICE OpsgenieServiceUpdateAttributes: description: The Opsgenie service attributes for an update request. properties: custom_url: description: The custom URL for a custom region. example: https://example.com nullable: true type: string name: description: The name for the Opsgenie service. example: fake-opsgenie-service-name type: string opsgenie_api_key: description: The Opsgenie API key for your Opsgenie service. example: 00000000-0000-0000-0000-000000000000 type: string region: $ref: '#/components/schemas/OpsgenieServiceRegionType' type: object OpsgenieServiceUpdateData: description: Opsgenie service for an update request. properties: attributes: $ref: '#/components/schemas/OpsgenieServiceUpdateAttributes' id: description: The ID of the Opsgenie service. example: 596da4af-0563-4097-90ff-07230c3f9db3 type: string type: $ref: '#/components/schemas/OpsgenieServiceType' required: - id - type - attributes type: object OpsgenieServiceUpdateRequest: description: Update request for an Opsgenie service. properties: data: $ref: '#/components/schemas/OpsgenieServiceUpdateData' required: - data type: object OpsgenieServicesResponse: description: Response with a list of Opsgenie services. properties: data: description: An array of Opsgenie services. example: - attributes: custom_url: null name: fake-opsgenie-service-name region: us id: 596da4af-0563-4097-90ff-07230c3f9db3 type: opsgenie-service - attributes: custom_url: null name: fake-opsgenie-service-name-2 region: eu id: 0d2937f1-b561-44fa-914a-99910f848014 type: opsgenie-service items: $ref: '#/components/schemas/OpsgenieServiceResponseData' type: array required: - data type: object Organization: description: Organization object. properties: attributes: $ref: '#/components/schemas/OrganizationAttributes' id: description: ID of the organization. type: string type: $ref: '#/components/schemas/OrganizationsType' required: - type type: object OrganizationAttributes: description: Attributes of the organization. properties: created_at: description: Creation time of the organization. format: date-time type: string description: description: Description of the organization. type: string disabled: description: Whether or not the organization is disabled. type: boolean modified_at: description: Time of last organization modification. format: date-time type: string name: description: Name of the organization. type: string public_id: description: Public ID of the organization. type: string sharing: description: Sharing type of the organization. type: string url: description: URL of the site that this organization exists at. type: string type: object OrganizationsType: default: orgs description: Organizations resource type. enum: - orgs example: orgs type: string x-enum-varnames: - ORGS Pagination: description: Pagination object. properties: total_count: description: Total count. format: int64 type: integer total_filtered_count: description: Total count of elements matched by the filter. format: int64 type: integer type: object PartialAPIKey: description: Partial Datadog API key. properties: attributes: $ref: '#/components/schemas/PartialAPIKeyAttributes' id: description: ID of the API key. type: string relationships: $ref: '#/components/schemas/APIKeyRelationships' type: $ref: '#/components/schemas/APIKeysType' type: object PartialAPIKeyAttributes: description: Attributes of a partial API key. properties: created_at: description: Creation date of the API key. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string last4: description: The last four characters of the API key. example: abcd maxLength: 4 minLength: 4 readOnly: true type: string modified_at: description: Date the API key was last modified. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string name: description: Name of the API key. example: API Key for submitting metrics type: string type: object PartialApplicationKey: description: Partial Datadog application key. properties: attributes: $ref: '#/components/schemas/PartialApplicationKeyAttributes' id: description: ID of the application key. type: string relationships: $ref: '#/components/schemas/ApplicationKeyRelationships' type: $ref: '#/components/schemas/ApplicationKeysType' type: object PartialApplicationKeyAttributes: description: Attributes of a partial application key. properties: created_at: description: Creation date of the application key. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string last4: description: The last four characters of the application key. example: abcd maxLength: 4 minLength: 4 readOnly: true type: string name: description: Name of the application key. example: Application Key for managing dashboards type: string scopes: description: Array of scopes to grant the application key. This feature is in private beta, please contact Datadog support to enable scopes for your application keys. example: - dashboards_read - dashboards_write - dashboards_public_share items: description: Name of scope. type: string nullable: true type: array type: object PartialApplicationKeyResponse: description: Response for retrieving a partial application key. properties: data: $ref: '#/components/schemas/PartialApplicationKey' included: description: Array of objects related to the application key. items: $ref: '#/components/schemas/ApplicationKeyResponseIncludedItem' type: array type: object Permission: description: Permission object. properties: attributes: $ref: '#/components/schemas/PermissionAttributes' id: description: ID of the permission. type: string type: $ref: '#/components/schemas/PermissionsType' required: - type type: object PermissionAttributes: description: Attributes of a permission. properties: created: description: Creation time of the permission. format: date-time type: string description: description: Description of the permission. type: string display_name: description: Displayed name for the permission. type: string display_type: description: Display type. type: string group_name: description: Name of the permission group. type: string name: description: Name of the permission. type: string restricted: description: Whether or not the permission is restricted. type: boolean type: object PermissionsResponse: description: Payload with API-returned permissions. properties: data: description: Array of permissions. items: $ref: '#/components/schemas/Permission' type: array type: object PermissionsType: default: permissions description: Permissions resource type. enum: - permissions example: permissions type: string x-enum-varnames: - PERMISSIONS ProcessSummariesMeta: description: Response metadata object. properties: page: $ref: '#/components/schemas/ProcessSummariesMetaPage' type: object ProcessSummariesMetaPage: description: Paging attributes. properties: after: description: 'The cursor used to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`.' example: 911abf1204838d9cdfcb9a96d0b6a1bd03e1b514074f1ce1737c4cbd type: string size: description: Number of results returned. format: int32 maximum: 10000 minimum: 0 type: integer type: object ProcessSummariesResponse: description: List of process summaries. properties: data: description: Array of process summary objects. items: $ref: '#/components/schemas/ProcessSummary' type: array meta: $ref: '#/components/schemas/ProcessSummariesMeta' type: object ProcessSummary: description: Process summary object. properties: attributes: $ref: '#/components/schemas/ProcessSummaryAttributes' id: description: Process ID. type: string type: $ref: '#/components/schemas/ProcessSummaryType' type: object ProcessSummaryAttributes: description: Attributes for a process summary. properties: cmdline: description: Process command line. type: string host: description: Host running the process. type: string pid: description: Process ID. format: int64 type: integer ppid: description: Parent process ID. format: int64 type: integer start: description: Time the process was started. type: string tags: description: List of tags associated with the process. items: description: A tag associated with the process. type: string type: array timestamp: description: Time the process was seen. type: string user: description: Process owner. type: string type: object ProcessSummaryType: default: process description: Type of process summary. enum: - process example: process type: string x-enum-varnames: - PROCESS QuerySortOrder: default: desc description: Direction of sort. enum: - asc - desc type: string x-enum-varnames: - ASC - DESC RUMAggregateBucketValue: description: A bucket value, can be either a timeseries or a single value. oneOf: - $ref: '#/components/schemas/RUMAggregateBucketValueSingleString' - $ref: '#/components/schemas/RUMAggregateBucketValueSingleNumber' - $ref: '#/components/schemas/RUMAggregateBucketValueTimeseries' RUMAggregateBucketValueSingleNumber: description: A single number value. format: double type: number RUMAggregateBucketValueSingleString: description: A single string value. type: string RUMAggregateBucketValueTimeseries: description: A timeseries array. items: $ref: '#/components/schemas/RUMAggregateBucketValueTimeseriesPoint' type: array x-generate-alias-as-model: true RUMAggregateBucketValueTimeseriesPoint: description: A timeseries point. properties: time: description: The time value for this point. example: '2020-06-08T11:55:00.123Z' format: date-time type: string value: description: The value for this point. example: 19 format: double type: number type: object RUMAggregateRequest: description: The object sent with the request to retrieve aggregation buckets of RUM events from your organization. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: '#/components/schemas/RUMCompute' type: array filter: $ref: '#/components/schemas/RUMQueryFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/RUMGroupBy' type: array options: $ref: '#/components/schemas/RUMQueryOptions' page: $ref: '#/components/schemas/RUMQueryPageOptions' type: object RUMAggregateSort: description: A sort rule. example: aggregation: count order: asc properties: aggregation: $ref: '#/components/schemas/RUMAggregationFunction' metric: description: The metric to sort by (only used for `type=measure`). example: '@duration' type: string order: $ref: '#/components/schemas/RUMSortOrder' type: $ref: '#/components/schemas/RUMAggregateSortType' type: object RUMAggregateSortType: default: alphabetical description: The type of sorting algorithm. enum: - alphabetical - measure type: string x-enum-varnames: - ALPHABETICAL - MEASURE RUMAggregationBucketsResponse: description: The query results. properties: buckets: description: The list of matching buckets, one item per bucket. items: $ref: '#/components/schemas/RUMBucketResponse' type: array type: object RUMAggregationFunction: description: An aggregation function. enum: - count - cardinality - pc75 - pc90 - pc95 - pc98 - pc99 - sum - min - max - avg - median example: pc90 type: string x-enum-varnames: - COUNT - CARDINALITY - PERCENTILE_75 - PERCENTILE_90 - PERCENTILE_95 - PERCENTILE_98 - PERCENTILE_99 - SUM - MIN - MAX - AVG - MEDIAN RUMAnalyticsAggregateResponse: description: The response object for the RUM events aggregate API endpoint. properties: data: $ref: '#/components/schemas/RUMAggregationBucketsResponse' links: $ref: '#/components/schemas/RUMResponseLinks' meta: $ref: '#/components/schemas/RUMResponseMetadata' type: object RUMApplication: description: RUM application. properties: attributes: $ref: '#/components/schemas/RUMApplicationAttributes' id: description: RUM application ID. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string type: $ref: '#/components/schemas/RUMApplicationType' required: - attributes - id - type type: object RUMApplicationAttributes: description: RUM application attributes. properties: application_id: description: ID of the RUM application. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string created_at: description: Timestamp in ms of the creation date. example: 1659479836169 format: int64 type: integer created_by_handle: description: Handle of the creator user. example: john.doe type: string hash: description: Client token of the RUM application. example: abcd1234efgh5678ijkl90abcd1234efgh0 type: string name: description: Name of the RUM application. example: my_rum_application type: string org_id: description: Org ID of the RUM application. example: 999 format: int32 type: integer type: description: Type of the RUM application. Supported values are `browser`, `ios`, `android`, `react-native`, `flutter`. example: browser type: string updated_at: description: Timestamp in ms of the last update date. example: 1659479836169 format: int64 type: integer updated_by_handle: description: Handle of the updater user. example: jane.doe type: string required: - application_id - created_at - created_by_handle - name - org_id - type - updated_at - updated_by_handle type: object RUMApplicationCreate: description: RUM application creation. properties: attributes: $ref: '#/components/schemas/RUMApplicationCreateAttributes' type: $ref: '#/components/schemas/RUMApplicationCreateType' required: - attributes - type type: object RUMApplicationCreateAttributes: description: RUM application creation attributes. properties: name: description: Name of the RUM application. example: my_new_rum_application type: string type: description: Type of the RUM application. Supported values are `browser`, `ios`, `android`, `react-native`, `flutter`. example: browser type: string required: - name type: object RUMApplicationCreateRequest: description: RUM application creation request attributes. properties: data: $ref: '#/components/schemas/RUMApplicationCreate' required: - data type: object RUMApplicationCreateType: default: rum_application_create description: RUM application creation type. enum: - rum_application_create example: rum_application_create type: string x-enum-varnames: - RUM_APPLICATION_CREATE RUMApplicationResponse: description: RUM application response. properties: data: $ref: '#/components/schemas/RUMApplication' type: object RUMApplicationType: default: rum_application description: RUM application response type. enum: - rum_application example: rum_application type: string x-enum-varnames: - RUM_APPLICATION RUMApplicationUpdate: description: RUM application update. properties: attributes: $ref: '#/components/schemas/RUMApplicationUpdateAttributes' id: description: RUM application ID. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string type: $ref: '#/components/schemas/RUMApplicationUpdateType' required: - id - type type: object RUMApplicationUpdateAttributes: description: RUM application update attributes. properties: name: description: Name of the RUM application. example: updated_name_for_my_existing_rum_application type: string type: description: Type of the RUM application. Supported values are `browser`, `ios`, `android`, `react-native`, `flutter`. example: browser type: string type: object RUMApplicationUpdateRequest: description: RUM application update request. properties: data: $ref: '#/components/schemas/RUMApplicationUpdate' required: - data type: object RUMApplicationUpdateType: default: rum_application_update description: RUM application update type. enum: - rum_application_update example: rum_application_update type: string x-enum-varnames: - RUM_APPLICATION_UPDATE RUMApplicationsResponse: description: RUM applications response. properties: data: description: RUM applications array response. items: $ref: '#/components/schemas/RUMApplication' type: array type: object RUMBucketResponse: description: Bucket values. properties: by: additionalProperties: description: The values for each group-by. type: string description: The key-value pairs for each group-by. example: '@session.type': user '@type': view type: object computes: additionalProperties: $ref: '#/components/schemas/RUMAggregateBucketValue' description: A map of the metric name to value for regular compute, or a list of values for a timeseries. type: object type: object RUMCompute: description: A compute rule to compute metrics or timeseries. properties: aggregation: $ref: '#/components/schemas/RUMAggregationFunction' interval: description: 'The time buckets'' size (only used for type=timeseries) Defaults to a resolution of 150 points.' example: 5m type: string metric: description: The metric to use. example: '@duration' type: string type: $ref: '#/components/schemas/RUMComputeType' required: - aggregation type: object RUMComputeType: default: total description: The type of compute. enum: - timeseries - total type: string x-enum-varnames: - TIMESERIES - TOTAL RUMEvent: description: Object description of a RUM event after being processed and stored by Datadog. properties: attributes: $ref: '#/components/schemas/RUMEventAttributes' id: description: Unique ID of the event. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/RUMEventType' type: object RUMEventAttributes: description: JSON object containing all event attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from RUM events. example: customAttribute: 123 duration: 2345 type: object service: description: 'The name of the application or service generating RUM events. It is used to switch from RUM to APM, so make sure you define the same value when you use both products.' example: web-app type: string tags: description: Array of tags associated with your event. example: - team:A items: description: Tag associated with your event. type: string type: array timestamp: description: Timestamp of your event. example: '2019-01-02T09:42:36.320Z' format: date-time type: string type: object RUMEventType: default: rum description: Type of the event. enum: - rum example: rum type: string x-enum-varnames: - RUM RUMEventsResponse: description: Response object with all events matching the request and pagination information. properties: data: description: Array of events matching the request. items: $ref: '#/components/schemas/RUMEvent' type: array links: $ref: '#/components/schemas/RUMResponseLinks' meta: $ref: '#/components/schemas/RUMResponseMetadata' type: object RUMGroupBy: description: A group-by rule. properties: facet: description: The name of the facet to use (required). example: '@view.time_spent' type: string histogram: $ref: '#/components/schemas/RUMGroupByHistogram' limit: default: 10 description: The maximum buckets to return for this group-by. format: int64 type: integer missing: $ref: '#/components/schemas/RUMGroupByMissing' sort: $ref: '#/components/schemas/RUMAggregateSort' total: $ref: '#/components/schemas/RUMGroupByTotal' required: - facet type: object RUMGroupByHistogram: description: 'Used to perform a histogram computation (only for measure facets). Note: At most 100 buckets are allowed, the number of buckets is (max - min)/interval.' properties: interval: description: The bin size of the histogram buckets. example: 10 format: double type: number max: description: 'The maximum value for the measure used in the histogram (values greater than this one are filtered out).' example: 100 format: double type: number min: description: 'The minimum value for the measure used in the histogram (values smaller than this one are filtered out).' example: 50 format: double type: number required: - interval - min - max type: object RUMGroupByMissing: description: The value to use for logs that don't have the facet used to group by. oneOf: - $ref: '#/components/schemas/RUMGroupByMissingString' - $ref: '#/components/schemas/RUMGroupByMissingNumber' RUMGroupByMissingNumber: description: The missing value to use if there is a number valued facet. format: double type: number RUMGroupByMissingString: description: The missing value to use if there is string valued facet. type: string RUMGroupByTotal: default: false description: A resulting object to put the given computes in over all the matching records. oneOf: - $ref: '#/components/schemas/RUMGroupByTotalBoolean' - $ref: '#/components/schemas/RUMGroupByTotalString' - $ref: '#/components/schemas/RUMGroupByTotalNumber' RUMGroupByTotalBoolean: description: If set to true, creates an additional bucket labeled "$facet_total". type: boolean RUMGroupByTotalNumber: description: A number to use as the key value for the total bucket. format: double type: number RUMGroupByTotalString: description: A string to use as the key value for the total bucket. type: string RUMQueryFilter: description: The search and filter query settings. properties: from: default: now-15m description: The minimum time for the requested events; supports date, math, and regular timestamps (in milliseconds). example: now-15m type: string query: default: '*' description: The search query following the RUM search syntax. example: '@type:session AND @session.type:user' type: string to: default: now description: The maximum time for the requested events; supports date, math, and regular timestamps (in milliseconds). example: now type: string type: object RUMQueryOptions: description: 'Global query options that are used during the query. Note: Only supply timezone or time offset, not both. Otherwise, the query fails.' properties: time_offset: description: The time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: UTC description: 'The timezone can be specified both as an offset, for example: "UTC+03:00".' example: GMT type: string type: object RUMQueryPageOptions: description: Paging attributes for listing events. properties: cursor: description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: Maximum number of events in the response. example: 25 format: int32 maximum: 1000 type: integer type: object RUMResponseLinks: description: Links attributes. properties: next: description: 'Link for the next set of results. Note that the request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/rum/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object RUMResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: '#/components/schemas/RUMResponsePage' request_id: description: The identifier of the request. example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string status: $ref: '#/components/schemas/RUMResponseStatus' warnings: description: 'A list of warnings (non-fatal errors) encountered. Partial results may return if warnings are present in the response.' items: $ref: '#/components/schemas/RUMWarning' type: array type: object RUMResponsePage: description: Paging attributes. properties: after: description: The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of `page[cursor]`. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object RUMResponseStatus: description: The status of the response. enum: - done - timeout example: done type: string x-enum-varnames: - DONE - TIMEOUT RUMSearchEventsRequest: description: The request for a RUM events list. properties: filter: $ref: '#/components/schemas/RUMQueryFilter' options: $ref: '#/components/schemas/RUMQueryOptions' page: $ref: '#/components/schemas/RUMQueryPageOptions' sort: $ref: '#/components/schemas/RUMSort' type: object RUMSort: description: Sort parameters when querying events. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING RUMSortOrder: description: The order to use, ascending or descending. enum: - asc - desc example: asc type: string x-enum-varnames: - ASCENDING - DESCENDING RUMWarning: description: A warning message indicating something that went wrong with the query. properties: code: description: A unique code for this type of warning. example: unknown_index type: string detail: description: A detailed explanation of this specific warning. example: 'indexes: foo, bar' type: string title: description: A short human-readable summary of the warning. example: One or several indexes are missing or invalid, results hold data from the other indexes type: string type: object RelationshipToIncidentAttachment: description: A relationship reference for attachments. properties: data: description: An array of incident attachments. items: $ref: '#/components/schemas/RelationshipToIncidentAttachmentData' type: array required: - data type: object RelationshipToIncidentAttachmentData: description: The attachment relationship data. properties: id: description: A unique identifier that represents the attachment. example: 00000000-0000-abcd-1000-000000000000 type: string type: $ref: '#/components/schemas/IncidentAttachmentType' required: - id - type type: object RelationshipToIncidentIntegrationMetadataData: description: A relationship reference for an integration metadata object. example: id: 00000000-abcd-0002-0000-000000000000 type: incident_integrations properties: id: description: A unique identifier that represents the integration metadata. example: 00000000-abcd-0001-0000-000000000000 type: string type: $ref: '#/components/schemas/IncidentIntegrationMetadataType' required: - id - type type: object RelationshipToIncidentIntegrationMetadatas: description: A relationship reference for multiple integration metadata objects. example: data: - id: 00000000-abcd-0005-0000-000000000000 type: incident_integrations - id: 00000000-abcd-0006-0000-000000000000 type: incident_integrations properties: data: description: The integration metadata relationship array example: - id: 00000000-abcd-0003-0000-000000000000 type: incident_integrations - id: 00000000-abcd-0004-0000-000000000000 type: incident_integrations items: $ref: '#/components/schemas/RelationshipToIncidentIntegrationMetadataData' type: array required: - data type: object RelationshipToIncidentPostmortem: description: A relationship reference for postmortems. example: data: id: 00000000-0000-abcd-3000-000000000000 type: incident_postmortems properties: data: $ref: '#/components/schemas/RelationshipToIncidentPostmortemData' required: - data type: object RelationshipToIncidentPostmortemData: description: The postmortem relationship data. example: id: 00000000-0000-abcd-2000-000000000000 type: incident_postmortems properties: id: description: A unique identifier that represents the postmortem. example: 00000000-0000-abcd-1000-000000000000 type: string type: $ref: '#/components/schemas/IncidentPostmortemType' required: - id - type type: object RelationshipToOrganization: description: Relationship to an organization. properties: data: $ref: '#/components/schemas/RelationshipToOrganizationData' required: - data type: object RelationshipToOrganizationData: description: Relationship to organization object. properties: id: description: ID of the organization. example: 00000000-0000-beef-0000-000000000000 type: string type: $ref: '#/components/schemas/OrganizationsType' required: - id - type type: object RelationshipToOrganizations: description: Relationship to organizations. properties: data: description: Relationships to organization objects. example: [] items: $ref: '#/components/schemas/RelationshipToOrganizationData' type: array required: - data type: object RelationshipToPermission: description: Relationship to a permissions object. properties: data: $ref: '#/components/schemas/RelationshipToPermissionData' type: object RelationshipToPermissionData: description: Relationship to permission object. properties: id: description: ID of the permission. type: string type: $ref: '#/components/schemas/PermissionsType' type: object RelationshipToPermissions: description: Relationship to multiple permissions objects. properties: data: description: Relationships to permission objects. items: $ref: '#/components/schemas/RelationshipToPermissionData' type: array type: object RelationshipToRole: description: Relationship to role. properties: data: $ref: '#/components/schemas/RelationshipToRoleData' type: object RelationshipToRoleData: description: Relationship to role object. properties: id: description: The unique identifier of the role. example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string type: $ref: '#/components/schemas/RolesType' type: object RelationshipToRoles: description: Relationship to roles. properties: data: description: An array containing type and the unique identifier of a role. items: $ref: '#/components/schemas/RelationshipToRoleData' type: array type: object RelationshipToSAMLAssertionAttribute: description: AuthN Mapping relationship to SAML Assertion Attribute. properties: data: $ref: '#/components/schemas/RelationshipToSAMLAssertionAttributeData' required: - data type: object RelationshipToSAMLAssertionAttributeData: description: Data of AuthN Mapping relationship to SAML Assertion Attribute. properties: id: description: The ID of the SAML assertion attribute. example: '0' type: string type: $ref: '#/components/schemas/SAMLAssertionAttributesType' required: - id - type type: object RelationshipToUser: description: Relationship to user. properties: data: $ref: '#/components/schemas/RelationshipToUserData' required: - data type: object RelationshipToUserData: description: Relationship to user object. properties: id: description: A unique identifier that represents the user. example: 00000000-0000-0000-2345-000000000000 type: string type: $ref: '#/components/schemas/UsersType' required: - id - type type: object RelationshipToUsers: description: Relationship to users. properties: data: description: Relationships to user objects. example: [] items: $ref: '#/components/schemas/RelationshipToUserData' type: array required: - data type: object ResponseMetaAttributes: description: Object describing meta attributes of response. properties: page: $ref: '#/components/schemas/Pagination' type: object Role: description: Role object returned by the API. properties: attributes: $ref: '#/components/schemas/RoleAttributes' id: description: The unique identifier of the role. type: string relationships: $ref: '#/components/schemas/RoleResponseRelationships' type: $ref: '#/components/schemas/RolesType' required: - type type: object RoleAttributes: description: Attributes of the role. properties: created_at: description: Creation time of the role. format: date-time readOnly: true type: string modified_at: description: Time of last role modification. format: date-time readOnly: true type: string name: description: The name of the role. The name is neither unique nor a stable identifier of the role. type: string user_count: description: Number of users with that role. format: int64 readOnly: true type: integer type: object RoleClone: description: Data for the clone role request. properties: attributes: $ref: '#/components/schemas/RoleCloneAttributes' type: $ref: '#/components/schemas/RolesType' required: - type - attributes type: object RoleCloneAttributes: description: Attributes required to create a new role by cloning an existing one. properties: name: description: Name of the new role that is cloned. example: cloned-role type: string required: - name type: object RoleCloneRequest: description: Request to create a role by cloning an existing role. properties: data: $ref: '#/components/schemas/RoleClone' required: - data type: object RoleCreateAttributes: description: Attributes of the created role. properties: created_at: description: Creation time of the role. format: date-time readOnly: true type: string modified_at: description: Time of last role modification. format: date-time readOnly: true type: string name: description: Name of the role. example: developers type: string required: - name type: object RoleCreateData: description: Data related to the creation of a role. properties: attributes: $ref: '#/components/schemas/RoleCreateAttributes' relationships: $ref: '#/components/schemas/RoleRelationships' type: $ref: '#/components/schemas/RolesType' required: - attributes type: object RoleCreateRequest: description: Create a role. properties: data: $ref: '#/components/schemas/RoleCreateData' required: - data type: object RoleCreateResponse: description: Response containing information about a created role. properties: data: $ref: '#/components/schemas/RoleCreateResponseData' type: object RoleCreateResponseData: description: Role object returned by the API. properties: attributes: $ref: '#/components/schemas/RoleCreateAttributes' id: description: The unique identifier of the role. type: string relationships: $ref: '#/components/schemas/RoleResponseRelationships' type: $ref: '#/components/schemas/RolesType' required: - type type: object RoleRelationships: description: Relationships of the role object. properties: permissions: $ref: '#/components/schemas/RelationshipToPermissions' users: $ref: '#/components/schemas/RelationshipToUsers' type: object RoleResponse: description: Response containing information about a single role. properties: data: $ref: '#/components/schemas/Role' type: object RoleResponseRelationships: description: Relationships of the role object returned by the API. properties: permissions: $ref: '#/components/schemas/RelationshipToPermissions' type: object RoleUpdateAttributes: description: Attributes of the role. properties: created_at: description: Creation time of the role. format: date-time readOnly: true type: string modified_at: description: Time of last role modification. format: date-time readOnly: true type: string name: description: Name of the role. type: string type: object RoleUpdateData: description: Data related to the update of a role. properties: attributes: $ref: '#/components/schemas/RoleUpdateAttributes' id: description: The unique identifier of the role. example: 00000000-0000-1111-0000-000000000000 type: string relationships: $ref: '#/components/schemas/RoleRelationships' type: $ref: '#/components/schemas/RolesType' required: - attributes - type - id type: object RoleUpdateRequest: description: Update a role. properties: data: $ref: '#/components/schemas/RoleUpdateData' required: - data type: object RoleUpdateResponse: description: Response containing information about an updated role. properties: data: $ref: '#/components/schemas/RoleUpdateResponseData' type: object RoleUpdateResponseData: description: Role object returned by the API. properties: attributes: $ref: '#/components/schemas/RoleUpdateAttributes' id: description: The unique identifier of the role. type: string relationships: $ref: '#/components/schemas/RoleResponseRelationships' type: $ref: '#/components/schemas/RolesType' required: - type type: object RolesResponse: description: Response containing information about multiple roles. properties: data: description: Array of returned roles. items: $ref: '#/components/schemas/Role' type: array meta: $ref: '#/components/schemas/ResponseMetaAttributes' type: object RolesSort: default: name description: Sorting options for roles. enum: - name - -name - modified_at - -modified_at - user_count - -user_count type: string x-enum-varnames: - NAME_ASCENDING - NAME_DESCENDING - MODIFIED_AT_ASCENDING - MODIFIED_AT_DESCENDING - USER_COUNT_ASCENDING - USER_COUNT_DESCENDING RolesType: default: roles description: Roles type. enum: - roles example: roles type: string x-enum-varnames: - ROLES SAMLAssertionAttribute: description: SAML assertion attribute. properties: attributes: $ref: '#/components/schemas/SAMLAssertionAttributeAttributes' id: description: The ID of the SAML assertion attribute. example: '0' type: string type: $ref: '#/components/schemas/SAMLAssertionAttributesType' required: - id - type type: object SAMLAssertionAttributeAttributes: description: Key/Value pair of attributes used in SAML assertion attributes. properties: attribute_key: description: Key portion of a key/value pair of the attribute sent from the Identity Provider. example: member-of type: string attribute_value: description: Value portion of a key/value pair of the attribute sent from the Identity Provider. example: Development type: string type: object SAMLAssertionAttributesType: default: saml_assertion_attributes description: SAML assertion attributes resource type. enum: - saml_assertion_attributes example: saml_assertion_attributes type: string x-enum-varnames: - SAML_ASSERTION_ATTRIBUTES SecurityFilter: description: The security filter's properties. properties: attributes: $ref: '#/components/schemas/SecurityFilterAttributes' id: $ref: '#/components/schemas/SecurityFilterID' type: $ref: '#/components/schemas/SecurityFilterType' type: object SecurityFilterAttributes: description: The object describing a security filter. properties: exclusion_filters: description: The list of exclusion filters applied in this security filter. items: $ref: '#/components/schemas/SecurityFilterExclusionFilterResponse' type: array filtered_data_type: $ref: '#/components/schemas/SecurityFilterFilteredDataType' is_builtin: description: Whether the security filter is the built-in filter. example: false type: boolean is_enabled: description: Whether the security filter is enabled. example: false type: boolean name: description: The security filter name. example: Custom security filter type: string query: description: The security filter query. Logs accepted by this query will be accepted by this filter. example: service:api type: string version: description: The version of the security filter. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityFilterCreateAttributes: description: Object containing the attributes of the security filter to be created. properties: exclusion_filters: description: Exclusion filters to exclude some logs from the security filter. example: - name: Exclude staging query: source:staging items: $ref: '#/components/schemas/SecurityFilterExclusionFilter' type: array filtered_data_type: $ref: '#/components/schemas/SecurityFilterFilteredDataType' is_enabled: description: Whether the security filter is enabled. example: true type: boolean name: description: The name of the security filter. example: Custom security filter type: string query: description: The query of the security filter. example: service:api type: string required: - name - query - exclusion_filters - filtered_data_type - is_enabled type: object SecurityFilterCreateData: description: Object for a single security filter. properties: attributes: $ref: '#/components/schemas/SecurityFilterCreateAttributes' type: $ref: '#/components/schemas/SecurityFilterType' required: - type - attributes type: object SecurityFilterCreateRequest: description: Request object that includes the security filter that you would like to create. properties: data: $ref: '#/components/schemas/SecurityFilterCreateData' required: - data type: object SecurityFilterExclusionFilter: description: Exclusion filter for the security filter. example: name: Exclude staging query: source:staging properties: name: description: Exclusion filter name. example: Exclude staging type: string query: description: Exclusion filter query. Logs that match this query are excluded from the security filter. example: source:staging type: string required: - name - query type: object SecurityFilterExclusionFilterResponse: description: A single exclusion filter. properties: name: description: The exclusion filter name. example: Exclude staging type: string query: description: The exclusion filter query. example: source:staging type: string type: object SecurityFilterFilteredDataType: description: The filtered data type. enum: - logs example: logs type: string x-enum-varnames: - LOGS SecurityFilterID: description: The ID of the security filter. example: 3dd-0uc-h1s type: string SecurityFilterMeta: description: Optional metadata associated to the response. properties: warning: description: A warning message. example: All the security filters are disabled. As a result, no logs are being analyzed. type: string type: object SecurityFilterResponse: description: Response object which includes a single security filter. properties: data: $ref: '#/components/schemas/SecurityFilter' meta: $ref: '#/components/schemas/SecurityFilterMeta' type: object SecurityFilterType: default: security_filters description: The type of the resource. The value should always be `security_filters`. enum: - security_filters example: security_filters type: string x-enum-varnames: - SECURITY_FILTERS SecurityFilterUpdateAttributes: description: The security filters properties to be updated. properties: exclusion_filters: description: Exclusion filters to exclude some logs from the security filter. example: [] items: $ref: '#/components/schemas/SecurityFilterExclusionFilter' type: array filtered_data_type: $ref: '#/components/schemas/SecurityFilterFilteredDataType' is_enabled: description: Whether the security filter is enabled. example: true type: boolean name: description: The name of the security filter. example: Custom security filter type: string query: description: The query of the security filter. example: service:api type: string version: description: The version of the security filter to update. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityFilterUpdateData: description: The new security filter properties. properties: attributes: $ref: '#/components/schemas/SecurityFilterUpdateAttributes' type: $ref: '#/components/schemas/SecurityFilterType' required: - type - attributes type: object SecurityFilterUpdateRequest: description: The new security filter body. properties: data: $ref: '#/components/schemas/SecurityFilterUpdateData' required: - data type: object SecurityFiltersResponse: description: All the available security filters objects. properties: data: description: A list of security filters objects. items: $ref: '#/components/schemas/SecurityFilter' type: array meta: $ref: '#/components/schemas/SecurityFilterMeta' type: object SecurityMonitoringFilter: description: The rule's suppression filter. properties: action: $ref: '#/components/schemas/SecurityMonitoringFilterAction' query: description: Query for selecting logs to apply the filtering action. type: string type: object SecurityMonitoringFilterAction: description: The type of filtering action. enum: - require - suppress type: string x-enum-varnames: - REQUIRE - SUPPRESS SecurityMonitoringListRulesResponse: description: List of rules. properties: data: description: Array containing the list of rules. items: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' type: array meta: $ref: '#/components/schemas/ResponseMetaAttributes' type: object SecurityMonitoringRuleCase: description: Case when signal is generated. properties: condition: description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated based on the event counts in the previously defined queries.' type: string name: description: Name of the case. type: string notifications: description: Notification targets for each rule case. items: description: Notification. type: string type: array status: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' type: object SecurityMonitoringRuleCaseCreate: description: Case when signal is generated. properties: condition: description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated based on the event counts in the previously defined queries.' type: string name: description: Name of the case. type: string notifications: description: Notification targets for each rule case. items: description: Notification. type: string type: array status: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' required: - status type: object SecurityMonitoringRuleCreatePayload: description: Create a new rule. oneOf: - $ref: '#/components/schemas/SecurityMonitoringStandardRuleCreatePayload' - $ref: '#/components/schemas/SecurityMonitoringSignalRuleCreatePayload' type: object SecurityMonitoringRuleDecreaseCriticalityBasedOnEnv: description: 'If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce signal noise. The severity is decreased by one level: `CRITICAL` in production becomes `HIGH` in non-production, `HIGH` becomes `MEDIUM` and so on. `INFO` remains `INFO`. The decrement is applied when the environment tag of the signal starts with `staging`, `test` or `dev`.' example: false type: boolean SecurityMonitoringRuleDetectionMethod: description: The detection method. enum: - threshold - new_value - anomaly_detection - impossible_travel - hardcoded type: string x-enum-varnames: - THRESHOLD - NEW_VALUE - ANOMALY_DETECTION - IMPOSSIBLE_TRAVEL - HARDCODED SecurityMonitoringRuleEvaluationWindow: description: 'A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time.' enum: - 0 - 60 - 300 - 600 - 900 - 1800 - 3600 - 7200 format: int32 type: integer x-enum-varnames: - ZERO_MINUTES - ONE_MINUTE - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - TWO_HOURS SecurityMonitoringRuleHardcodedEvaluatorType: description: Hardcoded evaluator type. enum: - log4shell type: string x-enum-varnames: - LOG4SHELL SecurityMonitoringRuleImpossibleTravelOptions: description: Options on impossible travel rules. properties: baselineUserLocations: $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptionsBaselineUserLocations' type: object SecurityMonitoringRuleImpossibleTravelOptionsBaselineUserLocations: description: 'If true, signals are suppressed for the first 24 hours. In that time, Datadog learns the user''s regular access locations. This can be helpful to reduce noise and infer VPN usage or credentialed API access.' example: true type: boolean SecurityMonitoringRuleKeepAlive: description: "Once a signal is generated, the signal will remain \u201Copen\u201D if a case is matched at least once within\nthis keep alive window." enum: - 0 - 60 - 300 - 600 - 900 - 1800 - 3600 - 7200 - 10800 - 21600 format: int32 type: integer x-enum-varnames: - ZERO_MINUTES - ONE_MINUTE - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - TWO_HOURS - THREE_HOURS - SIX_HOURS SecurityMonitoringRuleMaxSignalDuration: description: "A signal will \u201Cclose\u201D regardless of the query being matched once the time exceeds the maximum duration.\nThis time is calculated from the first seen timestamp." enum: - 0 - 60 - 300 - 600 - 900 - 1800 - 3600 - 7200 - 10800 - 21600 - 43200 - 86400 format: int32 type: integer x-enum-varnames: - ZERO_MINUTES - ONE_MINUTE - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - TWO_HOURS - THREE_HOURS - SIX_HOURS - TWELVE_HOURS - ONE_DAY SecurityMonitoringRuleNewValueOptions: description: Options on new value rules. properties: forgetAfter: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsForgetAfter' learningDuration: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningDuration' learningMethod: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningMethod' learningThreshold: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningThreshold' type: object SecurityMonitoringRuleNewValueOptionsForgetAfter: description: The duration in days after which a learned value is forgotten. enum: - 1 - 2 - 7 - 14 - 21 - 28 format: int32 type: integer x-enum-varnames: - ONE_DAY - TWO_DAYS - ONE_WEEK - TWO_WEEKS - THREE_WEEKS - FOUR_WEEKS SecurityMonitoringRuleNewValueOptionsLearningDuration: default: 0 description: 'The duration in days during which values are learned, and after which signals will be generated for values that weren''t learned. If set to 0, a signal will be generated for all new values after the first value is learned.' enum: - 0 - 1 - 7 format: int32 type: integer x-enum-varnames: - ZERO_DAYS - ONE_DAY - SEVEN_DAYS SecurityMonitoringRuleNewValueOptionsLearningMethod: default: duration description: The learning method used to determine when signals should be generated for values that weren't learned. enum: - duration - threshold type: string x-enum-varnames: - DURATION - THRESHOLD SecurityMonitoringRuleNewValueOptionsLearningThreshold: default: 0 description: A number of occurrences after which signals will be generated for values that weren't learned. enum: - 0 - 1 format: int32 type: integer x-enum-varnames: - ZERO_OCCURRENCES - ONE_OCCURRENCE SecurityMonitoringRuleOptions: description: Options on rules. properties: decreaseCriticalityBasedOnEnv: $ref: '#/components/schemas/SecurityMonitoringRuleDecreaseCriticalityBasedOnEnv' detectionMethod: $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod' evaluationWindow: $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow' hardcodedEvaluatorType: $ref: '#/components/schemas/SecurityMonitoringRuleHardcodedEvaluatorType' impossibleTravelOptions: $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions' keepAlive: $ref: '#/components/schemas/SecurityMonitoringRuleKeepAlive' maxSignalDuration: $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration' newValueOptions: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions' type: object SecurityMonitoringRuleQuery: description: Query for matching rule. oneOf: - $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' - $ref: '#/components/schemas/SecurityMonitoringSignalRuleQuery' type: object SecurityMonitoringRuleQueryAggregation: description: The aggregation type. enum: - count - cardinality - sum - max - new_value - geo_data - event_count type: string x-enum-varnames: - COUNT - CARDINALITY - SUM - MAX - NEW_VALUE - GEO_DATA - EVENT_COUNT SecurityMonitoringRuleResponse: description: Create a new rule. oneOf: - $ref: '#/components/schemas/SecurityMonitoringStandardRuleResponse' - $ref: '#/components/schemas/SecurityMonitoringSignalRuleResponse' type: object SecurityMonitoringRuleSeverity: description: Severity of the Security Signal. enum: - info - low - medium - high - critical example: critical type: string x-enum-varnames: - INFO - LOW - MEDIUM - HIGH - CRITICAL SecurityMonitoringRuleTypeCreate: description: The rule type. enum: - log_detection - workload_security type: string x-enum-varnames: - LOG_DETECTION - WORKLOAD_SECURITY SecurityMonitoringRuleTypeRead: description: The rule type. enum: - log_detection - infrastructure_configuration - workload_security - cloud_configuration type: string x-enum-varnames: - LOG_DETECTION - INFRASTRUCTURE_CONFIGURATION - WORKLOAD_SECURITY - CLOUD_CONFIGURATION SecurityMonitoringRuleUpdatePayload: description: Update an existing rule. properties: cases: description: Cases for generating signals. items: $ref: '#/components/schemas/SecurityMonitoringRuleCase' type: array filters: description: Additional queries to filter matched events before they are processed. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. type: boolean message: description: Message for generated signals. type: string name: description: Name of the rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. items: $ref: '#/components/schemas/SecurityMonitoringRuleQuery' type: array tags: description: Tags for generated signals. items: description: Tag. type: string type: array version: description: The version of the rule being updated. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityMonitoringSignal: description: Object description of a security signal. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSignalAttributes' id: description: The unique ID of the security signal. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/SecurityMonitoringSignalType' type: object SecurityMonitoringSignalArchiveComment: description: Optional comment to display on archived signals. type: string SecurityMonitoringSignalArchiveReason: description: Reason a signal is archived. enum: - none - false_positive - testing_or_maintenance - other type: string x-enum-varnames: - NONE - FALSE_POSITIVE - TESTING_OR_MAINTENANCE - OTHER SecurityMonitoringSignalAssigneeUpdateAttributes: description: Attributes describing the new assignee of a security signal. properties: assignee: $ref: '#/components/schemas/SecurityMonitoringTriageUser' version: $ref: '#/components/schemas/SecurityMonitoringSignalVersion' required: - assignee type: object SecurityMonitoringSignalAssigneeUpdateData: description: Data containing the patch for changing the assignee of a signal. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSignalAssigneeUpdateAttributes' required: - attributes type: object SecurityMonitoringSignalAssigneeUpdateRequest: description: Request body for changing the assignee of a given security monitoring signal. properties: data: $ref: '#/components/schemas/SecurityMonitoringSignalAssigneeUpdateData' required: - data type: object SecurityMonitoringSignalAttributes: description: 'The object containing all signal attributes and their associated values.' properties: attributes: additionalProperties: {} description: A JSON object of attributes in the security signal. example: workflow: first_seen: '2020-06-23T14:46:01.000Z' last_seen: '2020-06-23T14:46:49.000Z' rule: id: 0f5-e0c-805 name: 'Brute Force Attack Grouped By User ' version: 12 type: object message: description: The message in the security signal defined by the rule that generated the signal. example: Detect Account Take Over (ATO) through brute force attempts type: string tags: description: An array of tags associated with the security signal. example: - security:attack - technique:T1110-brute-force items: description: The tag associated with the security signal. type: string type: array timestamp: description: The timestamp of the security signal. example: '2019-01-02T09:42:36.320Z' format: date-time type: string type: object SecurityMonitoringSignalIncidentIds: description: Array of incidents that are associated with this signal. items: description: Public ID attribute of the incident that is associated with the signal. example: 2066 format: int64 type: integer type: array SecurityMonitoringSignalIncidentsUpdateAttributes: description: Attributes describing the new list of related signals for a security signal. properties: incident_ids: $ref: '#/components/schemas/SecurityMonitoringSignalIncidentIds' version: $ref: '#/components/schemas/SecurityMonitoringSignalVersion' required: - incident_ids type: object SecurityMonitoringSignalIncidentsUpdateData: description: Data containing the patch for changing the related incidents of a signal. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSignalIncidentsUpdateAttributes' required: - attributes type: object SecurityMonitoringSignalIncidentsUpdateRequest: description: Request body for changing the related incidents of a given security monitoring signal. properties: data: $ref: '#/components/schemas/SecurityMonitoringSignalIncidentsUpdateData' required: - data type: object SecurityMonitoringSignalListRequest: description: The request for a security signal list. properties: filter: $ref: '#/components/schemas/SecurityMonitoringSignalListRequestFilter' page: $ref: '#/components/schemas/SecurityMonitoringSignalListRequestPage' sort: $ref: '#/components/schemas/SecurityMonitoringSignalsSort' type: object SecurityMonitoringSignalListRequestFilter: description: Search filters for listing security signals. properties: from: description: The minimum timestamp for requested security signals. example: '2019-01-02T09:42:36.320Z' format: date-time type: string query: description: Search query for listing security signals. example: security:attack status:high type: string to: description: The maximum timestamp for requested security signals. example: '2019-01-03T09:42:36.320Z' format: date-time type: string type: object SecurityMonitoringSignalListRequestPage: description: The paging attributes for listing security signals. properties: cursor: description: A list of results using the cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: The maximum number of security signals in the response. example: 25 format: int32 maximum: 1000 type: integer type: object SecurityMonitoringSignalRuleCreatePayload: description: Create a new signal correlation rule. properties: cases: description: Cases for generating signals. example: [] items: $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate' type: array filters: description: Additional queries to filter matched events before they are processed. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: '' type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting signals which are part of the rule. example: [] items: $ref: '#/components/schemas/SecurityMonitoringSignalRuleQuery' type: array tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array type: $ref: '#/components/schemas/SecurityMonitoringSignalRuleType' required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringSignalRuleQuery: description: Query for matching rule on signals properties: aggregation: $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' correlatedByFields: description: Fields to group by. items: description: Field. type: string type: array correlatedQueryIndex: description: Index of the rule query used to retrieve the correlated field. format: int32 maximum: 9 type: integer metrics: description: Group of target fields to aggregate over when using the new value aggregations. items: description: Field. type: string type: array name: description: Name of the query. type: string ruleId: description: Rule ID to match on signals. example: d3f-ru1-e1d type: string required: - ruleId type: object SecurityMonitoringSignalRuleResponse: description: Rule. properties: cases: description: Cases for generating signals. items: $ref: '#/components/schemas/SecurityMonitoringRuleCase' type: array createdAt: description: When the rule was created, timestamp in milliseconds. format: int64 type: integer creationAuthorId: description: User ID of the user who created the rule. format: int64 type: integer filters: description: Additional queries to filter matched events before they are processed. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. type: boolean id: description: The ID of the rule. type: string isDefault: description: Whether the rule is included by default. type: boolean isDeleted: description: Whether the rule has been deleted. type: boolean isEnabled: description: Whether the rule is enabled. type: boolean message: description: Message for generated signals. type: string name: description: The name of the rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. items: $ref: '#/components/schemas/SecurityMonitoringSignalRuleQuery' type: array tags: description: Tags for generated signals. items: description: Tag. type: string type: array type: $ref: '#/components/schemas/SecurityMonitoringSignalRuleType' updateAuthorId: description: User ID of the user who updated the rule. format: int64 type: integer version: description: The version of the rule. format: int64 type: integer SecurityMonitoringSignalRuleType: description: The rule type. enum: - signal_correlation type: string x-enum-varnames: - SIGNAL_CORRELATION SecurityMonitoringSignalState: description: The new triage state of the signal. enum: - open - archived - under_review type: string x-enum-varnames: - OPEN - ARCHIVED - UNDER_REVIEW SecurityMonitoringSignalStateUpdateAttributes: description: Attributes describing the change of state of a security signal. properties: archive_comment: $ref: '#/components/schemas/SecurityMonitoringSignalArchiveComment' archive_reason: $ref: '#/components/schemas/SecurityMonitoringSignalArchiveReason' state: $ref: '#/components/schemas/SecurityMonitoringSignalState' version: $ref: '#/components/schemas/SecurityMonitoringSignalVersion' required: - state type: object SecurityMonitoringSignalStateUpdateData: description: Data containing the patch for changing the state of a signal. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSignalStateUpdateAttributes' required: - attributes type: object SecurityMonitoringSignalStateUpdateRequest: description: Request body for changing the state of a given security monitoring signal. properties: data: $ref: '#/components/schemas/SecurityMonitoringSignalStateUpdateData' required: - data type: object SecurityMonitoringSignalTriageAttributes: description: Attributes describing a triage state update operation over a security signal. properties: archive_comment: $ref: '#/components/schemas/SecurityMonitoringSignalArchiveComment' archive_comment_timestamp: description: Timestamp of the last edit to the comment. format: int64 minimum: 0 type: integer archive_comment_user: $ref: '#/components/schemas/SecurityMonitoringTriageUser' archive_reason: $ref: '#/components/schemas/SecurityMonitoringSignalArchiveReason' assignee: $ref: '#/components/schemas/SecurityMonitoringTriageUser' incident_ids: $ref: '#/components/schemas/SecurityMonitoringSignalIncidentIds' state: $ref: '#/components/schemas/SecurityMonitoringSignalState' state_update_timestamp: description: Timestamp of the last update to the signal state. format: int64 minimum: 0 type: integer state_update_user: $ref: '#/components/schemas/SecurityMonitoringTriageUser' required: - assignee - state - incident_ids type: object SecurityMonitoringSignalTriageUpdateData: description: Data containing the updated triage attributes of the signal. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSignalTriageAttributes' type: object SecurityMonitoringSignalTriageUpdateResponse: description: The response returned after all triage operations, containing the updated signal triage data. properties: data: $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateData' required: - data type: object SecurityMonitoringSignalType: default: signal description: The type of event. enum: - signal example: signal type: string x-enum-varnames: - SIGNAL SecurityMonitoringSignalVersion: description: Version of the updated signal. If server side version is higher, update will be rejected. format: int64 type: integer SecurityMonitoringSignalsListResponse: description: 'The response object with all security signals matching the request and pagination information.' properties: data: description: An array of security signals matching the request. items: $ref: '#/components/schemas/SecurityMonitoringSignal' type: array links: $ref: '#/components/schemas/SecurityMonitoringSignalsListResponseLinks' meta: $ref: '#/components/schemas/SecurityMonitoringSignalsListResponseMeta' type: object SecurityMonitoringSignalsListResponseLinks: description: Links attributes. properties: next: description: 'The link for the next set of results. **Note**: The request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/security_monitoring/signals?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object SecurityMonitoringSignalsListResponseMeta: description: Meta attributes. properties: page: $ref: '#/components/schemas/SecurityMonitoringSignalsListResponseMetaPage' type: object SecurityMonitoringSignalsListResponseMetaPage: description: Paging attributes. properties: after: description: 'The cursor used to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`.' example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object SecurityMonitoringSignalsSort: description: The sort parameters used for querying security signals. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING SecurityMonitoringStandardRuleCreatePayload: description: Create a new rule. properties: cases: description: Cases for generating signals. example: [] items: $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate' type: array filters: description: Additional queries to filter matched events before they are processed. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: '' type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. example: [] items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array type: $ref: '#/components/schemas/SecurityMonitoringRuleTypeCreate' required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringStandardRuleQuery: description: Query for matching rule. properties: aggregation: $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' distinctFields: description: Field for which the cardinality is measured. Sent as an array. items: description: Field. type: string type: array groupByFields: description: Fields to group by. items: description: Field. type: string type: array metric: description: 'The target field to aggregate over when using the sum or max aggregations.' type: string metrics: description: Group of target fields to aggregate over when using the new value aggregations. items: description: Field. type: string type: array name: description: Name of the query. type: string query: description: Query to run on logs. example: a > 3 type: string required: - query type: object SecurityMonitoringStandardRuleResponse: description: Rule. properties: cases: description: Cases for generating signals. items: $ref: '#/components/schemas/SecurityMonitoringRuleCase' type: array createdAt: description: When the rule was created, timestamp in milliseconds. format: int64 type: integer creationAuthorId: description: User ID of the user who created the rule. format: int64 type: integer filters: description: Additional queries to filter matched events before they are processed. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. type: boolean id: description: The ID of the rule. type: string isDefault: description: Whether the rule is included by default. type: boolean isDeleted: description: Whether the rule has been deleted. type: boolean isEnabled: description: Whether the rule is enabled. type: boolean message: description: Message for generated signals. type: string name: description: The name of the rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array tags: description: Tags for generated signals. items: description: Tag. type: string type: array type: $ref: '#/components/schemas/SecurityMonitoringRuleTypeRead' updateAuthorId: description: User ID of the user who updated the rule. format: int64 type: integer version: description: The version of the rule. format: int64 type: integer SecurityMonitoringTriageUser: description: Object representing a given user entity. properties: handle: description: The handle for this user account. type: string id: description: Numerical ID assigned by Datadog to this user account. format: int64 type: integer name: description: The name for this user account. type: string uuid: description: UUID assigned by Datadog to this user account. example: 773b045d-ccf8-4808-bd3b-955ef6a8c940 type: string required: - uuid type: object ServiceAccountCreateAttributes: description: Attributes of the created user. properties: email: description: The email of the user. example: jane.doe@example.com type: string name: description: The name of the user. type: string service_account: description: Whether the user is a service account. Must be true. example: true type: boolean title: description: The title of the user. type: string required: - email - service_account type: object ServiceAccountCreateData: description: Object to create a service account User. properties: attributes: $ref: '#/components/schemas/ServiceAccountCreateAttributes' relationships: $ref: '#/components/schemas/UserRelationships' type: $ref: '#/components/schemas/UsersType' required: - attributes - type type: object ServiceAccountCreateRequest: description: Create a service account. properties: data: $ref: '#/components/schemas/ServiceAccountCreateData' required: - data type: object UsageApplicationSecurityMonitoringResponse: description: Application Security Monitoring usage response. properties: data: description: Response containing Application Security Monitoring usage. items: $ref: '#/components/schemas/UsageDataObject' type: array type: object UsageAttributesObject: description: Usage attributes data. properties: org_name: description: The organization name. type: string product_family: description: The product for which usage is being reported. type: string public_id: description: The organization public ID. type: string timeseries: description: List of usage data reported for each requested hour. items: $ref: '#/components/schemas/UsageTimeSeriesObject' type: array usage_type: $ref: '#/components/schemas/HourlyUsageType' type: object UsageDataObject: description: Usage data. properties: attributes: $ref: '#/components/schemas/UsageAttributesObject' id: description: Unique ID of the response. type: string type: $ref: '#/components/schemas/UsageTimeSeriesType' type: object UsageLambdaTracedInvocationsResponse: description: Lambda Traced Invocations usage response. properties: data: description: Response containing Lambda Traced Invocations usage. items: $ref: '#/components/schemas/UsageDataObject' type: array type: object UsageObservabilityPipelinesResponse: description: Observability Pipelines usage response. properties: data: description: Response containing Observability Pipelines usage. items: $ref: '#/components/schemas/UsageDataObject' type: array type: object UsageTimeSeriesObject: description: Usage timeseries data. properties: timestamp: description: Datetime in ISO-8601 format, UTC. The hour for the usage. format: date-time type: string value: description: Contains the number measured for the given usage_type during the hour. format: int64 nullable: true type: integer type: object UsageTimeSeriesType: default: usage_timeseries description: Type of usage data. enum: - usage_timeseries example: usage_timeseries type: string x-enum-varnames: - USAGE_TIMESERIES User: description: User object returned by the API. properties: attributes: $ref: '#/components/schemas/UserAttributes' id: description: ID of the user. type: string relationships: $ref: '#/components/schemas/UserResponseRelationships' type: $ref: '#/components/schemas/UsersType' type: object UserAttributes: description: Attributes of user object returned by the API. properties: created_at: description: Creation time of the user. format: date-time type: string disabled: description: Whether the user is disabled. type: boolean email: description: Email of the user. type: string handle: description: Handle of the user. type: string icon: description: URL of the user's icon. type: string modified_at: description: Time that the user was last modified. format: date-time type: string name: description: Name of the user. nullable: true type: string service_account: description: Whether the user is a service account. type: boolean status: description: Status of the user. type: string title: description: Title of the user. nullable: true type: string verified: description: Whether the user is verified. type: boolean type: object UserCreateAttributes: description: Attributes of the created user. properties: email: description: The email of the user. example: jane.doe@example.com type: string name: description: The name of the user. type: string title: description: The title of the user. type: string required: - email type: object UserCreateData: description: Object to create a user. properties: attributes: $ref: '#/components/schemas/UserCreateAttributes' relationships: $ref: '#/components/schemas/UserRelationships' type: $ref: '#/components/schemas/UsersType' required: - attributes - type type: object UserCreateRequest: description: Create a user. properties: data: $ref: '#/components/schemas/UserCreateData' required: - data type: object UserInvitationData: description: Object to create a user invitation. properties: relationships: $ref: '#/components/schemas/UserInvitationRelationships' type: $ref: '#/components/schemas/UserInvitationsType' required: - type - relationships type: object UserInvitationDataAttributes: description: Attributes of a user invitation. properties: created_at: description: Creation time of the user invitation. format: date-time type: string expires_at: description: Time of invitation expiration. format: date-time type: string invite_type: description: Type of invitation. type: string uuid: description: UUID of the user invitation. type: string type: object UserInvitationRelationships: description: Relationships data for user invitation. properties: user: $ref: '#/components/schemas/RelationshipToUser' required: - user type: object UserInvitationResponse: description: User invitation as returned by the API. properties: data: $ref: '#/components/schemas/UserInvitationResponseData' type: object UserInvitationResponseData: description: Object of a user invitation returned by the API. properties: attributes: $ref: '#/components/schemas/UserInvitationDataAttributes' id: description: ID of the user invitation. type: string type: $ref: '#/components/schemas/UserInvitationsType' type: object UserInvitationsRequest: description: Object to invite users to join the organization. properties: data: description: List of user invitations. example: [] items: $ref: '#/components/schemas/UserInvitationData' type: array required: - data type: object UserInvitationsResponse: description: User invitations as returned by the API. properties: data: description: Array of user invitations. items: $ref: '#/components/schemas/UserInvitationResponseData' type: array type: object UserInvitationsType: default: user_invitations description: User invitations type. enum: - user_invitations example: user_invitations type: string x-enum-varnames: - USER_INVITATIONS UserRelationships: description: Relationships of the user object. properties: roles: $ref: '#/components/schemas/RelationshipToRoles' type: object UserResponse: description: Response containing information about a single user. properties: data: $ref: '#/components/schemas/User' included: description: Array of objects related to the user. items: $ref: '#/components/schemas/UserResponseIncludedItem' type: array type: object UserResponseIncludedItem: description: An object related to a user. oneOf: - $ref: '#/components/schemas/Organization' - $ref: '#/components/schemas/Permission' - $ref: '#/components/schemas/Role' type: object UserResponseRelationships: description: Relationships of the user object returned by the API. properties: org: $ref: '#/components/schemas/RelationshipToOrganization' other_orgs: $ref: '#/components/schemas/RelationshipToOrganizations' other_users: $ref: '#/components/schemas/RelationshipToUsers' roles: $ref: '#/components/schemas/RelationshipToRoles' type: object UserUpdateAttributes: description: Attributes of the edited user. properties: disabled: description: If the user is enabled or disabled. type: boolean email: description: The email of the user. type: string name: description: The name of the user. type: string type: object UserUpdateData: description: Object to update a user. properties: attributes: $ref: '#/components/schemas/UserUpdateAttributes' id: description: ID of the user. example: 00000000-0000-feed-0000-000000000000 type: string type: $ref: '#/components/schemas/UsersType' required: - attributes - type - id type: object UserUpdateRequest: description: Update a user. properties: data: $ref: '#/components/schemas/UserUpdateData' required: - data type: object UsersResponse: description: Response containing information about multiple users. properties: data: description: Array of returned users. items: $ref: '#/components/schemas/User' type: array included: description: Array of objects related to the users. items: $ref: '#/components/schemas/UserResponseIncludedItem' type: array meta: $ref: '#/components/schemas/ResponseMetaAttributes' readOnly: true type: object UsersType: default: users description: Users resource type. enum: - users example: users type: string x-enum-varnames: - USERS securitySchemes: AuthZ: description: This API uses OAuth 2 with the implicit grant flow. flows: authorizationCode: authorizationUrl: /oauth2/v1/authorize scopes: dashboards_read: View dashboards. dashboards_write: Create and change dashboards. events_read: Read Events data. incident_read: View incidents in Datadog. incident_settings_write: Configure Incidents settings. incident_write: Create, view, and manage incidents in Datadog. metrics_read: View custom metrics. monitors_read: View monitors. security_monitoring_filters_read: Read Security Filters. security_monitoring_filters_write: Create, edit, and delete Security Filters. security_monitoring_rules_read: Read Detection Rules. security_monitoring_rules_write: Create and edit Detection Rules. security_monitoring_signals_read: View Security Signals. usage_read: View your organization's usage and usage attribution. user_access_invite: Invite other users to your organization. user_access_manage: Disable users, manage user roles, manage SAML-to-role mappings, and configure logs restriction queries. tokenUrl: /oauth2/v1/token type: oauth2 apiKeyAuth: description: Your Datadog API Key. in: header name: DD-API-KEY type: apiKey x-env-name: DD_API_KEY appKeyAuth: description: Your Datadog APP Key. in: header name: DD-APPLICATION-KEY type: apiKey x-env-name: DD_APP_KEY info: contact: email: support@datadoghq.com name: Datadog Support url: https://www.datadoghq.com/support/ description: Collection of all Datadog Public endpoints. title: Datadog API V2 Collection version: '1.0' openapi: 3.0.0 paths: /api/v2/api_keys: get: description: List all API keys available for your account. operationId: ListAPIKeys parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/APIKeysSortParameter' - $ref: '#/components/parameters/APIKeyFilterParameter' - $ref: '#/components/parameters/APIKeyFilterCreatedAtStartParameter' - $ref: '#/components/parameters/APIKeyFilterCreatedAtEndParameter' - $ref: '#/components/parameters/APIKeyFilterModifiedAtStartParameter' - $ref: '#/components/parameters/APIKeyFilterModifiedAtEndParameter' - $ref: '#/components/parameters/APIKeyIncludeParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/APIKeysResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all API keys tags: - Key Management post: description: Create an API key. operationId: CreateAPIKey requestBody: content: application/json: schema: $ref: '#/components/schemas/APIKeyCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/APIKeyResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an API key tags: - Key Management x-codegen-request-body-name: body /api/v2/api_keys/{api_key_id}: delete: description: Delete an API key. operationId: DeleteAPIKey parameters: - $ref: '#/components/parameters/APIKeyId' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an API key tags: - Key Management get: description: Get an API key. operationId: GetAPIKey parameters: - $ref: '#/components/parameters/APIKeyId' - $ref: '#/components/parameters/APIKeyIncludeParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/APIKeyResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get API key tags: - Key Management patch: description: Update an API key. operationId: UpdateAPIKey parameters: - $ref: '#/components/parameters/APIKeyId' requestBody: content: application/json: schema: $ref: '#/components/schemas/APIKeyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/APIKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an API key tags: - Key Management x-codegen-request-body-name: body /api/v2/application_keys: get: description: List all application keys available for your org operationId: ListApplicationKeys parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/ApplicationKeysSortParameter' - $ref: '#/components/parameters/ApplicationKeyFilterParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtStartParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtEndParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListApplicationKeysResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all application keys tags: - Key Management /api/v2/application_keys/{app_key_id}: delete: description: Delete an application key operationId: DeleteApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an application key tags: - Key Management x-codegen-request-body-name: body get: description: Get an application key for your org. operationId: GetApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' - $ref: '#/components/parameters/ApplicationKeyIncludeParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get an application key tags: - Key Management patch: description: Edit an application key operationId: UpdateApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an application key tags: - Key Management x-codegen-request-body-name: body /api/v2/audit/events: get: description: 'List endpoint returns events that match a Audit Logs search query. [Results are paginated][1]. Use this endpoint to see your latest Audit Logs events. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination' operationId: ListAuditLogs parameters: - description: Search query following Audit Logs syntax. example: '@type:session @application_id:xxxx' in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events. example: '2019-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested events. example: '2019-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: format: date-time type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: '#/components/schemas/AuditLogsSort' - description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuditLogsEventsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a list of Audit Logs events tags: - Audit x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data /api/v2/audit/events/search: post: description: 'List endpoint returns Audit Logs events that match an Audit search query. [Results are paginated][1]. Use this endpoint to build complex Audit Logs events filtering and search. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination' operationId: SearchAuditLogs requestBody: content: application/json: schema: $ref: '#/components/schemas/AuditLogsSearchEventsRequest' required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuditLogsEventsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Search Audit Logs events tags: - Audit x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data /api/v2/authn_mappings: get: description: List all AuthN Mappings in the org. operationId: ListAuthNMappings parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: Sort AuthN Mappings depending on the given field. in: query name: sort required: false schema: $ref: '#/components/schemas/AuthNMappingsSort' - description: Filter all mappings by the given string. in: query name: filter required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthNMappingsResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List all AuthN Mappings tags: - AuthN Mappings x-permission: OPEN() post: description: Create an AuthN Mapping. operationId: CreateAuthNMapping requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthNMappingCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthNMappingResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Create an AuthN Mapping tags: - AuthN Mappings x-codegen-request-body-name: body x-permission: OR(USER_ACCESS_MANAGE) /api/v2/authn_mappings/{authn_mapping_id}: delete: description: Delete an AuthN Mapping specified by AuthN Mapping UUID. operationId: DeleteAuthNMapping parameters: - $ref: '#/components/parameters/AuthNMappingID' responses: '204': description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Delete an AuthN Mapping tags: - AuthN Mappings x-permission: OR(USER_ACCESS_MANAGE) get: description: Get an AuthN Mapping specified by the AuthN Mapping UUID. operationId: GetAuthNMapping parameters: - $ref: '#/components/parameters/AuthNMappingID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthNMappingResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get an AuthN Mapping by UUID tags: - AuthN Mappings x-permission: OPEN() patch: description: Edit an AuthN Mapping. operationId: UpdateAuthNMapping parameters: - $ref: '#/components/parameters/AuthNMappingID' requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthNMappingUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthNMappingResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '409': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Conflict '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Edit an AuthN Mapping tags: - AuthN Mappings x-codegen-request-body-name: body x-permission: OR(USER_ACCESS_MANAGE) /api/v2/current_user/application_keys: get: description: List all application keys available for current user operationId: ListCurrentUserApplicationKeys parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/ApplicationKeysSortParameter' - $ref: '#/components/parameters/ApplicationKeyFilterParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtStartParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtEndParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListApplicationKeysResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all application keys owned by current user tags: - Key Management post: description: Create an application key for current user operationId: CreateCurrentUserApplicationKey requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an application key for current user tags: - Key Management x-codegen-request-body-name: body /api/v2/current_user/application_keys/{app_key_id}: delete: description: Delete an application key owned by current user operationId: DeleteCurrentUserApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an application key owned by current user tags: - Key Management get: description: Get an application key owned by current user operationId: GetCurrentUserApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get one application key owned by current user tags: - Key Management patch: description: Edit an application key owned by current user operationId: UpdateCurrentUserApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an application key owned by current user tags: - Key Management x-codegen-request-body-name: body /api/v2/dashboard/lists/manual/{dashboard_list_id}/dashboards: delete: description: Delete dashboards from an existing dashboard list. operationId: DeleteDashboardListItems parameters: - description: ID of the dashboard list to delete items from. in: path name: dashboard_list_id required: true schema: format: int64 type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/DashboardListDeleteItemsRequest' description: Dashboards to delete from the dashboard list. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DashboardListDeleteItemsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete items from a dashboard list tags: - Dashboard Lists x-codegen-request-body-name: body get: description: "Fetch the dashboard list\u2019s dashboard definitions." operationId: GetDashboardListItems parameters: - description: ID of the dashboard list to get items from. in: path name: dashboard_list_id required: true schema: format: int64 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/DashboardListItems' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_read summary: Get items of a Dashboard List tags: - Dashboard Lists post: description: Add dashboards to an existing dashboard list. operationId: CreateDashboardListItems parameters: - description: ID of the dashboard list to add items to. in: path name: dashboard_list_id required: true schema: format: int64 type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/DashboardListAddItemsRequest' description: Dashboards to add to the dashboard list. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DashboardListAddItemsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Add Items to a Dashboard List tags: - Dashboard Lists x-codegen-request-body-name: body put: description: Update dashboards of an existing dashboard list. operationId: UpdateDashboardListItems parameters: - description: ID of the dashboard list to update items from. in: path name: dashboard_list_id required: true schema: format: int64 type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/DashboardListUpdateItemsRequest' description: New dashboards of the dashboard list. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DashboardListUpdateItemsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update items of a dashboard list tags: - Dashboard Lists x-codegen-request-body-name: body /api/v2/events: get: description: 'List endpoint returns events that match an events search query. [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to see your latest events.' operationId: ListEvents parameters: - description: Search query following events syntax. in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events. in: query name: filter[from] required: false schema: type: string - description: Maximum timestamp for requested events. in: query name: filter[to] required: false schema: type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: '#/components/schemas/EventsSort' - description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - events_read summary: Get a list of events tags: - Events x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data x-unstable: '**Note**: This endpoint is in private beta. For access, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/events/search: post: description: 'List endpoint returns events that match an events search query. [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to build complex events filtering and search.' operationId: SearchEvents requestBody: content: application/json: schema: $ref: '#/components/schemas/EventsListRequest' required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - events_read summary: Search events tags: - Events x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data x-unstable: '**Note**: This endpoint is in private beta. For access, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents: get: description: Get all incidents for the user's organization. operationId: ListIncidents parameters: - $ref: '#/components/parameters/IncidentIncludeQueryParameter' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageOffset' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of incidents tags: - Incidents x-pagination: limitParam: page[size] pageOffsetParam: page[offset] resultsPath: data x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' post: description: Create an incident. operationId: CreateIncident requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentCreateRequest' description: Incident payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/IncidentResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Create an incident tags: - Incidents x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents/{incident_id}: delete: description: Deletes an existing incident from the users organization. operationId: DeleteIncident parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Delete an existing incident tags: - Incidents x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' get: description: Get the details of an incident by `incident_id`. operationId: GetIncident parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentIncludeQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get the details of an incident tags: - Incidents x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: Updates an incident. Provide only the attributes that should be updated as this request is a partial update. operationId: UpdateIncident parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentIncludeQueryParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentUpdateRequest' description: Incident Payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Update an existing incident tags: - Incidents x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents/{incident_id}/attachments: get: description: Get all attachments for a given incident. operationId: ListIncidentAttachments parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentAttachmentIncludeQueryParameter' - $ref: '#/components/parameters/IncidentAttachmentFilterQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentAttachmentsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of attachments tags: - Incidents x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: The bulk update endpoint for creating, updating, and deleting attachments for a given incident. operationId: UpdateIncidentAttachments parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentAttachmentIncludeQueryParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentAttachmentUpdateRequest' description: Incident Attachment Payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentAttachmentUpdateResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create, update, and delete incident attachments tags: - Incidents x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/integration/opsgenie/services: get: description: Get a list of all services from the Datadog Opsgenie integration. operationId: ListOpsgenieServices responses: '200': content: application/json: schema: $ref: '#/components/schemas/OpsgenieServicesResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all service objects tags: - Opsgenie Integration post: description: Create a new service object in the Opsgenie integration. operationId: CreateOpsgenieService requestBody: content: application/json: schema: $ref: '#/components/schemas/OpsgenieServiceCreateRequest' description: Opsgenie service payload required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/OpsgenieServiceResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a new service object tags: - Opsgenie Integration x-codegen-request-body-name: body /api/v2/integration/opsgenie/services/{integration_service_id}: delete: description: Delete a single service object in the Datadog Opsgenie integration. operationId: DeleteOpsgenieService parameters: - $ref: '#/components/parameters/OpsgenieServiceIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a single service object tags: - Opsgenie Integration get: description: Get a single service from the Datadog Opsgenie integration. operationId: GetOpsgenieService parameters: - $ref: '#/components/parameters/OpsgenieServiceIDPathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/OpsgenieServiceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a single service object tags: - Opsgenie Integration patch: description: Update a single service object in the Datadog Opsgenie integration. operationId: UpdateOpsgenieService parameters: - $ref: '#/components/parameters/OpsgenieServiceIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/OpsgenieServiceUpdateRequest' description: Opsgenie service payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/OpsgenieServiceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a single service object tags: - Opsgenie Integration x-codegen-request-body-name: body /api/v2/logs: post: description: 'Send your logs to your Datadog platform over HTTP. Limits per HTTP request are: - Maximum content size per payload (uncompressed): 5MB - Maximum size for a single log: 1MB - Maximum array size if sending multiple logs in an array: 1000 entries Any log exceeding 1MB is accepted and truncated by Datadog: - For a single log request, the API truncates the log at 1MB and returns a 2xx. - For a multi-logs request, the API processes all logs, truncates only logs larger than 1MB, and returns a 2xx. Datadog recommends sending your logs compressed. Add the `Content-Encoding: gzip` header to the request when sending compressed logs. The status codes answered by the HTTP API are: - 202: Accepted: the request has been accepted for processing - 400: Bad request (likely an issue in the payload formatting) - 401: Unauthorized (likely a missing API Key) - 403: Permission issue (likely using an invalid API Key) - 408: Request Timeout, request should be retried after some time - 413: Payload too large (batch is above 5MB uncompressed) - 429: Too Many Requests, request should be retried after some time - 500: Internal Server Error, the server encountered an unexpected condition that prevented it from fulfilling the request, request should be retried after some time - 503: Service Unavailable, the server is not ready to handle the request probably because it is overloaded, request should be retried after some time' operationId: SubmitLog parameters: - description: HTTP header used to compress the media-type. in: header name: Content-Encoding required: false schema: $ref: '#/components/schemas/ContentEncoding' - description: Log tags can be passed as query parameters with `text/plain` content type. example: env:prod,user:my-user in: query name: ddtags required: false schema: type: string requestBody: content: application/json: examples: multi-json-messages: description: Pass multiple log objects at once. summary: Multi JSON Messages value: - ddsource: nginx ddtags: env:staging,version:5.1 hostname: i-012345678 message: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello service: payment - ddsource: nginx ddtags: env:staging,version:5.1 hostname: i-012345679 message: 2019-11-19T14:37:58,995 INFO [process.name][20081] World service: payment simple-json-message: description: Log attributes can be passed as `key:value` pairs in valid JSON messages. summary: Simple JSON Message value: ddsource: nginx ddtags: env:staging,version:5.1 hostname: i-012345678 message: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World service: payment schema: $ref: '#/components/schemas/HTTPLog' application/logplex-1: examples: multi-raw-message: description: Submit log messages. summary: Multi Logplex Messages value: '2019-11-19T14:37:58,995 INFO [process.name][20081] Hello 2019-11-19T14:37:58,995 INFO [process.name][20081] World' simple-logplex-message: description: Submit log string. summary: Simple Logplex Message value: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World schema: type: string text/plain: examples: multi-raw-message: description: Submit log string. summary: Multi Raw Messages value: '2019-11-19T14:37:58,995 INFO [process.name][20081] Hello 2019-11-19T14:37:58,995 INFO [process.name][20081] World ' simple-raw-message: description: 'Submit log string. Log attributes can be passed as query parameters in the URL. This enables the addition of tags or the source by using the `ddtags` and `ddsource` parameters: `?host=my-hostname&service=my-service&ddsource=my-source&ddtags=env:prod,user:my-user`.' summary: Simple Raw Message value: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World schema: type: string description: Log to send (JSON format). required: true responses: '202': content: application/json: schema: type: object description: Request accepted for processing (always 202 empty JSON). '400': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Bad Request '401': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Unauthorized '403': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Forbidden '408': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Request Timeout '413': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Payload Too Large '429': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Too Many Requests '500': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Internal Server Error '503': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Service Unavailable security: - apiKeyAuth: [] servers: - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: The regional site for customers. enum: - datadoghq.com - us3.datadoghq.com - us5.datadoghq.com - datadoghq.eu - ddog-gov.com subdomain: default: http-intake.logs description: The subdomain where the API is deployed. - url: '{protocol}://{name}' variables: name: default: http-intake.logs.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: http-intake.logs description: The subdomain where the API is deployed. summary: Send logs tags: - Logs x-codegen-request-body-name: body /api/v2/logs/analytics/aggregate: post: description: The API endpoint to aggregate events into buckets and compute metrics and timeseries. operationId: AggregateLogs requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsAggregateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsAggregateResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Aggregate events tags: - Logs x-codegen-request-body-name: body /api/v2/logs/config/archive-order: get: description: 'Get the current order of your archives. This endpoint takes no JSON arguments.' operationId: GetLogsArchiveOrder responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchiveOrder' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get archive order tags: - Logs Archives put: description: 'Update the order of your archives. Since logs are processed sequentially, reordering an archive may change the structure and content of the data processed by other archives. **Note**: Using the `PUT` method updates your archive''s order by replacing the current order with the new one.' operationId: UpdateLogsArchiveOrder requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsArchiveOrder' description: An object containing the new ordered list of archive IDs. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchiveOrder' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update archive order tags: - Logs Archives x-codegen-request-body-name: body /api/v2/logs/config/archives: get: description: Get the list of configured logs archives with their definitions. operationId: ListLogsArchives responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchives' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get all archives tags: - Logs Archives post: description: Create an archive in your organization. operationId: CreateLogsArchive requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsArchiveCreateRequest' description: The definition of the new archive. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchive' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an archive tags: - Logs Archives x-codegen-request-body-name: body /api/v2/logs/config/archives/{archive_id}: delete: description: Delete a given archive from your organization. operationId: DeleteLogsArchive parameters: - $ref: '#/components/parameters/ArchiveID' responses: '204': description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an archive tags: - Logs Archives get: description: Get a specific archive from your organization. operationId: GetLogsArchive parameters: - $ref: '#/components/parameters/ArchiveID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchive' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get an archive tags: - Logs Archives put: description: 'Update a given archive configuration. **Note**: Using this method updates your archive configuration by **replacing** your current configuration with the new one sent to your Datadog organization.' operationId: UpdateLogsArchive parameters: - $ref: '#/components/parameters/ArchiveID' requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsArchiveCreateRequest' description: New definition of the archive. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchive' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update an archive tags: - Logs Archives x-codegen-request-body-name: body /api/v2/logs/config/archives/{archive_id}/readers: delete: description: Removes a role from an archive. ([Roles API](https://docs.datadoghq.com/api/v2/roles/)) operationId: RemoveRoleFromArchive parameters: - $ref: '#/components/parameters/ArchiveID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToRole' required: true responses: '204': description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Revoke role from an archive tags: - Logs Archives x-codegen-request-body-name: body get: description: Returns all read roles a given archive is restricted to. operationId: ListArchiveReadRoles parameters: - $ref: '#/components/parameters/ArchiveID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/RolesResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List read roles for an archive tags: - Logs Archives x-codegen-request-body-name: body post: description: Adds a read role to an archive. ([Roles API](https://docs.datadoghq.com/api/v2/roles/)) operationId: AddReadRoleToArchive parameters: - $ref: '#/components/parameters/ArchiveID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToRole' required: true responses: '204': description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Grant role to an archive tags: - Logs Archives x-codegen-request-body-name: body /api/v2/logs/config/metrics: get: description: Get the list of configured log-based metrics with their definitions. operationId: ListLogsMetrics responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsMetricsResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get all log-based metrics tags: - Logs Metrics post: description: 'Create a metric based on your ingested logs in your organization. Returns the log-based metric object from the request body when the request is successful.' operationId: CreateLogsMetric requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsMetricCreateRequest' description: The definition of the new log-based metric. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsMetricResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a log-based metric tags: - Logs Metrics x-codegen-request-body-name: body /api/v2/logs/config/metrics/{metric_id}: delete: description: Delete a specific log-based metric from your organization. operationId: DeleteLogsMetric parameters: - $ref: '#/components/parameters/MetricID' responses: '200': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a log-based metric tags: - Logs Metrics get: description: Get a specific log-based metric from your organization. operationId: GetLogsMetric parameters: - $ref: '#/components/parameters/MetricID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsMetricResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a log-based metric tags: - Logs Metrics patch: description: 'Update a specific log-based metric from your organization. Returns the log-based metric object from the request body when the request is successful.' operationId: UpdateLogsMetric parameters: - $ref: '#/components/parameters/MetricID' requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsMetricUpdateRequest' description: New definition of the log-based metric. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsMetricResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a log-based metric tags: - Logs Metrics x-codegen-request-body-name: body /api/v2/logs/events: get: description: 'List endpoint returns logs that match a log search query. [Results are paginated][1]. Use this endpoint to see your latest logs. **If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See [Datadog Logs Archive documentation][2].** [1]: /logs/guide/collect-multiple-logs-with-pagination [2]: https://docs.datadoghq.com/logs/archives' operationId: ListLogsGet parameters: - description: Search query following logs syntax. example: '@datacenter:us @role:db' in: query name: filter[query] required: false schema: type: string - description: 'For customers with multiple indexes, the indexes to search Defaults to ''*'' which means all indexes' example: main in: query name: filter[index] required: false schema: type: string - description: Minimum timestamp for requested logs. example: '2019-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested logs. example: '2019-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: format: date-time type: string - description: Order of logs in results. in: query name: sort required: false schema: $ref: '#/components/schemas/LogsSort' - description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: Maximum number of logs in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a list of logs tags: - Logs x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data /api/v2/logs/events/search: post: description: 'List endpoint returns logs that match a log search query. [Results are paginated][1]. Use this endpoint to build complex logs filtering and search. **If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See [Datadog Logs Archive documentation][2].** [1]: /logs/guide/collect-multiple-logs-with-pagination [2]: https://docs.datadoghq.com/logs/archives' operationId: ListLogs requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsListRequest' required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Search logs tags: - Logs x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data /api/v2/metrics: get: description: Returns all metrics (matching additional filters if specified). operationId: ListTagConfigurations parameters: - description: Filter custom metrics that have configured tags. example: true in: query name: filter[configured] required: false schema: type: boolean - description: Filter tag configurations by configured tags. example: app in: query name: filter[tags_configured] required: false schema: description: Tag keys to filter by. type: string - description: Filter metrics by metric type. in: query name: filter[metric_type] required: false schema: $ref: '#/components/schemas/MetricTagConfigurationMetricTypes' - description: 'Filter distributions with additional percentile aggregations enabled or disabled.' example: true in: query name: filter[include_percentiles] required: false schema: type: boolean - description: 'Filter custom metrics that have or have not been queried in the specified window[seconds]. If no window is provided or the window is less than 2 hours, a default of 2 hours will be applied.' example: true in: query name: filter[queried] required: false schema: type: boolean - description: 'Filter metrics that have been submitted with the given tags. Supports boolean and wildcard expressions. Can only be combined with the filter[queried] filter.' example: env IN (staging,test) AND service:web in: query name: filter[tags] required: false schema: type: string - description: 'The number of seconds of look back (from now) to apply to a filter[tag] or filter[queried] query. Defaults value is 3600 (1 hour), maximum value is 1,209,600 (2 weeks).' example: 3600 in: query name: window[seconds] required: false schema: format: int64 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricsAndMetricTagConfigurationsResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - metrics_read summary: Get a list of metrics tags: - Metrics /api/v2/metrics/config/bulk-tags: delete: description: 'Delete all custom lists of queryable tag keys for a set of existing count, gauge, rate, and distribution metrics. Metrics are selected by passing a metric name prefix. Results can be sent to a set of account email addresses, just like the same operation in the Datadog web app. Can only be used with application keys of users with the `Manage Tags for Metrics` permission.' operationId: DeleteBulkTagsMetricsConfiguration requestBody: content: application/json: schema: $ref: '#/components/schemas/MetricBulkTagConfigDeleteRequest' required: true responses: '202': content: application/json: schema: $ref: '#/components/schemas/MetricBulkTagConfigResponse' description: Accepted '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Configure tags for multiple metrics tags: - Metrics x-codegen-request-body-name: body post: description: 'Create and define a list of queryable tag keys for a set of existing count, gauge, rate, and distribution metrics. Metrics are selected by passing a metric name prefix. Use the Delete method of this API path to remove tag configurations. Results can be sent to a set of account email addresses, just like the same operation in the Datadog web app. If multiple calls include the same metric, the last configuration applied (not by submit order) is used, do not expect deterministic ordering of concurrent calls. Can only be used with application keys of users with the `Manage Tags for Metrics` permission.' operationId: CreateBulkTagsMetricsConfiguration requestBody: content: application/json: schema: $ref: '#/components/schemas/MetricBulkTagConfigCreateRequest' required: true responses: '202': content: application/json: schema: $ref: '#/components/schemas/MetricBulkTagConfigResponse' description: Accepted '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Configure tags for multiple metrics tags: - Metrics x-codegen-request-body-name: body /api/v2/metrics/{metric_name}/active-configurations: get: description: List tags and aggregations that are actively queried on dashboards and monitors for a given metric name. operationId: ListActiveMetricConfigurations parameters: - $ref: '#/components/parameters/MetricName' - description: 'The number of seconds of look back (from now). Default value is 604,800 (1 week), minimum value is 7200 (2 hours), maximum value is 2,630,000 (1 month).' example: 7200 in: query name: window[seconds] required: false schema: format: int64 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricSuggestedTagsAndAggregationsResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - metrics_read summary: List active tags and aggregations tags: - Metrics /api/v2/metrics/{metric_name}/all-tags: get: description: View indexed tag key-value pairs for a given metric name. operationId: ListTagsByMetricName parameters: - $ref: '#/components/parameters/MetricName' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricAllTagsResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List tags by metric name tags: - Metrics /api/v2/metrics/{metric_name}/estimate: get: description: Returns the estimated cardinality for a metric with a given tag, percentile and number of aggregations configuration using Metrics without Limits™. operationId: EstimateMetricsOutputSeries parameters: - $ref: '#/components/parameters/MetricName' - description: Filtered tag keys that the metric is configured to query with. example: app,host in: query name: filter[groups] required: false schema: type: string - description: The number of hours of look back (from now) to estimate cardinality with. example: 49 in: query name: filter[hours_ago] required: false schema: type: integer - description: The number of aggregations that a `count`, `rate`, or `gauge` metric is configured to use. Max number of aggregation combos is 9. example: 1 in: query name: filter[num_aggregations] required: false schema: type: integer - description: A boolean, for distribution metrics only, to estimate cardinality if the metric includes additional percentile aggregators. example: true in: query name: filter[pct] required: false schema: type: boolean - description: A window, in hours, from the look back to estimate cardinality with. example: 6 in: query name: filter[timespan_h] required: false schema: type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricEstimateResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Tag Configuration Cardinality Estimator tags: - Metrics x-dd-ownership: notification_configuration: manual_escalation_policy: '[Points Aggregation] Primary' prod_high_urgency: '@pagerduty-Points-Aggregation @slack-points-aggr-ops' prod_low_urgency: '@slack-points-aggr-ops' slack_support_channel: '#points-aggregation' staging_high_urgency: '@slack-points-aggr-stg-ops' staging_low_urgency: '@slack-points-aggr-stg-ops' team: points-aggregation team_escalation: '[Points Aggregation] Primary' x-permission: operator: OPEN permissions: [] /api/v2/metrics/{metric_name}/tags: delete: description: 'Deletes a metric''s tag configuration. Can only be used with application keys from users with the `Manage Tags for Metrics` permission.' operationId: DeleteTagConfiguration parameters: - $ref: '#/components/parameters/MetricName' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Delete a tag configuration tags: - Metrics get: description: Returns the tag configuration for the given metric name. operationId: ListTagConfigurationByName parameters: - $ref: '#/components/parameters/MetricName' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationResponse' description: Success '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - metrics_read summary: List tag configuration by name tags: - Metrics patch: description: 'Update the tag configuration of a metric or percentile aggregations of a distribution metric or custom aggregations of a count, rate, or gauge metric. Can only be used with application keys from users with the `Manage Tags for Metrics` permission.' operationId: UpdateTagConfiguration parameters: - $ref: '#/components/parameters/MetricName' requestBody: content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Update a tag configuration tags: - Metrics x-codegen-request-body-name: body post: description: 'Create and define a list of queryable tag keys for an existing count/gauge/rate/distribution metric. Optionally, include percentile aggregations on any distribution metric or configure custom aggregations on any count, rate, or gauge metric. Can only be used with application keys of users with the `Manage Tags for Metrics` permission.' operationId: CreateTagConfiguration parameters: - $ref: '#/components/parameters/MetricName' requestBody: content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '409': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Create a tag configuration tags: - Metrics x-codegen-request-body-name: body /api/v2/metrics/{metric_name}/volumes: get: description: 'View distinct metrics volumes for the given metric name. Custom metrics generated in-app from other products will return `null` for ingested volumes.' operationId: ListVolumesByMetricName parameters: - $ref: '#/components/parameters/MetricName' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricVolumesResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List distinct metric volumes by metric name tags: - Metrics /api/v2/permissions: get: description: Returns a list of all permissions, including name, description, and ID. operationId: ListPermissions responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List permissions tags: - Roles /api/v2/processes: get: description: Get all processes for your organization. operationId: ListProcesses parameters: - description: String to search processes by. in: query name: search required: false schema: type: string - description: Comma-separated list of tags to filter processes by. example: account:prod,user:admin in: query name: tags required: false schema: type: string - description: 'Unix timestamp (number of seconds since epoch) of the start of the query window. If not provided, the start of the query window will be 15 minutes before the `to` timestamp. If neither `from` nor `to` are provided, the query window will be `[now - 15m, now]`.' in: query name: from required: false schema: format: int64 type: integer - description: 'Unix timestamp (number of seconds since epoch) of the end of the query window. If not provided, the end of the query window will be 15 minutes after the `from` timestamp. If neither `from` nor `to` are provided, the query window will be `[now - 15m, now]`.' in: query name: to required: false schema: format: int64 type: integer - description: Maximum number of results returned. in: query name: page[limit] required: false schema: default: 1000 format: int32 maximum: 10000 minimum: 1 type: integer - description: 'String to query the next page of results. This key is provided with each valid response from the API in `meta.page.after`.' in: query name: page[cursor] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProcessSummariesResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get all processes tags: - Processes x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data /api/v2/roles: get: description: Returns all roles, including their names and their unique identifiers. operationId: ListRoles parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: 'Sort roles depending on the given field. Sort order is **ascending** by default. Sort order is **descending** if the field is prefixed by a negative sign, for example: `sort=-name`.' in: query name: sort required: false schema: $ref: '#/components/schemas/RolesSort' - description: Filter all roles by the given string. in: query name: filter required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/RolesResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List roles tags: - Roles post: description: Create a new role for your organization. operationId: CreateRole requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RoleCreateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Create role tags: - Roles x-codegen-request-body-name: body /api/v2/roles/{role_id}: delete: description: Disables a role. operationId: DeleteRole parameters: - $ref: '#/components/parameters/RoleID' responses: '204': description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Delete role tags: - Roles x-codegen-request-body-name: body get: description: "Get a role in the organization specified by the role\u2019s `role_id`." operationId: GetRole parameters: - $ref: '#/components/parameters/RoleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/RoleResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a role tags: - Roles x-codegen-request-body-name: body patch: description: Edit a role. Can only be used with application keys belonging to administrators. operationId: UpdateRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RoleUpdateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Update a role tags: - Roles x-codegen-request-body-name: body /api/v2/roles/{role_id}/clone: post: description: Clone an existing role operationId: CloneRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleCloneRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RoleResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Conflict '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Create a new role by cloning an existing role tags: - Roles x-codegen-request-body-name: body x-permission: OR(USER_ACCESS_MANAGE) /api/v2/roles/{role_id}/permissions: delete: description: Removes a permission from a role. operationId: RemovePermissionFromRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToPermission' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Revoke permission tags: - Roles x-codegen-request-body-name: body get: description: Returns a list of all permissions for a single role. operationId: ListRolePermissions parameters: - $ref: '#/components/parameters/RoleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List permissions for a role tags: - Roles x-codegen-request-body-name: body post: description: Adds a permission to a role. operationId: AddPermissionToRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToPermission' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Grant permission to a role tags: - Roles x-codegen-request-body-name: body /api/v2/roles/{role_id}/users: delete: description: Removes a user from a role. operationId: RemoveUserFromRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToUser' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UsersResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Remove a user from a role tags: - Roles x-codegen-request-body-name: body get: description: Gets all users of a role. operationId: ListRoleUsers parameters: - $ref: '#/components/parameters/RoleID' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: 'User attribute to order results by. Sort order is **ascending** by default. Sort order is **descending** if the field is prefixed by a negative sign, for example `sort=-name`. Options: `name`, `email`, `status`.' in: query name: sort required: false schema: default: name type: string - description: Filter all users by the given string. Defaults to no filtering. in: query name: filter required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/UsersResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get all users of a role tags: - Roles post: description: Adds a user to a role. operationId: AddUserToRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToUser' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UsersResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Add a user to a role tags: - Roles x-codegen-request-body-name: body /api/v2/rum/analytics/aggregate: post: description: The API endpoint to aggregate RUM events into buckets of computed metrics and timeseries. operationId: AggregateRUMEvents requestBody: content: application/json: schema: $ref: '#/components/schemas/RUMAggregateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMAnalyticsAggregateResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Aggregate RUM events tags: - RUM x-codegen-request-body-name: body /api/v2/rum/applications: get: description: List all the RUM applications in your organization. operationId: GetRUMApplications responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMApplicationsResponse' description: OK '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List all the RUM applications tags: - RUM post: description: Create a new RUM application in your organization. operationId: CreateRUMApplication requestBody: content: application/json: schema: $ref: '#/components/schemas/RUMApplicationCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMApplicationResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a new RUM application tags: - RUM x-codegen-request-body-name: body /api/v2/rum/applications/{id}: delete: description: Delete an existing RUM application in your organization. operationId: DeleteRUMApplication parameters: - description: RUM application ID. in: path name: id required: true schema: type: string responses: '204': description: No Content '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a RUM application tags: - RUM get: description: Get the RUM application with given ID in your organization. operationId: GetRUMApplication parameters: - description: RUM application ID. in: path name: id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMApplicationResponse' description: OK '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a RUM application tags: - RUM patch: description: Update the RUM application with given ID in your organization. operationId: UpdateRUMApplication parameters: - description: RUM application ID. in: path name: id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RUMApplicationUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMApplicationResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '404': $ref: '#/components/responses/NotFoundResponse' '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity. '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a RUM application tags: - RUM x-codegen-request-body-name: body /api/v2/rum/events: get: description: 'List endpoint returns events that match a RUM search query. [Results are paginated][1]. Use this endpoint to see your latest RUM events. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination' operationId: ListRUMEvents parameters: - description: Search query following RUM syntax. example: '@type:session @application_id:xxxx' in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events. example: '2019-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested events. example: '2019-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: format: date-time type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: '#/components/schemas/RUMSort' - description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMEventsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a list of RUM events tags: - RUM x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data /api/v2/rum/events/search: post: description: 'List endpoint returns RUM events that match a RUM search query. [Results are paginated][1]. Use this endpoint to build complex RUM events filtering and search. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination' operationId: SearchRUMEvents requestBody: content: application/json: schema: $ref: '#/components/schemas/RUMSearchEventsRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMEventsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Search RUM events tags: - RUM x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data /api/v2/saml_configurations/idp_metadata: post: description: 'Endpoint for uploading IdP metadata for SAML setup. Use this endpoint to upload or replace IdP metadata for SAML login configuration.' operationId: UploadIdPMetadata requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/IdPMetadataFormData' required: true responses: '200': description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Upload IdP metadata tags: - Organizations x-codegen-request-body-name: body /api/v2/security/cloud_workload/policy/download: get: description: 'The download endpoint generates a Cloud Workload Security policy file from your currently active Cloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to your agents to update the policy running in your environment.' operationId: DownloadCloudWorkloadPolicyFile responses: '200': content: application/yaml: schema: format: binary type: string description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get the latest Cloud Workload Security policy tags: - Cloud Workload Security /api/v2/security_monitoring/cloud_workload_security/agent_rules: get: description: Get the list of Agent rules. operationId: ListCloudWorkloadSecurityAgentRules responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRulesListResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all Cloud Workload Security Agent rules tags: - Cloud Workload Security post: description: Create a new Agent rule with the given parameters. operationId: CreateCloudWorkloadSecurityAgentRule requestBody: content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateRequest' description: The definition of the new Agent rule. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a Cloud Workload Security Agent rule tags: - Cloud Workload Security x-codegen-request-body-name: body /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}: delete: description: Delete a specific Agent rule. operationId: DeleteCloudWorkloadSecurityAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a Cloud Workload Security Agent rule tags: - Cloud Workload Security get: description: Get the details of a specific Agent rule. operationId: GetCloudWorkloadSecurityAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a Cloud Workload Security Agent rule tags: - Cloud Workload Security patch: description: 'Update a specific Agent rule. Returns the Agent rule object when the request is successful.' operationId: UpdateCloudWorkloadSecurityAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateRequest' description: New definition of the Agent rule. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a Cloud Workload Security Agent rule tags: - Cloud Workload Security x-codegen-request-body-name: body /api/v2/security_monitoring/configuration/security_filters: get: description: Get the list of configured security filters with their definitions. operationId: ListSecurityFilters responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityFiltersResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_read summary: Get all security filters tags: - Security Monitoring post: description: 'Create a security filter. See the [security filter guide](https://docs.datadoghq.com/security_platform/guide/how-to-setup-security-filters-using-security-monitoring-api/) for more examples.' operationId: CreateSecurityFilter requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityFilterCreateRequest' description: The definition of the new security filter. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityFilterResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Create a security filter tags: - Security Monitoring x-codegen-request-body-name: body /api/v2/security_monitoring/configuration/security_filters/{security_filter_id}: delete: description: Delete a specific security filter. operationId: DeleteSecurityFilter parameters: - $ref: '#/components/parameters/SecurityFilterID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Delete a security filter tags: - Security Monitoring get: description: 'Get the details of a specific security filter. See the [security filter guide](https://docs.datadoghq.com/security_platform/guide/how-to-setup-security-filters-using-security-monitoring-api/) for more examples.' operationId: GetSecurityFilter parameters: - $ref: '#/components/parameters/SecurityFilterID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityFilterResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_read summary: Get a security filter tags: - Security Monitoring patch: description: 'Update a specific security filter. Returns the security filter object when the request is successful.' operationId: UpdateSecurityFilter parameters: - $ref: '#/components/parameters/SecurityFilterID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityFilterUpdateRequest' description: New definition of the security filter. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityFilterResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Update a security filter tags: - Security Monitoring x-codegen-request-body-name: body /api/v2/security_monitoring/rules: get: description: List rules. operationId: ListSecurityMonitoringRules parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringListRulesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: List rules tags: - Security Monitoring post: description: Create a detection rule. operationId: CreateSecurityMonitoringRule requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Create a detection rule tags: - Security Monitoring x-codegen-request-body-name: body /api/v2/security_monitoring/rules/{rule_id}: delete: description: Delete an existing rule. Default rules cannot be deleted. operationId: DeleteSecurityMonitoringRule parameters: - $ref: '#/components/parameters/SecurityMonitoringRuleID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Delete an existing rule tags: - Security Monitoring get: description: Get a rule's details. operationId: GetSecurityMonitoringRule parameters: - $ref: '#/components/parameters/SecurityMonitoringRuleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' description: OK '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Get a rule's details tags: - Security Monitoring put: description: 'Update an existing rule. When updating `cases`, `queries` or `options`, the whole field must be included. For example, when modifying a query all queries must be included. Default rules can only be updated to be enabled and to change notifications.' operationId: UpdateSecurityMonitoringRule parameters: - $ref: '#/components/parameters/SecurityMonitoringRuleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleUpdatePayload' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/ConcurrentModificationResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Update an existing rule tags: - Security Monitoring x-codegen-request-body-name: body /api/v2/security_monitoring/signals: get: description: 'The list endpoint returns security signals that match a search query. Both this endpoint and the POST endpoint can be used interchangeably when listing security signals.' operationId: ListSecurityMonitoringSignals parameters: - description: The search query for security signals. example: security:attack status:high in: query name: filter[query] required: false schema: type: string - description: The minimum timestamp for requested security signals. example: '2019-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: format: date-time type: string - description: The maximum timestamp for requested security signals. example: '2019-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: format: date-time type: string - description: The order of the security signals in results. in: query name: sort required: false schema: $ref: '#/components/schemas/SecurityMonitoringSignalsSort' - description: A list of results using the cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: The maximum number of security signals in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get a quick list of security signals tags: - Security Monitoring x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data /api/v2/security_monitoring/signals/search: post: description: 'Returns security signals that match a search query. Both this endpoint and the GET endpoint can be used interchangeably for listing security signals.' operationId: SearchSecurityMonitoringSignals requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalListRequest' required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get a list of security signals tags: - Security Monitoring x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data /api/v2/security_monitoring/signals/{signal_id}: get: description: Get a signal's details. operationId: GetSecurityMonitoringSignal parameters: - $ref: '#/components/parameters/SignalID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignal' description: OK '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Get a signal's details tags: - Security Monitoring /api/v2/security_monitoring/signals/{signal_id}/assignee: patch: description: Modify the triage assignee of a security signal. operationId: EditSecurityMonitoringSignalAssignee parameters: - $ref: '#/components/parameters/SignalID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalAssigneeUpdateRequest' description: Attributes describing the signal update. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Modify the triage assignee of a security signal tags: - Security Monitoring x-codegen-request-body-name: body /api/v2/security_monitoring/signals/{signal_id}/incidents: patch: description: Change the related incidents for a security signal. operationId: EditSecurityMonitoringSignalIncidents parameters: - $ref: '#/components/parameters/SignalID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalIncidentsUpdateRequest' description: Attributes describing the signal update. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Change the related incidents of a security signal tags: - Security Monitoring x-codegen-request-body-name: body /api/v2/security_monitoring/signals/{signal_id}/state: patch: description: Change the triage state of a security signal. operationId: EditSecurityMonitoringSignalState parameters: - $ref: '#/components/parameters/SignalID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalStateUpdateRequest' description: Attributes describing the signal update. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Change the triage state of a security signal tags: - Security Monitoring x-codegen-request-body-name: body /api/v2/series: post: description: "The metrics end-point allows you to post time-series data that can be graphed on Datadog\u2019s dashboards.\nThe maximum payload size is 500 kilobytes (512000 bytes). Compressed payloads must have a decompressed size of less than 5 megabytes (5242880 bytes).\n\nIf you\u2019re submitting metrics directly to the Datadog API without using DogStatsD, expect:\n\n- 64 bits for the timestamp\n- 64 bits for the value\n- 20 bytes for the metric names\n- 50 bytes for the timeseries\n- The full payload is approximately 100 bytes.\n\nHost name is one of the resources in the Resources field." operationId: SubmitMetrics parameters: - description: HTTP header used to compress the media-type. in: header name: Content-Encoding required: false schema: $ref: '#/components/schemas/MetricContentEncoding' requestBody: content: application/json: examples: dynamic-points: description: "Post time-series data that can be graphed on Datadog\u2019s dashboards." externalValue: examples/metrics/dynamic-points.json.sh summary: Dynamic Points x-variables: NOW: $(date +%s) schema: $ref: '#/components/schemas/MetricPayload' required: true responses: '202': content: application/json: schema: $ref: '#/components/schemas/IntakePayloadAccepted' description: Payload accepted '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '408': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Request timeout '413': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Payload too large '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] summary: Submit metrics tags: - Metrics x-codegen-request-body-name: body /api/v2/service_accounts: post: description: Create a service account for your organization. operationId: CreateServiceAccount requestBody: content: application/json: schema: $ref: '#/components/schemas/ServiceAccountCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a service account tags: - Users x-codegen-request-body-name: body /api/v2/service_accounts/{service_account_id}/application_keys: get: description: List all application keys available for this service account. operationId: ListServiceAccountApplicationKeys parameters: - $ref: '#/components/parameters/ServiceAccountID' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/ApplicationKeysSortParameter' - $ref: '#/components/parameters/ApplicationKeyFilterParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtStartParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtEndParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListApplicationKeysResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List application keys for this service account tags: - Service Accounts post: description: Create an application key for this service account. operationId: CreateServiceAccountApplicationKey parameters: - $ref: '#/components/parameters/ServiceAccountID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an application key for this service account tags: - Service Accounts x-codegen-request-body-name: body /api/v2/service_accounts/{service_account_id}/application_keys/{app_key_id}: delete: description: Delete an application key owned by this service account. operationId: DeleteServiceAccountApplicationKey parameters: - $ref: '#/components/parameters/ServiceAccountID' - $ref: '#/components/parameters/ApplicationKeyID' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an application key for this service account tags: - Service Accounts get: description: Get an application key owned by this service account. operationId: GetServiceAccountApplicationKey parameters: - $ref: '#/components/parameters/ServiceAccountID' - $ref: '#/components/parameters/ApplicationKeyID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/PartialApplicationKeyResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get one application key for this service account tags: - Service Accounts patch: description: Edit an application key owned by this service account. operationId: UpdateServiceAccountApplicationKey parameters: - $ref: '#/components/parameters/ServiceAccountID' - $ref: '#/components/parameters/ApplicationKeyID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/PartialApplicationKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an application key for this service account tags: - Service Accounts x-codegen-request-body-name: body /api/v2/services: get: description: Get all incident services uploaded for the requesting user's organization. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident services. operationId: ListIncidentServices parameters: - $ref: '#/components/parameters/IncidentServiceIncludeQueryParameter' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageOffset' - $ref: '#/components/parameters/IncidentServiceSearchQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentServicesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of all incident services tags: - Incident Services x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' post: description: Creates a new incident service. operationId: CreateIncidentService requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentServiceCreateRequest' description: Incident Service Payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/IncidentServiceResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Create a new incident service tags: - Incident Services x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/services/{service_id}: delete: description: Deletes an existing incident service. operationId: DeleteIncidentService parameters: - $ref: '#/components/parameters/IncidentServiceIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Delete an existing incident service tags: - Incident Services x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' get: description: 'Get details of an incident service. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident services.' operationId: GetIncidentService parameters: - $ref: '#/components/parameters/IncidentServiceIDPathParameter' - $ref: '#/components/parameters/IncidentServiceIncludeQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentServiceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get details of an incident service tags: - Incident Services x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: Updates an existing incident service. Only provide the attributes which should be updated as this request is a partial update. operationId: UpdateIncidentService parameters: - $ref: '#/components/parameters/IncidentServiceIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentServiceUpdateRequest' description: Incident Service Payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentServiceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Update an existing incident service tags: - Incident Services x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/teams: get: description: Get all incident teams for the requesting user's organization. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident teams. operationId: ListIncidentTeams parameters: - $ref: '#/components/parameters/IncidentTeamIncludeQueryParameter' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageOffset' - $ref: '#/components/parameters/IncidentTeamSearchQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTeamsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of all incident teams tags: - Incident Teams x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' post: description: Creates a new incident team. operationId: CreateIncidentTeam requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentTeamCreateRequest' description: Incident Team Payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/IncidentTeamResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Create a new incident team tags: - Incident Teams x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/teams/{team_id}: delete: description: Deletes an existing incident team. operationId: DeleteIncidentTeam parameters: - $ref: '#/components/parameters/IncidentTeamIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Delete an existing incident team tags: - Incident Teams x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' get: description: 'Get details of an incident team. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident teams.' operationId: GetIncidentTeam parameters: - $ref: '#/components/parameters/IncidentTeamIDPathParameter' - $ref: '#/components/parameters/IncidentTeamIncludeQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTeamResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get details of an incident team tags: - Incident Teams x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: Updates an existing incident team. Only provide the attributes which should be updated as this request is a partial update. operationId: UpdateIncidentTeam parameters: - $ref: '#/components/parameters/IncidentTeamIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentTeamUpdateRequest' description: Incident Team Payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTeamResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Update an existing incident team tags: - Incident Teams x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/usage/application_security: get: description: 'Get hourly usage for application security . **Note:** hourly usage data for all products is now available in the [Get hourly usage by product family API](https://docs.datadoghq.com/api/latest/usage-metering/#get-hourly-usage-by-product-family)' operationId: GetUsageApplicationSecurityMonitoring parameters: - description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage beginning at this hour.' in: query name: start_hr required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage ending **before** this hour.' in: query name: end_hr required: false schema: format: date-time type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/UsageApplicationSecurityMonitoringResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get hourly usage for application security tags: - Usage Metering /api/v2/usage/cost_by_org: get: deprecated: true description: 'Get cost across multi-org account. Cost by org data for a given month becomes available no later than the 16th of the following month. **Note:** This endpoint has been deprecated. Please use the new endpoint [`/historical_cost`](https://docs.datadoghq.com/api/latest/usage-metering/#get-historical-cost-across-your-account) instead.' operationId: GetCostByOrg parameters: - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning this month.' in: query name: start_month required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month.' in: query name: end_month required: false schema: format: date-time type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/CostByOrgResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get cost across multi-org account tags: - Usage Metering /api/v2/usage/estimated_cost: get: description: 'Get estimated cost across multi-org and single root-org accounts. Estimated cost data is only available for the current month and previous month. To access historical costs prior to this, use the `/historical_cost` endpoint.' operationId: GetEstimatedCostByOrg parameters: - description: String to specify whether cost is broken down at a parent-org level or at the sub-org level. Available views are `summary` and `sub-org`. Defaults to `summary`. in: query name: view required: false schema: type: string - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning this month. Either start_month or start_date should be specified, but not both. (start_month cannot go beyond two months in the past)' in: query name: start_month required: false schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month.' in: query name: end_month required: false schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to day: `[YYYY-MM-DD]` for cost beginning this day. Either start_month or start_date should be specified, but not both. (start_date cannot go beyond two months in the past)' in: query name: start_date required: false schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to day: `[YYYY-MM-DD]` for cost ending this day.' in: query name: end_date required: false schema: format: date-time type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/CostByOrgResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get estimated cost across your account tags: - Usage Metering /api/v2/usage/historical_cost: get: description: 'Get historical cost across multi-org and single root-org accounts. Cost data for a given month becomes available no later than the 16th of the following month.' operationId: GetHistoricalCostByOrg parameters: - description: String to specify whether cost is broken down at a parent-org level or at the sub-org level. Available views are `summary` and `sub-org`. Defaults to `summary`. in: query name: view required: false schema: type: string - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning this month.' in: query name: start_month required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month.' in: query name: end_month required: false schema: format: date-time type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/CostByOrgResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get historical cost across your account tags: - Usage Metering /api/v2/usage/hourly_usage: get: description: Get hourly usage by product family operationId: GetHourlyUsage parameters: - description: 'Datetime in ISO-8601 format, UTC, precise to hour: [YYYY-MM-DDThh] for usage beginning at this hour.' in: query name: filter[timestamp][start] required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to hour: [YYYY-MM-DDThh] for usage ending **before** this hour.' in: query name: filter[timestamp][end] required: false schema: format: date-time type: string - description: 'Comma separated list of product families to retrieve. Available families are `all`, `analyzed_logs`, `application_security`, `audit_logs`, `serverless`, `ci_app`, `cspm`, `custom_events`, `cws`, `dbm`, `fargate`, `infra_hosts`, `incident_management`, `indexed_logs`, `indexed_spans`, `ingested_spans`, `iot`, `lambda_traced_invocations`, `logs`, `network_flows`, `network_hosts`, `observability_pipelines`, `online_archive`, `profiling`, `rum`, `rum_browser_sessions`, `rum_mobile_sessions`, `sds`, `snmp`, `synthetics_api`, `synthetics_browser`, and `timeseries`.' in: query name: filter[product_families] required: true schema: type: string - description: Include child org usage in the response. Defaults to false. in: query name: filter[include_descendants] required: false schema: default: false type: boolean - description: 'Comma separated list of product family versions to use in the format `product_family:version`. For example, `infra_hosts:1.0.0`. If this parameter is not used, the API will use the latest version of each requested product family. Currently all families have one version `1.0.0`.' in: query name: filter[versions] required: false schema: type: string - description: Maximum number of results to return (between 1 and 500) - defaults to 500 if limit not specified. in: query name: page[limit] required: false schema: default: 500 format: int32 maximum: 500 minimum: 1 type: integer - description: List following results with a next_record_id provided in the previous query. in: query name: page[next_record_id] required: false schema: type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/HourlyUsageResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get hourly usage by product family tags: - Usage Metering /api/v2/usage/lambda_traced_invocations: get: description: 'Get hourly usage for lambda traced invocations. **Note:** hourly usage data for all products is now available in the [Get hourly usage by product family API](https://docs.datadoghq.com/api/latest/usage-metering/#get-hourly-usage-by-product-family)' operationId: GetUsageLambdaTracedInvocations parameters: - description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage beginning at this hour.' in: query name: start_hr required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage ending **before** this hour.' in: query name: end_hr required: false schema: format: date-time type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/UsageLambdaTracedInvocationsResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get hourly usage for lambda traced invocations tags: - Usage Metering /api/v2/usage/observability_pipelines: get: description: 'Get hourly usage for observability pipelines. **Note:** hourly usage data for all products is now available in the [Get hourly usage by product family API](https://docs.datadoghq.com/api/latest/usage-metering/#get-hourly-usage-by-product-family)' operationId: GetUsageObservabilityPipelines parameters: - description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage beginning at this hour.' in: query name: start_hr required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage ending **before** this hour.' in: query name: end_hr required: false schema: format: date-time type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/UsageObservabilityPipelinesResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get hourly usage for observability pipelines tags: - Usage Metering /api/v2/user_invitations: post: description: Sends emails to one or more users inviting them to join the organization. operationId: SendInvitations requestBody: content: application/json: schema: $ref: '#/components/schemas/UserInvitationsRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserInvitationsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Send invitation emails tags: - Users x-codegen-request-body-name: body /api/v2/user_invitations/{user_invitation_uuid}: get: description: Returns a single user invitation by its UUID. operationId: GetInvitation parameters: - description: The UUID of the user invitation. in: path name: user_invitation_uuid required: true schema: example: 00000000-0000-0000-3456-000000000000 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserInvitationResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Get a user invitation tags: - Users x-codegen-request-body-name: body /api/v2/users: get: description: 'Get the list of all users in the organization. This list includes all users even if they are deactivated or unverified.' operationId: ListUsers parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: 'User attribute to order results by. Sort order is ascending by default. Sort order is descending if the field is prefixed by a negative sign, for example `sort=-name`. Options: `name`, `modified_at`, `user_count`.' in: query name: sort required: false schema: default: name example: name type: string - description: 'Direction of sort. Options: `asc`, `desc`.' in: query name: sort_dir required: false schema: $ref: '#/components/schemas/QuerySortOrder' - description: Filter all users by the given string. Defaults to no filtering. in: query name: filter required: false schema: type: string - description: 'Filter on status attribute. Comma separated list, with possible values `Active`, `Pending`, and `Disabled`. Defaults to no filtering.' in: query name: filter[status] required: false schema: example: Active type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/UsersResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List all users tags: - Users x-codegen-request-body-name: body post: description: Create a user for your organization. operationId: CreateUser requestBody: content: application/json: schema: $ref: '#/components/schemas/UserCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Create a user tags: - Users x-codegen-request-body-name: body /api/v2/users/{user_id}: delete: description: 'Disable a user. Can only be used with an application key belonging to an administrator user.' operationId: DisableUser parameters: - $ref: '#/components/parameters/UserID' responses: '204': description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Disable a user tags: - Users x-codegen-request-body-name: body get: description: "Get a user in the organization specified by the user\u2019s `user_id`." operationId: GetUser parameters: - $ref: '#/components/parameters/UserID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK for get user '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get user details tags: - Users x-codegen-request-body-name: body patch: description: 'Edit a user. Can only be used with an application key belonging to an administrator user.' operationId: UpdateUser parameters: - $ref: '#/components/parameters/UserID' requestBody: content: application/json: schema: $ref: '#/components/schemas/UserUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Update a user tags: - Users x-codegen-request-body-name: body /api/v2/users/{user_id}/orgs: get: description: 'Get a user organization. Returns the user information and all organizations joined by this user.' operationId: ListUserOrganizations parameters: - $ref: '#/components/parameters/UserID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a user organization tags: - Users x-codegen-request-body-name: body /api/v2/users/{user_id}/permissions: get: description: "Get a user permission set. Returns a list of the user\u2019s permissions\ngranted by the associated user's roles." operationId: ListUserPermissions parameters: - $ref: '#/components/parameters/UserID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a user permissions tags: - Users x-codegen-request-body-name: body security: - apiKeyAuth: [] appKeyAuth: [] servers: - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: The regional site for Datadog customers. enum: - datadoghq.com - us3.datadoghq.com - us5.datadoghq.com - datadoghq.eu - ddog-gov.com subdomain: default: api description: The subdomain where the API is deployed. - url: '{protocol}://{name}' variables: name: default: api.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. tags: - description: Search your Audit Logs events over HTTP. name: Audit - description: '[AuthN Mappings API](https://docs.datadoghq.com/account_management/authn_mapping/?tab=example) is used to automatically map group of users to roles in Datadog using attributes sent from Identity Providers.' name: AuthN Mappings - description: Workload activity security rules for generating events using the Datadog security Agent. name: Cloud Workload Security - description: 'Interact with your dashboard lists through the API to organize, find, and share all of your dashboards with your team and organization.' name: Dashboard Lists - description: 'The events service allows you to programmatically post events to the event stream and fetch events from the event stream. Events are limited to 4000 characters. If an event is sent out with a message containing more than 4000 characters, only the first 4000 characters are displayed.' name: Events - description: Create, update, delete, and retrieve services which can be associated with incidents. name: Incident Services - description: Create, update, delete and retrieve teams which can be associated with incidents. name: Incident Teams - description: Manage incident response. name: Incidents - description: 'Manage your Datadog API and application keys. You need an API key and an application key for a user with the required permissions to interact with these endpoints. The full list of API and application keys can be seen on your [Datadog API page](https://app.datadoghq.com/account/settings#api).' externalDocs: description: Find out more at url: https://docs.datadoghq.com/account_management/api-app-keys/ name: Key Management - description: Search your logs and send them to your Datadog platform over HTTP. name: Logs - description: 'Archives forward all the logs ingested to a cloud storage system. See the [Archives Page](https://app.datadoghq.com/logs/pipelines/archives) for a list of the archives currently configured in web UI.' externalDocs: description: Find out more at url: https://docs.datadoghq.com/logs/archives/ name: Logs Archives - description: Manage configuration of [log-based metrics](https://app.datadoghq.com/logs/pipelines/generate-metrics) for your organization. externalDocs: description: Find out more at url: https://docs.datadoghq.com/logs/logs_to_metrics/ name: Logs Metrics - description: "The metrics endpoint allows you to:\n\n- Post metrics data so it can be graphed on Datadog\u2019s dashboards\n- Query metrics from any time period\n- Modify tag configurations for metrics\n- View tags and volumes for metrics\n\n**Note**: A graph can only contain a set number of points\nand as the timeframe over which a metric is viewed increases,\naggregation between points occurs to stay below that set number.\n\nThe Post, Patch, and Delete `manage_tags` API methods can only be performed by\na user who has the `Manage Tags for Metrics` permission." name: Metrics - description: 'Configure your [Datadog Opsgenie integration](https://docs.datadoghq.com/integrations/opsgenie/) directly through the Datadog API.' externalDocs: url: https://docs.datadoghq.com/api/latest/opsgenie-integration name: Opsgenie Integration - description: Create, edit, and manage your organizations. Read more about [multi-org accounts](https://docs.datadoghq.com/account_management/multi_organization). externalDocs: description: Find out more at url: https://docs.datadoghq.com/account_management/multi_organization name: Organizations - description: The processes API allows you to query processes data for your organization. name: Processes - description: Search or aggregate your RUM events over HTTP. name: RUM - description: 'The Roles API is used to create and manage Datadog roles, what [global permissions](https://docs.datadoghq.com/account_management/rbac/) they grant, and which users belong to them. Permissions related to specific account assets can be granted to roles in the Datadog application without using this API. For example, granting read access on a specific log index to a role can be done in Datadog from the [Pipelines page](https://app.datadoghq.com/logs/pipelines).' name: Roles - description: 'Detection rules for generating signals and listing of generated signals.' name: Security Monitoring - description: Create, edit, and disable service accounts. name: Service Accounts - description: 'The usage metering API allows you to get hourly, daily, and monthly usage across multiple facets of Datadog. This API is available to all Pro and Enterprise customers. Usage is only accessible for [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/). **Note**: Usage data is delayed by up to 72 hours from when it was incurred. It is retained for 15 months. You can retrieve up to 24 hours of hourly usage data for multiple organizations, and up to two months of hourly usage data for a single organization in one request.' externalDocs: description: Find out more at url: https://docs.datadoghq.com/account_management/billing/usage_details/ name: Usage Metering - description: Create, edit, and disable users. externalDocs: url: https://docs.datadoghq.com/account_management/users name: Users x-group-parameters: true