When to use workspaces
Your security team wants to keep all authentication logs with full context. Your observability team wants to sample them and drop the tokens. Your compliance team wants to archive everything for 90 days. Without workspaces, these goals conflict. Someone has to compromise. With workspaces, each team manages their own policies. Same catalog, different decisions.How it works
The Master Catalog is shared across workspaces. Every workspace sees the same services, log events, metrics, and traces. The catalog is built at the account level. Policies are per-workspace. Each workspace evaluates the catalog and creates its own policies. The security workspace keeps auth logs. The observability workspace samples them. No conflict.Enforcement
Workspaces map to destinations. How policies apply depends on your routing:- Separate destinations
- Different indices
- Same index
Security logs go to your SIEM, observability logs go to Datadog. Each workspace’s policies apply to its destination.Clean separation. Each team controls what reaches their destination.
Creating workspaces
Create a workspace in Settings → Workspaces. Assign teams to it. Those teams manage policies for that workspace. Each workspace has its own:- Policy decisions and approvals
- Enforcement configuration
- Data quality metrics and SLOs