一键导入
observability-datadog
Datadog log and metrics analysis. Use when querying Datadog logs, metrics, or APM data. Provides scripts and query syntax reference.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Datadog log and metrics analysis. Use when querying Datadog logs, metrics, or APM data. Provides scripts and query syntax reference.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Pull incident context from alerting platforms (PagerDuty). Use when investigating who's on-call, incident history, alert patterns, or MTTR metrics.
Opsgenie alert management and on-call scheduling. Use for listing alerts, checking on-call, computing MTTA/MTTR, and alert fatigue analysis. Supports team and priority filtering.
Amplitude product analytics. Use when querying user events, funnels, retention, or product usage data. Provides event segmentation, user activity lookup, and annotation queries.
Google BigQuery data warehouse queries and schema inspection. Use when running SQL queries, listing datasets/tables, or inspecting table schemas in BigQuery.
MySQL/MariaDB database inspection and queries. Use when investigating table schemas, running queries, checking processlist, replication status, InnoDB engine status, or lock contention.
PostgreSQL database inspection and queries. Use when investigating table schemas, running queries, checking locks, replication status, or long-running queries.
| name | observability-datadog |
| description | Datadog log and metrics analysis. Use when querying Datadog logs, metrics, or APM data. Provides scripts and query syntax reference. |
| allowed-tools | Bash(python *) |
IMPORTANT: Credentials are injected automatically by a proxy layer. Do NOT check for DATADOG_API_KEY or DATADOG_APP_KEY in environment variables - they won't be visible to you. Just run the scripts directly; authentication is handled transparently.
Configuration environment variables you CAN check (non-secret):
DATADOG_SITE - Datadog site (e.g., us5.datadoghq.com, datadoghq.eu)NEVER dump raw logs. Always follow this pattern:
STATISTICS → SAMPLE → PATTERNS → CORRELATE
All scripts are in .claude/skills/observability-datadog/scripts/
Comprehensive statistics with pattern extraction.
python .claude/skills/observability-datadog/scripts/get_statistics.py [--service SERVICE] [--time-range MINUTES]
# Examples:
python .claude/skills/observability-datadog/scripts/get_statistics.py --time-range 60
python .claude/skills/observability-datadog/scripts/get_statistics.py --service payment
Output includes:
Choose the right sampling strategy based on statistics.
python .claude/skills/observability-datadog/scripts/sample_logs.py --strategy STRATEGY [--service SERVICE] [--limit N]
# Strategies:
# errors_only - Only error logs (default for incidents)
# warnings_up - Warning and error logs
# around_time - Logs around a specific timestamp
# all - All log levels
# Examples:
python .claude/skills/observability-datadog/scripts/sample_logs.py --strategy errors_only --service payment
python .claude/skills/observability-datadog/scripts/sample_logs.py --strategy around_time --timestamp "2026-01-27T05:00:00Z" --window 5
# Service filter
service:payment
# Status filter
status:error
status:warn
# Host filter
host:web-server-01
# Combine with AND (space) or OR
service:payment status:error
service:payment OR service:checkout
# Tag filter
env:production
version:1.2.3
# Attribute filter
@http.status_code:>=500
@duration:>1000
# Wildcard
service:payment-*
# Relative
@timestamp:[now-1h TO now]
# Absolute
@timestamp:[2026-01-27T00:00:00Z TO 2026-01-27T12:00:00Z]
# All errors in last hour
status:error
# Errors for specific service
service:api-gateway status:error
# Slow requests (>1s)
@duration:>1000000
# HTTP 5xx errors
@http.status_code:>=500
# Exceptions
*exception* OR *error* OR *failed*
┌─────────────────────────────────────────────────────────────┐
│ 1. STATISTICS FIRST (mandatory) │
│ python get_statistics.py --service <service> │
│ → Know volume, error rate, top patterns │
└─────────────────────────────────────────────────────────────┘
│
▼
High Error Rate?
┌─────────────┴─────────────┐
│ │
YES (>5%) NO
│ │
▼ ▼
┌─────────────────────────────┐ ┌───────────────────────────────────────────┐
│ 2. FAST PATH │ │ 2. TARGETED INVESTIGATION │
│ Sample errors directly │ │ Filter by specific criteria │
│ python sample_logs.py │ │ python sample_logs.py --strategy all │
│ --strategy errors_only │ │ → Look for anomalies │
└─────────────────────────────┘ └───────────────────────────────────────────┘
| Goal | Command |
|---|---|
| Start investigation | get_statistics.py --service X |
| Sample errors only | sample_logs.py --strategy errors_only --service X |
| Investigate spike | sample_logs.py --strategy around_time --timestamp T |
| All logs | sample_logs.py --strategy all --service X --limit 20 |
aggregation:metric_name{tag_filters}
avg: - Average across series
sum: - Sum across series
min: - Minimum value
max: - Maximum value
p50: - 50th percentile (APM)
p95: - 95th percentile (APM)
p99: - 99th percentile (APM)
# System
avg:system.cpu.user{service:X}
avg:system.mem.used{service:X}
# APM (traces)
sum:trace.http.request.hits{service:X}.as_rate()
sum:trace.http.request.errors{service:X}.as_rate()
p95:trace.http.request.duration{service:X}
get_statistics.py is MANDATORY first step