Back to Details

datadog-logs

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Datadog Logs

Datadog Logs

Query Datadog logs through the Composio CLI so the agent can filter, pivot, and summarize without you pasting screenshots.
通过Composio CLI查询Datadog日志,这样Agent可以直接进行过滤、分析和汇总,无需你粘贴截图。

When to Use

使用场景

  • Investigating a spike, error surge, or latency regression and you want structured JSON back.
  • Correlating a deploy with log volume changes across services/environments.
  • Building a scheduled "what broke overnight" digest.
  • 调查峰值、错误激增或延迟回归,且需要获取结构化JSON结果时。
  • 将部署与跨服务/环境的日志量变化关联分析时。
  • 构建定时的“夜间故障排查”摘要时。

Prereqs

前置条件

bash
curl -fsSL https://composio.dev/install | bash
composio login
composio link datadog       # prompts for site + API/APP keys
bash
curl -fsSL https://composio.dev/install | bash
composio login
composio link datadog       # prompts for site + API/APP keys

Discover Tools

探索可用工具

bash
composio search "search logs" --toolkits datadog
composio search "aggregate logs" --toolkits datadog
composio tools list datadog
Commonly used slugs (confirm with 
--get-schema
):
  • DATADOG_SEARCH_LOGS
  • DATADOG_AGGREGATE_LOGS
  • DATADOG_LIST_ACTIVE_METRICS
  • DATADOG_GET_EVENT
bash
composio search "search logs" --toolkits datadog
composio search "aggregate logs" --toolkits datadog
composio tools list datadog
常用标识(slug,可通过
--get-schema
确认):
  • DATADOG_SEARCH_LOGS
  • DATADOG_AGGREGATE_LOGS
  • DATADOG_LIST_ACTIVE_METRICS
  • DATADOG_GET_EVENT

Filter Recipes

过滤示例

Errors from one service in the last 15 minutes

过去15分钟内某服务的错误日志

bash
composio execute DATADOG_SEARCH_LOGS -d '{
  "filter": {
    "query": "service:checkout status:error env:prod",
    "from": "now-15m",
    "to": "now"
  },
  "page": { "limit": 100 },
  "sort": "-timestamp"
}'
bash
composio execute DATADOG_SEARCH_LOGS -d '{
  "filter": {
    "query": "service:checkout status:error env:prod",
    "from": "now-15m",
    "to": "now"
  },
  "page": { "limit": 100 },
  "sort": "-timestamp"
}'

Aggregate error count by endpoint

按端点聚合错误数量

bash
composio execute DATADOG_AGGREGATE_LOGS -d '{
  "filter": { "query": "service:checkout status:error", "from": "now-1h", "to": "now" },
  "group_by": [{ "facet": "@http.url_path", "limit": 20 }],
  "compute": [{ "aggregation": "count" }]
}'
bash
composio execute DATADOG_AGGREGATE_LOGS -d '{
  "filter": { "query": "service:checkout status:error", "from": "now-1h", "to": "now" },
  "group_by": [{ "facet": "@http.url_path", "limit": 20 }],
  "compute": [{ "aggregation": "count" }]
}'

Trace a single request across services

跨服务追踪单个请求

bash
composio execute DATADOG_SEARCH_LOGS -d '{
  "filter": { "query": "@trace_id:7f3a2b1c env:prod", "from": "now-1h", "to": "now" },
  "sort": "timestamp"
}'
bash
composio execute DATADOG_SEARCH_LOGS -d '{
  "filter": { "query": "@trace_id:7f3a2b1c env:prod", "from": "now-1h", "to": "now" },
  "sort": "timestamp"
}'

Save a reusable query

保存可复用查询

bash
composio search "save log view" --toolkits datadog
composio execute DATADOG_CREATE_SAVED_VIEW -d '{
  "name": "checkout-errors-prod",
  "query": "service:checkout status:error env:prod"
}'
bash
composio search "save log view" --toolkits datadog
composio execute DATADOG_CREATE_SAVED_VIEW -d '{
  "name": "checkout-errors-prod",
  "query": "service:checkout status:error env:prod"
}'

Pipe into Local Analysis

导入本地分析

Datadog output is JSON on stdout — pipe to 
jq
for quick summaries:
bash
composio execute DATADOG_SEARCH_LOGS -d '{
  "filter": {"query":"service:api status:error","from":"now-30m","to":"now"},
  "page":{"limit":500}
}' | jq -r '.data[].attributes.message' | sort | uniq -c | sort -rn | head
Datadog输出为标准输出的JSON格式,可通过管道传递给
jq
进行快速汇总:
bash
composio execute DATADOG_SEARCH_LOGS -d '{
  "filter": {"query":"service:api status:error","from":"now-30m","to":"now"},
  "page":{"limit":500}
}' | jq -r '.data[].attributes.message' | sort | uniq -c | sort -rn | head

Multi-Step Workflow

多步骤工作流

Save as 
scripts/dd-incident.ts
, then 
composio run --file scripts/dd-incident.ts -- --service checkout
:
ts
const svc = process.argv[process.argv.indexOf("--service") + 1];

const errors = await execute("DATADOG_SEARCH_LOGS", {
  filter: { query: `service:${svc} status:error`, from: "now-1h", to: "now" },
  page: { limit: 200 }, sort: "-timestamp"
});

const topPaths = await execute("DATADOG_AGGREGATE_LOGS", {
  filter: { query: `service:${svc} status:error`, from: "now-1h", to: "now" },
  group_by: [{ facet: "@http.url_path", limit: 10 }],
  compute: [{ aggregation: "count" }]
});

console.log(JSON.stringify({ svc, sample: errors.data?.slice(0,5), topPaths }, null, 2));
保存为
scripts/dd-incident.ts
,然后执行
composio run --file scripts/dd-incident.ts -- --service checkout
ts
const svc = process.argv[process.argv.indexOf("--service") + 1];

const errors = await execute("DATADOG_SEARCH_LOGS", {
  filter: { query: `service:${svc} status:error`, from: "now-1h", to: "now" },
  page: { limit: 200 }, sort: "-timestamp"
});

const topPaths = await execute("DATADOG_AGGREGATE_LOGS", {
  filter: { query: `service:${svc} status:error`, from: "now-1h", to: "now" },
  group_by: [{ facet: "@http.url_path", limit: 10 }],
  compute: [{ aggregation: "count" }]
});

console.log(JSON.stringify({ svc, sample: errors.data?.slice(0,5), topPaths }, null, 2));

Schedule a Daily Digest

定时生成每日摘要

Use cron (or 
composio dev listen
for triggers) to run the workflow and forward results to Slack:
bash
composio run --file scripts/dd-incident.ts -- --service checkout \
  | tee /tmp/digest.json

composio execute SLACK_SEND_MESSAGE -d "$(jq -n \
  --slurpfile d /tmp/digest.json \
  '{channel:"oncall", text: ($d[0] | tojson)}')"
使用cron(或
composio dev listen
触发)运行工作流并将结果转发至Slack:
bash
composio run --file scripts/dd-incident.ts -- --service checkout \
  | tee /tmp/digest.json

composio execute SLACK_SEND_MESSAGE -d "$(jq -n \
  --slurpfile d /tmp/digest.json \
  '{channel:"oncall", text: ($d[0] | tojson)}')"

Troubleshooting

故障排查

  • Empty results → confirm 
    env:
    and 
    service:
    tags; Datadog indexes are region-scoped — set the right site during 
    composio link datadog
    .
  • 403 Forbidden
     → the APP key lacks 
    logs_read
    ; regenerate with scope and re-link.
  • Slow queries → narrow 
    from/to
    , add a 
    facet
    filter, or use 
    DATADOG_AGGREGATE_LOGS
    instead of pulling raw events.
  • Unknown facet
    composio search "list log facets" --toolkits datadog
    .
Full CLI reference: docs.composio.dev/docs/cli
  • 无结果返回 → 确认
    env:
    service:
    标签;Datadog索引按区域划分——在
    composio link datadog
    时设置正确的站点。
  • 403 Forbidden
     → APP密钥缺少
    logs_read
    权限;重新生成带权限的密钥并重新关联。
  • 查询缓慢 → 缩小
    from/to
    范围,添加
    facet
    过滤,或使用
    DATADOG_AGGREGATE_LOGS
    替代拉取原始事件。
  • 未知facet → 执行
    composio search "list log facets" --toolkits datadog
    查询。
完整CLI参考文档:docs.composio.dev/docs/cli