Does Datadog manage the incident lifecycle and on-call?

No. PagerDuty holds the incident record, on-call schedule, and paging. Datadog correlates telemetry around an open incident through search_datadog_monitors, get_datadog_metric, and search_datadog_logs so a responder understands what the system did.

Why use a read-only telemetry server during an incident?

Because an agent can investigate aggressively without risk. Datadog's tools query logs, metrics, traces, and monitors but do not change live state, so digging into a degradation cannot make the incident worse.

Datadog for incident management

Pick 3 of 4 for incident managementOfficialDatadog

Datadog is the third of four picks for incident management, providing the broad telemetry correlation a responder needs once the incident is open. Its official remote server searches logs, queries metrics, pulls APM traces, inspects monitors, and investigates incidents across the whole stack, which is the read-only investigation an agent can do aggressively without making a live incident worse.

The rank follows the response chain. PagerDuty leads because it holds the incident, the on-call schedule, and the paging. Sentry sits ahead too with the stack trace and root-cause view. Datadog is the layer that ties the alert to system-wide behavior.

How Datadog fits

During an incident the agent uses search_datadog_monitors to see what fired, get_datadog_metric and search_datadog_metrics to find when a metric turned, and search_datadog_logs with analyze_datadog_logs to read what the affected services emitted. get_datadog_trace and search_datadog_spans follow a degraded request through APM, while search_datadog_services and search_datadog_service_dependencies show the blast radius across services. Because these are investigative reads, the agent can dig hard without risk of changing live state.

The limit that places it third: Datadog does not own the incident record, the on-call rotation, or paging. PagerDuty is the pick for who is on call and driving the incident lifecycle. Sentry brings the exception and its root cause. Better Stack covers logs and uptime monitoring. Datadog's job is correlation, taking the open incident from those tools and explaining what the rest of the system did, so install it as the telemetry layer rather than the system of record.

Tools you would use

Tool	What it does
search_datadog_logs	Searches logs with time, service, and query-string filters.
analyze_datadog_logs	Performs statistical analysis over logs using SQL-style queries.
get_datadog_metric	Queries historical and real-time metric data.
get_datadog_metric_context	Retrieves metric metadata, tags, and available tag values.
search_datadog_metrics	Lists available metrics with filtering.
get_datadog_trace	Fetches a complete APM trace by trace ID.
search_datadog_spans	Retrieves APM spans with filters.
search_datadog_hosts	Lists monitored hosts with filtering options.
search_datadog_services	Lists services in the Service Catalog.
search_datadog_service_dependencies	Shows upstream and downstream service relationships.

Full Datadog setup and config →

FAQ

Does Datadog manage the incident lifecycle and on-call?: No. PagerDuty holds the incident record, on-call schedule, and paging. Datadog correlates telemetry around an open incident through search_datadog_monitors, get_datadog_metric, and search_datadog_logs so a responder understands what the system did.
Why use a read-only telemetry server during an incident?: Because an agent can investigate aggressively without risk. Datadog's tools query logs, metrics, traces, and monitors but do not change live state, so digging into a degradation cannot make the incident worse.