Datadog - Tero Documentation

Connect Datadog when you want Tero to review log telemetry and build service and log-event context. Tero also shows cost and compliance issues, analyzes ingestion, and manages supported provider actions.

Connect Datadog

Select your Datadog region, then follow the steps.

Datadog context in Tero

Datadog gives Tero provider context for what you review in Tero:

Issues with evidence from log events, services, volume, cost, and compliance exposure
Services with ownership and log-volume context
Log events grouped from Datadog logs
Cost and Compliance lanes tied to open issues
Log ingestion analysis for indexed, non-indexed, and migration-candidate volume
Datadog exclusion filter inventory in the Policies workspace

Datadog log ingestion analysis shows where you can move waste upstream with policies. Open in demo

Provider actions

With write access, Tero can manage supported Datadog log controls through the Datadog API. Common actions include:

Action	What Tero can do
Exclusion filters	Convert or create filters for log events that should stop reaching indexed storage.
Pipelines	Adjust supported log processing behavior when a policy requires provider-side handling.
Policy import	Inspect Datadog filters, preview Tero policies, and create supported policies from provider inventory.

Provider actions are one way to run a policy. You can also run policies with Edge, deploy the Datadog Edge distribution, or use repository workflows.

Permissions

Datadog has managed roles and custom role permissions. Choose the narrowest role that supports the work you want Tero to do.

Role	What it gives Tero
Read-Only	Context and evidence only. You take action through Edge, your provider, or your own workflow.
Standard	Context plus supported provider actions.
Custom	Fine-grained access for the permissions below.

Custom role permissions

Context (read)

Permission	What Tero can do
`logs_read_data`	Read log data for evidence and log-event grouping
`logs_read_index_data`	Read index configuration and ingestion context
`service_catalog_read`	Read service catalog context
`dashboards_read`	Read dashboard usage context when available
`monitors_read`	Read monitor context when available
`usage_read`	Read usage data for cost and ingestion analysis
`billing_read`	Read billing context when available

Provider actions (write)

Permission	What Tero can do
`logs_write_exclusion_filters`	Create or modify exclusion filters
`logs_write_pipelines`	Modify supported log pipelines

Start with read access when you only want evidence and recommendations. Add write permissions when you want Tero to apply provider actions.

Scope access to services

Use Datadog restriction queries when you want Tero to read logs for specific services.

Goal	Query
Single service	`service:api`
Multiple services	`service:api OR service:web`
Service and environment	`service:api AND env:production`
Exclude a service	`service:* AND NOT service:internal-audit`

Attach the restriction query to the role used by Tero.

Set SLOs Evidence

​Connect Datadog

​Datadog context in Tero

​Provider actions

​Permissions

​Custom role permissions

​Scope access to services

​Related pages