Skip to main content

Overview

Datadog is an official MCP integration available in the MCP Marketplace. It uses HTTP transport with API key and Application key authentication, giving Devin direct access to your Datadog account for querying logs, metrics, monitors, traces, and more. Once connected, you can also set up automated alert investigation — routing Datadog alerts to Devin through a lightweight webhook bridge so that incidents are triaged automatically.

Enable the Datadog MCP

1

Open the MCP Marketplace

Go to Settings > MCP Marketplace and find Datadog.
2

Configure your credentials

Click Enable, then:
  1. Select your Datadog site/region (e.g., datadoghq.com, datadoghq.eu)
  2. Enter your DD-API-KEY and DD-APPLICATION-KEY
To generate these keys:
3

Verify the connection

Click Test listing tools to confirm Devin can connect to your Datadog account. If the test succeeds, the integration is ready to use.

Capabilities

Once the Datadog MCP is enabled, Devin can perform the following actions within any session:
CapabilityDescription
Query error logsSearch and filter log entries by service, status, and time range
Pull metric timeseriesRetrieve metric data points for dashboards and analysis
List active monitorsView all configured monitors and their current statuses
Search tracesFind distributed traces across services
Manage incidentsView, create, and update incident records
Manage dashboardsList and inspect dashboard configurations
Combine the Datadog MCP with Knowledge about your services — normal thresholds, architecture diagrams, and on-call runbooks — so Devin starts investigations with your team’s context.

Automated Alert Investigation

Beyond interactive queries, you can wire Datadog alerts to Devin so that incidents are investigated automatically. This uses a webhook bridge pattern: a small service receives Datadog webhook payloads and calls the Devin API to start an investigation session.
1

Deploy a webhook bridge service

Create a lightweight service that receives Datadog webhooks and starts Devin sessions. Deploy it as a serverless function (AWS Lambda, Cloudflare Worker) or a small container:
from flask import Flask, request, jsonify
import requests, os, hmac, hashlib

app = Flask(__name__)

def verify_signature(req):
    """Verify the request using a shared secret configured in the Datadog webhook."""
    signature = req.headers.get("X-Webhook-Secret", "")
    expected = os.environ["WEBHOOK_SECRET"]
    return hmac.compare_digest(signature, expected)

@app.route("/alert", methods=["POST"])
def handle_alert():
    if not verify_signature(request):
        return jsonify({"error": "bad signature"}), 401

    payload = request.json
    if not payload:
        return jsonify({"error": "no payload"}), 400

    # Datadog webhook payload fields
    alert_title = payload.get("title", "Unknown alert")
    tags = payload.get("tags", "")
    if isinstance(tags, str):
        tags = [t.strip() for t in tags.split(",")]
    service = next(
        (t.split(":", 1)[1] for t in tags if t.startswith("service:")),
        "unknown-service"
    )
    alert_url = payload.get("link", "")

    org_id = os.environ["DEVIN_ORG_ID"]
    response = requests.post(
        f"https://api.devin.ai/v3/organizations/{org_id}/sessions",
        headers={"Authorization": f"Bearer {os.environ['DEVIN_API_KEY']}"},
        json={
            "prompt": (
                f"Datadog alert fired: '{alert_title}'\n"
                f"Service: {service}\n"
                f"Alert link: {alert_url}\n\n"
                "Using the Datadog MCP:\n"
                "1. Pull error logs for this service from the past 30 min\n"
                "2. Identify the top error messages and stack traces\n"
                "3. Check if this correlates with a recent deploy\n"
                "4. If the root cause is clear, open a hotfix PR\n"
                "5. Post your findings to #incidents on Slack"
            ),
        }
    )
    return jsonify(response.json()), 200
Create a service user in Settings > Service Users with ManageOrgSessions permission. Store the API token as DEVIN_API_KEY, your organization ID as DEVIN_ORG_ID, and a shared secret as WEBHOOK_SECRET on your bridge service. You’ll configure this same secret in the Datadog webhook’s Custom Headers in the next step.
2

Configure the Datadog webhook

  1. In your Datadog dashboard, go to Integrations > Webhooks
  2. Click New Webhook and set the URL to your bridge endpoint (e.g., https://your-bridge.example.com/alert)
  3. Under Custom Headers, add X-Webhook-Secret with the same value you stored as WEBHOOK_SECRET on your bridge service
  4. In any monitor’s notification message, add @webhook-devin-bridge — Devin will investigate whenever that monitor fires
3

Test with a warning-level monitor

Start with a warning-level or low-severity monitor to validate the pipeline end-to-end before routing critical alerts. Once you’ve confirmed that Devin sessions are created and investigations run correctly, expand to higher-severity monitors.
You can customize the investigation by passing a playbook_id in the Devin API request body. Duplicate the !triage template playbook and tailor the investigation steps for your stack.