dd-monitors
par datadog-labs
Gestion des monitors - création, mise à jour, mise en sourdine et bonnes pratiques d'alerte.
npx skills add https://github.com/datadog-labs/pup --skill dd-monitorsDatadog Monitors
Create, manage, and maintain monitors for alerting.
Prerequisites
This requires the pup binary in your path.
pup - cargo install --git https://github.com/DataDog/pup
Quick Start
pup auth login
Common Operations
List Monitors
pup monitors list
pup monitors list --tags "team:platform"
pup monitors search --query "status:Alert"
Get Monitor
pup monitors get <id>
Create Monitor
pup monitors create --file monitor.json
Mute/Unmute
# Mute with duration
pup monitors update 12345 --file monitor-muted.json
# Or mute with specific end time
pup monitors update 12345 --file monitor-muted-until.json
# Unmute
pup monitors update 12345 --file monitor-unmuted.json
⚠️ Monitor Creation Best Practices
1. Avoid Alert Fatigue
| Rule | Why |
|---|---|
| No flapping alerts | Use last_Xm not last_1m |
| Meaningful thresholds | Based on SLOs, not guesses |
| Actionable alerts | If no action needed, don't alert |
| Include runbook | @runbook-url in message |
# WRONG - will flap constantly
query = "avg(last_1m):avg:system.cpu.user{*} > 50" # ❌ Too sensitive
# CORRECT - stable alerting
query = "avg(last_5m):avg:system.cpu.user{env:prod} by {host} > 80" # ✅ Reasonable window
2. Use Proper Scoping
# WRONG - alerts on everything
query = "avg(last_5m):avg:system.cpu.user{*} > 80" # ❌ No scope
# CORRECT - scoped to what matters
query = "avg(last_5m):avg:system.cpu.user{env:prod,service:api} by {host} > 80" # ✅
3. Set Recovery Thresholds
monitor = {
"query": "avg(last_5m):avg:system.cpu.user{env:prod} > 80",
"options": {
"thresholds": {
"critical": 80,
"critical_recovery": 70, # ✅ Prevents flapping
"warning": 60,
"warning_recovery": 50
}
}
}
4. Include Context in Messages
message = """
## High CPU Alert
Host: {{host.name}}
Current Value: {{value}}
Threshold: {{threshold}}
### Runbook
1. Check top processes: `ssh {{host.name}} 'top -bn1 | head -20'`
2. Check recent deploys
3. Scale if needed
@slack-ops @pagerduty-oncall
"""
⚠️ NEVER Delete Monitors Directly
Use safe deletion workflow (same as dashboards):
def safe_mark_monitor_for_deletion(monitor_id: str, client) -> bool:
"""Mark monitor instead of deleting."""
monitor = client.get_monitor(monitor_id)
name = monitor.get("name", "")
if "[MARKED FOR DELETION]" in name:
print(f"Already marked: {name}")
return False
new_name = f"[MARKED FOR DELETION] {name}"
client.update_monitor(monitor_id, {"name": new_name})
print(f"✓ Marked: {new_name}")
return True
Monitor Types
| Type | Use Case |
|---|---|
metric alert | CPU, memory, custom metrics |
query alert | Complex metric queries |
service check | Agent check status |
event alert | Event stream patterns |
log alert | Log pattern matching |
composite | Combine multiple monitors |
apm | APM metrics |
Audit Monitors
# Find monitors without owners
pup monitors list | jq '.[] | select(.tags | contains(["team:"]) | not) | {id, name}'
# Find noisy monitors (high alert count)
pup monitors list | jq 'sort_by(.overall_state_modified) | .[:10] | .[] | {id, name, status: .overall_state}'
Downtime vs Muting
| Use | When |
|---|---|
| Mute monitor | Quick one-off, < 1 hour |
| Downtime | Scheduled maintenance, recurring |
# Downtime (preferred)
pup downtime create --file downtime.json
Failure Handling
| Problem | Fix |
|---|---|
| Alert not firing | Check query returns data, thresholds |
| Too many alerts | Increase window, add recovery threshold |
| No data alerts | Check agent connectivity, metric exists |
| Auth error | pup auth refresh |
References
Plus de skills de datadog-labs
agent-install
datadog-labs
agent-install — une compétence installable pour les agents IA, publiée par datadog-labs/agent-skills.
official
agent-skills
datadog-labs
Compétences Datadog pour agents IA. Surveillance, journalisation, traçage et observabilité essentiels.
official
dd-apm
datadog-labs
APM - installer, intégrer, instrumenter, activer, configurer, traces, services, dépendances, analyse des performances. Utiliser pour toute requête impliquant Datadog APM…
official
dd-audit
datadog-labs
Investigations de piste d'audit - qui a modifié quoi, compromission de clé, cause racine de pic de coût, preuve de conformité (SOC 2/PCI), et audit d'activité IA.
official
dd-audit-ai-activity
datadog-labs
Auditez ce que l'assistant Bits AI (serveur MCP) a fait dans votre organisation Datadog — appels d'outils par utilisateur, ressources consultées et indicateurs d'anomalies pour la gouvernance de l'IA.
official
dd-audit-compliance-report
datadog-labs
Générer des preuves de conformité prêtes pour l'auditeur à partir du Datadog Audit Trail pour SOC 2 et PCI DSS. Mappe les contrôles du cadre à des modèles de requête spécifiques et produit…
official
dd-audit-cost-spike-investigation
datadog-labs
Enquêter sur un pic d'utilisation ou de coût d'un produit Datadog en corrélant les données de Usage Metering (quand/ce qui a augmenté) avec les modifications de configuration de Audit Trail (qui a changé quoi dans…)
official
dd-audit-key-compromise
datadog-labs
Examiner une clé API Datadog potentiellement compromise — chronologie des actions, répartition géographique/IP, points d'accès appelés, indicateurs d'anomalie et étapes de remédiation.
official