components: callbacks: {} examples: {} headers: {} links: {} parameters: APIKeyFilterCreatedAtEndParameter: description: Only include API keys created on or before the specified date. in: query name: filter[created_at][end] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string APIKeyFilterCreatedAtStartParameter: description: Only include API keys created on or after the specified date. in: query name: filter[created_at][start] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string APIKeyFilterModifiedAtEndParameter: description: Only include API keys modified on or before the specified date. in: query name: filter[modified_at][end] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string APIKeyFilterModifiedAtStartParameter: description: Only include API keys modified on or after the specified date. in: query name: filter[modified_at][start] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string APIKeyFilterParameter: description: Filter API keys by the specified string. in: query name: filter required: false schema: type: string APIKeyId: description: The ID of the API key. in: path name: api_key_id required: true schema: type: string APIKeyIncludeParameter: description: Comma separated list of resource paths for related resources to include in the response. Supported resource paths are `created_by` and `modified_by`. in: query name: include required: false schema: example: created_by,modified_by type: string APIKeysSortParameter: description: 'API key attribute used to sort results. Sort order is ascending by default. In order to specify a descending sort, prefix the attribute with a minus sign.' in: query name: sort required: false schema: $ref: '#/components/schemas/APIKeysSort' ApplicationKeyFilterCreatedAtEndParameter: description: Only include application keys created on or before the specified date. in: query name: filter[created_at][end] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string ApplicationKeyFilterCreatedAtStartParameter: description: Only include application keys created on or after the specified date. in: query name: filter[created_at][start] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string ApplicationKeyFilterParameter: description: Filter application keys by the specified string. in: query name: filter required: false schema: type: string ApplicationKeyID: description: The ID of the application key. in: path name: app_key_id required: true schema: type: string ApplicationKeyIncludeParameter: description: Resource path for related resources to include in the response. Only `owned_by` is supported. in: query name: include required: false schema: example: owned_by type: string ApplicationKeysSortParameter: description: 'Application key attribute used to sort results. Sort order is ascending by default. In order to specify a descending sort, prefix the attribute with a minus sign.' in: query name: sort required: false schema: $ref: '#/components/schemas/ApplicationKeysSort' ArchiveID: description: The ID of the archive. in: path name: archive_id required: true schema: type: string CloudWorkloadSecurityAgentRuleID: description: The ID of the Agent rule. example: 3b5-v82-ns6 in: path name: agent_rule_id required: true schema: type: string IncidentIDPathParameter: description: The UUID of the incident. in: path name: incident_id required: true schema: type: string IncidentIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. explode: false in: query name: include required: false schema: items: $ref: '#/components/schemas/IncidentRelatedObject' type: array IncidentServiceIDPathParameter: description: The ID of the incident service. in: path name: service_id required: true schema: type: string IncidentServiceIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. in: query name: include required: false schema: $ref: '#/components/schemas/IncidentRelatedObject' IncidentServiceSearchQueryParameter: description: A search query that filters services by name. in: query name: filter required: false schema: example: ExampleServiceName type: string IncidentTeamIDPathParameter: description: The ID of the incident team. in: path name: team_id required: true schema: type: string IncidentTeamIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. in: query name: include required: false schema: $ref: '#/components/schemas/IncidentRelatedObject' IncidentTeamSearchQueryParameter: description: A search query that filters teams by name. in: query name: filter required: false schema: example: ExampleTeamName type: string MetricID: description: The name of the log-based metric. in: path name: metric_id required: true schema: type: string MetricName: description: The name of the metric. example: dist.http.endpoint.request in: path name: metric_name required: true schema: type: string PageNumber: description: Specific page number to return. in: query name: page[number] required: false schema: default: 0 example: 0 format: int64 type: integer PageOffset: description: Specific offset to use as the beginning of the returned page. in: query name: page[offset] required: false schema: default: 0 example: 0 format: int64 type: integer PageSize: description: Size for a given page. in: query name: page[size] required: false schema: default: 10 example: 10 format: int64 type: integer RoleID: description: The ID of the role. in: path name: role_id required: true schema: type: string SecurityFilterID: description: The ID of the security filter. in: path name: security_filter_id required: true schema: type: string SecurityMonitoringRuleID: description: The ID of the rule. in: path name: rule_id required: true schema: type: string ServiceAccountID: description: The ID of the service account. in: path name: service_account_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string UserID: description: The ID of the user. in: path name: user_id required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string requestBodies: {} responses: BadRequestResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request ConcurrentModificationResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Concurrent Modification ConflictResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Conflict ForbiddenResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden NotAuthorizedResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Authorized NotFoundResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found TooManyRequestsResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests UnauthorizedResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unauthorized schemas: APIErrorResponse: description: API error response. properties: errors: description: A list of errors. items: description: A list of items. example: Bad Request type: string type: array required: - errors type: object APIKeyCreateAttributes: description: Attributes used to create an API Key. properties: name: description: Name of the API key. example: API Key for submitting metrics type: string required: - name type: object APIKeyCreateData: description: Object used to create an API key. properties: attributes: $ref: '#/components/schemas/APIKeyCreateAttributes' type: $ref: '#/components/schemas/APIKeysType' required: - attributes - type type: object APIKeyCreateRequest: description: Request used to create an API key. properties: data: $ref: '#/components/schemas/APIKeyCreateData' required: - data type: object APIKeyRelationships: description: Resources related to the API key. properties: created_by: $ref: '#/components/schemas/RelationshipToUser' modified_by: $ref: '#/components/schemas/RelationshipToUser' type: object APIKeyResponse: description: Response for retrieving an API key. properties: data: $ref: '#/components/schemas/FullAPIKey' included: description: Array of objects related to the API key. items: $ref: '#/components/schemas/APIKeyResponseIncludedItem' type: array type: object APIKeyResponseIncludedItem: description: An object related to an API key. oneOf: - $ref: '#/components/schemas/User' type: object APIKeyUpdateAttributes: description: Attributes used to update an API Key. properties: name: description: Name of the API key. example: API Key for submitting metrics type: string required: - name type: object APIKeyUpdateData: description: Object used to update an API key. properties: attributes: $ref: '#/components/schemas/APIKeyUpdateAttributes' id: description: ID of the API key. example: 00112233-4455-6677-8899-aabbccddeeff type: string type: $ref: '#/components/schemas/APIKeysType' required: - attributes - id - type type: object APIKeyUpdateRequest: description: Request used to update an API key. properties: data: $ref: '#/components/schemas/APIKeyUpdateData' required: - data type: object APIKeysResponse: description: Response for a list of API keys. properties: data: description: Array of API keys. items: $ref: '#/components/schemas/PartialAPIKey' type: array included: description: Array of objects related to the API key. items: $ref: '#/components/schemas/APIKeyResponseIncludedItem' type: array type: object APIKeysSort: default: name description: Sorting options enum: - created_at - -created_at - last4 - -last4 - modified_at - -modified_at - name - -name type: string x-enum-varnames: - CREATED_AT_ASCENDING - CREATED_AT_DESCENDING - LAST4_ASCENDING - LAST4_DESCENDING - MODIFIED_AT_ASCENDING - MODIFIED_AT_DESCENDING - NAME_ASCENDING - NAME_DESCENDING APIKeysType: default: api_keys description: API Keys resource type. enum: - api_keys example: api_keys type: string x-enum-varnames: - API_KEYS ApplicationKeyCreateAttributes: description: Attributes used to create an application Key. properties: name: description: Name of the application key. example: Application Key for managing dashboards type: string scopes: description: Array of scopes to grant the application key. This feature is in private beta, please contact Datadog support to enable scopes for your application keys. example: - dashboards_read - dashboards_write - dashboards_public_share items: description: Name of scope. type: string nullable: true type: array required: - name type: object ApplicationKeyCreateData: description: Object used to create an application key. properties: attributes: $ref: '#/components/schemas/ApplicationKeyCreateAttributes' type: $ref: '#/components/schemas/ApplicationKeysType' required: - attributes - type type: object ApplicationKeyCreateRequest: description: Request used to create an application key. properties: data: $ref: '#/components/schemas/ApplicationKeyCreateData' required: - data type: object ApplicationKeyRelationships: description: Resources related to the application key. properties: owned_by: $ref: '#/components/schemas/RelationshipToUser' type: object ApplicationKeyResponse: description: Response for retrieving an application key. properties: data: $ref: '#/components/schemas/FullApplicationKey' included: description: Array of objects related to the application key. items: $ref: '#/components/schemas/ApplicationKeyResponseIncludedItem' type: array type: object ApplicationKeyResponseIncludedItem: description: An object related to an application key. oneOf: - $ref: '#/components/schemas/User' - $ref: '#/components/schemas/Role' type: object ApplicationKeyUpdateAttributes: description: Attributes used to update an application Key. properties: name: description: Name of the application key. example: Application Key for managing dashboards type: string scopes: description: Array of scopes to grant the application key. This feature is in private beta, please contact Datadog support to enable scopes for your application keys. example: - dashboards_read - dashboards_write - dashboards_public_share items: description: Name of scope. type: string nullable: true type: array type: object ApplicationKeyUpdateData: description: Object used to update an application key. properties: attributes: $ref: '#/components/schemas/ApplicationKeyUpdateAttributes' id: description: ID of the application key. example: 00112233-4455-6677-8899-aabbccddeeff type: string type: $ref: '#/components/schemas/ApplicationKeysType' required: - attributes - id - type type: object ApplicationKeyUpdateRequest: description: Request used to update an application key. properties: data: $ref: '#/components/schemas/ApplicationKeyUpdateData' required: - data type: object ApplicationKeysSort: default: name description: Sorting options enum: - created_at - -created_at - last4 - -last4 - name - -name type: string x-enum-varnames: - CREATED_AT_ASCENDING - CREATED_AT_DESCENDING - LAST4_ASCENDING - LAST4_DESCENDING - NAME_ASCENDING - NAME_DESCENDING ApplicationKeysType: default: application_keys description: Application Keys resource type. enum: - application_keys example: application_keys type: string x-enum-varnames: - APPLICATION_KEYS CloudWorkloadSecurityAgentRuleAttributes: description: A Cloud Workload Security Agent rule returned by the API. properties: category: description: The category of the Agent rule. example: Process Activity type: string creationDate: description: When the Agent rule was created, timestamp in milliseconds. example: 1624366480320 format: int64 type: integer creator: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreatorAttributes' defaultRule: description: Whether the rule is included by default. example: false type: boolean description: description: The description of the Agent rule. example: My Agent rule type: string enabled: description: Whether the Agent rule is enabled. example: true type: boolean expression: description: The SECL expression of the Agent rule. example: exec.file.name == \"sh\" type: string name: description: The name of the Agent rule. example: my_agent_rule type: string updatedAt: description: When the Agent rule was last updated, timestamp in milliseconds. example: 1624366480320 format: int64 type: integer updater: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdaterAttributes' version: description: The version of the Agent rule. example: 23 format: int64 type: integer CloudWorkloadSecurityAgentRuleCreateAttributes: description: Create a new Cloud Workload Security Agent rule. properties: description: description: The description of the Agent rule. example: My Agent rule type: string enabled: description: Whether the Agent rule is enabled. example: true type: boolean expression: description: The SECL expression of the Agent rule. example: exec.file.name == \"sh\" type: string name: description: The name of the Agent rule. example: my_agent_rule type: string required: - name - expression type: object CloudWorkloadSecurityAgentRuleCreateData: description: Object for a single Agent rule. properties: attributes: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateAttributes' type: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType' required: - attributes - type type: object CloudWorkloadSecurityAgentRuleCreateRequest: description: Request object that includes the Agent rule to create. properties: data: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateData' required: - data type: object CloudWorkloadSecurityAgentRuleCreatorAttributes: description: The attributes of the user who created the Agent rule. properties: handle: description: The handle of the user. example: datadog.user@example.com type: string name: description: The name of the user. example: Datadog User type: string type: object CloudWorkloadSecurityAgentRuleData: description: Object for a single Agent rule. properties: attributes: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleAttributes' id: description: The ID of the Agent rule. example: 3dd-0uc-h1s type: string type: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType' type: object CloudWorkloadSecurityAgentRuleResponse: description: Response object that includes an Agent rule. properties: data: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleData' type: object CloudWorkloadSecurityAgentRuleType: default: agent_rule description: The type of the resource. The value should always be `agent_rule`. enum: - agent_rule example: agent_rule type: string x-enum-varnames: - AGENT_RULE CloudWorkloadSecurityAgentRuleUpdateAttributes: description: Update an existing Cloud Workload Security Agent rule. properties: description: description: The description of the Agent rule. example: My Agent rule type: string enabled: description: Whether the Agent rule is enabled. example: true type: boolean expression: description: The SECL expression of the Agent rule. example: exec.file.name == \"sh\" type: string type: object CloudWorkloadSecurityAgentRuleUpdateData: description: Object for a single Agent rule. properties: attributes: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateAttributes' type: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType' required: - attributes - type type: object CloudWorkloadSecurityAgentRuleUpdateRequest: description: Request object that includes the Agent rule with the attributes to update. properties: data: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateData' required: - data type: object CloudWorkloadSecurityAgentRuleUpdaterAttributes: description: The attributes of the user who last updated the Agent rule. properties: handle: description: The handle of the user. example: datadog.user@example.com type: string name: description: The name of the user. example: Datadog User type: string type: object CloudWorkloadSecurityAgentRulesListResponse: description: Response object that includes a list of Agent rule. properties: data: description: A list of Agent rules objects. items: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleData' type: array type: object ContentEncoding: description: HTTP header used to compress the media-type. enum: - gzip - deflate type: string x-enum-varnames: - GZIP - DEFLATE Creator: description: Creator of the object. properties: email: description: Email of the creator. type: string handle: description: Handle of the creator. type: string name: description: Name of the creator. type: string type: object DashboardListAddItemsRequest: description: Request containing a list of dashboards to add. properties: dashboards: description: List of dashboards to add the dashboard list. items: $ref: '#/components/schemas/DashboardListItemRequest' type: array type: object DashboardListAddItemsResponse: description: Response containing a list of added dashboards. properties: added_dashboards_to_list: description: List of dashboards added to the dashboard list. items: $ref: '#/components/schemas/DashboardListItemResponse' type: array type: object DashboardListDeleteItemsRequest: description: Request containing a list of dashboards to delete. properties: dashboards: description: List of dashboards to delete from the dashboard list. items: $ref: '#/components/schemas/DashboardListItemRequest' type: array type: object DashboardListDeleteItemsResponse: description: Response containing a list of deleted dashboards. properties: deleted_dashboards_from_list: description: List of dashboards deleted from the dashboard list. items: $ref: '#/components/schemas/DashboardListItemResponse' type: array type: object DashboardListItem: description: A dashboard within a list. properties: author: $ref: '#/components/schemas/Creator' created: description: Date of creation of the dashboard. format: date-time readOnly: true type: string icon: description: URL to the icon of the dashboard. readOnly: true type: string id: description: ID of the dashboard. example: q5j-nti-fv6 type: string is_favorite: description: Whether or not the dashboard is in the favorites. readOnly: true type: boolean is_read_only: description: Whether or not the dashboard is read only. readOnly: true type: boolean is_shared: description: Whether the dashboard is publicly shared or not. readOnly: true type: boolean modified: description: Date of last edition of the dashboard. format: date-time readOnly: true type: string popularity: description: Popularity of the dashboard. format: int32 maximum: 5 readOnly: true type: integer title: description: Title of the dashboard. readOnly: true type: string type: $ref: '#/components/schemas/DashboardType' url: description: URL path to the dashboard. readOnly: true type: string required: - type - id type: object DashboardListItemRequest: description: A dashboard within a list. properties: id: description: ID of the dashboard. example: q5j-nti-fv6 type: string type: $ref: '#/components/schemas/DashboardType' required: - type - id type: object DashboardListItemResponse: description: A dashboard within a list. properties: id: description: ID of the dashboard. example: q5j-nti-fv6 readOnly: true type: string type: $ref: '#/components/schemas/DashboardType' required: - type - id type: object DashboardListItems: description: Dashboards within a list. properties: dashboards: description: List of dashboards in the dashboard list. example: [] items: $ref: '#/components/schemas/DashboardListItem' type: array total: description: Number of dashboards in the dashboard list. format: int64 readOnly: true type: integer required: - dashboards type: object DashboardListUpdateItemsRequest: description: Request containing the list of dashboards to update to. properties: dashboards: description: List of dashboards to update the dashboard list to. items: $ref: '#/components/schemas/DashboardListItemRequest' type: array type: object DashboardListUpdateItemsResponse: description: Response containing a list of updated dashboards. properties: dashboards: description: List of dashboards in the dashboard list. items: $ref: '#/components/schemas/DashboardListItemResponse' type: array type: object DashboardType: description: The type of the dashboard. enum: - custom_timeboard - custom_screenboard - integration_screenboard - integration_timeboard - host_timeboard example: host_timeboard type: string x-enum-varnames: - CUSTOM_TIMEBOARD - CUSTOM_SCREENBOARD - INTEGRATION_SCREENBOARD - INTEGRATION_TIMEBOARD - HOST_TIMEBOARD FullAPIKey: description: Datadog API key. properties: attributes: $ref: '#/components/schemas/FullAPIKeyAttributes' id: description: ID of the API key. type: string relationships: $ref: '#/components/schemas/APIKeyRelationships' type: $ref: '#/components/schemas/APIKeysType' type: object FullAPIKeyAttributes: description: Attributes of a full API key. properties: created_at: description: Creation date of the API key. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string key: description: The API key. readOnly: true type: string x-secret: true last4: description: The last four characters of the API key. example: abcd maxLength: 4 minLength: 4 readOnly: true type: string x-secret: true modified_at: description: Date the API key was last modified. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string name: description: Name of the API key. example: API Key for submitting metrics type: string type: object FullApplicationKey: description: Datadog application key. properties: attributes: $ref: '#/components/schemas/FullApplicationKeyAttributes' id: description: ID of the application key. type: string relationships: $ref: '#/components/schemas/ApplicationKeyRelationships' type: $ref: '#/components/schemas/ApplicationKeysType' type: object FullApplicationKeyAttributes: description: Attributes of a full application key. properties: created_at: description: Creation date of the application key. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string key: description: The application key. readOnly: true type: string x-secret: true last4: description: The last four characters of the application key. example: abcd maxLength: 4 minLength: 4 readOnly: true type: string x-secret: true name: description: Name of the application key. example: Application Key for managing dashboards type: string scopes: description: Array of scopes to grant the application key. This feature is in private beta, please contact Datadog support to enable scopes for your application keys. example: - dashboards_read - dashboards_write - dashboards_public_share items: description: Name of scope. type: string nullable: true type: array type: object HTTPLog: description: Structured log message. items: $ref: '#/components/schemas/HTTPLogItem' type: array HTTPLogError: description: List of errors. properties: detail: description: Error message. example: Malformed payload type: string status: description: Error code. example: 400 type: string title: description: Error title. example: Bad Request type: string type: object HTTPLogErrors: description: Invalid query performed. properties: errors: description: Structured errors. items: $ref: '#/components/schemas/HTTPLogError' type: array type: object HTTPLogItem: description: Logs that are sent over HTTP. properties: ddsource: description: 'The integration name associated with your log: the technology from which the log originated. When it matches an integration name, Datadog automatically installs the corresponding parsers and facets. See [reserved attributes](https://docs.datadoghq.com/logs/log_collection/#reserved-attributes).' example: nginx type: string ddtags: description: Tags associated with your logs. example: env:staging,version:5.1 type: string hostname: description: The name of the originating host of the log. example: i-012345678 type: string message: description: 'The message [reserved attribute](https://docs.datadoghq.com/logs/log_collection/#reserved-attributes) of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search.' example: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World type: string service: description: 'The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products. See [reserved attributes](https://docs.datadoghq.com/logs/log_collection/#reserved-attributes).' example: payment type: string required: - name type: object IncidentCreateAttributes: description: The incident's attributes for a create request. properties: customer_impacted: description: A flag indicating whether the incident caused customer impact. example: false type: boolean fields: additionalProperties: $ref: '#/components/schemas/IncidentFieldAttributes' description: A condensed view of the user-defined fields for which to create initial selections. example: severity: type: dropdown value: SEV-5 type: object initial_cells: description: An array of initial timeline cells to be placed at the beginning of the incident timeline. items: $ref: '#/components/schemas/IncidentTimelineCellCreateAttributes' type: array notification_handles: description: Notification handles that will be notified of the incident at creation. items: $ref: '#/components/schemas/IncidentNotificationHandle' type: array title: description: The title of the incident, which summarizes what happened. example: A test incident title type: string required: - title - customer_impacted type: object IncidentCreateData: description: Incident data for a create request. properties: attributes: $ref: '#/components/schemas/IncidentCreateAttributes' relationships: $ref: '#/components/schemas/IncidentCreateRelationships' type: $ref: '#/components/schemas/IncidentType' required: - type - attributes type: object IncidentCreateRelationships: description: The relationships the incident will have with other resources once created. properties: commander: $ref: '#/components/schemas/RelationshipToUser' required: - commander type: object IncidentCreateRequest: description: Create request for an incident. properties: data: $ref: '#/components/schemas/IncidentCreateData' required: - data type: object IncidentFieldAttributes: description: Dynamic fields for which selections can be made, with field names as keys. oneOf: - $ref: '#/components/schemas/IncidentFieldAttributesSingleValue' - $ref: '#/components/schemas/IncidentFieldAttributesMultipleValue' required: - type type: object IncidentFieldAttributesMultipleValue: description: A field with potentially multiple values selected. properties: type: $ref: '#/components/schemas/IncidentFieldAttributesValueType' value: description: The multiple values selected for this field. example: - '1.0' - '1.1' items: description: A value which has been selected for the parent field. example: '1.1' type: string nullable: true type: array type: object IncidentFieldAttributesSingleValue: description: A field with a single value selected. properties: type: $ref: '#/components/schemas/IncidentFieldAttributesSingleValueType' value: description: The single value selected for this field. example: SEV-1 nullable: true type: string type: object IncidentFieldAttributesSingleValueType: default: dropdown description: Type of the single value field definitions. enum: - dropdown - textbox example: dropdown type: string x-enum-varnames: - DROPDOWN - TEXTBOX IncidentFieldAttributesValueType: default: multiselect description: Type of the multiple value field definitions. enum: - multiselect - textarray - metrictag - autocomplete example: multiselect type: string x-enum-varnames: - MULTISELECT - TEXTARRAY - METRICTAG - AUTOCOMPLETE IncidentIntegrationMetadataType: default: incident_integrations description: Integration metadata resource type. enum: - incident_integrations example: incident_integrations type: string x-enum-varnames: - INCIDENT_INTEGRATIONS IncidentNotificationHandle: description: A notification handle that will be notified at incident creation. properties: display_name: description: The name of the notified handle. example: Jane Doe type: string handle: description: The email address used for the notification. example: '@test.user@test.com' type: string type: object IncidentPostmortemType: default: incident_postmortems description: Incident postmortem resource type. enum: - incident_postmortems example: incident_postmortems type: string x-enum-varnames: - INCIDENT_POSTMORTEMS IncidentRelatedObject: description: Object related to an incident. enum: - users type: string x-enum-varnames: - USERS IncidentResponse: description: Response with an incident. properties: data: $ref: '#/components/schemas/IncidentResponseData' included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentResponseIncludedItem' readOnly: true type: array required: - data type: object IncidentResponseAttributes: description: The incident's attributes from a response. properties: created: description: Timestamp when the incident was created. format: date-time readOnly: true type: string customer_impact_duration: description: 'Length of the incident''s customer impact in seconds. Equals the difference between `customer_impact_start` and `customer_impact_end`.' format: int64 readOnly: true type: integer customer_impact_end: description: Timestamp when customers were no longer impacted by the incident. format: date-time nullable: true type: string customer_impact_scope: description: A summary of the impact customers experienced during the incident. example: An example customer impact scope nullable: true type: string customer_impact_start: description: Timestamp when customers began being impacted by the incident. format: date-time nullable: true type: string customer_impacted: description: A flag indicating whether the incident caused customer impact. example: false type: boolean detected: description: Timestamp when the incident was detected. format: date-time nullable: true type: string fields: additionalProperties: $ref: '#/components/schemas/IncidentFieldAttributes' description: A condensed view of the user-defined fields attached to incidents. example: severity: type: dropdown value: SEV-5 type: object modified: description: Timestamp when the incident was last modified. format: date-time readOnly: true type: string notification_handles: description: Notification handles that will be notified of the incident during update. items: $ref: '#/components/schemas/IncidentNotificationHandle' nullable: true type: array postmortem_id: description: The UUID of the postmortem object attached to the incident. example: 00000000-0000-0000-0000-000000000000 type: string public_id: description: The monotonically increasing integer ID for the incident. example: 1 format: int64 type: integer resolved: description: Timestamp when the incident's state was set to resolved. format: date-time nullable: true type: string time_to_detect: description: 'The amount of time in seconds to detect the incident. Equals the difference between `customer_impact_start` and `detected`.' format: int64 readOnly: true type: integer time_to_internal_response: description: The amount of time in seconds to call incident after detection. Equals the difference of `detected` and `created`. format: int64 readOnly: true type: integer time_to_repair: description: The amount of time in seconds to resolve customer impact after detecting the issue. Equals the difference between `customer_impact_end` and `detected`. format: int64 readOnly: true type: integer time_to_resolve: description: The amount of time in seconds to resolve the incident after it was created. Equals the difference between `created` and `resolved`. format: int64 readOnly: true type: integer title: description: The title of the incident, which summarizes what happened. example: A test incident title type: string required: - title type: object IncidentResponseData: description: Incident data from a response. properties: attributes: $ref: '#/components/schemas/IncidentResponseAttributes' id: description: The incident's ID. example: 00000000-0000-0000-0000-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentResponseRelationships' type: $ref: '#/components/schemas/IncidentType' required: - id - type type: object IncidentResponseIncludedItem: description: An object related to an incident that is included in the response. oneOf: - $ref: '#/components/schemas/User' type: object IncidentResponseRelationships: description: The incident's relationships from a response. properties: commander_user: $ref: '#/components/schemas/RelationshipToUser' created_by_user: $ref: '#/components/schemas/RelationshipToUser' integrations: $ref: '#/components/schemas/RelationshipToIncidentIntegrationMetadatas' last_modified_by_user: $ref: '#/components/schemas/RelationshipToUser' postmortem: $ref: '#/components/schemas/RelationshipToIncidentPostmortem' type: object IncidentServiceCreateAttributes: description: The incident service's attributes for a create request. properties: name: description: Name of the incident service. example: an example service name type: string required: - name type: object IncidentServiceCreateData: description: Incident Service payload for create requests. properties: attributes: $ref: '#/components/schemas/IncidentServiceCreateAttributes' relationships: $ref: '#/components/schemas/IncidentServiceRelationships' type: $ref: '#/components/schemas/IncidentServiceType' required: - type type: object IncidentServiceCreateRequest: description: Create request with an incident service payload. properties: data: $ref: '#/components/schemas/IncidentServiceCreateData' required: - data type: object IncidentServiceIncludedItems: description: An object related to an incident service which is present in the included payload. oneOf: - $ref: '#/components/schemas/User' type: object IncidentServiceRelationships: description: The incident service's relationships. properties: created_by: $ref: '#/components/schemas/RelationshipToUser' last_modified_by: $ref: '#/components/schemas/RelationshipToUser' readOnly: true type: object IncidentServiceResponse: description: Response with an incident service payload. properties: data: $ref: '#/components/schemas/IncidentServiceResponseData' included: description: Included objects from relationships. items: $ref: '#/components/schemas/IncidentServiceIncludedItems' readOnly: true type: array required: - data type: object IncidentServiceResponseAttributes: description: The incident service's attributes from a response. properties: created: description: Timestamp of when the incident service was created. format: date-time readOnly: true type: string modified: description: Timestamp of when the incident service was modified. format: date-time readOnly: true type: string name: description: Name of the incident service. example: service name type: string type: object IncidentServiceResponseData: description: Incident Service data from responses. properties: attributes: $ref: '#/components/schemas/IncidentServiceResponseAttributes' id: description: The incident service's ID. example: 00000000-0000-0000-0000-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentServiceRelationships' type: $ref: '#/components/schemas/IncidentServiceType' required: - id - type type: object IncidentServiceType: default: services description: Incident service resource type. enum: - services example: services type: string x-enum-varnames: - SERVICES IncidentServiceUpdateAttributes: description: The incident service's attributes for an update request. properties: name: description: Name of the incident service. example: an example service name type: string required: - name type: object IncidentServiceUpdateData: description: Incident Service payload for update requests. properties: attributes: $ref: '#/components/schemas/IncidentServiceUpdateAttributes' id: description: The incident service's ID. example: 00000000-0000-0000-0000-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentServiceRelationships' type: $ref: '#/components/schemas/IncidentServiceType' required: - type type: object IncidentServiceUpdateRequest: description: Update request with an incident service payload. properties: data: $ref: '#/components/schemas/IncidentServiceUpdateData' required: - data type: object IncidentServicesResponse: description: Response with a list of incident service payloads. properties: data: description: An array of incident services. example: - id: 00000000-0000-0000-0000-000000000000 type: services items: $ref: '#/components/schemas/IncidentServiceResponseData' type: array included: description: Included related resources which the user requested. items: $ref: '#/components/schemas/IncidentServiceIncludedItems' readOnly: true type: array meta: description: The metadata object containing pagination metadata. properties: pagination: description: Pagination properties. properties: next_offset: description: The index of the first element in the next page of results. Equal to page size added to the current offset. example: 1000 format: int64 type: integer offset: description: The index of the first element in the results. example: 10 format: int64 type: integer size: description: Maximum size of pages to return. example: 1000 format: int64 type: integer type: object readOnly: true type: object required: - data type: object IncidentTeamCreateAttributes: description: The incident team's attributes for a create request. properties: name: description: Name of the incident team. example: team name type: string required: - name type: object IncidentTeamCreateData: description: Incident Team data for a create request. properties: attributes: $ref: '#/components/schemas/IncidentTeamCreateAttributes' relationships: $ref: '#/components/schemas/IncidentTeamRelationships' type: $ref: '#/components/schemas/IncidentTeamType' required: - type type: object IncidentTeamCreateRequest: description: Create request with an incident team payload. properties: data: $ref: '#/components/schemas/IncidentTeamCreateData' required: - data type: object IncidentTeamIncludedItems: description: An object related to an incident team which is present in the included payload. oneOf: - $ref: '#/components/schemas/User' type: object IncidentTeamRelationships: description: The incident team's relationships. properties: created_by: $ref: '#/components/schemas/RelationshipToUser' last_modified_by: $ref: '#/components/schemas/RelationshipToUser' readOnly: true type: object IncidentTeamResponse: description: Response with an incident team payload. properties: data: $ref: '#/components/schemas/IncidentTeamResponseData' included: description: Included objects from relationships. items: $ref: '#/components/schemas/IncidentTeamIncludedItems' readOnly: true type: array required: - data type: object IncidentTeamResponseAttributes: description: The incident team's attributes from a response. properties: created: description: Timestamp of when the incident team was created. format: date-time readOnly: true type: string modified: description: Timestamp of when the incident team was modified. format: date-time readOnly: true type: string name: description: Name of the incident team. example: team name type: string type: object IncidentTeamResponseData: description: Incident Team data from a response. properties: attributes: $ref: '#/components/schemas/IncidentTeamResponseAttributes' id: description: The incident team's ID. example: 00000000-0000-0000-0000-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentTeamRelationships' type: $ref: '#/components/schemas/IncidentTeamType' type: object IncidentTeamType: default: teams description: Incident Team resource type. enum: - teams example: teams type: string x-enum-varnames: - TEAMS IncidentTeamUpdateAttributes: description: The incident team's attributes for an update request. properties: name: description: Name of the incident team. example: team name type: string required: - name type: object IncidentTeamUpdateData: description: Incident Team data for an update request. properties: attributes: $ref: '#/components/schemas/IncidentTeamUpdateAttributes' id: description: The incident team's ID. example: 00000000-0000-0000-0000-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentTeamRelationships' type: $ref: '#/components/schemas/IncidentTeamType' required: - type type: object IncidentTeamUpdateRequest: description: Update request with an incident team payload. properties: data: $ref: '#/components/schemas/IncidentTeamUpdateData' required: - data type: object IncidentTeamsResponse: description: Response with a list of incident team payloads. properties: data: description: An array of incident teams. example: - attributes: name: team name id: 00000000-0000-0000-0000-000000000000 type: teams items: $ref: '#/components/schemas/IncidentTeamResponseData' type: array included: description: Included related resources which the user requested. items: $ref: '#/components/schemas/IncidentTeamIncludedItems' readOnly: true type: array meta: description: The metadata object containing pagination metadata. properties: pagination: description: Pagination properties. properties: next_offset: description: The index of the first element in the next page of results. Equal to page size added to the current offset. example: 1000 format: int64 type: integer offset: description: The index of the first element in the results. example: 10 format: int64 type: integer size: description: Maximum size of pages to return. example: 1000 format: int64 type: integer type: object readOnly: true type: object required: - data type: object IncidentTimelineCellCreateAttributes: description: The timeline cell's attributes for a create request. oneOf: - $ref: '#/components/schemas/IncidentTimelineCellMarkdownCreateAttributes' type: object IncidentTimelineCellMarkdownContentType: default: markdown description: Type of the Markdown timeline cell. enum: - markdown example: markdown type: string x-enum-varnames: - MARKDOWN IncidentTimelineCellMarkdownCreateAttributes: description: Timeline cell data for Markdown timeline cells for a create request. properties: cell_type: $ref: '#/components/schemas/IncidentTimelineCellMarkdownContentType' content: description: The Markdown timeline cell contents. properties: content: description: The Markdown content of the cell. example: An example timeline cell message. nullable: false type: string type: object important: default: false description: A flag indicating whether the timeline cell is important and should be highlighted. example: false type: boolean required: - content - cell_type type: object IncidentType: default: incidents description: Incident resource type. enum: - incidents example: incidents type: string x-enum-varnames: - INCIDENTS IncidentUpdateAttributes: description: The incident's attributes for an update request. properties: customer_impact_end: description: Timestamp when customers were no longer impacted by the incident. format: date-time nullable: true type: string customer_impact_scope: description: A summary of the impact customers experienced during the incident. example: Example customer impact scope type: string customer_impact_start: description: Timestamp when customers began being impacted by the incident. format: date-time nullable: true type: string customer_impacted: description: A flag indicating whether the incident caused customer impact. example: false type: boolean detected: description: Timestamp when the incident was detected. format: date-time nullable: true type: string fields: additionalProperties: $ref: '#/components/schemas/IncidentFieldAttributes' description: A condensed view of the user-defined fields for which to update selections. example: severity: type: dropdown value: SEV-5 type: object notification_handles: description: Notification handles that will be notified of the incident during update. items: $ref: '#/components/schemas/IncidentNotificationHandle' type: array resolved: description: Timestamp when the incident's state was set to resolved. format: date-time nullable: true type: string title: description: The title of the incident, which summarizes what happened. example: A test incident title type: string type: object IncidentUpdateData: description: Incident data for an update request. properties: attributes: $ref: '#/components/schemas/IncidentUpdateAttributes' id: description: The team's ID. example: 00000000-0000-0000-0000-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentUpdateRelationships' type: $ref: '#/components/schemas/IncidentType' required: - id - type type: object IncidentUpdateRelationships: description: The incident's relationships for an update request. properties: commander_user: $ref: '#/components/schemas/RelationshipToUser' created_by_user: $ref: '#/components/schemas/RelationshipToUser' integrations: $ref: '#/components/schemas/RelationshipToIncidentIntegrationMetadatas' last_modified_by_user: $ref: '#/components/schemas/RelationshipToUser' postmortem: $ref: '#/components/schemas/RelationshipToIncidentPostmortem' type: object IncidentUpdateRequest: description: Update request for an incident. properties: data: $ref: '#/components/schemas/IncidentUpdateData' required: - data type: object IncidentsResponse: description: Response with a list of incidents. properties: data: description: An array of incidents. example: - attributes: created: '2020-04-21T15:34:08.627205+00:00' creation_idempotency_key: null customer_impact_duration: 0 customer_impact_end: null customer_impact_scope: null customer_impact_start: null customer_impacted: false detected: '2020-04-14T00:00:00+00:00' modified: '2020-09-17T14:16:58.696424+00:00' postmortem_id: 00000000-0000-0000-0000-000000000000 public_id: 1 resolved: null severity: SEV-1 time_to_detect: 0 time_to_internal_response: 0 time_to_repair: 0 time_to_resolve: 0 title: Example Incident id: 00000000-0000-0000-0000-000000000000 relationships: commander_user: data: id: 00000000-0000-0000-0000-000000000000 type: users created_by_user: data: id: 00000000-0000-0000-0000-000000000000 type: users integrations: data: - id: 00000000-0000-0000-0000-000000000000 type: incident_integrations - id: 00000000-0000-0000-0000-000000000000 type: incident_integrations last_modified_by_user: data: id: 00000000-0000-0000-0000-000000000000 type: users postmortem: data: id: 00000000-0000-0000-0000-000000000000 type: incident_postmortems type: incidents - attributes: created: '2020-04-21T15:34:08.627205+00:00' creation_idempotency_key: null customer_impact_duration: 0 customer_impact_end: null customer_impact_scope: null customer_impact_start: null customer_impacted: false detected: '2020-04-14T00:00:00+00:00' modified: '2020-09-17T14:16:58.696424+00:00' postmortem_id: 00000000-0000-0000-0000-000000000000 public_id: 2 resolved: null severity: SEV-5 time_to_detect: 0 time_to_internal_response: 0 time_to_repair: 0 time_to_resolve: 0 title: Example Incident 2 id: 00000000-0000-0000-0000-000000000000 relationships: commander_user: data: id: 00000000-0000-0000-0000-000000000000 type: users created_by_user: data: id: 00000000-0000-0000-0000-000000000000 type: users integrations: data: - id: 00000000-0000-0000-0000-000000000000 type: incident_integrations - id: 00000000-0000-0000-0000-000000000000 type: incident_integrations last_modified_by_user: data: id: 00000000-0000-0000-0000-000000000000 type: users postmortem: data: id: 00000000-0000-0000-0000-000000000000 type: incident_postmortems type: incidents items: $ref: '#/components/schemas/IncidentResponseData' type: array included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentResponseIncludedItem' readOnly: true type: array meta: description: The metadata object containing pagination metadata. properties: pagination: description: Pagination properties. properties: next_offset: description: The index of the first element in the next page of results. Equal to page size added to the current offset. example: 1000 format: int64 type: integer offset: description: The index of the first element in the results. example: 10 format: int64 type: integer size: description: Maximum size of pages to return. example: 1000 format: int64 type: integer type: object readOnly: true type: object required: - data type: object ListApplicationKeysResponse: description: Response for a list of application keys. properties: data: description: Array of application keys. items: $ref: '#/components/schemas/PartialApplicationKey' type: array included: description: Array of objects related to the application key. items: $ref: '#/components/schemas/ApplicationKeyResponseIncludedItem' type: array type: object Log: description: Object description of a log after being processed and stored by Datadog. properties: attributes: description: JSON object containing all log attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from your log. example: customAttribute: 123 duration: 2345 type: object host: description: Name of the machine from where the logs are being sent. example: i-0123 type: string message: description: 'The message [reserved attribute](https://docs.datadoghq.com/logs/log_collection/#reserved-attributes) of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search.' example: Host connected to remote type: string service: description: 'The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products.' example: agent type: string status: description: Status of the message associated with your log. example: INFO type: string tags: description: Array of tags associated with your log. example: - team:A items: description: Tag associated with your log. type: string type: array timestamp: description: Timestamp of your log. example: '2019-01-02T09:42:36.320Z' format: date-time type: string type: object id: description: Unique ID of the Log. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/LogType' type: object LogType: default: log description: Type of the event. enum: - log example: log type: string x-enum-varnames: - LOG LogsAggregateBucket: description: A bucket values properties: by: additionalProperties: description: The values for each group by type: string description: The key, value pairs for each group by example: '@state': success '@version': abc type: object computes: additionalProperties: $ref: '#/components/schemas/LogsAggregateBucketValue' description: A map of the metric name -> value for regular compute or list of values for a timeseries type: object type: object LogsAggregateBucketValue: description: A bucket value, can be either a timeseries or a single value oneOf: - $ref: '#/components/schemas/LogsAggregateBucketValueSingleString' - $ref: '#/components/schemas/LogsAggregateBucketValueSingleNumber' - $ref: '#/components/schemas/LogsAggregateBucketValueTimeseries' LogsAggregateBucketValueSingleNumber: description: A single number value format: double type: number LogsAggregateBucketValueSingleString: description: A single string value type: string LogsAggregateBucketValueTimeseries: description: A timeseries array items: $ref: '#/components/schemas/LogsAggregateBucketValueTimeseriesPoint' type: array LogsAggregateBucketValueTimeseriesPoint: description: A timeseries point properties: time: description: The time value for this point example: '2020-06-08T11:55:00Z' type: string value: description: The value for this point example: 19 format: double type: number type: object LogsAggregateRequest: description: The object sent with the request to retrieve a list of logs from your organization. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: '#/components/schemas/LogsCompute' type: array filter: $ref: '#/components/schemas/LogsQueryFilter' group_by: description: The rules for the group by items: $ref: '#/components/schemas/LogsGroupBy' type: array options: $ref: '#/components/schemas/LogsQueryOptions' page: description: Paging settings properties: cursor: description: The returned paging point to use to get the next results example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object type: object LogsAggregateResponse: description: The response object for the logs aggregate API endpoint properties: data: description: The query results properties: buckets: description: The list of matching buckets, one item per bucket items: $ref: '#/components/schemas/LogsAggregateBucket' type: array type: object meta: $ref: '#/components/schemas/LogsResponseMetadata' type: object LogsAggregateResponseStatus: description: The status of the response enum: - done - timeout example: done type: string x-enum-varnames: - DONE - TIMEOUT LogsAggregateSort: description: A sort rule example: aggregation: count order: asc properties: aggregation: $ref: '#/components/schemas/LogsAggregationFunction' metric: description: The metric to sort by (only used for `type=measure`) example: '@duration' type: string order: $ref: '#/components/schemas/LogsSortOrder' type: $ref: '#/components/schemas/LogsAggregateSortType' type: object LogsAggregateSortType: default: alphabetical description: The type of sorting algorithm enum: - alphabetical - measure type: string x-enum-varnames: - ALPHABETICAL - MEASURE LogsAggregationFunction: description: An aggregation function enum: - count - cardinality - pc75 - pc90 - pc95 - pc98 - pc99 - sum - min - max - avg example: pc90 type: string x-enum-varnames: - COUNT - CARDINALITY - PERCENTILE_75 - PERCENTILE_90 - PERCENTILE_95 - PERCENTILE_98 - PERCENTILE_99 - SUM - MIN - MAX - AVG LogsArchive: description: The logs archive. properties: data: $ref: '#/components/schemas/LogsArchiveDefinition' type: object LogsArchiveAttributes: description: The attributes associated with the archive. properties: destination: $ref: '#/components/schemas/LogsArchiveDestination' include_tags: default: false description: 'To store the tags in the archive, set the value "true". If it is set to "false", the tags will be deleted when the logs are sent to the archive.' example: false type: boolean name: description: The archive name. example: Nginx Archive type: string query: description: The archive query/filter. Logs matching this query are included in the archive. example: source:nginx type: string rehydration_tags: description: An array of tags to add to rehydrated logs from an archive. example: - team:intake - team:app items: description: A given tag in the `:` format. type: string type: array state: $ref: '#/components/schemas/LogsArchiveState' required: - name - query - destination type: object LogsArchiveCreateRequest: description: The logs archive. properties: data: $ref: '#/components/schemas/LogsArchiveCreateRequestDefinition' type: object LogsArchiveCreateRequestAttributes: description: The attributes associated with the archive. properties: destination: $ref: '#/components/schemas/LogsArchiveCreateRequestDestination' include_tags: default: false description: 'To store the tags in the archive, set the value "true". If it is set to "false", the tags will be deleted when the logs are sent to the archive.' example: false type: boolean name: description: The archive name. example: Nginx Archive type: string query: description: The archive query/filter. Logs matching this query are included in the archive. example: source:nginx type: string rehydration_tags: description: An array of tags to add to rehydrated logs from an archive. example: - team:intake - team:app items: description: A given tag in the `:` format. type: string type: array required: - name - query - destination type: object LogsArchiveCreateRequestDefinition: description: The definition of an archive. properties: attributes: $ref: '#/components/schemas/LogsArchiveCreateRequestAttributes' type: default: archives description: The type of the resource. The value should always be archives. example: archives type: string required: - type type: object LogsArchiveCreateRequestDestination: description: An archive's destination. oneOf: - $ref: '#/components/schemas/LogsArchiveDestinationAzure' - $ref: '#/components/schemas/LogsArchiveDestinationGCS' - $ref: '#/components/schemas/LogsArchiveDestinationS3' required: - type - integration type: object LogsArchiveDefinition: description: The definition of an archive. properties: attributes: $ref: '#/components/schemas/LogsArchiveAttributes' id: description: The archive ID. example: a2zcMylnM4OCHpYusxIi3g readOnly: true type: string type: default: archives description: The type of the resource. The value should always be archives. example: archives readOnly: true type: string required: - type type: object LogsArchiveDestination: description: An archive's destination. nullable: true oneOf: - $ref: '#/components/schemas/LogsArchiveDestinationAzure' - $ref: '#/components/schemas/LogsArchiveDestinationGCS' - $ref: '#/components/schemas/LogsArchiveDestinationS3' required: - type - integration type: object LogsArchiveDestinationAzure: description: The Azure archive destination. properties: container: description: The container where the archive will be stored. example: container-name type: string integration: $ref: '#/components/schemas/LogsArchiveIntegrationAzure' path: description: The archive path. type: string region: description: The region where the archive will be stored. type: string storage_account: description: The associated storage account. example: account-name type: string type: $ref: '#/components/schemas/LogsArchiveDestinationAzureType' required: - storage_account - container - integration - type type: object LogsArchiveDestinationAzureType: default: azure description: Type of the Azure archive destination. enum: - azure example: azure type: string x-enum-varnames: - AZURE LogsArchiveDestinationGCS: description: The GCS archive destination. properties: bucket: description: The bucket where the archive will be stored. example: bucket-name type: string integration: $ref: '#/components/schemas/LogsArchiveIntegrationGCS' path: description: The archive path. type: string type: $ref: '#/components/schemas/LogsArchiveDestinationGCSType' required: - bucket - integration - type type: object LogsArchiveDestinationGCSType: default: gcs description: Type of the GCS archive destination. enum: - gcs example: gcs type: string x-enum-varnames: - GCS LogsArchiveDestinationS3: description: The S3 archive destination. properties: bucket: description: The bucket where the archive will be stored. example: bucket-name type: string integration: $ref: '#/components/schemas/LogsArchiveIntegrationS3' path: description: The archive path. type: string type: $ref: '#/components/schemas/LogsArchiveDestinationS3Type' required: - bucket - integration - type type: object LogsArchiveDestinationS3Type: default: s3 description: Type of the S3 archive destination. enum: - s3 example: s3 type: string x-enum-varnames: - S3 LogsArchiveIntegrationAzure: description: The Azure archive's integration destination. properties: client_id: description: A client ID. example: aaaaaaaa-1a1a-1a1a-1a1a-aaaaaaaaaaaa type: string tenant_id: description: A tenant ID. example: aaaaaaaa-1a1a-1a1a-1a1a-aaaaaaaaaaaa type: string required: - tenant_id - client_id type: object LogsArchiveIntegrationGCS: description: The GCS archive's integration destination. properties: client_email: description: A client email. example: youremail@example.com type: string project_id: description: A project ID. example: project-id type: string required: - project_id - client_email type: object LogsArchiveIntegrationS3: description: The S3 Archive's integration destination. properties: account_id: description: The account ID for the integration. example: '123456789012' type: string role_name: description: The path of the integration. example: role-name type: string required: - role_name - account_id type: object LogsArchiveOrder: description: A ordered list of archive IDs. properties: data: $ref: '#/components/schemas/LogsArchiveOrderDefinition' type: object LogsArchiveOrderAttributes: description: The attributes associated with the archive order. properties: archive_ids: description: 'An ordered array of `` strings, the order of archive IDs in the array define the overall archives order for Datadog.' example: - a2zcMylnM4OCHpYusxIi1g - a2zcMylnM4OCHpYusxIi2g - a2zcMylnM4OCHpYusxIi3g items: description: A given archive ID. type: string type: array required: - archive_ids type: object LogsArchiveOrderDefinition: description: The definition of an archive order. properties: attributes: $ref: '#/components/schemas/LogsArchiveOrderAttributes' type: $ref: '#/components/schemas/LogsArchiveOrderDefinitionType' required: - type - attributes type: object LogsArchiveOrderDefinitionType: default: archive_order description: Type of the archive order definition. enum: - archive_order example: archive_order type: string x-enum-varnames: - ARCHIVE_ORDER LogsArchiveState: description: The state of the archive. enum: - UNKNOWN - WORKING - FAILING - WORKING_AUTH_LEGACY example: WORKING type: string x-enum-varnames: - UNKNOWN - WORKING - FAILING - WORKING_AUTH_LEGACY LogsArchives: description: The available archives. properties: data: description: A list of archives. items: $ref: '#/components/schemas/LogsArchiveDefinition' type: array type: object LogsCompute: description: A compute rule to compute metrics or timeseries properties: aggregation: $ref: '#/components/schemas/LogsAggregationFunction' interval: description: 'The time buckets'' size (only used for type=timeseries) Defaults to a resolution of 150 points' example: 5m type: string metric: description: The metric to use example: '@duration' type: string type: $ref: '#/components/schemas/LogsComputeType' required: - aggregation type: object LogsComputeType: default: total description: The type of compute enum: - timeseries - total type: string x-enum-varnames: - TIMESERIES - TOTAL LogsGroupBy: description: A group by rule properties: facet: description: The name of the facet to use (required) example: host type: string histogram: description: 'Used to perform a histogram computation (only for measure facets). Note: At most 100 buckets are allowed, the number of buckets is (max - min)/interval.' properties: interval: description: The bin size of the histogram buckets example: 10 format: double type: number max: description: 'The maximum value for the measure used in the histogram (values greater than this one are filtered out)' example: 100 format: double type: number min: description: 'The minimum value for the measure used in the histogram (values smaller than this one are filtered out)' example: 50 format: double type: number required: - interval - min - max type: object limit: default: 10 description: The maximum buckets to return for this group by format: int64 type: integer missing: $ref: '#/components/schemas/LogsGroupByMissing' sort: $ref: '#/components/schemas/LogsAggregateSort' total: $ref: '#/components/schemas/LogsGroupByTotal' required: - facet type: object LogsGroupByMissing: description: The value to use for logs that don't have the facet used to group by oneOf: - $ref: '#/components/schemas/LogsGroupByMissingString' - $ref: '#/components/schemas/LogsGroupByMissingNumber' LogsGroupByMissingNumber: description: The missing value to use if there is a number valued facet. format: double type: number LogsGroupByMissingString: description: The missing value to use if there is string valued facet. type: string LogsGroupByTotal: default: false description: A resulting object to put the given computes in over all the matching records. oneOf: - $ref: '#/components/schemas/LogsGroupByTotalBoolean' - $ref: '#/components/schemas/LogsGroupByTotalString' - $ref: '#/components/schemas/LogsGroupByTotalNumber' LogsGroupByTotalBoolean: description: If set to true, creates an additional bucket labeled "$facet_total" type: boolean LogsGroupByTotalNumber: description: A number to use as the key value for the total bucket format: double type: number LogsGroupByTotalString: description: A string to use as the key value for the total bucket type: string LogsListRequest: description: The request for a logs list. properties: filter: $ref: '#/components/schemas/LogsQueryFilter' options: $ref: '#/components/schemas/LogsQueryOptions' page: description: Paging attributes for listing logs. properties: cursor: description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: Maximum number of logs in the response. example: 25 format: int32 maximum: 1000 type: integer type: object sort: $ref: '#/components/schemas/LogsSort' type: object LogsListResponse: description: Response object with all logs matching the request and pagination information. properties: data: description: Array of logs matching the request. items: $ref: '#/components/schemas/Log' type: array links: description: Links attributes. properties: next: description: 'Link for the next set of results. Note that the request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/logs/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object meta: $ref: '#/components/schemas/LogsResponseMetadata' type: object LogsMetricCompute: description: The compute rule to compute the log-based metric. properties: aggregation_type: $ref: '#/components/schemas/LogsMetricComputeAggregationType' path: description: The path to the value the log-based metric will aggregate on (only used if the aggregation type is a "distribution"). example: '@duration' type: string required: - aggregation_type type: object LogsMetricComputeAggregationType: description: The type of aggregation to use. enum: - count - distribution example: distribution type: string x-enum-varnames: - COUNT - DISTRIBUTION LogsMetricCreateAttributes: description: The object describing the Datadog log-based metric to create. properties: compute: $ref: '#/components/schemas/LogsMetricCompute' filter: $ref: '#/components/schemas/LogsMetricFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/LogsMetricGroupBy' type: array required: - compute type: object LogsMetricCreateData: description: The new log-based metric properties. properties: attributes: $ref: '#/components/schemas/LogsMetricCreateAttributes' id: $ref: '#/components/schemas/LogsMetricID' type: $ref: '#/components/schemas/LogsMetricType' required: - id - type - attributes type: object LogsMetricCreateRequest: description: The new log-based metric body. properties: data: $ref: '#/components/schemas/LogsMetricCreateData' required: - data type: object LogsMetricFilter: description: The log-based metric filter. Logs matching this filter will be aggregated in this metric. properties: query: default: '*' description: The search query - following the log search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string type: object LogsMetricGroupBy: description: A group by rule. properties: path: description: The path to the value the log-based metric will be aggregated over. example: '@http.status_code' type: string tag_name: description: Eventual name of the tag that gets created. By default, the path attribute is used as the tag name. example: status_code type: string required: - path type: object LogsMetricID: description: The name of the log-based metric. example: logs.page.load.count type: string LogsMetricResponse: description: The log-based metric object. properties: data: $ref: '#/components/schemas/LogsMetricResponseData' type: object LogsMetricResponseAttributes: description: The object describing a Datadog log-based metric. properties: compute: $ref: '#/components/schemas/LogsMetricResponseCompute' filter: $ref: '#/components/schemas/LogsMetricResponseFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/LogsMetricResponseGroupBy' type: array type: object LogsMetricResponseCompute: description: The compute rule to compute the log-based metric. properties: aggregation_type: $ref: '#/components/schemas/LogsMetricResponseComputeAggregationType' path: description: The path to the value the log-based metric will aggregate on (only used if the aggregation type is a "distribution"). example: '@duration' type: string type: object LogsMetricResponseComputeAggregationType: description: The type of aggregation to use. enum: - count - distribution example: distribution type: string x-enum-varnames: - COUNT - DISTRIBUTION LogsMetricResponseData: description: The log-based metric properties. properties: attributes: $ref: '#/components/schemas/LogsMetricResponseAttributes' id: $ref: '#/components/schemas/LogsMetricID' type: $ref: '#/components/schemas/LogsMetricType' type: object LogsMetricResponseFilter: description: The log-based metric filter. Logs matching this filter will be aggregated in this metric. properties: query: description: The search query - following the log search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string type: object LogsMetricResponseGroupBy: description: A group by rule. properties: path: description: The path to the value the log-based metric will be aggregated over. example: '@http.status_code' type: string tag_name: description: Eventual name of the tag that gets created. By default, the path attribute is used as the tag name. example: status_code type: string type: object LogsMetricType: default: logs_metrics description: The type of the resource. The value should always be logs_metrics. enum: - logs_metrics example: logs_metrics type: string x-enum-varnames: - LOGS_METRICS LogsMetricUpdateAttributes: description: The log-based metric properties that will be updated. properties: filter: $ref: '#/components/schemas/LogsMetricFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/LogsMetricGroupBy' type: array type: object LogsMetricUpdateData: description: The new log-based metric properties. properties: attributes: $ref: '#/components/schemas/LogsMetricUpdateAttributes' type: $ref: '#/components/schemas/LogsMetricType' required: - type - attributes type: object LogsMetricUpdateRequest: description: The new log-based metric body. properties: data: $ref: '#/components/schemas/LogsMetricUpdateData' required: - data type: object LogsMetricsResponse: description: All the available log-based metric objects. properties: data: description: A list of log-based metric objects. items: $ref: '#/components/schemas/LogsMetricResponseData' type: array type: object LogsQueryFilter: description: The search and filter query settings properties: from: default: now-15m description: The minimum time for the requested logs, supports date math and regular timestamps (milliseconds). example: now-15m type: string indexes: default: - '*' description: For customers with multiple indexes, the indexes to search. Defaults to ['*'] which means all indexes. example: - main - web items: description: The name of a log index. type: string type: array query: default: '*' description: The search query - following the log search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string to: default: now description: The maximum time for the requested logs, supports date math and regular timestamps (milliseconds). example: now type: string type: object LogsQueryOptions: description: 'Global query options that are used during the query. Note: You should only supply timezone or time offset but not both otherwise the query will fail.' properties: timeOffset: description: The time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: UTC description: 'The timezone can be specified both as an offset, for example: "UTC+03:00".' example: GMT type: string type: object LogsResponseMetadata: description: The metadata associated with a request properties: elapsed: description: The time elapsed in milliseconds example: 132 format: int64 type: integer page: description: Paging attributes. properties: after: description: 'The cursor to use to get the next results, if any. To make the next request, use the same. parameters with the addition of the `page[cursor]`.' example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object request_id: description: The identifier of the request example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string status: $ref: '#/components/schemas/LogsAggregateResponseStatus' warnings: description: 'A list of warnings (non fatal errors) encountered, partial results might be returned if warnings are present in the response.' items: $ref: '#/components/schemas/LogsWarning' type: array type: object LogsSort: description: Sort parameters when querying logs. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING LogsSortOrder: description: The order to use, ascending or descending enum: - asc - desc example: asc type: string x-enum-varnames: - ASCENDING - DESCENDING LogsWarning: description: A warning message indicating something that went wrong with the query properties: code: description: A unique code for this type of warning example: unknown_index type: string detail: description: A detailed explanation of this specific warning example: 'indexes: foo, bar' type: string title: description: A short human-readable summary of the warning example: One or several indexes are missing or invalid, results hold data from the other indexes type: string type: object Metric: description: Object for a single metric tag configuration. example: id: metric.foo.bar type: metric properties: id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricType' type: object MetricAllTags: description: Object for a single metric's indexed tags. properties: attributes: $ref: '#/components/schemas/MetricAllTagsAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricType' type: object MetricAllTagsAttributes: description: Object containing the definition of a metric's tags. properties: tags: description: List of indexed tag value pairs. example: - sport:golf - sport:football - animal:dog items: description: Tag key-value pairs. type: string type: array type: object MetricAllTagsResponse: description: Response object that includes a single metric's indexed tags. properties: data: $ref: '#/components/schemas/MetricAllTags' readOnly: true type: object MetricCustomAggregation: description: A time and space aggregation combination for use in query. example: space: sum time: sum properties: space: $ref: '#/components/schemas/MetricCustomSpaceAggregation' time: $ref: '#/components/schemas/MetricCustomTimeAggregation' required: - time - space type: object MetricCustomAggregations: description: 'A list of queryable aggregation combinations for a count, rate, or gauge metric. By default, count and rate metrics require the (time: sum, space: sum) aggregation and Gauge metrics require the (time: avg, space: avg) aggregation. Additional time & space combinations are also available: - time: avg, space: avg - time: avg, space: max - time: avg, space: min - time: avg, space: sum - time: count, space: sum - time: max, space: max - time: min, space: min - time: sum, space: avg - time: sum, space: sum Can only be applied to metrics that have a `metric_type` of `count`, `rate`, or `gauge`.' example: - space: sum time: sum - space: sum time: count items: $ref: '#/components/schemas/MetricCustomAggregation' type: array MetricCustomSpaceAggregation: description: A space aggregation for use in query. enum: - avg - max - min - sum example: sum type: string x-enum-varnames: - AVG - MAX - MIN - SUM MetricCustomTimeAggregation: description: A time aggregation for use in query. enum: - avg - count - max - min - sum example: sum type: string x-enum-varnames: - AVG - COUNT - MAX - MIN - SUM MetricDistinctVolume: description: Object for a single metric's distinct volume. properties: attributes: $ref: '#/components/schemas/MetricDistinctVolumeAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricDistinctVolumeType' type: object MetricDistinctVolumeAttributes: description: Object containing the definition of a metric's distinct volume. properties: distinct_volume: description: Distinct volume for the given metric. example: 10 format: int64 type: integer type: object MetricDistinctVolumeType: default: distinct_metric_volumes description: The metric distinct volume type. enum: - distinct_metric_volumes example: distinct_metric_volumes type: string x-enum-varnames: - DISTINCT_METRIC_VOLUMES MetricIngestedIndexedVolume: description: Object for a single metric's ingested and indexed volume. properties: attributes: $ref: '#/components/schemas/MetricIngestedIndexedVolumeAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricIngestedIndexedVolumeType' type: object MetricIngestedIndexedVolumeAttributes: description: Object containing the definition of a metric's ingested and indexed volume. properties: indexed_volume: description: Indexed volume for the given metric. example: 10 format: int64 type: integer ingested_volume: description: Ingested volume for the given metric. example: 20 format: int64 type: integer type: object MetricIngestedIndexedVolumeType: default: metric_volumes description: The metric ingested and indexed volume type. enum: - metric_volumes example: metric_volumes type: string x-enum-varnames: - METRIC_VOLUMES MetricName: description: The metric name for this resource. example: test.metric.latency type: string MetricTagConfiguration: description: Object for a single metric tag configuration. example: attributes: aggregations: - space: avg time: avg created_at: '2020-03-31T09:48:37.463835Z' metric_type: gauge modified_at: '2020-04-31T09:48:37.463835Z' tags: - app - datacenter id: http.request.latency type: manage_tags properties: attributes: $ref: '#/components/schemas/MetricTagConfigurationAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricTagConfigurationType' type: object MetricTagConfigurationAttributes: description: Object containing the definition of a metric tag configuration attributes. properties: aggregations: $ref: '#/components/schemas/MetricCustomAggregations' created_at: description: Timestamp when the tag configuration was created. example: '2020-03-31T09:48:37.463835Z' format: date-time type: string include_percentiles: description: 'Toggle to turn on/off percentile aggregations for distribution metrics. Only present when the `metric_type` is `distribution`.' example: true type: boolean metric_type: $ref: '#/components/schemas/MetricTagConfigurationMetricTypes' modified_at: description: Timestamp when the tag configuration was last modified. example: '2020-03-31T09:48:37.463835Z' format: date-time type: string tags: description: List of tag keys on which to group. example: - app - datacenter items: description: Tag keys to group by. type: string type: array type: object MetricTagConfigurationCreateAttributes: description: Object containing the definition of a metric tag configuration to be created. properties: aggregations: $ref: '#/components/schemas/MetricCustomAggregations' include_percentiles: default: false description: 'Toggle to include/exclude percentiles for a distribution metric. Defaults to false. Can only be applied to metrics that have a `metric_type` of `distribution`.' example: true type: boolean metric_type: $ref: '#/components/schemas/MetricTagConfigurationMetricTypes' tags: default: [] description: A list of tag keys that will be queryable for your metric. example: - app - datacenter items: description: Tag keys to group by. type: string type: array required: - tags - metric_type type: object MetricTagConfigurationCreateData: description: Object for a single metric to be configure tags on. example: attributes: include_percentiles: false metric_type: distribution tags: - app - datacenter id: http.endpoint.request type: manage_tags properties: attributes: $ref: '#/components/schemas/MetricTagConfigurationCreateAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricTagConfigurationType' required: - id - type type: object MetricTagConfigurationCreateRequest: description: Request object that includes the metric that you would like to configure tags for. properties: data: $ref: '#/components/schemas/MetricTagConfigurationCreateData' required: - data type: object MetricTagConfigurationMetricTypes: default: gauge description: The metric's type. enum: - gauge - count - rate - distribution example: count type: string x-enum-varnames: - GAUGE - COUNT - RATE - DISTRIBUTION MetricTagConfigurationResponse: description: Response object which includes a single metric's tag configuration. properties: data: $ref: '#/components/schemas/MetricTagConfiguration' readOnly: true type: object MetricTagConfigurationType: default: manage_tags description: The metric tag configuration resource type. enum: - manage_tags example: manage_tags type: string x-enum-varnames: - MANAGE_TAGS MetricTagConfigurationUpdateAttributes: description: Object containing the definition of a metric tag configuration to be updated. properties: aggregations: $ref: '#/components/schemas/MetricCustomAggregations' include_percentiles: default: false description: 'Toggle to include/exclude percentiles for a distribution metric. Defaults to false. Can only be applied to metrics that have a `metric_type` of `distribution`.' example: true type: boolean tags: default: [] description: A list of tag keys that will be queryable for your metric. example: - app - datacenter items: description: Tag keys to group by. type: string type: array type: object MetricTagConfigurationUpdateData: description: Object for a single tag configuration to be edited. example: attributes: group_by: - app - datacenter include_percentiles: false id: http.endpoint.request type: manage_tags properties: attributes: $ref: '#/components/schemas/MetricTagConfigurationUpdateAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricTagConfigurationType' required: - id - type type: object MetricTagConfigurationUpdateRequest: description: Request object that includes the metric that you would like to edit the tag configuration on. properties: data: $ref: '#/components/schemas/MetricTagConfigurationUpdateData' required: - data type: object MetricType: default: metrics description: The metric resource type. enum: - metrics example: metrics type: string x-enum-varnames: - METRICS MetricVolumes: description: Possible response objects for a metric's volume. oneOf: - $ref: '#/components/schemas/MetricDistinctVolume' - $ref: '#/components/schemas/MetricIngestedIndexedVolume' type: object MetricVolumesResponse: description: Response object which includes a single metric's volume. properties: data: $ref: '#/components/schemas/MetricVolumes' readOnly: true type: object MetricsAndMetricTagConfigurations: description: Object for a metrics and metric tag configurations. oneOf: - $ref: '#/components/schemas/Metric' - $ref: '#/components/schemas/MetricTagConfiguration' type: object MetricsAndMetricTagConfigurationsResponse: description: Response object that includes metrics and metric tag configurations. properties: data: description: Array of metrics and metric tag configurations. items: $ref: '#/components/schemas/MetricsAndMetricTagConfigurations' type: array readOnly: true type: object Organization: description: Organization object. properties: attributes: $ref: '#/components/schemas/OrganizationAttributes' id: description: ID of the organization. type: string type: $ref: '#/components/schemas/OrganizationsType' required: - type type: object OrganizationAttributes: description: Attributes of the organization. properties: created_at: description: Creation time of the organization. format: date-time type: string description: description: Description of the organization. type: string disabled: description: Whether or not the organization is disabled. type: boolean modified_at: description: Time of last organization modification. format: date-time type: string name: description: Name of the organization. type: string public_id: description: Public ID of the organization. type: string sharing: description: Sharing type of the organization. type: string url: description: URL of the site that this organization exists at. type: string type: object OrganizationsType: default: orgs description: Organizations resource type. enum: - orgs example: orgs type: string x-enum-varnames: - ORGS Pagination: description: Pagination object. properties: total_count: description: Total count. format: int64 type: integer total_filtered_count: description: Total count of elements matched by the filter. format: int64 type: integer type: object PartialAPIKey: description: Partial Datadog API key. properties: attributes: $ref: '#/components/schemas/PartialAPIKeyAttributes' id: description: ID of the API key. type: string relationships: $ref: '#/components/schemas/APIKeyRelationships' type: $ref: '#/components/schemas/APIKeysType' type: object PartialAPIKeyAttributes: description: Attributes of a partial API key. properties: created_at: description: Creation date of the API key. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string last4: description: The last four characters of the API key. example: abcd maxLength: 4 minLength: 4 readOnly: true type: string x-secret: true modified_at: description: Date the API key was last modified. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string name: description: Name of the API key. example: API Key for submitting metrics type: string type: object PartialApplicationKey: description: Partial Datadog application key. properties: attributes: $ref: '#/components/schemas/PartialApplicationKeyAttributes' id: description: ID of the application key. type: string relationships: $ref: '#/components/schemas/ApplicationKeyRelationships' type: $ref: '#/components/schemas/ApplicationKeysType' type: object PartialApplicationKeyAttributes: description: Attributes of a partial application key. properties: created_at: description: Creation date of the application key. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string last4: description: The last four characters of the application key. example: abcd maxLength: 4 minLength: 4 readOnly: true type: string x-secret: true name: description: Name of the application key. example: Application Key for managing dashboards type: string scopes: description: Array of scopes to grant the application key. This feature is in private beta, please contact Datadog support to enable scopes for your application keys. example: - dashboards_read - dashboards_write - dashboards_public_share items: description: Name of scope. type: string nullable: true type: array type: object PartialApplicationKeyResponse: description: Response for retrieving a partial application key. properties: data: $ref: '#/components/schemas/PartialApplicationKey' included: description: Array of objects related to the application key. items: $ref: '#/components/schemas/ApplicationKeyResponseIncludedItem' type: array type: object Permission: description: Permission object. properties: attributes: $ref: '#/components/schemas/PermissionAttributes' id: description: ID of the permission. type: string type: $ref: '#/components/schemas/PermissionsType' required: - type type: object PermissionAttributes: description: Attributes of a permission. properties: created: description: Creation time of the permission. format: date-time type: string description: description: Description of the permission. type: string display_name: description: Displayed name for the permission. type: string display_type: description: Display type. type: string group_name: description: Name of the permission group. type: string name: description: Name of the permission. type: string restricted: description: Whether or not the permission is restricted. type: boolean type: object PermissionsResponse: description: Payload with API-returned permissions. properties: data: description: Array of permissions. items: $ref: '#/components/schemas/Permission' type: array type: object PermissionsType: default: permissions description: Permissions resource type. enum: - permissions example: permissions type: string x-enum-varnames: - PERMISSIONS ProcessSummariesMeta: description: Response metadata object. properties: page: description: Paging attributes. properties: after: description: 'The cursor used to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`.' example: 911abf1204838d9cdfcb9a96d0b6a1bd03e1b514074f1ce1737c4cbd type: string size: description: Number of results returned. format: int32 maximum: 10000 minimum: 0 type: integer type: object type: object ProcessSummariesResponse: description: List of process summaries. properties: data: description: Array of process summary objects. items: $ref: '#/components/schemas/ProcessSummary' type: array meta: $ref: '#/components/schemas/ProcessSummariesMeta' type: object ProcessSummary: description: Process summary object. properties: attributes: $ref: '#/components/schemas/ProcessSummaryAttributes' id: description: Process ID. type: string type: $ref: '#/components/schemas/ProcessSummaryType' type: object ProcessSummaryAttributes: description: Attributes for a process summary. properties: cmdline: description: Process command line. type: string host: description: Host running the process. type: string pid: description: Process ID. format: int64 type: integer ppid: description: Parent process ID. format: int64 type: integer start: description: Time the process was started. type: string tags: description: List of tags associated with the process. items: description: A tag associated with the process. type: string type: array timestamp: description: Time the process was seen. type: string user: description: Process owner. type: string type: object ProcessSummaryType: default: process description: Type of process summary. enum: - process example: process type: string x-enum-varnames: - PROCESS QuerySortOrder: default: desc description: Direction of sort. enum: - asc - desc type: string x-enum-varnames: - ASC - DESC RelationshipToIncidentIntegrationMetadataData: description: A relationship reference for an integration metadata object. example: id: 00000000-0000-0000-0000-000000000000 type: incident_integrations properties: id: description: A unique identifier that represents the integration metadata. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/IncidentIntegrationMetadataType' required: - id - type type: object RelationshipToIncidentIntegrationMetadatas: description: A relationship reference for multiple integration metadata objects. example: data: - id: 00000000-0000-0000-0000-000000000000 type: incident_integrations - id: 00000000-0000-0000-0000-000000000000 type: incident_integrations properties: data: description: The integration metadata relationship array example: - id: 00000000-0000-0000-0000-000000000000 type: incident_integrations - id: 00000000-0000-0000-0000-000000000000 type: incident_integrations items: $ref: '#/components/schemas/RelationshipToIncidentIntegrationMetadataData' type: array required: - data type: object RelationshipToIncidentPostmortem: description: A relationship reference for postmortems. example: data: id: 00000000-0000-0000-0000-000000000000 type: incident_postmortems properties: data: $ref: '#/components/schemas/RelationshipToIncidentPostmortemData' required: - data type: object RelationshipToIncidentPostmortemData: description: The postmortem relationship data. example: id: 00000000-0000-0000-0000-000000000000 type: incident_postmortems properties: id: description: A unique identifier that represents the postmortem. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/IncidentPostmortemType' required: - id - type type: object RelationshipToOrganization: description: Relationship to an organization. properties: data: $ref: '#/components/schemas/RelationshipToOrganizationData' required: - data type: object RelationshipToOrganizationData: description: Relationship to organization object. properties: id: description: ID of the organization. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/OrganizationsType' required: - id - type type: object RelationshipToOrganizations: description: Relationship to organizations. properties: data: description: Relationships to organization objects. example: [] items: $ref: '#/components/schemas/RelationshipToOrganizationData' type: array required: - data type: object RelationshipToPermission: description: Relationship to a permissions object. properties: data: $ref: '#/components/schemas/RelationshipToPermissionData' type: object RelationshipToPermissionData: description: Relationship to permission object. properties: id: description: ID of the permission. type: string type: $ref: '#/components/schemas/PermissionsType' type: object RelationshipToPermissions: description: Relationship to multiple permissions objects. properties: data: description: Relationships to permission objects. items: $ref: '#/components/schemas/RelationshipToPermissionData' type: array type: object RelationshipToRole: description: Relationship to role. properties: data: $ref: '#/components/schemas/RelationshipToRoleData' type: object RelationshipToRoleData: description: Relationship to role object. properties: id: description: ID of the role. example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string type: $ref: '#/components/schemas/RolesType' type: object RelationshipToRoles: description: Relationship to roles. properties: data: description: An array containing type and ID of a role. items: $ref: '#/components/schemas/RelationshipToRoleData' type: array type: object RelationshipToUser: description: Relationship to user. properties: data: $ref: '#/components/schemas/RelationshipToUserData' required: - data type: object RelationshipToUserData: description: Relationship to user object. properties: id: description: A unique identifier that represents the user. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/UsersType' required: - id - type type: object RelationshipToUsers: description: Relationship to users. properties: data: description: Relationships to user objects. example: [] items: $ref: '#/components/schemas/RelationshipToUserData' type: array required: - data type: object ResponseMetaAttributes: description: Object describing meta attributes of response. properties: page: $ref: '#/components/schemas/Pagination' type: object Role: description: Role object returned by the API. properties: attributes: $ref: '#/components/schemas/RoleAttributes' id: description: ID of the role. type: string relationships: $ref: '#/components/schemas/RoleResponseRelationships' type: $ref: '#/components/schemas/RolesType' required: - type type: object RoleAttributes: description: Attributes of the role. properties: created_at: description: Creation time of the role. format: date-time readOnly: true type: string modified_at: description: Time of last role modification. format: date-time readOnly: true type: string name: description: Name of the role. type: string user_count: description: Number of users with that role. format: int64 readOnly: true type: integer type: object RoleClone: description: Data for the clone role request. properties: attributes: $ref: '#/components/schemas/RoleCloneAttributes' type: $ref: '#/components/schemas/RolesType' required: - type - attributes type: object RoleCloneAttributes: description: Attributes required to create a new role by cloning an existing one. properties: name: description: Name of the new role that is cloned. example: cloned-role type: string required: - name type: object RoleCloneRequest: description: Request to create a role by cloning an existing role. properties: data: $ref: '#/components/schemas/RoleClone' required: - data type: object RoleCreateAttributes: description: Attributes of the created role. properties: created_at: description: Creation time of the role. format: date-time readOnly: true type: string modified_at: description: Time of last role modification. format: date-time readOnly: true type: string name: description: Name of the role. example: developers type: string required: - name type: object RoleCreateData: description: Data related to the creation of a role. properties: attributes: $ref: '#/components/schemas/RoleCreateAttributes' relationships: $ref: '#/components/schemas/RoleRelationships' type: $ref: '#/components/schemas/RolesType' required: - attributes type: object RoleCreateRequest: description: Create a role. properties: data: $ref: '#/components/schemas/RoleCreateData' required: - data type: object RoleCreateResponse: description: Response containing information about a created role. properties: data: description: Role object returned by the API. properties: attributes: $ref: '#/components/schemas/RoleCreateAttributes' id: description: ID of the role. type: string relationships: $ref: '#/components/schemas/RoleResponseRelationships' type: $ref: '#/components/schemas/RolesType' required: - type type: object type: object RoleRelationships: description: Relationships of the role object. properties: permissions: $ref: '#/components/schemas/RelationshipToPermissions' users: $ref: '#/components/schemas/RelationshipToUsers' type: object RoleResponse: description: Response containing information about a single role. properties: data: $ref: '#/components/schemas/Role' type: object RoleResponseRelationships: description: Relationships of the role object returned by the API. properties: permissions: $ref: '#/components/schemas/RelationshipToPermissions' type: object RoleUpdateAttributes: description: Attributes of the role. properties: created_at: description: Creation time of the role. format: date-time readOnly: true type: string modified_at: description: Time of last role modification. format: date-time readOnly: true type: string name: description: Name of the role. type: string type: object RoleUpdateData: description: Data related to the update of a role. properties: attributes: $ref: '#/components/schemas/RoleUpdateAttributes' id: description: ID of the role. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/RolesType' required: - attributes - type - id type: object RoleUpdateRequest: description: Update a role. properties: data: $ref: '#/components/schemas/RoleUpdateData' required: - data type: object RoleUpdateResponse: description: Response containing information about an updated role. properties: data: description: Role object returned by the API. properties: attributes: $ref: '#/components/schemas/RoleUpdateAttributes' id: description: ID of the role. type: string relationships: $ref: '#/components/schemas/RoleResponseRelationships' type: $ref: '#/components/schemas/RolesType' required: - type type: object type: object RolesResponse: description: Response containing information about multiple roles. properties: data: description: Array of returned roles. items: $ref: '#/components/schemas/Role' type: array meta: $ref: '#/components/schemas/ResponseMetaAttributes' type: object RolesSort: default: name description: Sorting options for roles. enum: - name - -name - modified_at - -modified_at - user_count - -user_count type: string x-enum-varnames: - NAME_ASCENDING - NAME_DESCENDING - MODIFIED_AT_ASCENDING - MODIFIED_AT_DESCENDING - USER_COUNT_ASCENDING - USER_COUNT_DESCENDING RolesType: default: roles description: Roles type. enum: - roles example: roles type: string x-enum-varnames: - ROLES SecurityFilter: description: The security filter's properties. properties: attributes: $ref: '#/components/schemas/SecurityFilterAttributes' id: $ref: '#/components/schemas/SecurityFilterID' type: $ref: '#/components/schemas/SecurityFilterType' type: object SecurityFilterAttributes: description: The object describing a security filter. properties: exclusion_filters: description: The list of exclusion filters applied in this security filter. items: $ref: '#/components/schemas/SecurityFilterExclusionFilterResponse' type: array filtered_data_type: $ref: '#/components/schemas/SecurityFilterFilteredDataType' is_builtin: description: Whether the security filter is the built-in filter. example: false type: boolean is_enabled: description: Whether the security filter is enabled. example: false type: boolean name: description: The security filter name. example: Custom security filter type: string query: description: The security filter query. Logs accepted by this query will be accepted by this filter. example: service:api type: string version: description: The version of the security filter. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityFilterCreateAttributes: description: Object containing the attributes of the security filter to be created. properties: exclusion_filters: description: Exclusion filters to exclude some logs from the security filter. example: - name: Exclude staging query: source:staging items: $ref: '#/components/schemas/SecurityFilterExclusionFilter' type: array filtered_data_type: $ref: '#/components/schemas/SecurityFilterFilteredDataType' is_enabled: description: Whether the security filter is enabled. example: true type: boolean name: description: The name of the security filter. example: Custom security filter type: string query: description: The query of the security filter. example: service:api type: string required: - name - query - exclusion_filters - filtered_data_type - is_enabled type: object SecurityFilterCreateData: description: Object for a single security filter. properties: attributes: $ref: '#/components/schemas/SecurityFilterCreateAttributes' type: $ref: '#/components/schemas/SecurityFilterType' required: - type - attributes type: object SecurityFilterCreateRequest: description: Request object that includes the security filter that you would like to create. properties: data: $ref: '#/components/schemas/SecurityFilterCreateData' required: - data type: object SecurityFilterExclusionFilter: description: Exclusion filter for the security filter. example: name: Exclude staging query: source:staging properties: name: description: Exclusion filter name. example: Exclude staging type: string query: description: Exclusion filter query. Logs that match this query are excluded from the security filter. example: source:staging type: string required: - name - query type: object SecurityFilterExclusionFilterResponse: description: A single exclusion filter. properties: name: description: The exclusion filter name. example: Exclude staging type: string query: description: The exclusion filter query. example: source:staging type: string type: object SecurityFilterFilteredDataType: description: The filtered data type. enum: - logs example: logs type: string x-enum-varnames: - LOGS SecurityFilterID: description: The ID of the security filter. example: 3dd-0uc-h1s type: string SecurityFilterMeta: description: Optional metadata associated to the response. properties: warning: description: A warning message. example: All the security filters are disabled. As a result, no logs are being analyzed. type: string type: object SecurityFilterResponse: description: Response object which includes a single security filter. properties: data: $ref: '#/components/schemas/SecurityFilter' meta: $ref: '#/components/schemas/SecurityFilterMeta' type: object SecurityFilterType: default: security_filters description: The type of the resource. The value should always be `security_filters`. enum: - security_filters example: security_filters type: string x-enum-varnames: - SECURITY_FILTERS SecurityFilterUpdateAttributes: description: The security filters properties to be updated. properties: exclusion_filters: description: Exclusion filters to exclude some logs from the security filter. example: [] items: $ref: '#/components/schemas/SecurityFilterExclusionFilter' type: array filtered_data_type: $ref: '#/components/schemas/SecurityFilterFilteredDataType' is_enabled: description: Whether the security filter is enabled. example: true type: boolean name: description: The name of the security filter. example: Custom security filter type: string query: description: The query of the security filter. example: service:api type: string version: description: The version of the security filter to update. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityFilterUpdateData: description: The new security filter properties. properties: attributes: $ref: '#/components/schemas/SecurityFilterUpdateAttributes' type: $ref: '#/components/schemas/SecurityFilterType' required: - type - attributes type: object SecurityFilterUpdateRequest: description: The new security filter body. properties: data: $ref: '#/components/schemas/SecurityFilterUpdateData' required: - data type: object SecurityFiltersResponse: description: All the available security filters objects. properties: data: description: A list of security filters objects. items: $ref: '#/components/schemas/SecurityFilter' type: array meta: $ref: '#/components/schemas/SecurityFilterMeta' type: object SecurityMonitoringFilter: description: The rule's suppression filter. properties: action: $ref: '#/components/schemas/SecurityMonitoringFilterAction' query: description: Query for selecting logs to apply the filtering action. type: string type: object SecurityMonitoringFilterAction: description: The type of filtering action. enum: - require - suppress type: string x-enum-varnames: - REQUIRE - SUPPRESS SecurityMonitoringListRulesResponse: description: List of rules. properties: data: description: Array containing the list of rules. items: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' type: array meta: $ref: '#/components/schemas/ResponseMetaAttributes' type: object SecurityMonitoringRuleCase: description: Case when signal is generated. properties: condition: description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated based on the event counts in the previously defined queries.' type: string name: description: Name of the case. type: string notifications: description: Notification targets for each rule case. items: description: Notification. type: string type: array status: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' type: object SecurityMonitoringRuleCaseCreate: description: Case when signal is generated. properties: condition: description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated based on the event counts in the previously defined queries.' type: string name: description: Name of the case. type: string notifications: description: Notification targets for each rule case. items: description: Notification. type: string type: array status: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' required: - status type: object SecurityMonitoringRuleCreatePayload: description: Create a new rule. properties: cases: description: Cases for generating signals. example: [] items: $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate' type: array filters: description: Additional queries to filter matched events before they are processed. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: '' type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. example: [] items: $ref: '#/components/schemas/SecurityMonitoringRuleQueryCreate' type: array tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array type: $ref: '#/components/schemas/SecurityMonitoringRuleTypeCreate' required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringRuleDetectionMethod: description: The detection method. enum: - threshold - new_value - anomaly_detection type: string x-enum-varnames: - THRESHOLD - NEW_VALUE - ANOMALY_DETECTION SecurityMonitoringRuleEvaluationWindow: description: 'A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time.' enum: - 0 - 60 - 300 - 600 - 900 - 1800 - 3600 - 7200 format: int32 type: integer x-enum-varnames: - ZERO_MINUTES - ONE_MINUTE - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - TWO_HOURS SecurityMonitoringRuleKeepAlive: description: "Once a signal is generated, the signal will remain \u201Copen\u201D if a case is matched at least once within\nthis keep alive window." enum: - 0 - 60 - 300 - 600 - 900 - 1800 - 3600 - 7200 - 10800 - 21600 format: int32 type: integer x-enum-varnames: - ZERO_MINUTES - ONE_MINUTE - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - TWO_HOURS - THREE_HOURS - SIX_HOURS SecurityMonitoringRuleMaxSignalDuration: description: "A signal will \u201Cclose\u201D regardless of the query being matched once the time exceeds the maximum duration.\nThis time is calculated from the first seen timestamp." enum: - 0 - 60 - 300 - 600 - 900 - 1800 - 3600 - 7200 - 10800 - 21600 - 43200 - 86400 format: int32 type: integer x-enum-varnames: - ZERO_MINUTES - ONE_MINUTE - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - TWO_HOURS - THREE_HOURS - SIX_HOURS - TWELVE_HOURS - ONE_DAY SecurityMonitoringRuleNewValueOptions: description: Options on new value rules. properties: forgetAfter: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsForgetAfter' learningDuration: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningDuration' type: object SecurityMonitoringRuleNewValueOptionsForgetAfter: description: The duration in days after which a learned value is forgotten. enum: - 1 - 2 - 7 - 14 - 21 - 28 format: int32 type: integer x-enum-varnames: - ONE_DAY - TWO_DAYS - ONE_WEEK - TWO_WEEKS - THREE_WEEKS - FOUR_WEEKS SecurityMonitoringRuleNewValueOptionsLearningDuration: description: 'The duration in days during which values are learned, and after which signals will be generated for values that weren''t learned. If set to 0, a signal will be generated for all new values after the first value is learned.' enum: - 0 - 1 - 7 format: int32 type: integer x-enum-varnames: - ZERO_DAYS - ONE_DAY - SEVEN_DAYS SecurityMonitoringRuleOptions: description: Options on rules. properties: detectionMethod: $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod' evaluationWindow: $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow' keepAlive: $ref: '#/components/schemas/SecurityMonitoringRuleKeepAlive' maxSignalDuration: $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration' newValueOptions: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions' type: object SecurityMonitoringRuleQuery: description: Query for matching rule. properties: aggregation: $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' distinctFields: description: Field for which the cardinality is measured. Sent as an array. items: description: Field. type: string type: array groupByFields: description: Fields to group by. items: description: Field. type: string type: array metric: description: 'The target field to aggregate over when using the sum or max aggregations.' type: string name: description: Name of the query. type: string query: description: Query to run on logs. type: string type: object SecurityMonitoringRuleQueryAggregation: description: The aggregation type. enum: - count - cardinality - sum - max - new_value type: string x-enum-varnames: - COUNT - CARDINALITY - SUM - MAX - NEW_VALUE SecurityMonitoringRuleQueryCreate: description: Query for matching rule. properties: aggregation: $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' distinctFields: description: Field for which the cardinality is measured. Sent as an array. items: description: Field. type: string type: array groupByFields: description: Fields to group by. items: description: Field. type: string type: array metric: description: 'The target field to aggregate over when using the sum or max aggregations.' type: string name: description: Name of the query. type: string query: description: Query to run on logs. example: a > 3 type: string required: - query type: object SecurityMonitoringRuleResponse: description: Rule. properties: cases: description: Cases for generating signals. items: $ref: '#/components/schemas/SecurityMonitoringRuleCase' type: array createdAt: description: When the rule was created, timestamp in milliseconds. format: int64 type: integer creationAuthorId: description: User ID of the user who created the rule. format: int64 type: integer filters: description: Additional queries to filter matched events before they are processed. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. type: boolean id: description: The ID of the rule. type: string isDefault: description: Whether the rule is included by default. type: boolean isDeleted: description: Whether the rule has been deleted. type: boolean isEnabled: description: Whether the rule is enabled. type: boolean message: description: Message for generated signals. type: string name: description: The name of the rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. items: $ref: '#/components/schemas/SecurityMonitoringRuleQuery' type: array tags: description: Tags for generated signals. items: description: Tag. type: string type: array type: $ref: '#/components/schemas/SecurityMonitoringRuleTypeRead' updateAuthorId: description: User ID of the user who updated the rule. format: int64 type: integer version: description: The version of the rule. format: int64 type: integer SecurityMonitoringRuleSeverity: description: Severity of the Security Signal. enum: - info - low - medium - high - critical example: critical type: string x-enum-varnames: - INFO - LOW - MEDIUM - HIGH - CRITICAL SecurityMonitoringRuleTypeCreate: description: The rule type. enum: - log_detection - workload_security type: string x-enum-varnames: - LOG_DETECTION - WORKLOAD_SECURITY SecurityMonitoringRuleTypeRead: description: The rule type. enum: - log_detection - infrastructure_configuration - workload_security - cloud_configuration type: string x-enum-varnames: - LOG_DETECTION - INFRASTRUCTURE_CONFIGURATION - WORKLOAD_SECURITY - CLOUD_CONFIGURATION SecurityMonitoringRuleUpdatePayload: description: Update an existing rule. properties: cases: description: Cases for generating signals. items: $ref: '#/components/schemas/SecurityMonitoringRuleCase' type: array filters: description: Additional queries to filter matched events before they are processed. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. type: boolean message: description: Message for generated signals. type: string name: description: Name of the rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. items: $ref: '#/components/schemas/SecurityMonitoringRuleQuery' type: array tags: description: Tags for generated signals. items: description: Tag. type: string type: array version: description: The version of the rule being updated. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityMonitoringSignal: description: Object description of a security signal. properties: attributes: description: 'The object containing all signal attributes and their associated values.' properties: attributes: additionalProperties: {} description: A JSON object of attributes in the security signal. example: workflow: first_seen: '2020-06-23T14:46:01.000Z' last_seen: '2020-06-23T14:46:49.000Z' rule: id: 0f5-e0c-805 name: 'Brute Force Attack Grouped By User ' version: 12 type: object message: description: The message in the security signal defined by the rule that generated the signal. example: Detect Account Take Over (ATO) through brute force attempts type: string tags: description: An array of tags associated with the security signal. example: - security:attack - technique:T1110-brute-force format: array items: description: The tag associated with the security signal. type: string timestamp: description: The timestamp of the security signal. example: '2019-01-02T09:42:36.320Z' format: date-time type: string type: object id: description: The unique ID of the security signal. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/SecurityMonitoringSignalType' type: object SecurityMonitoringSignalListRequest: description: The request for a security signal list. properties: filter: description: Search filters for listing security signals. properties: from: description: The minimum timestamp for requested security signals. example: '2019-01-02T09:42:36.320Z' format: date-time type: string query: description: Search query for listing security signals. example: security:attack status:high type: string to: description: The maximum timestamp for requested security signals. example: '2019-01-03T09:42:36.320Z' format: date-time type: string type: object page: description: The paging attributes for listing security signals. properties: cursor: description: A list of results using the cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: The maximum number of security signals in the response. example: 25 format: int32 maximum: 1000 type: integer type: object sort: $ref: '#/components/schemas/SecurityMonitoringSignalsSort' type: object SecurityMonitoringSignalType: default: signal description: The type of event. enum: - signal example: signal type: string x-enum-varnames: - SIGNAL SecurityMonitoringSignalsListResponse: description: 'The response object with all security signals matching the request and pagination information.' properties: data: description: An array of security signals matching the request. items: $ref: '#/components/schemas/SecurityMonitoringSignal' type: array links: description: Links attributes. properties: next: description: 'The link for the next set of results. **Note**: The request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/security_monitoring/signals?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object meta: description: Meta attributes. properties: page: description: Paging attributes. properties: after: description: 'The cursor used to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`.' example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object type: object type: object SecurityMonitoringSignalsSort: description: The sort parameters used for querying security signals. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING ServiceAccountCreateAttributes: description: Attributes of the created user. properties: email: description: The email of the user. example: jane.doe@example.com type: string name: description: The name of the user. type: string service_account: description: Whether the user is a service account. Must be true. example: true type: boolean title: description: The title of the user. type: string required: - email - service_account type: object ServiceAccountCreateData: description: Object to create a service account User. properties: attributes: $ref: '#/components/schemas/ServiceAccountCreateAttributes' relationships: $ref: '#/components/schemas/UserRelationships' type: $ref: '#/components/schemas/UsersType' required: - attributes - type type: object ServiceAccountCreateRequest: description: Create a service account. properties: data: $ref: '#/components/schemas/ServiceAccountCreateData' required: - data type: object User: description: User object returned by the API. properties: attributes: $ref: '#/components/schemas/UserAttributes' id: description: ID of the user. type: string relationships: $ref: '#/components/schemas/UserResponseRelationships' type: $ref: '#/components/schemas/UsersType' type: object UserAttributes: description: Attributes of user object returned by the API. properties: created_at: description: Creation time of the user. format: date-time type: string disabled: description: Whether the user is disabled. type: boolean email: description: Email of the user. type: string handle: description: Handle of the user. type: string icon: description: URL of the user's icon. type: string modified_at: description: Time that the user was last modified. format: date-time type: string name: description: Name of the user. nullable: true type: string service_account: description: Whether the user is a service account. type: boolean status: description: Status of the user. type: string title: description: Title of the user. nullable: true type: string verified: description: Whether the user is verified. type: boolean type: object UserCreateAttributes: description: Attributes of the created user. properties: email: description: The email of the user. example: jane.doe@example.com type: string name: description: The name of the user. type: string title: description: The title of the user. type: string required: - email type: object UserCreateData: description: Object to create a user. properties: attributes: $ref: '#/components/schemas/UserCreateAttributes' relationships: $ref: '#/components/schemas/UserRelationships' type: $ref: '#/components/schemas/UsersType' required: - attributes - type type: object UserCreateRequest: description: Create a user. properties: data: $ref: '#/components/schemas/UserCreateData' required: - data type: object UserInvitationData: description: Object to create a user invitation. properties: relationships: $ref: '#/components/schemas/UserInvitationRelationships' type: $ref: '#/components/schemas/UserInvitationsType' required: - type - relationships type: object UserInvitationDataAttributes: description: Attributes of a user invitation. properties: created_at: description: Creation time of the user invitation. format: date-time type: string expires_at: description: Time of invitation expiration. format: date-time type: string invite_type: description: Type of invitation. type: string uuid: description: UUID of the user invitation. type: string type: object UserInvitationRelationships: description: Relationships data for user invitation. properties: user: $ref: '#/components/schemas/RelationshipToUser' required: - user type: object UserInvitationResponse: description: User invitation as returned by the API. properties: data: $ref: '#/components/schemas/UserInvitationResponseData' type: object UserInvitationResponseData: description: Object of a user invitation returned by the API. properties: attributes: $ref: '#/components/schemas/UserInvitationDataAttributes' id: description: ID of the user invitation. type: string type: $ref: '#/components/schemas/UserInvitationsType' type: object UserInvitationsRequest: description: Object to invite users to join the organization. properties: data: description: List of user invitations. example: [] items: $ref: '#/components/schemas/UserInvitationData' type: array required: - data type: object UserInvitationsResponse: description: User invitations as returned by the API. properties: data: description: Array of user invitations. items: $ref: '#/components/schemas/UserInvitationResponseData' type: array type: object UserInvitationsType: default: user_invitations description: User invitations type. enum: - user_invitations example: user_invitations type: string x-enum-varnames: - USER_INVITATIONS UserRelationships: description: Relationships of the user object. properties: roles: $ref: '#/components/schemas/RelationshipToRoles' type: object UserResponse: description: Response containing information about a single user. properties: data: $ref: '#/components/schemas/User' included: description: Array of objects related to the user. items: $ref: '#/components/schemas/UserResponseIncludedItem' type: array type: object UserResponseIncludedItem: description: An object related to a user. oneOf: - $ref: '#/components/schemas/Organization' - $ref: '#/components/schemas/Permission' - $ref: '#/components/schemas/Role' type: object UserResponseRelationships: description: Relationships of the user object returned by the API. properties: org: $ref: '#/components/schemas/RelationshipToOrganization' other_orgs: $ref: '#/components/schemas/RelationshipToOrganizations' other_users: $ref: '#/components/schemas/RelationshipToUsers' roles: $ref: '#/components/schemas/RelationshipToRoles' type: object UserUpdateAttributes: description: Attributes of the edited user. properties: disabled: description: If the user is enabled or disabled. type: boolean email: description: The email of the user. type: string name: description: The name of the user. type: string type: object UserUpdateData: description: Object to update a user. properties: attributes: $ref: '#/components/schemas/UserUpdateAttributes' id: description: ID of the user. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/UsersType' required: - attributes - type - id type: object UserUpdateRequest: description: Update a user. properties: data: $ref: '#/components/schemas/UserUpdateData' required: - data type: object UsersResponse: description: Response containing information about multiple users. properties: data: description: Array of returned users. items: $ref: '#/components/schemas/User' type: array included: description: Array of objects related to the users. items: $ref: '#/components/schemas/UserResponseIncludedItem' type: array meta: $ref: '#/components/schemas/ResponseMetaAttributes' readOnly: true type: object UsersType: default: users description: Users resource type. enum: - users example: users type: string x-enum-varnames: - USERS securitySchemes: AuthZ: description: This API uses OAuth 2 with the implicit grant flow. flows: authorizationCode: authorizationUrl: /oauth2/v1/authorize scopes: dashboards_public_share: The ability to share dashboards externally. dashboards_read: The ability to view dashboards. dashboards_write: The ability to create and change dashboards. events_read: The ability to read Events data. incident_read: The ability to view incidents in Datadog. incident_settings_write: The ability to configure Incidents settings. incident_write: The ability to create, view, and manage incidents in Datadog. metrics_read: The ability to view custom metrics. security_monitoring_filters_read: The ability to read Security Filters. security_monitoring_filters_write: The ability to create, edit and delete Security Filters. security_monitoring_rules_read: The ability to read Detection Rules. security_monitoring_rules_write: The ability to create and edit Detection Rules. security_monitoring_signals_read: The ability to view Security Signals. user_access_invite: The ability to invite other users to your organization. user_access_manage: The ability to disable users, manage user roles, and manage SAML-to-role mappings. tokenUrl: /oauth2/v1/token type: oauth2 apiKeyAuth: description: Your Datadog API Key. in: header name: DD-API-KEY type: apiKey x-env-name: DD_API_KEY appKeyAuth: description: Your Datadog APP Key. in: header name: DD-APPLICATION-KEY type: apiKey x-env-name: DD_APP_KEY info: contact: email: support@datadoghq.com name: Datadog Support url: https://www.datadoghq.com/support/ description: Collection of all Datadog Public endpoints. title: Datadog API V2 Collection version: '1.0' openapi: 3.0.0 paths: /api/v2/api_keys: get: description: List all API keys available for your account. operationId: ListAPIKeys parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/APIKeysSortParameter' - $ref: '#/components/parameters/APIKeyFilterParameter' - $ref: '#/components/parameters/APIKeyFilterCreatedAtStartParameter' - $ref: '#/components/parameters/APIKeyFilterCreatedAtEndParameter' - $ref: '#/components/parameters/APIKeyFilterModifiedAtStartParameter' - $ref: '#/components/parameters/APIKeyFilterModifiedAtEndParameter' - $ref: '#/components/parameters/APIKeyIncludeParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/APIKeysResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all API keys tags: - Key Management x-undo: type: safe post: description: Create an API key. operationId: CreateAPIKey requestBody: content: application/json: schema: $ref: '#/components/schemas/APIKeyCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/APIKeyResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an API key tags: - Key Management x-codegen-request-body-name: body x-given: api_key: parameters: - name: body value: "{\n \"data\": {\n \"attributes\": {\n \"name\": \"{{ unique }}\"\n },\n \"type\": \"api_keys\"\n }\n}" step: there is a valid "api_key" in the system x-undo: operationId: DeleteAPIKey parameters: - name: api_key_id source: data.id type: unsafe /api/v2/api_keys/{api_key_id}: delete: description: Delete an API key. operationId: DeleteAPIKey parameters: - $ref: '#/components/parameters/APIKeyId' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an API key tags: - Key Management x-undo: type: idempotent get: description: Get an API key. operationId: GetAPIKey parameters: - $ref: '#/components/parameters/APIKeyId' - $ref: '#/components/parameters/APIKeyIncludeParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/APIKeyResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get API key tags: - Key Management x-undo: type: safe patch: description: Update an API key. operationId: UpdateAPIKey parameters: - $ref: '#/components/parameters/APIKeyId' requestBody: content: application/json: schema: $ref: '#/components/schemas/APIKeyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/APIKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an API key tags: - Key Management x-codegen-request-body-name: body x-undo: type: idempotent /api/v2/application_keys: get: description: List all application keys available for your org operationId: ListApplicationKeys parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/ApplicationKeysSortParameter' - $ref: '#/components/parameters/ApplicationKeyFilterParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtStartParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtEndParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListApplicationKeysResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all application keys tags: - Key Management x-undo: type: safe /api/v2/application_keys/{app_key_id}: delete: description: Delete an application key operationId: DeleteApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an application key tags: - Key Management x-codegen-request-body-name: body x-undo: type: idempotent get: description: Get an application key for your org. operationId: GetApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' - $ref: '#/components/parameters/ApplicationKeyIncludeParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get an application key tags: - Key Management x-undo: type: safe patch: description: Edit an application key operationId: UpdateApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an application key tags: - Key Management x-codegen-request-body-name: body x-undo: type: idempotent /api/v2/current_user/application_keys: get: description: List all application keys available for current user operationId: ListCurrentUserApplicationKeys parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/ApplicationKeysSortParameter' - $ref: '#/components/parameters/ApplicationKeyFilterParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtStartParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtEndParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListApplicationKeysResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all application keys owned by current user tags: - Key Management x-undo: type: safe post: description: Create an application key for current user operationId: CreateCurrentUserApplicationKey requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an application key for current user tags: - Key Management x-codegen-request-body-name: body x-given: application_key: parameters: - name: body value: "{\n \"data\": {\n \"attributes\": {\n \"name\": \"{{ unique }}\"\n },\n \"type\": \"application_keys\"\n }\n}" step: there is a valid "application_key" in the system x-undo: operationId: DeleteCurrentUserApplicationKey parameters: - name: app_key_id source: data.id type: unsafe /api/v2/current_user/application_keys/{app_key_id}: delete: description: Delete an application key owned by current user operationId: DeleteCurrentUserApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an application key owned by current user tags: - Key Management x-undo: type: idempotent get: description: Get an application key owned by current user operationId: GetCurrentUserApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get one application key owned by current user tags: - Key Management x-undo: type: safe patch: description: Edit an application key owned by current user operationId: UpdateCurrentUserApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an application key owned by current user tags: - Key Management x-codegen-request-body-name: body x-undo: type: idempotent /api/v2/dashboard/lists/manual/{dashboard_list_id}/dashboards: delete: description: Delete dashboards from an existing dashboard list. operationId: DeleteDashboardListItems parameters: - description: ID of the dashboard list to delete items from. in: path name: dashboard_list_id required: true schema: format: int64 type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/DashboardListDeleteItemsRequest' description: Dashboards to delete from the dashboard list. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DashboardListDeleteItemsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete items from a dashboard list tags: - Dashboard Lists x-codegen-request-body-name: body x-menu-order: 4 x-undo: type: idempotent get: description: "Fetch the dashboard list\u2019s dashboard definitions." operationId: GetDashboardListItems parameters: - description: ID of the dashboard list to get items from. in: path name: dashboard_list_id required: true schema: format: int64 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/DashboardListItems' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_read summary: Get items of a Dashboard List tags: - Dashboard Lists x-menu-order: 1 x-undo: type: safe post: description: Add dashboards to an existing dashboard list. operationId: CreateDashboardListItems parameters: - description: ID of the dashboard list to add items to. in: path name: dashboard_list_id required: true schema: format: int64 type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/DashboardListAddItemsRequest' description: Dashboards to add to the dashboard list. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DashboardListAddItemsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Add Items to a Dashboard List tags: - Dashboard Lists x-codegen-request-body-name: body x-menu-order: 2 x-undo: type: safe put: description: Update dashboards of an existing dashboard list. operationId: UpdateDashboardListItems parameters: - description: ID of the dashboard list to update items from. in: path name: dashboard_list_id required: true schema: format: int64 type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/DashboardListUpdateItemsRequest' description: New dashboards of the dashboard list. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DashboardListUpdateItemsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update items of a dashboard list tags: - Dashboard Lists x-codegen-request-body-name: body x-menu-order: 3 x-undo: type: safe /api/v2/incidents: get: description: Get all incidents for the user's organization. operationId: ListIncidents parameters: - $ref: '#/components/parameters/IncidentIncludeQueryParameter' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageOffset' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of incidents tags: - Incidents x-undo: type: safe x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' post: description: Create an incident. operationId: CreateIncident requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentCreateRequest' description: Incident payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/IncidentResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Create an incident tags: - Incidents x-codegen-request-body-name: body x-given: incident: parameters: - name: body value: "{\n \"data\": {\n \"attributes\": {\n \"title\": \"{{ unique }}\",\n \"customer_impacted\": false\n },\n \"type\": \"incidents\"\n }\n}" step: there is a valid "incident" in the system x-undo: operationId: DeleteIncident parameters: - name: incident_id source: data.id type: unsafe x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents/{incident_id}: delete: description: Deletes an existing incident from the users organization. operationId: DeleteIncident parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Delete an existing incident tags: - Incidents x-undo: type: idempotent x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' get: description: Get the details of an incident by `incident_id`. operationId: GetIncident parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentIncludeQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get the details of an incident tags: - Incidents x-undo: type: safe x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: Updates an incident. Provide only the attributes that should be updated as this request is a partial update. operationId: UpdateIncident parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentUpdateRequest' description: Incident Payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Update an existing incident tags: - Incidents x-codegen-request-body-name: body x-undo: type: idempotent x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/logs: post: description: 'Send your logs to your Datadog platform over HTTP. Limits per HTTP request are: - Maximum content size per payload (uncompressed): 5MB - Maximum size for a single log: 1MB - Maximum array size if sending multiple logs in an array: 1000 entries Any log exceeding 1MB is accepted and truncated by Datadog: - For a single log request, the API truncates the log at 1MB and returns a 2xx. - For a multi-logs request, the API processes all logs, truncates only logs larger than 1MB, and returns a 2xx. Datadog recommends sending your logs compressed. Add the `Content-Encoding: gzip` header to the request when sending compressed logs. The status codes answered by the HTTP API are: - 202: Accepted: the request has been accepted for processing - 400: Bad request (likely an issue in the payload formatting) - 401: Unauthorized (likely a missing API Key) - 403: Permission issue (likely using an invalid API Key) - 408: Request Timeout, request should be retried after some time - 413: Payload too large (batch is above 5MB uncompressed) - 429: Too Many Requests, request should be retried after some time - 500: Internal Server Error, the server encountered an unexpected condition that prevented it from fulfilling the request, request should be retried after some time - 503: Service Unavailable, the server is not ready to handle the request probably because it is overloaded, request should be retried after some time' operationId: SubmitLog parameters: - description: HTTP header used to compress the media-type. in: header name: Content-Encoding required: false schema: $ref: '#/components/schemas/ContentEncoding' - description: Log tags can be passed as query parameters with `text/plain` content type. example: env:prod,user:my-user in: query name: ddtags required: false schema: type: string requestBody: content: application/json: examples: multi-json-messages: description: Pass multiple log objects at once. summary: Multi JSON Messages value: - message: hello - message: world simple-json-message: description: Log attributes can be passed as `key:value` pairs in valid JSON messages. summary: Simple JSON Message value: ddsource: agent ddtags: env:prod,user:joe.doe hostname: fa1e1e739d95 message: hello world schema: $ref: '#/components/schemas/HTTPLog' application/logplex-1: examples: multi-raw-message: description: Submit log messages. summary: Multi Logplex Messages value: 'hello world' simple-logplex-message: description: Submit log string. summary: Simple Logplex Message value: hello world schema: type: string text/plain: examples: multi-raw-message: description: Submit log string. summary: Multi Raw Messages value: 'hello world ' simple-raw-message: description: 'Submit log string. Log attributes can be passed as query parameters in the URL. This enables the addition of tags or the source by using the `ddtags` and `ddsource` parameters: `?host=my-hostname&service=my-service&ddsource=my-source&ddtags=env:prod,user:my-user`.' summary: Simple Raw Message value: hello world schema: type: string description: Log to send (JSON format). required: true responses: '202': content: application/json: schema: type: object description: Request accepted for processing (always 202 empty JSON). '400': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Bad Request '401': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Unauthorized '403': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Forbidden '408': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Request Timeout '413': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Payload Too Large '429': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Too Many Requests '500': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Internal Server Error '503': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Service Unavailable security: - apiKeyAuth: [] servers: - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: The regional site for customers. enum: - datadoghq.com - us3.datadoghq.com - us5.datadoghq.com - datadoghq.eu - ddog-gov.com subdomain: default: http-intake.logs description: The subdomain where the API is deployed. - url: '{protocol}://{name}' variables: name: default: http-intake.logs.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: http-intake.logs description: The subdomain where the API is deployed. summary: Send logs tags: - Logs x-codegen-request-body-name: body x-menu-order: 1 x-undo: type: safe /api/v2/logs/analytics/aggregate: post: description: The API endpoint to aggregate events into buckets and compute metrics and timeseries. operationId: AggregateLogs requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsAggregateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsAggregateResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Aggregate events tags: - Logs x-codegen-request-body-name: body x-menu-order: 1 x-undo: type: safe /api/v2/logs/config/archive-order: get: description: 'Get the current order of your archives. This endpoint takes no JSON arguments.' operationId: GetLogsArchiveOrder responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchiveOrder' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get archive order tags: - Logs Archives x-menu-order: 9 x-undo: type: safe put: description: 'Update the order of your archives. Since logs are processed sequentially, reordering an archive may change the structure and content of the data processed by other archives. **Note**: Using the `PUT` method updates your archive''s order by replacing the current order with the new one.' operationId: UpdateLogsArchiveOrder requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsArchiveOrder' description: An object containing the new ordered list of archive IDs. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchiveOrder' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update archive order tags: - Logs Archives x-codegen-request-body-name: body x-menu-order: 10 x-undo: type: safe /api/v2/logs/config/archives: get: description: Get the list of configured logs archives with their definitions. operationId: ListLogsArchives responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchives' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all archives tags: - Logs Archives x-menu-order: 1 x-undo: type: safe post: description: Create an archive in your organization. operationId: CreateLogsArchive requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsArchiveCreateRequest' description: The definition of the new archive. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchive' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an archive tags: - Logs Archives x-codegen-request-body-name: body x-menu-order: 2 x-undo: operationId: DeleteLogsArchive parameters: - name: archive_id source: data.id type: unsafe /api/v2/logs/config/archives/{archive_id}: delete: description: Delete a given archive from your organization. operationId: DeleteLogsArchive parameters: - $ref: '#/components/parameters/ArchiveID' responses: '204': description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an archive tags: - Logs Archives x-menu-order: 5 x-undo: type: idempotent get: description: Get a specific archive from your organization. operationId: GetLogsArchive parameters: - $ref: '#/components/parameters/ArchiveID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchive' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get an archive tags: - Logs Archives x-menu-order: 3 x-undo: type: safe put: description: 'Update a given archive configuration. **Note**: Using this method updates your archive configuration by **replacing** your current configuration with the new one sent to your Datadog organization.' operationId: UpdateLogsArchive parameters: - $ref: '#/components/parameters/ArchiveID' requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsArchiveCreateRequest' description: New definition of the archive. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchive' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update an archive tags: - Logs Archives x-codegen-request-body-name: body x-menu-order: 4 x-undo: type: safe /api/v2/logs/config/archives/{archive_id}/readers: delete: description: Removes a role from an archive. ([Roles API](https://docs.datadoghq.com/api/v2/roles/)) operationId: RemoveRoleFromArchive parameters: - $ref: '#/components/parameters/ArchiveID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToRole' required: true responses: '204': description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Revoke role from an archive tags: - Logs Archives x-codegen-request-body-name: body x-menu-order: 8 x-undo: type: idempotent get: description: Returns all read roles a given archive is restricted to. operationId: ListArchiveReadRoles parameters: - $ref: '#/components/parameters/ArchiveID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/RolesResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List read roles for an archive tags: - Logs Archives x-codegen-request-body-name: body x-menu-order: 6 x-undo: type: safe post: description: Adds a read role to an archive. ([Roles API](https://docs.datadoghq.com/api/v2/roles/)) operationId: AddReadRoleToArchive parameters: - $ref: '#/components/parameters/ArchiveID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToRole' required: true responses: '204': description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Grant role to an archive tags: - Logs Archives x-codegen-request-body-name: body x-menu-order: 7 x-undo: type: unsafe /api/v2/logs/config/metrics: get: description: Get the list of configured log-based metrics with their definitions. operationId: ListLogsMetrics responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsMetricsResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all log-based metrics tags: - Logs Metrics x-menu-order: 1 x-undo: type: safe post: description: 'Create a metric based on your ingested logs in your organization. Returns the log-based metric object from the request body when the request is successful.' operationId: CreateLogsMetric requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsMetricCreateRequest' description: The definition of the new log-based metric. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsMetricResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a log-based metric tags: - Logs Metrics x-codegen-request-body-name: body x-given: logs_metric: parameters: - name: body value: "{\n \"data\": {\n \"id\": \"{{ unique }}\",\n \"attributes\": {\n \"filter\": {\n \"query\": \"source:{{ unique }}\"\n \ },\n \"compute\": {\n \"aggregation_type\": \"count\"\n \ }\n },\n \"type\": \"logs_metrics\"\n }\n}" step: there is a valid "logs_metric" in the system x-menu-order: 2 x-undo: operationId: DeleteLogsMetric parameters: - name: metric_id source: data.id type: unsafe /api/v2/logs/config/metrics/{metric_id}: delete: description: Delete a specific log-based metric from your organization. operationId: DeleteLogsMetric parameters: - $ref: '#/components/parameters/MetricID' responses: '200': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a log-based metric tags: - Logs Metrics x-menu-order: 5 x-undo: type: idempotent get: description: Get a specific log-based metric from your organization. operationId: GetLogsMetric parameters: - $ref: '#/components/parameters/MetricID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsMetricResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a log-based metric tags: - Logs Metrics x-menu-order: 3 x-undo: type: safe patch: description: 'Update a specific log-based metric from your organization. Returns the log-based metric object from the request body when the request is successful.' operationId: UpdateLogsMetric parameters: - $ref: '#/components/parameters/MetricID' requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsMetricUpdateRequest' description: New definition of the log-based metric. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsMetricResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a log-based metric tags: - Logs Metrics x-codegen-request-body-name: body x-menu-order: 4 x-undo: type: idempotent /api/v2/logs/events: get: description: 'List endpoint returns logs that match a log search query. [Results are paginated][1]. Use this endpoint to see your latest logs. **If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See [Datadog Logs Archive documentation][2].** [1]: /logs/guide/collect-multiple-logs-with-pagination [2]: https://docs.datadoghq.com/logs/archives' operationId: ListLogsGet parameters: - description: Search query following logs syntax. example: '@datacenter:us @role:db' in: query name: filter[query] required: false schema: type: string - description: 'For customers with multiple indexes, the indexes to search Defaults to ''*'' which means all indexes' example: main in: query name: filter[index] required: false schema: type: string - description: Minimum timestamp for requested logs. example: '2019-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested logs. example: '2019-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: format: date-time type: string - description: Order of logs in results. in: query name: sort required: false schema: $ref: '#/components/schemas/LogsSort' - description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: Maximum number of logs in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a list of logs tags: - Logs x-menu-order: 3 x-undo: type: safe /api/v2/logs/events/search: post: description: 'List endpoint returns logs that match a log search query. [Results are paginated][1]. Use this endpoint to build complex logs filtering and search. **If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See [Datadog Logs Archive documentation][2].** [1]: /logs/guide/collect-multiple-logs-with-pagination [2]: https://docs.datadoghq.com/logs/archives' operationId: ListLogs requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsListRequest' required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Search logs tags: - Logs x-codegen-request-body-name: body x-menu-order: 2 x-undo: type: safe /api/v2/metrics: get: description: 'Returns all configured count/gauge/rate/distribution metric names (with additional filters if specified).' operationId: ListTagConfigurations parameters: - description: Filter metrics that have configured tags. example: true in: query name: filter[configured] required: false schema: type: boolean - description: Filter tag configurations by configured tags. example: app in: query name: filter[tags_configured] required: false schema: description: Tag keys to filter by. type: string - description: Filter tag configurations by metric type. in: query name: filter[metric_type] required: false schema: $ref: '#/components/schemas/MetricTagConfigurationMetricTypes' - description: 'Filter distributions with additional percentile aggregations enabled or disabled.' example: true in: query name: filter[include_percentiles] required: false schema: type: boolean - description: 'Filter metrics that have been submitted with the given tags. Supports boolean and wildcard expressions. Cannot be combined with other filters.' example: env IN (staging,test) AND service:web in: query name: filter[tags] required: false schema: type: string - description: 'The number of seconds of look back (from now) to apply to a filter[tag] query. Defaults value is 3600 (1 hour), maximum value is 172,800 (2 days).' example: 3600 in: query name: window[seconds] required: false schema: format: int64 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricsAndMetricTagConfigurationsResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - metrics_read summary: List tag configurations tags: - Metrics x-menu-order: 5 x-undo: type: safe x-unstable: "**Note: Use of this endpoint for count/gauge/rate metric types is only accessible for Metrics without Limits™ beta customers.\nIf you\u2019re interested in Metrics without Limits™, please contact your Customer Success Manager.**" /api/v2/metrics/{metric_name}/all-tags: get: description: View indexed tag key-value pairs for a given metric name. operationId: ListTagsByMetricName parameters: - $ref: '#/components/parameters/MetricName' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricAllTagsResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List tags by metric name tags: - Metrics x-menu-order: 6 x-undo: type: safe /api/v2/metrics/{metric_name}/tags: delete: description: 'Deletes a metric''s tag configuration. Can only be used with application keys from users with the `Manage Tags for Metrics` permission.' operationId: DeleteTagConfiguration parameters: - $ref: '#/components/parameters/MetricName' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Delete a tag configuration tags: - Metrics x-menu-order: 4 x-undo: type: idempotent x-unstable: "**Note: Use of this endpoint for count/gauge/rate metric types is only accessible for Metrics without Limits™ beta customers.\nIf you\u2019re interested in Metrics without Limits™, please contact your Customer Success Manager.**" get: description: Returns the tag configuration for the given metric name. operationId: ListTagConfigurationByName parameters: - $ref: '#/components/parameters/MetricName' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationResponse' description: Success '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: List tag configuration by name tags: - Metrics x-menu-order: 2 x-undo: type: safe x-unstable: "**Note: Use of this endpoint for count/gauge/rate metric types is only accessible for Metrics without Limits™ beta customers.\nIf you\u2019re interested in Metrics without Limits™, please contact your Customer Success Manager.**" patch: description: 'Update the tag configuration of a metric or percentile aggregations of a distribution metric or custom aggregations of a count, rate, or gauge metric. Can only be used with application keys from users with the `Manage Tags for Metrics` permission.' operationId: UpdateTagConfiguration parameters: - $ref: '#/components/parameters/MetricName' requestBody: content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Update a tag configuration tags: - Metrics x-codegen-request-body-name: body x-menu-order: 3 x-undo: type: idempotent x-unstable: "**Note: Use of this endpoint for count/gauge/rate metric types is only accessible for Metrics without Limits™ beta customers.\nIf you\u2019re interested in Metrics without Limits™, please contact your Customer Success Manager.**" post: description: 'Create and define a list of queryable tag keys for an existing count/gauge/rate/distribution metric. Optionally, include percentile aggregations on any distribution metric or configure custom aggregations on any count, rate, or gauge metric. Can only be used with application keys of users with the `Manage Tags for Metrics` permission.' operationId: CreateTagConfiguration parameters: - $ref: '#/components/parameters/MetricName' requestBody: content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '409': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Create a tag configuration tags: - Metrics x-codegen-request-body-name: body x-given: metric_tag_configuration: parameters: - name: metric_name value: '"{{ unique_alnum }}"' - name: body value: "{\n \"data\": {\n \"attributes\": {\n \"tags\":[\"app\", \"datacenter\", \"{{ unique_alnum }}\"],\n \"metric_type\":\"distribution\"\n \ },\n \"type\": \"manage_tags\",\n \"id\": \"{{ unique_alnum }}\"\n }\n}" step: there is a valid "metric_tag_configuration" in the system x-menu-order: 1 x-undo: operationId: DeleteTagConfiguration parameters: - name: metric_name source: data.id type: unsafe x-unstable: "**Note: Use of this endpoint for count/gauge/rate metric types is only accessible for Metrics without Limits™ beta customers.\nIf you\u2019re interested in Metrics without Limits™, please contact your Customer Success Manager.**" /api/v2/metrics/{metric_name}/volumes: get: description: 'View distinct metrics volumes for the given metric name. Custom distribution metrics will return both ingested and indexed custom metric volumes. For Metrics without Limits™ beta customers, all metrics will return both ingested/indexed volumes. Custom metrics generated in-app from other products will return `null` for ingested volumes.' operationId: ListVolumesByMetricName parameters: - $ref: '#/components/parameters/MetricName' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricVolumesResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List distinct metric volumes by metric name tags: - Metrics x-menu-order: 7 x-undo: type: safe /api/v2/permissions: get: description: Returns a list of all permissions, including name, description, and ID. operationId: ListPermissions responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List permissions tags: - Roles x-given: permission: source: data[0] step: there is a valid "permission" in the system x-menu-order: 1 x-undo: type: safe /api/v2/processes: get: description: Get all processes for your organization. operationId: ListProcesses parameters: - description: String to search processes by. in: query name: search required: false schema: type: string - description: Comma-separated list of tags to filter processes by. example: account:prod,user:admin in: query name: tags required: false schema: type: string - description: 'Unix timestamp (number of seconds since epoch) of the start of the query window. If not provided, the start of the query window will be 15 minutes before the `to` timestamp. If neither `from` nor `to` are provided, the query window will be `[now - 15m, now]`.' in: query name: from required: false schema: format: int64 type: integer - description: 'Unix timestamp (number of seconds since epoch) of the end of the query window. If not provided, the end of the query window will be 15 minutes after the `from` timestamp. If neither `from` nor `to` are provided, the query window will be `[now - 15m, now]`.' in: query name: to required: false schema: format: int64 type: integer - description: Maximum number of results returned. in: query name: page[limit] required: false schema: default: 1000 format: int32 maximum: 10000 minimum: 1 type: integer - description: 'String to query the next page of results. This key is provided with each valid response from the API in `meta.page.after`.' in: query name: page[cursor] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProcessSummariesResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get all processes tags: - Processes x-menu-order: 1 x-undo: type: safe /api/v2/roles: get: description: Returns all roles, including their names and IDs. operationId: ListRoles parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: 'Sort roles depending on the given field. Sort order is **ascending** by default. Sort order is **descending** if the field is prefixed by a negative sign, for example: `sort=-name`.' in: query name: sort required: false schema: $ref: '#/components/schemas/RolesSort' - description: Filter all roles by the given string. in: query name: filter required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/RolesResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List roles tags: - Roles x-menu-order: 1 x-undo: type: safe post: description: Create a new role for your organization. operationId: CreateRole requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RoleCreateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Create role tags: - Roles x-codegen-request-body-name: body x-given: role: parameters: - name: body value: "{\n \"data\": {\n \"attributes\": {\n \"name\": \"{{ unique }}\"\n },\n \"type\": \"roles\"\n }\n}" step: there is a valid "role" in the system x-menu-order: 2 x-undo: operationId: DeleteRole parameters: - name: role_id source: data.id type: unsafe /api/v2/roles/{role_id}: delete: description: Disables a role. operationId: DeleteRole parameters: - $ref: '#/components/parameters/RoleID' responses: '204': description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Delete role tags: - Roles x-codegen-request-body-name: body x-menu-order: 5 x-undo: type: idempotent get: description: "Get a role in the organization specified by the role\u2019s `role_id`." operationId: GetRole parameters: - $ref: '#/components/parameters/RoleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/RoleResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a role tags: - Roles x-codegen-request-body-name: body x-menu-order: 3 x-undo: type: safe patch: description: Edit a role. Can only be used with application keys belonging to administrators. operationId: UpdateRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RoleUpdateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Update a role tags: - Roles x-codegen-request-body-name: body x-menu-order: 4 x-undo: type: idempotent /api/v2/roles/{role_id}/clone: post: description: Clone an existing role operationId: CloneRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleCloneRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RoleResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Conflict '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Create a new role by cloning an existing role tags: - Roles x-codegen-request-body-name: body x-menu-order: 12 x-permission: OR(USER_ACCESS_MANAGE) x-undo: operationId: DeleteRole parameters: - name: role_id source: data.id type: unsafe /api/v2/roles/{role_id}/permissions: delete: description: Removes a permission from a role. operationId: RemovePermissionFromRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToPermission' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Revoke permission tags: - Roles x-codegen-request-body-name: body x-menu-order: 8 x-undo: type: idempotent get: description: Returns a list of all permissions for a single role. operationId: ListRolePermissions parameters: - $ref: '#/components/parameters/RoleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List permissions for a role tags: - Roles x-codegen-request-body-name: body x-menu-order: 6 x-undo: type: safe post: description: Adds a permission to a role. operationId: AddPermissionToRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToPermission' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Grant permission to a role tags: - Roles x-codegen-request-body-name: body x-given: permission_role: parameters: - name: role_id source: role.data.id - name: body value: "{\n \"data\": {\n \"id\": \"{{ permission.id }}\",\n \"type\": \"{{ permission.type }}\"\n }\n}" step: the "permission" is granted to the "role" x-menu-order: 7 x-undo: type: safe /api/v2/roles/{role_id}/users: delete: description: Removes a user from a role. operationId: RemoveUserFromRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToUser' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UsersResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Remove a user from a role tags: - Roles x-codegen-request-body-name: body x-menu-order: 11 x-undo: type: idempotent get: description: Gets all users of a role. operationId: ListRoleUsers parameters: - $ref: '#/components/parameters/RoleID' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: 'User attribute to order results by. Sort order is **ascending** by default. Sort order is **descending** if the field is prefixed by a negative sign, for example `sort=-name`. Options: `name`, `email`, `status`.' in: query name: sort required: false schema: default: name type: string - description: Filter all users by the given string. Defaults to no filtering. in: query name: filter required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/UsersResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get all users of a role tags: - Roles x-menu-order: 9 x-undo: type: safe post: description: Adds a user to a role. operationId: AddUserToRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToUser' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UsersResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Add a user to a role tags: - Roles x-codegen-request-body-name: body x-given: permission_role: parameters: - name: role_id source: role.data.id - name: body value: "{\n \"data\": {\n \"id\": \"{{ user.data.id }}\",\n \"type\": \"{{ user.data.type }}\"\n }\n}" step: the "user" has the "role" x-menu-order: 10 x-undo: type: safe /api/v2/security/cloud_workload/policy/download: get: description: 'The download endpoint generates a Cloud Workload Security policy file from your currently active Cloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to your agents to update the policy running in your environment.' operationId: DownloadCloudWorkloadPolicyFile responses: '200': content: application/yaml: schema: format: binary type: string description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Get the latest Cloud Workload Security policy tags: - Cloud Workload Security x-menu-order: 1 x-undo: type: safe /api/v2/security_monitoring/cloud_workload_security/agent_rules: get: description: Get the list of Agent rules. operationId: ListCloudWorkloadSecurityAgentRules responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRulesListResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_cws_agent_rules_read summary: Get all Cloud Workload Security Agent rules tags: - Cloud Workload Security x-menu-order: 3 x-undo: type: safe post: description: Create a new Agent rule with the given parameters. operationId: CreateCloudWorkloadSecurityAgentRule requestBody: content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateRequest' description: The definition of the new Agent rule. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_cws_agent_rules_write summary: Create a Cloud Workload Security Agent rule tags: - Cloud Workload Security x-codegen-request-body-name: body x-given: agent_rule: parameters: - name: body value: "{\n \"data\": {\n \"type\": \"agent_rule\",\n \"attributes\": {\n \"name\": \"{{ unique_lower_alnum }}\",\n \"description\": \"My Agent rule\",\n \"expression\": \"exec.file.name == \\\"sh\\\"\",\n \ \"enabled\": true\n }\n }\n}" step: there is a valid "agent_rule" in the system x-menu-order: 4 x-undo: operationId: DeleteCloudWorkloadSecurityAgentRule parameters: - name: agent_rule_id source: data.id type: unsafe /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}: delete: description: Delete a specific Agent rule. operationId: DeleteCloudWorkloadSecurityAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_cws_agent_rules_write summary: Delete a Cloud Workload Security Agent rule tags: - Cloud Workload Security x-menu-order: 6 x-undo: type: idempotent get: description: Get the details of a specific Agent rule. operationId: GetCloudWorkloadSecurityAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_cws_agent_rules_read summary: Get a Cloud Workload Security Agent rule tags: - Cloud Workload Security x-menu-order: 2 x-undo: type: safe patch: description: 'Update a specific Agent rule. Returns the Agent rule object when the request is successful.' operationId: UpdateCloudWorkloadSecurityAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateRequest' description: New definition of the Agent rule. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_cws_agent_rules_write summary: Update a Cloud Workload Security Agent rule tags: - Cloud Workload Security x-codegen-request-body-name: body x-menu-order: 5 x-undo: type: idempotent /api/v2/security_monitoring/configuration/security_filters: get: description: Get the list of configured security filters with their definitions. operationId: ListSecurityFilters responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityFiltersResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_read summary: Get all security filters tags: - Security Monitoring x-undo: type: safe post: description: 'Create a security filter. See the [security filter guide](https://docs.datadoghq.com/security_platform/guide/how-to-setup-security-filters-using-security-monitoring-api/) for more examples.' operationId: CreateSecurityFilter requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityFilterCreateRequest' description: The definition of the new security filter. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityFilterResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Create a security filter tags: - Security Monitoring x-codegen-request-body-name: body x-given: security_filter: parameters: - name: body value: "{\n \"data\": {\n \"type\": \"security_filters\",\n \"attributes\": {\n \"name\": \"{{ unique }}\",\n \"query\": \"service:{{ unique_alnum }}\",\n \"exclusion_filters\":[\n {\n \"name\": \"Exclude logs from staging\",\n \"query\": \"source:staging\"\n \ }\n ],\n \"filtered_data_type\":\"logs\",\n \"is_enabled\": true\n }\n }\n}" step: there is a valid "security_filter" in the system x-undo: operationId: DeleteSecurityFilter parameters: - name: security_filter_id source: data.id type: unsafe /api/v2/security_monitoring/configuration/security_filters/{security_filter_id}: delete: description: Delete a specific security filter. operationId: DeleteSecurityFilter parameters: - $ref: '#/components/parameters/SecurityFilterID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Delete a security filter tags: - Security Monitoring x-undo: type: idempotent get: description: 'Get the details of a specific security filter. See the [security filter guide](https://docs.datadoghq.com/security_platform/guide/how-to-setup-security-filters-using-security-monitoring-api/) for more examples.' operationId: GetSecurityFilter parameters: - $ref: '#/components/parameters/SecurityFilterID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityFilterResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_read summary: Get a security filter tags: - Security Monitoring x-undo: type: safe patch: description: 'Update a specific security filter. Returns the security filter object when the request is successful.' operationId: UpdateSecurityFilter parameters: - $ref: '#/components/parameters/SecurityFilterID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityFilterUpdateRequest' description: New definition of the security filter. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityFilterResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Update a security filter tags: - Security Monitoring x-codegen-request-body-name: body x-undo: type: idempotent /api/v2/security_monitoring/rules: get: description: List rules. operationId: ListSecurityMonitoringRules parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringListRulesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: List rules tags: - Security Monitoring x-menu-order: 1 x-undo: type: safe post: description: Create a detection rule. operationId: CreateSecurityMonitoringRule requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Create a detection rule tags: - Security Monitoring x-codegen-request-body-name: body x-given: security_rule: parameters: - name: body value: "{\n \"name\": \"{{ unique }}\",\n \"queries\": [{\n \"query\": \"@test:true\",\n \"aggregation\": \"count\",\n \"groupByFields\": [],\n \"distinctFields\": [],\n \"metric\": \"\"\n }],\n \"filters\": [],\n \"cases\": [{\n \"name\": \"\",\n \"status\": \"info\",\n \ \"condition\": \"a > 0\",\n \"notifications\": []\n }],\n \"options\": {\n \"evaluationWindow\": 900,\n \"keepAlive\": 3600,\n \"maxSignalDuration\": 86400\n },\n \"message\": \"Test rule\",\n \"tags\": [],\n \"isEnabled\": true,\n \"type\": \"log_detection\"\n}" step: there is a valid "security_rule" in the system x-menu-order: 2 x-undo: operationId: DeleteSecurityMonitoringRule parameters: - name: rule_id source: id type: unsafe /api/v2/security_monitoring/rules/{rule_id}: delete: description: Delete an existing rule. Default rules cannot be deleted. operationId: DeleteSecurityMonitoringRule parameters: - $ref: '#/components/parameters/SecurityMonitoringRuleID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Delete an existing rule tags: - Security Monitoring x-menu-order: 5 x-undo: type: idempotent get: description: Get a rule's details. operationId: GetSecurityMonitoringRule parameters: - $ref: '#/components/parameters/SecurityMonitoringRuleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' description: OK '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Get a rule's details tags: - Security Monitoring x-menu-order: 3 x-undo: type: safe put: description: 'Update an existing rule. When updating `cases`, `queries` or `options`, the whole field must be included. For example, when modifying a query all queries must be included. Default rules can only be updated to be enabled and to change notifications.' operationId: UpdateSecurityMonitoringRule parameters: - $ref: '#/components/parameters/SecurityMonitoringRuleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleUpdatePayload' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/ConcurrentModificationResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Update an existing rule tags: - Security Monitoring x-codegen-request-body-name: body x-menu-order: 4 x-undo: type: idempotent /api/v2/security_monitoring/signals: get: description: 'The list endpoint returns security signals that match a search query. Both this endpoint and the POST endpoint can be used interchangeably when listing security signals.' operationId: ListSecurityMonitoringSignals parameters: - description: The search query for security signals. example: security:attack status:high in: query name: filter[query] required: false schema: type: string - description: The minimum timestamp for requested security signals. example: '2019-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: format: date-time type: string - description: The maximum timestamp for requested security signals. example: '2019-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: format: date-time type: string - description: The order of the security signals in results. in: query name: sort required: false schema: $ref: '#/components/schemas/SecurityMonitoringSignalsSort' - description: A list of results using the cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: The maximum number of security signals in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get a quick list of security signals tags: - Security Monitoring x-menu-order: 7 x-undo: type: safe x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security_monitoring/signals/search: post: description: 'Returns security signals that match a search query. Both this endpoint and the GET endpoint can be used interchangeably for listing security signals.' operationId: SearchSecurityMonitoringSignals requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalListRequest' required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get a list of security signals tags: - Security Monitoring x-codegen-request-body-name: body x-menu-order: 6 x-undo: type: safe x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/service_accounts: post: description: Create a service account for your organization. operationId: CreateServiceAccount requestBody: content: application/json: schema: $ref: '#/components/schemas/ServiceAccountCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a service account tags: - Users x-codegen-request-body-name: body x-given: service_account_user: parameters: - name: body value: "{\n \"data\": {\n \"attributes\": {\n \"email\": \"{{ unique }}@datadoghq.com\",\n \"title\": \"user title\",\n \"service_account\": true\n },\n \"type\": \"users\"\n }\n}" step: there is a valid "service_account_user" in the system x-menu-order: 1 x-undo: operationId: DisableUser parameters: - name: user_id source: data.id type: unsafe /api/v2/service_accounts/{service_account_id}/application_keys: get: description: List all application keys available for this service account. operationId: ListServiceAccountApplicationKeys parameters: - $ref: '#/components/parameters/ServiceAccountID' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/ApplicationKeysSortParameter' - $ref: '#/components/parameters/ApplicationKeyFilterParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtStartParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtEndParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListApplicationKeysResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List application keys for this service account tags: - Service Accounts x-undo: type: safe post: description: Create an application key for this service account. operationId: CreateServiceAccountApplicationKey parameters: - $ref: '#/components/parameters/ServiceAccountID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an application key for this service account tags: - Service Accounts x-codegen-request-body-name: body x-given: service_account_application_key: parameters: - name: service_account_id value: '"{{ service_account_user.data.id }}"' - name: body value: "{\n \"data\": {\n \"attributes\": {\n \"name\": \"{{ unique }}\"\n },\n \"type\": \"application_keys\"\n }\n}" step: there is a valid "service_account_application_key" for "service_account_user" x-undo: operationId: DeleteServiceAccountApplicationKey parameters: - name: app_key_id source: data.id - name: service_account_id source: data.relationships.owned_by.data.id type: unsafe /api/v2/service_accounts/{service_account_id}/application_keys/{app_key_id}: delete: description: Delete an application key owned by this service account. operationId: DeleteServiceAccountApplicationKey parameters: - $ref: '#/components/parameters/ServiceAccountID' - $ref: '#/components/parameters/ApplicationKeyID' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an application key for this service account tags: - Service Accounts x-menu-order: 3 x-undo: type: idempotent get: description: Get an application key owned by this service account. operationId: GetServiceAccountApplicationKey parameters: - $ref: '#/components/parameters/ServiceAccountID' - $ref: '#/components/parameters/ApplicationKeyID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/PartialApplicationKeyResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get one application key for this service account tags: - Service Accounts x-menu-order: 1 x-undo: type: safe patch: description: Edit an application key owned by this service account. operationId: UpdateServiceAccountApplicationKey parameters: - $ref: '#/components/parameters/ServiceAccountID' - $ref: '#/components/parameters/ApplicationKeyID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/PartialApplicationKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an application key for this service account tags: - Service Accounts x-codegen-request-body-name: body x-menu-order: 2 x-undo: type: idempotent /api/v2/services: get: description: Get all incident services uploaded for the requesting user's organization. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident services. operationId: ListIncidentServices parameters: - $ref: '#/components/parameters/IncidentServiceIncludeQueryParameter' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageOffset' - $ref: '#/components/parameters/IncidentServiceSearchQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentServicesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of all incident services tags: - Incident Services x-undo: type: safe x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' post: description: Creates a new incident service. operationId: CreateIncidentService requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentServiceCreateRequest' description: Incident Service Payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/IncidentServiceResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Create a new incident service tags: - Incident Services x-codegen-request-body-name: body x-given: service: parameters: - name: body value: "{\n \"data\": {\n \"attributes\": {\n \"name\": \"{{ unique }}\"\n },\n \"type\": \"services\"\n }\n}" step: there is a valid "service" in the system x-undo: operationId: DeleteIncidentService parameters: - name: service_id source: data.id type: unsafe x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/services/{service_id}: delete: description: Deletes an existing incident service. operationId: DeleteIncidentService parameters: - $ref: '#/components/parameters/IncidentServiceIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Delete an existing incident service tags: - Incident Services x-undo: type: idempotent x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' get: description: 'Get details of an incident service. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident services.' operationId: GetIncidentService parameters: - $ref: '#/components/parameters/IncidentServiceIDPathParameter' - $ref: '#/components/parameters/IncidentServiceIncludeQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentServiceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get details of an incident service tags: - Incident Services x-undo: type: safe x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: Updates an existing incident service. Only provide the attributes which should be updated as this request is a partial update. operationId: UpdateIncidentService parameters: - $ref: '#/components/parameters/IncidentServiceIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentServiceUpdateRequest' description: Incident Service Payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentServiceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Update an existing incident service tags: - Incident Services x-codegen-request-body-name: body x-undo: type: idempotent x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/teams: get: description: Get all incident teams for the requesting user's organization. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident teams. operationId: ListIncidentTeams parameters: - $ref: '#/components/parameters/IncidentTeamIncludeQueryParameter' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageOffset' - $ref: '#/components/parameters/IncidentTeamSearchQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTeamsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of all incident teams tags: - Incident Teams x-undo: type: safe x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' post: description: Creates a new incident team. operationId: CreateIncidentTeam requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentTeamCreateRequest' description: Incident Team Payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/IncidentTeamResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Create a new incident team tags: - Incident Teams x-codegen-request-body-name: body x-given: team: parameters: - name: body value: "{\n \"data\": {\n \"attributes\": {\n \"name\": \"{{ unique }}\"\n },\n \"type\": \"teams\"\n }\n}" step: there is a valid "team" in the system x-undo: operationId: DeleteIncidentTeam parameters: - name: team_id source: data.id type: unsafe x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/teams/{team_id}: delete: description: Deletes an existing incident team. operationId: DeleteIncidentTeam parameters: - $ref: '#/components/parameters/IncidentTeamIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Delete an existing incident team tags: - Incident Teams x-undo: type: idempotent x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' get: description: 'Get details of an incident team. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident teams.' operationId: GetIncidentTeam parameters: - $ref: '#/components/parameters/IncidentTeamIDPathParameter' - $ref: '#/components/parameters/IncidentTeamIncludeQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTeamResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get details of an incident team tags: - Incident Teams x-undo: type: safe x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: Updates an existing incident team. Only provide the attributes which should be updated as this request is a partial update. operationId: UpdateIncidentTeam parameters: - $ref: '#/components/parameters/IncidentTeamIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentTeamUpdateRequest' description: Incident Team Payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTeamResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Update an existing incident team tags: - Incident Teams x-codegen-request-body-name: body x-undo: type: idempotent x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/user_invitations: post: description: Sends emails to one or more users inviting them to join the organization. operationId: SendInvitations requestBody: content: application/json: schema: $ref: '#/components/schemas/UserInvitationsRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserInvitationsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Send invitation emails tags: - Users x-codegen-request-body-name: body x-given: user_invitation: parameters: - name: body value: "{\n \"data\": [\n {\n \"relationships\": {\"user\": {\"data\": {\n \"id\": \"{{ user.data.id }}\",\n \"type\": \"{{ user.data.type }}\"\n }}},\n \"type\": \"user_invitations\"\n }\n ]\n}" source: data[0] step: the "user" has a "user_invitation" x-menu-order: 8 x-undo: type: safe /api/v2/user_invitations/{user_invitation_uuid}: get: description: Returns a single user invitation by its UUID. operationId: GetInvitation parameters: - description: The UUID of the user invitation. in: path name: user_invitation_uuid required: true schema: example: 00000000-0000-0000-0000-000000000000 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserInvitationResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Get a user invitation tags: - Users x-codegen-request-body-name: body x-menu-order: 9 x-undo: type: safe /api/v2/users: get: description: 'Get the list of all users in the organization. This list includes all users even if they are deactivated or unverified.' operationId: ListUsers parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: 'User attribute to order results by. Sort order is ascending by default. Sort order is descending if the field is prefixed by a negative sign, for example `sort=-name`. Options: `name`, `modified_at`, `user_count`.' in: query name: sort required: false schema: default: name example: name type: string - description: 'Direction of sort. Options: `asc`, `desc`.' in: query name: sort_dir required: false schema: $ref: '#/components/schemas/QuerySortOrder' - description: Filter all users by the given string. Defaults to no filtering. in: query name: filter required: false schema: type: string - description: 'Filter on status attribute. Comma separated list, with possible values `Active`, `Pending`, and `Disabled`. Defaults to no filtering.' in: query name: filter[status] required: false schema: example: Active type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/UsersResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List all users tags: - Users x-codegen-request-body-name: body x-menu-order: 1 x-undo: type: safe post: description: Create a user for your organization. operationId: CreateUser requestBody: content: application/json: schema: $ref: '#/components/schemas/UserCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Create a user tags: - Users x-codegen-request-body-name: body x-given: user: parameters: - name: body value: "{\n \"data\": {\n \"attributes\": {\n \"email\": \"{{ unique }}@datadoghq.com\",\n \"title\": \"user title\"\n },\n \ \"type\": \"users\"\n }\n}" step: there is a valid "user" in the system x-menu-order: 2 x-undo: operationId: DisableUser parameters: - name: user_id source: data.id type: unsafe /api/v2/users/{user_id}: delete: description: 'Disable a user. Can only be used with an application key belonging to an administrator user.' operationId: DisableUser parameters: - $ref: '#/components/parameters/UserID' responses: '204': description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Disable a user tags: - Users x-codegen-request-body-name: body x-menu-order: 5 x-undo: type: idempotent get: description: "Get a user in the organization specified by the user\u2019s `user_id`." operationId: GetUser parameters: - $ref: '#/components/parameters/UserID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK for get user '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get user details tags: - Users x-codegen-request-body-name: body x-menu-order: 3 x-undo: type: safe patch: description: 'Edit a user. Can only be used with an application key belonging to an administrator user.' operationId: UpdateUser parameters: - $ref: '#/components/parameters/UserID' requestBody: content: application/json: schema: $ref: '#/components/schemas/UserUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Update a user tags: - Users x-codegen-request-body-name: body x-menu-order: 4 x-undo: type: idempotent /api/v2/users/{user_id}/orgs: get: description: 'Get a user organization. Returns the user information and all organizations joined by this user.' operationId: ListUserOrganizations parameters: - $ref: '#/components/parameters/UserID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a user organization tags: - Users x-codegen-request-body-name: body x-menu-order: 6 x-undo: type: safe /api/v2/users/{user_id}/permissions: get: description: "Get a user permission set. Returns a list of the user\u2019s permissions\ngranted by the associated user's roles." operationId: ListUserPermissions parameters: - $ref: '#/components/parameters/UserID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a user permissions tags: - Users x-codegen-request-body-name: body x-menu-order: 7 x-undo: type: safe security: - apiKeyAuth: [] appKeyAuth: [] servers: - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: The regional site for Datadog customers. enum: - datadoghq.com - us3.datadoghq.com - us5.datadoghq.com - datadoghq.eu - ddog-gov.com subdomain: default: api description: The subdomain where the API is deployed. - url: '{protocol}://{name}' variables: name: default: api.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. tags: - description: Workload activity security rules for generating events using the Datadog security Agent. name: Cloud Workload Security - description: 'Interact with your dashboard lists through the API to organize, find, and share all of your dashboards with your team and organization.' name: Dashboard Lists - description: Create, update, delete, and retrieve services which can be associated with incidents. name: Incident Services - description: Create, update, delete and retrieve teams which can be associated with incidents. name: Incident Teams - description: Manage incident response. name: Incidents - description: 'Manage your Datadog API and application keys. You need an API key and an application key for a user with the required permissions to interact with these endpoints. The full list of API and application keys can be seen on your [Datadog API page](https://app.datadoghq.com/account/settings#api).' externalDocs: description: Find out more at url: https://docs.datadoghq.com/account_management/api-app-keys/ name: Key Management - description: Search your logs and send them to your Datadog platform over HTTP. name: Logs - description: 'Archives forward all the logs ingested to a cloud storage system. See the [Archives Page](https://app.datadoghq.com/logs/pipelines/archives) for a list of the archives currently configured in web UI.' externalDocs: description: Find out more at url: https://docs.datadoghq.com/logs/archives/ name: Logs Archives - description: Manage configuration of [log-based metrics](https://app.datadoghq.com/logs/pipelines/generate-metrics) for your organization. externalDocs: description: Find out more at url: https://docs.datadoghq.com/logs/logs_to_metrics/ name: Logs Metrics - description: "The metrics endpoint allows you to:\n\n- Post metrics data so it can be graphed on Datadog\u2019s dashboards\n- Query metrics from any time period\n- Modify tag configurations for metrics\n- View tags and volumes for metrics\n\n**Note**: A graph can only contain a set number of points\nand as the timeframe over which a metric is viewed increases,\naggregation between points occurs to stay below that set number.\n\nThe Post, Patch, and Delete `manage_tags` API methods can only be performed by\na user who has the `Manage Tags for Metrics` permission." name: Metrics - description: The processes API allows you to query processes data for your organization. name: Processes - description: 'The Roles API is used to create and manage Datadog roles, what [global permissions](https://docs.datadoghq.com/account_management/rbac/) they grant, and which users belong to them. Permissions related to specific account assets can be granted to roles in the Datadog application without using this API. For example, granting read access on a specific log index to a role can be done in Datadog from the [Pipelines page](https://app.datadoghq.com/logs/pipelines).' name: Roles - description: 'Detection rules for generating signals and listing of generated signals.' name: Security Monitoring - description: Create, edit, and disable service accounts. name: Service Accounts - description: Create, edit, and disable users. externalDocs: url: https://docs.datadoghq.com/account_management/users name: Users x-group-parameters: true