DataDog · estherk15 · Oct 14, 2025 · Mar 28, 2025 · Oct 9, 2025 · Oct 9, 2025
@@ -155,96 +155,106 @@ menu:
       url: getting_started/profiler/
       parent: getting_started
       weight: 17
+    - name: Search
+      identifier: getting_started_search
+      url: getting_started/search/
+      parent: getting_started
+      weight: 18
+    - name: Product-Specific Search
+      identifier: getting_started_search_product_specific
+      url: getting_started/search/product_specific_reference
+      parent: getting_started_search
+      weight: 1801
     - name: Session Replay
       identifier: getting_started_session_replay
       url: getting_started/session_replay/
       parent: getting_started
-      weight: 18
+      weight: 19
     - name: Security
       identifier: getting_started_security
       url: getting_started/security/
       parent: getting_started
-      weight: 19
+      weight: 20
     - name: App and API Protection
       identifier: getting_started_application_security
       url: getting_started/security/application_security
       parent: getting_started_security
-      weight: 1901
+      weight: 2001
     - name: Cloud Security
       identifier: getting_started_cloud_security_management
       url: getting_started/security/cloud_security_management/
       parent: getting_started_security
-      weight: 1902
+      weight: 2002
     - name: Cloud SIEM
       identifier: getting_started_cloud_siem
       url: getting_started/security/cloud_siem/
       parent: getting_started_security
-      weight: 1903
+      weight: 2003
     - name: Code Security
       identifier: getting_started_code_security
       url: getting_started/code_security/
       parent: getting_started_security
-      weight: 1904
+      weight: 2004
     - name: Serverless for AWS Lambda
       identifier: getting_started_serverless
       url: getting_started/serverless/
       parent: getting_started
-      weight: 20
+      weight: 21
     - name: Software Delivery
       identifier: getting_started_software_delivery
       url: getting_started/software_delivery/
       parent: getting_started
-      weight: 21
+      weight: 22
     - name: CI Visibility
       identifier: getting_started_ci_visibility
       url: getting_started/ci_visibility/
       parent: getting_started_software_delivery
-      weight: 2101
+      weight: 2201
     - name: Feature Flags
       identifier: getting_started_feature_flags
       url: getting_started/feature_flags/
       parent: getting_started_software_delivery
-      weight: 2102
+      weight: 2202
     - name: Test Optimization
       identifier: getting_started_test_optimization
       url: getting_started/test_optimization/
       parent: getting_started_software_delivery
-      weight: 2103
+      weight: 2203
     - name: Test Impact Analysis
       identifier: getting_started_test_impact_analysis
       url: getting_started/test_impact_analysis/
       parent: getting_started_software_delivery
-      weight: 2104
+      weight: 2204
     - name: Synthetic Monitoring and Testing
       identifier: getting_started_synthetics
       url: getting_started/synthetics/
       parent: getting_started
-      weight: 22
+      weight: 23
     - name: API Tests
       identifier: getting_started_api_test
       url: getting_started/synthetics/api_test
       parent: getting_started_synthetics
-      weight: 2201
+      weight: 2301
     - name: Browser Tests
       identifier: getting_started_browser_test
       url: getting_started/synthetics/browser_test
       parent: getting_started_synthetics
-      weight: 2202
+      weight: 2302
     - name: Mobile App Tests
       identifier: getting_started_mobile_app
       url: getting_started/synthetics/mobile_app_testing
       parent: getting_started_synthetics
-      weight: 2203
+      weight: 2303
     - name: Continuous Testing
       identifier: getting_started_continuous_testing
       url: getting_started/continuous_testing/
       parent: getting_started_synthetics
-      weight: 2204
+      weight: 2304
     - name: Private Locations
       identifier: getting_started_private_location
       url: getting_started/synthetics/private_location
       parent: getting_started_synthetics
-      weight: 2205
+      weight: 2305
     - name: Tags
       identifier: tagging_
       url: getting_started/tagging/
@@ -259,12 +269,12 @@ menu:
       identifier: unified_service_tagging
       url: getting_started/tagging/unified_service_tagging
       parent: tagging_
-      weight: 2702
+      weight: 2602
     - name: Using Tags
       identifier: using_tags
       url: getting_started/tagging/using_tags
       parent: tagging_
-      weight: 2803
+      weight: 2603
     - name: Workflow Automation
       identifier: getting_started_workflow_automation
       url: getting_started/workflow_automation/

@@ -2,6 +2,9 @@
 title: CD Visibility Explorer Search Syntax
 description: Search all of your deployment executions.
 further_reading:
+- link: "/getting_started/search/"
+  tag: "Documentation"
+  text: "Getting Started with Search in Datadog"
 - link: "/continuous_delivery/explorer/facets"
   tag: "Documentation"
   text: "Learn about facets"

@@ -2,6 +2,9 @@
 title: CI Visibility Explorer Search Syntax
 description: Learn how to search for all of your pipeline executions in the CI Visibility Explorer.
 further_reading:
+- link: "/getting_started/search/"
+  tag: "Documentation"
+  text: "Getting Started with Search in Datadog"
 - link: "/continuous_integration/search"
   tag: "Documentation"
   text: "Filter and group pipelines"

@@ -99,6 +99,7 @@ For the fastest introduction to navigating Datadog, try the [Quick Start course]
 {{< nextlink href="/getting_started/agent" >}}<u>Agent</u>: Send metrics and events from your hosts to Datadog.{{< /nextlink >}}
 {{< nextlink href="/getting_started/api" >}}<u>API</u>: Get started with the Datadog HTTP API.{{< /nextlink >}}
 {{< nextlink href="/getting_started/integrations" >}}<u>Integrations</u>: Learn how to collect metrics, traces, and logs with Datadog integrations.{{< /nextlink >}}
+{{< nextlink href="/getting_started/search" >}}<u>Search</u>: Learn the fundamentals of searching and filtering across Datadog products.{{< /nextlink >}}
 {{< nextlink href="/getting_started/tagging" >}}<u>Tags</u>: Start tagging your metrics, logs, and traces.{{< /nextlink >}}
 {{< nextlink href="/getting_started/opentelemetry" >}}<u>OpenTelemetry</u>: Learn how to send OpenTelemetry metrics, traces, and logs to Datadog.{{< /nextlink >}}
 {{< nextlink href="/getting_started/learning_center" >}}<u>Learning Center</u>: Follow a learning path, take a self-guided class or lab, and explore the Datadog certification program.{{< /nextlink >}}

@@ -0,0 +1,43 @@
+---
+title: Getting Started with Search in Datadog
+description: Learn the fundamentals of searching and filtering across Datadog products
+further_reading:
+- link: "/getting_started/search/product_specific_reference"
+  tag: "Documentation"
+  text: "Product-Specific Search"
+---
+
+## Overview
+
+Datadog provides powerful and flexible search capabilities across its products and features. This guide introduces the core concepts of search syntax in Datadog, helping you understand how to construct effective queries across Logs, Metrics, APM, and more.
+
+
+## Understanding Datadog search
+
+Datadog provides a unified way to query data across products using text-based search syntax. All data in Datadog can be explored and filtered through queries, but the syntax and behavior differ depending on the type of data you're working with. There are two primary query formats in Datadog:
+- **Metric-based queries**: Used in Metrics and Cloud Cost Management (CCM).
+- **Event-based queries**: Used across most other products, including Logs, APM, RUM, Events, and Security.
+
+Although both query types let you filter and analyze data, their syntax is not interchangeable. Each follows its own structure, operators, and supported functions designed for the type of data it handles.
+
+### Metric-Based Queries
+
+Metric-based queries are designed to retrieve and analyze numerical time series data. They rely on tags to filter metrics and often combine functions and arithmetic operations to calculate and visualize trends over time (for example, average latency, error rate, or cost over time).
+
+### Event-Based Queries
+
+Event-based queries are used in most Datadog products to explore individual records such as log entries, traces, or browser events. These queries typically support full-text search, faceted filtering, and boolean logic to help users find, group, and analyze relevant events.
+
+Compared to metric queries, event-based searches focus on discovering and filtering individual records rather than aggregating numerical values. They form the foundation for exploratory analysis—helping you identify patterns, troubleshoot issues, and drill into specific data before moving to metrics or dashboards for long-term trends.
+
+## Product-specific syntax
+
+Each Datadog product provides its own search syntax, tailored to the type of data it handles. The Product-Specific Search reference highlights the key capabilities and unique operators available in each product, such as log search facets, APM trace filters, or metric aggregation functions. These references help you understand where syntax differs across Datadog products.
+
+Learn more in [Product-Specific Search][1].
+
+## Further reading
+
+{{< partial name="whats-next/whats-next.html" >}}
+
+[1]: /getting_started/search/product_specific_reference
@@ -0,0 +1,145 @@
+---
+title: Product-Specific Search
+description: Learn about search capabilities across different Datadog products
+further_reading:
+- link: "/getting_started/search/"
+  tag: "Documentation"
+  text: "Getting Started with Search"
+---
+
+## Overview
+
+Each Datadog product offers unique search capabilities optimized for its use case. This page provides a comprehensive index of product-specific search syntax resources to help you find the right documentation for your needs.
+
+## Search syntax families
+
+There are two main families of search syntaxes across Datadog products:
+
+**Metrics-based syntax**: Used by Metrics and Cloud Cost Management for time-series data queries with tag-based filtering and aggregation.
+
+**Event-based syntax**: Used by Log Management and adopted by most other Datadog products including traces, RUM, CI/CD, and more. This syntax provides flexible faceted search with boolean operators and pattern matching.
+
+## Metrics
+
+Metrics use a specialized metrics-based syntax for filtering and aggregating time-series data.
+
+For more information, see [Advanced Filtering][1].
+
+### Key capabilities
+* Tag-based filtering with boolean logic (`AND`, `OR`, `NOT`) or symbolic operators (`&&`, `||`, `!`)
+* Wildcard matching on metric names and tag values
+* Aggregation by multiple tag dimensions
+* Template variable filtering for dynamic dashboards
+* Metric namespace filtering for organized queries
+* **Case-sensitive matching** for metric names
+
+{{% collapse-content title="Syntax examples" level="h5" expanded=false %}}
+```text
+# Filter metrics by tag
+system.cpu.idle{host:prod-*}
+
+# Boolean operators for tag filtering
+avg:system.cpu.user{env:staging AND (availability-zone:us-east-1a OR availability-zone:us-east-1c)} by {availability-zone}
+
+# Combine multiple tag filters
+system.disk.used{env:production,datacenter:us-east-1}
+
+# Wildcard filtered query
+avg:system.disk.in_use{!device:/dev/loop*} by {device}
+
+# Wildcard matching on tags
+aws.ec2.cpuutilization{instance-type:t3.*}
+
+# Exclude specific tags
+system.mem.used{env:production AND NOT service:test}
+```
+{{% /collapse-content %}}
+
+
+## Logs
+
+Log Management uses event-based search syntax, serving as the foundation for many other products' search capabilities.
+
+For a complete reference for log search operators, wildcards, facets, and advanced queries, see [Log Search Syntax][2].
+
+### Key capabilities
+* Full-text search across log messages with wildcards and phrase matching
+* Structured faceted search on attributes (tags, custom fields, standard attributes)
+* Pattern detection and extraction using parsing patterns
+* Advanced boolean operators (AND, OR, NOT) and grouping
+* Range queries for numerical values and timestamps
+
+{{% collapse-content title="Syntax examples" level="h5" expanded=false %}}
+```text
+# Search for error messages containing "timeout"
+status:error "timeout"
+
+# Query HTTP errors with status codes 500-599
+@http.status_code:[500 TO 599]
+
+# Combine multiple conditions
+service:web-api env:(production OR dev) AND @duration:>1000
+
+# Wildcard search for specific services
+service:payment-* AND status:error
+
+# Exclude specific values
+env:production NOT service:background-worker
+```
+{{% /collapse-content %}}
+
+## Traces
+
+APM and Distributed Tracing use event-based search syntax for querying spans and traces.
+
+To learn more about querying spans and traces with service, resource, and tag filters, see [Trace Query Syntax][3].
+
+### Key capabilities
+* Query spans by service, operation, and resource name
+* Filter by trace-level and span-level tags
+* Search across distributed traces spanning multiple services
+* Duration-based queries for performance analysis
+* Error tracking with status codes and error messages
+
+{{% collapse-content title="Syntax examples" level="h5" expanded=false %}}
+```text
+# Find errors in a specific service
+service:payment-api status:error
+
+# Query by resource and HTTP method
+resource_name:"/api/v1/checkout" @http.method:POST
+
+# Search for slow traces
+service:web-api* @duration:>1s
+
+# Trace queries across service dependencies
+@span.parent.service:frontend service:backend
+
+# Filter by custom span tags
+service:database @db.statement:"SELECT *" @db.row_count:>1000
+```
+{{% /collapse-content %}}
+
+## Additional product-specific resources
+
+{{< whatsnext desc="Product-specific search syntax documentation for additional Datadog products:" >}}
+  {{< nextlink href="/continuous_integration/explorer/search_syntax" >}}CI Visibility Explorer: Query pipelines, tests, and CI/CD events{{< /nextlink >}}
+  {{< nextlink href="/continuous_delivery/explorer/search_syntax" >}}CD Visibility Explorer: Search and filter deployment events and executions{{< /nextlink >}}
+  {{< nextlink href="/monitors/manage/search" >}}Monitor Search: Find and filter monitors by status, type, tags, and alert conditions{{< /nextlink >}}
+  {{< nextlink href="/observability_pipelines/processors/filter" >}}Observability Pipelines Filter Processor: Query syntax for filtering pipeline data{{< /nextlink >}}
+  {{< nextlink href="/product_analytics/analytics_explorer/search_syntax" >}}Product Analytics Explorer Search: Search user interactions and product analytics events{{< /nextlink >}}
+  {{< nextlink href="/quality_gates/explorer/search_syntax" >}}Quality Gates Explorer Syntax: Query quality gate rules and evaluation results{{< /nextlink >}}
+  {{< nextlink href="/real_user_monitoring/explorer/search_syntax" >}}RUM Explorer Search: Search user sessions, views, actions, and errors{{< /nextlink >}}
+  {{< nextlink href="/security/sensitive_data_scanner/scanning_rules/custom_rules" >}}Sensitive Data Scanner Custom Rules: Regex patterns and matching syntax for scanning sensitive data{{< /nextlink >}}
+  {{< nextlink href="/service_management/events/explorer/searching" >}}Service Management Events Search: Query and filter service management events{{< /nextlink >}}
+  {{< nextlink href="/logs/workspaces/sql_reference" >}}SQL Reference for Logs: SQL syntax for advanced log analysis in Workspaces{{< /nextlink >}}
+  {{< nextlink href="/tests/explorer/search_syntax" >}}Test Optimization Explorer Search Syntax: Search and analyze test execution data{{< /nextlink >}}
+{{< /whatsnext >}}
+
+## Further reading
+
+{{< partial name="whats-next/whats-next.html" >}}
+
+[1]: /metrics/advanced-filtering
+[2]: /logs/explorer/search_syntax
+[3]: /tracing/trace_explorer/query_syntax
@@ -5,6 +5,9 @@ aliases:
     - /logs/search-syntax
     - /logs/search_syntax/
 further_reading:
+- link: "/getting_started/search/"
+  tag: "Documentation"
+  text: "Getting Started with Search in Datadog"
 - link: "/logs/explorer/#visualize"
   tag: "Documentation"
   text: "Learn how to visualize logs"

@@ -2,6 +2,9 @@
 title: Advanced Filtering
 description: Filter your data to narrow the scope of metrics returned.
 further_reading:
+  - link: "/getting_started/search/"
+    tag: "Documentation"
+    text: "Getting Started with Search in Datadog"
   - link: "/metrics/explorer/"
     tag: "Documentation"
     text: "Metrics Explorer"