What does Datadog add during incident response that PagerDuty does not?

System-wide correlation. PagerDuty holds the incident and paging; Datadog uses search_datadog_logs, get_datadog_metric, and get_datadog_trace to show what the rest of the stack did when the alert fired, which is where root cause usually hides.

Can Datadog page an on-call engineer?

No. Paging and the on-call schedule live in PagerDuty. Datadog is for investigating telemetry, logs, metrics, traces, and monitors, once a responder is already engaged.

Datadog for incident response

Pick 3 of 4 for incident responseOfficialDatadog

Datadog is the third of four picks for incident response, covering the telemetry side of correlating what changed when things broke. Its official server lets an agent search logs, query metrics, pull APM traces, and investigate incidents, compressing the gap between an alert and a root cause.

Response starts elsewhere, which sets the rank. PagerDuty holds the active incident and the paging, and Sentry carries the stack trace. Datadog comes in to explain the system-wide behavior behind the alert, so it sits behind the tools that own the incident record and the exception.

How Datadog fits

At 3 a.m. the useful sequence is concrete. search_datadog_monitors shows which alerts are firing, get_datadog_metric and search_datadog_metrics pinpoint when a metric moved, and search_datadog_logs with analyze_datadog_logs read the output around the spike. get_datadog_trace and search_datadog_spans trace a slow or failing request, while search_datadog_service_dependencies reveals whether an upstream service started the cascade. search_datadog_hosts confirms whether a specific host is implicated.

The honest boundary: Datadog does not page anyone, hold the incident, or run a status page. PagerDuty is the on-call and paging system, Sentry the error tracker with the trace, Better Stack the logs-and-uptime layer with status-page tooling. Datadog's contribution is correlation across the whole stack, so an agent can pull the active incident from PagerDuty and use Datadog to find what actually changed. Run it alongside, not instead of, the incident-owning tools.

Tools you would use

Tool	What it does
search_datadog_logs	Searches logs with time, service, and query-string filters.
analyze_datadog_logs	Performs statistical analysis over logs using SQL-style queries.
get_datadog_metric	Queries historical and real-time metric data.
get_datadog_metric_context	Retrieves metric metadata, tags, and available tag values.
search_datadog_metrics	Lists available metrics with filtering.
get_datadog_trace	Fetches a complete APM trace by trace ID.
search_datadog_spans	Retrieves APM spans with filters.
search_datadog_hosts	Lists monitored hosts with filtering options.
search_datadog_services	Lists services in the Service Catalog.
search_datadog_service_dependencies	Shows upstream and downstream service relationships.

Full Datadog setup and config →

FAQ

What does Datadog add during incident response that PagerDuty does not?: System-wide correlation. PagerDuty holds the incident and paging; Datadog uses search_datadog_logs, get_datadog_metric, and get_datadog_trace to show what the rest of the stack did when the alert fired, which is where root cause usually hides.
Can Datadog page an on-call engineer?: No. Paging and the on-call schedule live in PagerDuty. Datadog is for investigating telemetry, logs, metrics, traces, and monitors, once a responder is already engaged.