The TUI opens your browser to create an account or log in. Complete the flow in your browser, then confirm the code shown in your terminal. The TUI logs you in automatically.
3
Select Datadog
The TUI asks which integration you want to connect. Select Datadog.
4
Select your region
Pick your Datadog region. Select US1.
5
Create an API key
The TUI asks for an API key. Datadog uses this to authenticate requests.In Datadog, go to Organization Settings → API Keys. Click New Key, name it "Tero", and paste the key into the TUI.
6
Create a service account
The TUI asks for an application key. This controls what Tero can access.We recommend creating a service account instead of using your personal account. This keeps Tero's access separate and makes it easier to manage permissions.In Datadog, go to Organization Settings → Service Accounts. Click New Service Account and name it "Tero".Assign a role to the service account. Standard gives Tero full functionality — it can analyze your data and take action directly in Datadog. Read-Only works too, but you'll need to take action through Edge or code changes instead.See Roles for details on what each role enables.
7
Create an application key
After creating the service account, click on it in the list. Under Application Keys, click New Key. Copy the key and paste it into the TUI.
8
Done
Tero validates your credentials and starts analyzing your environment. You'll see a progress bar — analysis usually takes a couple of minutes, even with billions of logs.Once it's done, you're ready to ask your first question.
1
Run tero
Open your terminal and run:
Copy
tero
This opens the Tero TUI, which guides you through setup.
The TUI opens your browser to create an account or log in. Complete the flow in your browser, then confirm the code shown in your terminal. The TUI logs you in automatically.
3
Select Datadog
The TUI asks which integration you want to connect. Select Datadog.
4
Select your region
Pick your Datadog region. Select US3.
5
Create an API key
The TUI asks for an API key. Datadog uses this to authenticate requests.In Datadog, go to Organization Settings → API Keys. Click New Key, name it "Tero", and paste the key into the TUI.
6
Create a service account
The TUI asks for an application key. This controls what Tero can access.We recommend creating a service account instead of using your personal account. This keeps Tero's access separate and makes it easier to manage permissions.In Datadog, go to Organization Settings → Service Accounts. Click New Service Account and name it "Tero".Assign a role to the service account. Standard gives Tero full functionality — it can analyze your data and take action directly in Datadog. Read-Only works too, but you'll need to take action through Edge or code changes instead.See Roles for details on what each role enables.
7
Create an application key
After creating the service account, click on it in the list. Under Application Keys, click New Key. Copy the key and paste it into the TUI.
8
Done
Tero validates your credentials and starts analyzing your environment. You'll see a progress bar — analysis usually takes a couple of minutes, even with billions of logs.Once it's done, you're ready to ask your first question.
1
Run tero
Open your terminal and run:
Copy
tero
This opens the Tero TUI, which guides you through setup.
The TUI opens your browser to create an account or log in. Complete the flow in your browser, then confirm the code shown in your terminal. The TUI logs you in automatically.
3
Select Datadog
The TUI asks which integration you want to connect. Select Datadog.
4
Select your region
Pick your Datadog region. Select US5.
5
Create an API key
The TUI asks for an API key. Datadog uses this to authenticate requests.In Datadog, go to Organization Settings → API Keys. Click New Key, name it "Tero", and paste the key into the TUI.
6
Create a service account
The TUI asks for an application key. This controls what Tero can access.We recommend creating a service account instead of using your personal account. This keeps Tero's access separate and makes it easier to manage permissions.In Datadog, go to Organization Settings → Service Accounts. Click New Service Account and name it "Tero".Assign a role to the service account. Standard gives Tero full functionality — it can analyze your data and take action directly in Datadog. Read-Only works too, but you'll need to take action through Edge or code changes instead.See Roles for details on what each role enables.
7
Create an application key
After creating the service account, click on it in the list. Under Application Keys, click New Key. Copy the key and paste it into the TUI.
8
Done
Tero validates your credentials and starts analyzing your environment. You'll see a progress bar — analysis usually takes a couple of minutes, even with billions of logs.Once it's done, you're ready to ask your first question.
1
Run tero
Open your terminal and run:
Copy
tero
This opens the Tero TUI, which guides you through setup.
The TUI opens your browser to create an account or log in. Complete the flow in your browser, then confirm the code shown in your terminal. The TUI logs you in automatically.
3
Select Datadog
The TUI asks which integration you want to connect. Select Datadog.
4
Select your region
Pick your Datadog region. Select EU.
5
Create an API key
The TUI asks for an API key. Datadog uses this to authenticate requests.In Datadog, go to Organization Settings → API Keys. Click New Key, name it "Tero", and paste the key into the TUI.
6
Create a service account
The TUI asks for an application key. This controls what Tero can access.We recommend creating a service account instead of using your personal account. This keeps Tero's access separate and makes it easier to manage permissions.In Datadog, go to Organization Settings → Service Accounts. Click New Service Account and name it "Tero".Assign a role to the service account. Standard gives Tero full functionality — it can analyze your data and take action directly in Datadog. Read-Only works too, but you'll need to take action through Edge or code changes instead.See Roles for details on what each role enables.
7
Create an application key
After creating the service account, click on it in the list. Under Application Keys, click New Key. Copy the key and paste it into the TUI.
8
Done
Tero validates your credentials and starts analyzing your environment. You'll see a progress bar — analysis usually takes a couple of minutes, even with billions of logs.Once it's done, you're ready to ask your first question.
1
Run tero
Open your terminal and run:
Copy
tero
This opens the Tero TUI, which guides you through setup.
The TUI opens your browser to create an account or log in. Complete the flow in your browser, then confirm the code shown in your terminal. The TUI logs you in automatically.
3
Select Datadog
The TUI asks which integration you want to connect. Select Datadog.
4
Select your region
Pick your Datadog region. Select AP1.
5
Create an API key
The TUI asks for an API key. Datadog uses this to authenticate requests.In Datadog, go to Organization Settings → API Keys. Click New Key, name it "Tero", and paste the key into the TUI.
6
Create a service account
The TUI asks for an application key. This controls what Tero can access.We recommend creating a service account instead of using your personal account. This keeps Tero's access separate and makes it easier to manage permissions.In Datadog, go to Organization Settings → Service Accounts. Click New Service Account and name it "Tero".Assign a role to the service account. Standard gives Tero full functionality — it can analyze your data and take action directly in Datadog. Read-Only works too, but you'll need to take action through Edge or code changes instead.See Roles for details on what each role enables.
7
Create an application key
After creating the service account, click on it in the list. Under Application Keys, click New Key. Copy the key and paste it into the TUI.
8
Done
Tero validates your credentials and starts analyzing your environment. You'll see a progress bar — analysis usually takes a couple of minutes, even with billions of logs.Once it's done, you're ready to ask your first question.
1
Run tero
Open your terminal and run:
Copy
tero
This opens the Tero TUI, which guides you through setup.
The TUI opens your browser to create an account or log in. Complete the flow in your browser, then confirm the code shown in your terminal. The TUI logs you in automatically.
3
Select Datadog
The TUI asks which integration you want to connect. Select Datadog.
4
Select your region
Pick your Datadog region. Select US1-FED.
5
Create an API key
The TUI asks for an API key. Datadog uses this to authenticate requests.In Datadog, go to Organization Settings → API Keys. Click New Key, name it "Tero", and paste the key into the TUI.
6
Create a service account
The TUI asks for an application key. This controls what Tero can access.We recommend creating a service account instead of using your personal account. This keeps Tero's access separate and makes it easier to manage permissions.In Datadog, go to Organization Settings → Service Accounts. Click New Service Account and name it "Tero".Assign a role to the service account. Standard gives Tero full functionality — it can analyze your data and take action directly in Datadog. Read-Only works too, but you'll need to take action through Edge or code changes instead.See Roles for details on what each role enables.
7
Create an application key
After creating the service account, click on it in the list. Under Application Keys, click New Key. Copy the key and paste it into the TUI.
8
Done
Tero validates your credentials and starts analyzing your environment. You'll see a progress bar — analysis usually takes a couple of minutes, even with billions of logs.Once it's done, you're ready to ask your first question.
These are Datadog-specific. You can always take action other ways: deploy
policies to your infrastructure with Edge, adjust
instrumentation in your code, or configure Datadog manually. See
Taking action for all options.
If you want to limit Tero’s access to logs from specific services, use Datadog’s
restriction queries.
Restriction queries filter which logs a role can read through the
logs_read_data permission.
1
Add a restriction query
In Datadog, go to Organization Settings > Data Access and click Add Restriction Query.
2
Enter a query
Scope access to the services you want Tero to see. Examples:
Goal
Query
Single service
service:api
Multiple services
service:api OR service:web
Service + environment
service:api AND env:production
Exclude a service
service:* AND NOT service:internal-audit
3
Assign to Tero's role
Attach the restriction query to your Tero service account’s role.
Each role can only have one restriction query. Use OR operators in a single
query to scope to multiple services.
