How do I install Datadog Automation?

Install Datadog Automation with a single command: npx mdskills install sickn33/datadog-automation. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Datadog Automation?

Datadog Automation works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Datadog Automation

Name: Datadog Automation: AI Agent Skill
Rating: 9 (1 reviews)
Author: sickn33

Verified

API DevelopmentIntermediate

Automate Datadog tasks via Rube MCP (Composio): query metrics, search logs, manage monitors/dashboards, create events and downtimes. Always search tools first for current schemas.

by @sickn330Updated 2 weeks ago

Add this skill

npx mdskills install sickn33/datadog-automation

Fork & Edit

Skill Advisor9.0

Comprehensive Datadog automation with detailed workflows, query syntax, and pitfall warnings

+Covers all major Datadog operations with clear tool sequences and parameter guidance
+Excellent pitfall documentation for timestamps, query syntax, and rate limits
+Includes quick reference table and concrete examples for monitor/log query syntax
-Declares filesystem permissions that aren't needed for API-only operations

SKILL.md

Edit in Browser

1---
2name: datadog-automation
3description: "Automate Datadog tasks via Rube MCP (Composio): query metrics, search logs, manage monitors/dashboards, create events and downtimes. Always search tools first for current schemas."
4requires:
5  mcp: [rube]
6---
7 
8# Datadog Automation via Rube MCP
9 
10Automate Datadog monitoring and observability operations through Composio's Datadog toolkit via Rube MCP.
11 
12## Prerequisites
13 
14- Rube MCP must be connected (RUBE_SEARCH_TOOLS available)
15- Active Datadog connection via `RUBE_MANAGE_CONNECTIONS` with toolkit `datadog`
16- Always call `RUBE_SEARCH_TOOLS` first to get current tool schemas
17 
18## Setup
19 
20**Get Rube MCP**: Add `https://rube.app/mcp` as an MCP server in your client configuration. No API keys needed — just add the endpoint and it works.
21 
22 
231. Verify Rube MCP is available by confirming `RUBE_SEARCH_TOOLS` responds
242. Call `RUBE_MANAGE_CONNECTIONS` with toolkit `datadog`
253. If connection is not ACTIVE, follow the returned auth link to complete Datadog authentication
264. Confirm connection status shows ACTIVE before running any workflows
27 
28## Core Workflows
29 
30### 1. Query and Explore Metrics
31 
32**When to use**: User wants to query metric data or list available metrics
33 
34**Tool sequence**:
351. `DATADOG_LIST_METRICS` - List available metric names [Optional]
362. `DATADOG_QUERY_METRICS` - Query metric time series data [Required]
37 
38**Key parameters**:
39- `query`: Datadog metric query string (e.g., `avg:system.cpu.user{host:web01}`)
40- `from`: Start timestamp (Unix epoch seconds)
41- `to`: End timestamp (Unix epoch seconds)
42- `q`: Search string for listing metrics
43 
44**Pitfalls**:
45- Query syntax follows Datadog's metric query format: `aggregation:metric_name{tag_filters}`
46- `from` and `to` are Unix epoch timestamps in seconds, not milliseconds
47- Valid aggregations: `avg`, `sum`, `min`, `max`, `count`
48- Tag filters use curly braces: `{host:web01,env:prod}`
49- Time range should not exceed Datadog's retention limits for the metric type
50 
51### 2. Search and Analyze Logs
52 
53**When to use**: User wants to search log entries or list log indexes
54 
55**Tool sequence**:
561. `DATADOG_LIST_LOG_INDEXES` - List available log indexes [Optional]
572. `DATADOG_SEARCH_LOGS` - Search logs with query and filters [Required]
58 
59**Key parameters**:
60- `query`: Log search query using Datadog log query syntax
61- `from`: Start time (ISO 8601 or Unix timestamp)
62- `to`: End time (ISO 8601 or Unix timestamp)
63- `sort`: Sort order ('asc' or 'desc')
64- `limit`: Number of log entries to return
65 
66**Pitfalls**:
67- Log queries use Datadog's log search syntax: `service:web status:error`
68- Search is limited to retained logs within the configured retention period
69- Large result sets require pagination; check for cursor/page tokens
70- Log indexes control routing and retention; filter by index if known
71 
72### 3. Manage Monitors
73 
74**When to use**: User wants to create, update, mute, or inspect monitors
75 
76**Tool sequence**:
771. `DATADOG_LIST_MONITORS` - List all monitors with filters [Required]
782. `DATADOG_GET_MONITOR` - Get specific monitor details [Optional]
793. `DATADOG_CREATE_MONITOR` - Create a new monitor [Optional]
804. `DATADOG_UPDATE_MONITOR` - Update monitor configuration [Optional]
815. `DATADOG_MUTE_MONITOR` - Silence a monitor temporarily [Optional]
826. `DATADOG_UNMUTE_MONITOR` - Re-enable a muted monitor [Optional]
83 
84**Key parameters**:
85- `monitor_id`: Numeric monitor ID
86- `name`: Monitor display name
87- `type`: Monitor type ('metric alert', 'service check', 'log alert', 'query alert', etc.)
88- `query`: Monitor query defining the alert condition
89- `message`: Notification message with @mentions
90- `tags`: Array of tag strings
91- `thresholds`: Alert threshold values (`critical`, `warning`, `ok`)
92 
93**Pitfalls**:
94- Monitor `type` must match the query type; mismatches cause creation failures
95- `message` supports @mentions for notifications (e.g., `@slack-channel`, `@pagerduty`)
96- Thresholds vary by monitor type; metric monitors need `critical` at minimum
97- Muting a monitor suppresses notifications but the monitor still evaluates
98- Monitor IDs are numeric integers
99 
100### 4. Manage Dashboards
101 
102**When to use**: User wants to list, view, update, or delete dashboards
103 
104**Tool sequence**:
1051. `DATADOG_LIST_DASHBOARDS` - List all dashboards [Required]
1062. `DATADOG_GET_DASHBOARD` - Get full dashboard definition [Optional]
1073. `DATADOG_UPDATE_DASHBOARD` - Update dashboard layout or widgets [Optional]
1084. `DATADOG_DELETE_DASHBOARD` - Remove a dashboard (irreversible) [Optional]
109 
110**Key parameters**:
111- `dashboard_id`: Dashboard identifier string
112- `title`: Dashboard title
113- `layout_type`: 'ordered' (grid) or 'free' (freeform positioning)
114- `widgets`: Array of widget definition objects
115- `description`: Dashboard description
116 
117**Pitfalls**:
118- Dashboard IDs are alphanumeric strings (e.g., 'abc-def-ghi'), not numeric
119- `layout_type` cannot be changed after creation; must recreate the dashboard
120- Widget definitions are complex nested objects; get existing dashboard first to understand structure
121- DELETE is permanent; there is no undo
122 
123### 5. Create Events and Manage Downtimes
124 
125**When to use**: User wants to post events or schedule maintenance downtimes
126 
127**Tool sequence**:
1281. `DATADOG_LIST_EVENTS` - List existing events [Optional]
1292. `DATADOG_CREATE_EVENT` - Post a new event [Required]
1303. `DATADOG_CREATE_DOWNTIME` - Schedule a maintenance downtime [Optional]
131 
132**Key parameters for events**:
133- `title`: Event title
134- `text`: Event body text (supports markdown)
135- `alert_type`: Event severity ('error', 'warning', 'info', 'success')
136- `tags`: Array of tag strings
137 
138**Key parameters for downtimes**:
139- `scope`: Tag scope for the downtime (e.g., `host:web01`)
140- `start`: Start time (Unix epoch)
141- `end`: End time (Unix epoch; omit for indefinite)
142- `message`: Downtime description
143- `monitor_id`: Specific monitor to downtime (optional, omit for scope-based)
144 
145**Pitfalls**:
146- Event `text` supports Datadog's markdown format including @mentions
147- Downtimes scope uses tag syntax: `host:web01`, `env:staging`
148- Omitting `end` creates an indefinite downtime; always set an end time for maintenance
149- Downtime `monitor_id` narrows to a single monitor; scope applies to all matching monitors
150 
151### 6. Manage Hosts and Traces
152 
153**When to use**: User wants to list infrastructure hosts or inspect distributed traces
154 
155**Tool sequence**:
1561. `DATADOG_LIST_HOSTS` - List all reporting hosts [Required]
1572. `DATADOG_GET_TRACE_BY_ID` - Get a specific distributed trace [Optional]
158 
159**Key parameters**:
160- `filter`: Host search filter string
161- `sort_field`: Sort hosts by field (e.g., 'name', 'apps', 'cpu')
162- `sort_dir`: Sort direction ('asc' or 'desc')
163- `trace_id`: Distributed trace ID for trace lookup
164 
165**Pitfalls**:
166- Host list includes all hosts reporting to Datadog within the retention window
167- Trace IDs are long numeric strings; ensure exact match
168- Hosts that stop reporting are retained for a configured period before removal
169 
170## Common Patterns
171 
172### Monitor Query Syntax
173 
174**Metric alerts**:
175```
176avg(last_5m):avg:system.cpu.user{env:prod} > 90
177```
178 
179**Log alerts**:
180```
181logs("service:web status:error").index("main").rollup("count").last("5m") > 10
182```
183 
184### Tag Filtering
185 
186- Tags use `key:value` format: `host:web01`, `env:prod`, `service:api`
187- Multiple tags: `{host:web01,env:prod}` (AND logic)
188- Wildcard: `host:web*`
189 
190### Pagination
191 
192- Use `page` and `page_size` or offset-based pagination depending on endpoint
193- Check response for total count to determine if more pages exist
194- Continue until all results are retrieved
195 
196## Known Pitfalls
197 
198**Timestamps**:
199- Most endpoints use Unix epoch seconds (not milliseconds)
200- Some endpoints accept ISO 8601; check tool schema
201- Time ranges should be reasonable (not years of data)
202 
203**Query Syntax**:
204- Metric queries: `aggregation:metric{tags}`
205- Log queries: `field:value` pairs
206- Monitor queries vary by type; check Datadog documentation
207 
208**Rate Limits**:
209- Datadog API has per-endpoint rate limits
210- Implement backoff on 429 responses
211- Batch operations where possible
212 
213## Quick Reference
214 
215| Task | Tool Slug | Key Params |
216|------|-----------|------------|
217| Query metrics | DATADOG_QUERY_METRICS | query, from, to |
218| List metrics | DATADOG_LIST_METRICS | q |
219| Search logs | DATADOG_SEARCH_LOGS | query, from, to, limit |
220| List log indexes | DATADOG_LIST_LOG_INDEXES | (none) |
221| List monitors | DATADOG_LIST_MONITORS | tags |
222| Get monitor | DATADOG_GET_MONITOR | monitor_id |
223| Create monitor | DATADOG_CREATE_MONITOR | name, type, query, message |
224| Update monitor | DATADOG_UPDATE_MONITOR | monitor_id |
225| Mute monitor | DATADOG_MUTE_MONITOR | monitor_id |
226| Unmute monitor | DATADOG_UNMUTE_MONITOR | monitor_id |
227| List dashboards | DATADOG_LIST_DASHBOARDS | (none) |
228| Get dashboard | DATADOG_GET_DASHBOARD | dashboard_id |
229| Update dashboard | DATADOG_UPDATE_DASHBOARD | dashboard_id, title, widgets |
230| Delete dashboard | DATADOG_DELETE_DASHBOARD | dashboard_id |
231| List events | DATADOG_LIST_EVENTS | start, end |
232| Create event | DATADOG_CREATE_EVENT | title, text, alert_type |
233| Create downtime | DATADOG_CREATE_DOWNTIME | scope, start, end |
234| List hosts | DATADOG_LIST_HOSTS | filter, sort_field |
235| Get trace | DATADOG_GET_TRACE_BY_ID | trace_id |
236

Full transparency — inspect the skill content before installing.