Datadog Automation via Rube MCP
Automate Datadog monitoring and observability operations through Composio's Datadog toolkit via Rube MCP.
Prerequisites
- Rube MCP must be connected (RUBE_SEARCH_TOOLS available)
- Active Datadog connection via with toolkit
- Always call first to get current tool schemas
Setup
Get Rube MCP: Add
as an MCP server in your client configuration. No API keys needed — just add the endpoint and it works.
- Verify Rube MCP is available by confirming responds
- Call with toolkit
- If connection is not ACTIVE, follow the returned auth link to complete Datadog authentication
- Confirm connection status shows ACTIVE before running any workflows
Core Workflows
1. Query and Explore Metrics
When to use: User wants to query metric data or list available metrics
Tool sequence:
- - List available metric names [Optional]
- - Query metric time series data [Required]
Key parameters:
- : Datadog metric query string (e.g.,
avg:system.cpu.user{host:web01}
- : Start timestamp (Unix epoch seconds)
- : End timestamp (Unix epoch seconds)
- : Search string for listing metrics
Pitfalls:
- Query syntax follows Datadog's metric query format:
aggregation:metric_name{tag_filters}
- and are Unix epoch timestamps in seconds, not milliseconds
- Valid aggregations: , , , ,
- Tag filters use curly braces:
- Time range should not exceed Datadog's retention limits for the metric type
2. Search and Analyze Logs
When to use: User wants to search log entries or list log indexes
Tool sequence:
- - List available log indexes [Optional]
- - Search logs with query and filters [Required]
Key parameters:
- : Log search query using Datadog log query syntax
- : Start time (ISO 8601 or Unix timestamp)
- : End time (ISO 8601 or Unix timestamp)
- : Sort order ('asc' or 'desc')
- : Number of log entries to return
Pitfalls:
- Log queries use Datadog's log search syntax:
- Search is limited to retained logs within the configured retention period
- Large result sets require pagination; check for cursor/page tokens
- Log indexes control routing and retention; filter by index if known
3. Manage Monitors
When to use: User wants to create, update, mute, or inspect monitors
Tool sequence:
- - List all monitors with filters [Required]
- - Get specific monitor details [Optional]
- - Create a new monitor [Optional]
- - Update monitor configuration [Optional]
- - Silence a monitor temporarily [Optional]
- - Re-enable a muted monitor [Optional]
Key parameters:
- : Numeric monitor ID
- : Monitor display name
- : Monitor type ('metric alert', 'service check', 'log alert', 'query alert', etc.)
- : Monitor query defining the alert condition
- : Notification message with @mentions
- : Array of tag strings
- : Alert threshold values (, , )
Pitfalls:
- Monitor must match the query type; mismatches cause creation failures
- supports @mentions for notifications (e.g., , )
- Thresholds vary by monitor type; metric monitors need at minimum
- Muting a monitor suppresses notifications but the monitor still evaluates
- Monitor IDs are numeric integers
4. Manage Dashboards
When to use: User wants to list, view, update, or delete dashboards
Tool sequence:
- - List all dashboards [Required]
- - Get full dashboard definition [Optional]
- - Update dashboard layout or widgets [Optional]
- - Remove a dashboard (irreversible) [Optional]
Key parameters:
- : Dashboard identifier string
- : Dashboard title
- : 'ordered' (grid) or 'free' (freeform positioning)
- : Array of widget definition objects
- : Dashboard description
Pitfalls:
- Dashboard IDs are alphanumeric strings (e.g., 'abc-def-ghi'), not numeric
- cannot be changed after creation; must recreate the dashboard
- Widget definitions are complex nested objects; get existing dashboard first to understand structure
- DELETE is permanent; there is no undo
5. Create Events and Manage Downtimes
When to use: User wants to post events or schedule maintenance downtimes
Tool sequence:
- - List existing events [Optional]
- - Post a new event [Required]
- - Schedule a maintenance downtime [Optional]
Key parameters for events:
- : Event title
- : Event body text (supports markdown)
- : Event severity ('error', 'warning', 'info', 'success')
- : Array of tag strings
Key parameters for downtimes:
- : Tag scope for the downtime (e.g., )
- : Start time (Unix epoch)
- : End time (Unix epoch; omit for indefinite)
- : Downtime description
- : Specific monitor to downtime (optional, omit for scope-based)
Pitfalls:
- Event supports Datadog's markdown format including @mentions
- Downtimes scope uses tag syntax: ,
- Omitting creates an indefinite downtime; always set an end time for maintenance
- Downtime narrows to a single monitor; scope applies to all matching monitors
6. Manage Hosts and Traces
When to use: User wants to list infrastructure hosts or inspect distributed traces
Tool sequence:
- - List all reporting hosts [Required]
- - Get a specific distributed trace [Optional]
Key parameters:
- : Host search filter string
- : Sort hosts by field (e.g., 'name', 'apps', 'cpu')
- : Sort direction ('asc' or 'desc')
- : Distributed trace ID for trace lookup
Pitfalls:
- Host list includes all hosts reporting to Datadog within the retention window
- Trace IDs are long numeric strings; ensure exact match
- Hosts that stop reporting are retained for a configured period before removal
Common Patterns
Monitor Query Syntax
Metric alerts:
avg(last_5m):avg:system.cpu.user{env:prod} > 90
Log alerts:
logs("service:web status:error").index("main").rollup("count").last("5m") > 10
Tag Filtering
- Tags use format: , ,
- Multiple tags: (AND logic)
- Wildcard:
Pagination
- Use and or offset-based pagination depending on endpoint
- Check response for total count to determine if more pages exist
- Continue until all results are retrieved
Known Pitfalls
Timestamps:
- Most endpoints use Unix epoch seconds (not milliseconds)
- Some endpoints accept ISO 8601; check tool schema
- Time ranges should be reasonable (not years of data)
Query Syntax:
- Metric queries:
- Log queries: pairs
- Monitor queries vary by type; check Datadog documentation
Rate Limits:
- Datadog API has per-endpoint rate limits
- Implement backoff on 429 responses
- Batch operations where possible
Quick Reference
| Task | Tool Slug | Key Params |
|---|
| Query metrics | DATADOG_QUERY_METRICS | query, from, to |
| List metrics | DATADOG_LIST_METRICS | q |
| Search logs | DATADOG_SEARCH_LOGS | query, from, to, limit |
| List log indexes | DATADOG_LIST_LOG_INDEXES | (none) |
| List monitors | DATADOG_LIST_MONITORS | tags |
| Get monitor | DATADOG_GET_MONITOR | monitor_id |
| Create monitor | DATADOG_CREATE_MONITOR | name, type, query, message |
| Update monitor | DATADOG_UPDATE_MONITOR | monitor_id |
| Mute monitor | DATADOG_MUTE_MONITOR | monitor_id |
| Unmute monitor | DATADOG_UNMUTE_MONITOR | monitor_id |
| List dashboards | DATADOG_LIST_DASHBOARDS | (none) |
| Get dashboard | DATADOG_GET_DASHBOARD | dashboard_id |
| Update dashboard | DATADOG_UPDATE_DASHBOARD | dashboard_id, title, widgets |
| Delete dashboard | DATADOG_DELETE_DASHBOARD | dashboard_id |
| List events | DATADOG_LIST_EVENTS | start, end |
| Create event | DATADOG_CREATE_EVENT | title, text, alert_type |
| Create downtime | DATADOG_CREATE_DOWNTIME | scope, start, end |
| List hosts | DATADOG_LIST_HOSTS | filter, sort_field |
| Get trace | DATADOG_GET_TRACE_BY_ID | trace_id |