> ## Documentation Index
> Fetch the complete documentation index at: https://docs.devin.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# Datadog Integration
> Connect Devin to Datadog for automated alert investigation and telemetry access
## Overview
Datadog is an official MCP integration available in the [MCP Marketplace](/work-with-devin/mcp). It uses HTTP transport with API key and Application key authentication, giving Devin direct access to your Datadog account for querying logs, metrics, monitors, traces, and more.
Once connected, you can also set up automated alert investigation — routing Datadog alerts to Devin through a lightweight webhook bridge so that incidents are triaged automatically.
## Enable the Datadog MCP
Go to **Settings > MCP Marketplace** and find **Datadog**.
Click **Enable**, then:
1. Select your Datadog **site/region** (e.g., `datadoghq.com`, `datadoghq.eu`)
2. Enter your **DD-API-KEY** and **DD-APPLICATION-KEY**
To generate these keys:
* Create an API key at [Organization Settings > API Keys](https://app.datadoghq.com/organization-settings/api-keys)
* Create an Application key at [Organization Settings > Application Keys](https://app.datadoghq.com/organization-settings/application-keys)
Click **Test listing tools** to confirm Devin can connect to your Datadog account. If the test succeeds, the integration is ready to use.
## Capabilities
Once the Datadog MCP is enabled, Devin can perform the following actions within any session:
| Capability | Description |
| :--------------------- | :--------------------------------------------------------------- |
| Query error logs | Search and filter log entries by service, status, and time range |
| Pull metric timeseries | Retrieve metric data points for dashboards and analysis |
| List active monitors | View all configured monitors and their current statuses |
| Search traces | Find distributed traces across services |
| Manage incidents | View, create, and update incident records |
| Manage dashboards | List and inspect dashboard configurations |
Combine the Datadog MCP with [Knowledge](/product-guides/knowledge) about your services — normal thresholds, architecture diagrams, and on-call runbooks — so Devin starts investigations with your team's context.
## Automated Alert Investigation
Beyond interactive queries, you can wire Datadog alerts to Devin so that incidents are investigated automatically. This uses a **webhook bridge** pattern: a small service receives Datadog webhook payloads and calls the [Devin API](/api-reference/overview) to start an investigation session.
Create a lightweight service that receives Datadog webhooks and starts Devin sessions. Deploy it as a serverless function (AWS Lambda, Cloudflare Worker) or a small container:
```python theme={null}
from flask import Flask, request, jsonify
import requests, os, hmac, hashlib
app = Flask(__name__)
def verify_signature(req):
"""Verify the request using a shared secret configured in the Datadog webhook."""
signature = req.headers.get("X-Webhook-Secret", "")
expected = os.environ["WEBHOOK_SECRET"]
return hmac.compare_digest(signature, expected)
@app.route("/alert", methods=["POST"])
def handle_alert():
if not verify_signature(request):
return jsonify({"error": "bad signature"}), 401
payload = request.json
if not payload:
return jsonify({"error": "no payload"}), 400
# Datadog webhook payload fields
alert_title = payload.get("title", "Unknown alert")
tags = payload.get("tags", "")
if isinstance(tags, str):
tags = [t.strip() for t in tags.split(",")]
service = next(
(t.split(":", 1)[1] for t in tags if t.startswith("service:")),
"unknown-service"
)
alert_url = payload.get("link", "")
org_id = os.environ["DEVIN_ORG_ID"]
response = requests.post(
f"https://api.devin.ai/v3/organizations/{org_id}/sessions",
headers={"Authorization": f"Bearer {os.environ['DEVIN_API_KEY']}"},
json={
"prompt": (
f"Datadog alert fired: '{alert_title}'\n"
f"Service: {service}\n"
f"Alert link: {alert_url}\n\n"
"Using the Datadog MCP:\n"
"1. Pull error logs for this service from the past 30 min\n"
"2. Identify the top error messages and stack traces\n"
"3. Check if this correlates with a recent deploy\n"
"4. If the root cause is clear, open a hotfix PR\n"
"5. Post your findings to #incidents on Slack"
),
}
)
return jsonify(response.json()), 200
```
Create a [service user](/api-reference/v3/overview) in **Settings > Service Users** with `ManageOrgSessions` permission. Store the API token as `DEVIN_API_KEY`, your organization ID as `DEVIN_ORG_ID`, and a shared secret as `WEBHOOK_SECRET` on your bridge service. You'll configure this same secret in the Datadog webhook's **Custom Headers** in the next step.
1. In your Datadog dashboard, go to **Integrations > Webhooks**
2. Click **New Webhook** and set the URL to your bridge endpoint (e.g., `https://your-bridge.example.com/alert`)
3. Under **Custom Headers**, add `X-Webhook-Secret` with the same value you stored as `WEBHOOK_SECRET` on your bridge service
4. In any monitor's notification message, add `@webhook-devin-bridge` — Devin will investigate whenever that monitor fires
Start with a warning-level or low-severity monitor to validate the pipeline end-to-end before routing critical alerts. Once you've confirmed that Devin sessions are created and investigations run correctly, expand to higher-severity monitors.
You can customize the investigation by passing a `playbook_id` in the Devin API request body. Duplicate the [`!triage` template playbook](https://app.devin.ai/settings/playbooks/14fed18b89d44713a26e673cf258f548) and tailor the investigation steps for your stack.
## Related Resources
* [Full walkthrough: Auto-Investigate Datadog Alerts](/use-cases/gallery/api-datadog-alert-investigation)
* [MCP Marketplace docs](/work-with-devin/mcp)
* [Devin API Reference](/api-reference/overview)