Skip to main content

Datadog

Connect your Datadog account to enable CloudThinker agents to search logs, query metrics, monitor infrastructure, and investigate incidents across your entire stack.

Supported Platforms

PlatformSupport
DatadogAll plans (Free, Pro, Enterprise)
Datadog US1app.datadoghq.com
Datadog US3us3.datadoghq.com
Datadog US5us5.datadoghq.com
Datadog EU1app.datadoghq.eu
Datadog AP1ap1.datadoghq.com
Datadog AP2ap2.datadoghq.com
GovCloud (US1-FED) is not supported by the Datadog MCP Server.

Prerequisites

You need a Datadog API Key and an Application Key with appropriate scopes.

Create an API Key

  1. Go to Organization Settings → API Keys in your Datadog account
  2. Click + New Key
  3. Name it (e.g., CloudThinker) and save
  4. Copy the key value

Create a Scoped Application Key

  1. Go to Organization Settings → Application Keys
  2. Click + New Key
  3. Name it (e.g., CloudThinker)
  4. Under Scopes, select the permissions listed in Required Permissions below
  5. Save and copy the key value
Always use scoped Application Keys instead of unscoped ones. This follows the principle of least privilege — the key can only access what CloudThinker needs.

Setup

1

Open CloudThinker

Navigate to Connections → Datadog in your CloudThinker workspace.
2

Select your Datadog Site

Choose the Datadog site that matches your account (e.g., US1 for datadoghq.com, EU1 for datadoghq.eu).
3

Enter API Key

Paste your Datadog API Key.
4

Enter Application Key

Paste your Datadog Application Key.
5

Connect

Click Connect. CloudThinker will verify the credentials and show a Connected status.

Required Permissions

When creating your Application Key, select these scopes to enable all CloudThinker tools:

MCP

ToolWhat it doesRequires
mcp_readRead data via the MCP server.Read scopes (see below)
mcp_writeWrite data via the MCP server.notebooks_write + user approval

Read Scopes (all read tools)

ScopeEnables
logs_read_data, logs_read_index_dataSearch logs, analyze log patterns and trends
metrics_readSearch metrics, query time-series data, retrieve metric metadata
timeseries_queryQuery metric time-series data
monitors_readSearch monitors by status, name, or tag
incidents_readSearch incidents, get full incident details
dashboards_readSearch dashboard configurations
hosts_readList and inspect infrastructure hosts
apm_readRetrieve distributed traces, search APM spans
apm_service_catalog_readList services, map service dependencies
events_readSearch platform and custom events
notebooks_readSearch and retrieve investigation notebooks
rum_apps_readSearch Real User Monitoring data

Write Scopes (notebook creation and editing)

ScopeEnables
notebooks_writeCreate and edit investigation notebooks
The connection health check requires no additional scopes — it validates the connection itself.
If your Application Key is unscoped (no scopes selected), it inherits all permissions from the user who created it. For production use, we recommend always specifying explicit scopes.

Agent Capabilities

Once connected, agents can perform 19 read operations and 2 write operations across your Datadog environment:

Read Capabilities

CategoryWhat the agent can do
LogsSearch logs across services and environments, analyze log patterns and trends
MetricsSearch available metrics, query time-series data, retrieve metric metadata and context
MonitorsFind monitors by status, name, or tag
IncidentsSearch active and resolved incidents, get full incident details
DashboardsSearch and inspect dashboard configurations
InfrastructureList and inspect hosts across your infrastructure
APMRetrieve distributed traces, search spans for latency analysis
Service CatalogList services and map service dependency relationships
EventsSearch platform and custom events
NotebooksSearch and retrieve investigation notebooks
RUMSearch Real User Monitoring data
Connection HealthValidate that the Datadog MCP connection is working

Write Capabilities

CategoryWhat the agent can do
NotebooksCreate new investigation notebooks, edit existing notebooks
Write operations (creating and editing notebooks) require user approval before execution.

Example Prompts

@alex search for error logs in the production environment from the last 15 minutes
@alex check for active incidents and investigate root causes
@alex analyze APM traces for the checkout service and identify latency bottlenecks
@alex list all hosts and check for any monitors in alert state
@alex search for RUM events with errors on the checkout page
@alex create a notebook documenting the investigation for incident INC-1234

Troubleshooting

  • Verify your API Key is valid and not revoked
  • Verify your Application Key has the required scopes
  • Ensure the keys belong to the same Datadog organization
  • Check that your Application Key scopes include the data type you are querying (e.g., logs_read_data for logs)
  • Verify your Datadog retention settings — data may have been aged out
  • Ensure the service or host is actively sending data to Datadog
  • If queries return empty results, you may have selected the wrong site
  • Check your Datadog URL: app.datadoghq.com → US1, us3.datadoghq.com → US3, datadoghq.eu → EU1, etc.
  • Disconnect and reconnect with the correct site
  • API Key: Authenticates API requests to Datadog. Required for all connections.
  • Application Key: Grants access to specific Datadog features and data. Must be scoped for least-privilege access.
  • Both are required — one alone is not sufficient.

Security Best Practices

  • Use scoped Application Keys — only grant the permissions CloudThinker needs
  • Separate keys per integration — create dedicated API and Application Keys for CloudThinker
  • Rotate regularly — periodically rotate both keys and update them in CloudThinker
  • Revoke when unused — delete the keys in Datadog if you disconnect the integration

Grafana Connection

Alternative metrics and dashboards

PagerDuty Connection

Incident alerting and on-call