Send incidents to Datadog

Follow these steps to configure Moogsoft Cloud to send incidents to Datadog. For additional details, consult the Moogsoft Cloud Outbound alert webhooks (deprecated) documentation.

Before you begin

Before you set up your Datadog integration:

Make sure you are signed into your Moogsoft Cloud instance.
Make sure you are signed into Datadog.
Generate both an API Key and Application Key in Datadog by following these instructions.

Configure the CREATE webhook endpoint in Moogsoft Cloud

First, configure the Datadog CREATE webhook endpoint, which sends incidents to Datadog when they arrive in Moogsoft Cloud.

To configure the CREATE webhook endpoint:

Log in to Moogsoft Cloud and navigate to Integrations > Outbound Integrations > Webhook Endpoint > Incident Webhook Endpoint.
Click Add Incident Webhook Endpoint and enter "Datadog CREATE" as the name of the webhook endpoint. Optionally, provide a description.
Complete each section of the webhook endpoint according to the following:
1. Skip the Triggers section.
2. Configure the Endpoint:
  1. Set the Request Method to POST.
  2. Under URL, copy and paste the following:
    https://api.datadoghq.com/api/v2/incidents
  3. Under Authorization, make sure No auth is selected.
  4. Under Headers, add a new row with the following parameters. Replace <your-api-key> with your Datadog API key:
    Key: DD_API_KEY
    Value: <your-api-key>
  5. Add another new row with the following parameters. Replace <your-application-key> with your Datadog application key:
    Key: DD_APPLICATION_KEY
    Value: <your-application-key>
3. Specify the Payload Body:
  1. Replace the default payload with the following:
    { "data": { "attributes": { "title": "Issue # $id with severity $severity and description $description", "fields": { "severity": { "value": "$severity" }, "summary": { "value": "Issue # $id with severity $severity and description $description" } } } }, "type": "incidents" } }
    Note
    If you want to add a mapping for services, you can edit the payload above. The service values must be set up in the Datadog APM feature and must match the Moogsoft Cloud values exactly.
  2. Add a type declaration for ${severity}, with a type of String.
  3. Add a custom mapping for ${severity} as follows:
    Input Value
    Value to Send
    critical
    SEV-1
    major
    SEV-2
    minor
    SEV-3
    warning
    SEV-4
    clear
    SEV-5
4. Save the webhook endpoint.

Input Value	Value to Send
`critical`	`SEV-1`
`major`	`SEV-2`
`minor`	`SEV-3`
`warning`	`SEV-4`
`clear`	`SEV-5`

Configure the UPDATE webhook endpoint in Moogsoft Cloud

Next, create a Datadog UPDATE webhook endpoint, which sends updates to Datadog when Moogsoft Cloud incidents are changed.

To configure the UPDATE webhook endpoint:

Navigate to Integrations > Outbound Integrations > Webhook Endpoint > Incident Webhook Endpoint.
At the far right side of the "Datadog CREATE" webhook endpoint you just configured, click on the copy icon:
Enter "Datadog UPDATE" for the name of the duplicate webhook endpoint and click Duplicate.
Click on the "Datadog UPDATE" webhook endpoint to open it.
Click Edit.
Under the Triggers section, select Severity increased.
Configure the Endpoint:
1. Set the Request Method to Patch.
2. Replace the existing URL with the following:
```
https://api.datadoghq.com/api/v2/incidents/$external_name
```
Save the webhook endpoint.

Configure the CREATE workflow in Moogsoft Cloud

Configure an incident workflow called Datadog CREATE Workflow, which triggers the "Datadog CREATE" webhook endpoint when an incident is created in Moogsoft Cloud.

To configure the CREATE workflow:

Log into Moogsoft Cloud and navigate to Correlate & Automate > Workflow Engine > Incident Workflows.
Click Add Workflow and enter "Datadog CREATE Workflow" as the name of the workflow. Optionally, provide a description.
For the Trigger, select New incidents only.
If desired, add a filter condition on the incidents that you wish to forward to Datadog.
Click Add Action, select the Send to Endpoint action and then click Add Selected Action.
Select the new Send to Endpoint action complete each section according to the following:
1. Webhook: Select the "Datadog CREATE" incident webhook endpoint that you created earlier.
2. External Link: Skip this section.
3. Integration Name: Enter the following (without quotes): "Datadog Integration"
  Skip all remaining sections.
Save and Enable the workflow.

Configure the UPDATE workflow in Moogsoft Cloud

Finally, configure another incident workflow called Datadog UPDATE Workflow, which triggers the "Datadog UPDATE" webhook endpoint to send data when an incident is updated in Moogsoft Cloud.

To configure the UPDATE workflow:

Navigate to Correlate & Automate > Workflow Engine > Incident Workflows.
Click Add Workflow and enter "Datadog UPDATE Workflow" as the name of the workflow. Optionally, provide a description.
For the Trigger, select Changed incidents only.
Click Add Action, select the Send to Endpoint action and then click Add Selected Action.
Select the new Send to Endpoint action and complete each section as follows:
1. Webhook: Select the "Datadog UPDATE" incident webhook endpoint that you created earlier.
2. External Link: Check the box.
3. Integration Name: Enter the following: "Datadog Integration"
4. External ID: Enter the following: data.id
5. External Name: Enter the following: data.attributes.public_id
6. URL: Enter the following: https://app.datadoghq.com/incidents/$external_name
Save and Enable the workflow.

Test the integration

Navigate to Integrations > Ingestion Services > Events API.
Add your API key to the provided cURL command and run the command in an external terminal to send an event to Moogsoft Cloud.
Verify that an incident has been created in Moogsoft Cloud.
Within Datadog, verify that data from Moogsoft Cloud has arrived. You should also see the test notification(s) you sent earlier.
If you have enabled updates and included Status changed as a trigger, close the incident in Moogsoft Cloud and verify in Datadog that an update has arrived.

In this section: