Agent
Prelude
Released on: 2026-07-08
- Please refer to the 7.81.0 tag on integrations-core for the list of changes on the Core Checks
Metrics now use the Datadog v3 intake by default. The v3 payload format is more compact, reducing outbound bandwidth from Agents to Datadog.
Metrics sent to Observability Pipelines Worker continue to use the v2 intake by default.
To keep using v2 intake, set use_v3_api.series.enabled: "false" (global) or use_v3_api.series.endpoints: { "<url>": "false" } (per-endpoint).
Upgrade Notes
-
The DDOT feature gate
exporter.datadogexporter.metricremappingdisabledhas been removed and replaced withexporter.datadogexporter.DisableAllMetricRemapping. -
Removed the
agent status pysubcommand (which wasn't officially supported) -
On Linux, the agent process manager systemd units were renamed from
datadog-agent-procmgrd.service/datadog-agent-procmgrd-exp.servicetodatadog-agent-procmgr.service/datadog-agent-procmgr-exp.service. Thedd-procmgrdbinary and its paths are unchanged.On upgrade, the installer stops and removes the legacy
procmgrd-suffixed unit files so only one process manager daemon binds the socket. Update any custom automation that referenced the old unit names. -
Upgrade OpenTelemetry Collector dependencies from v0.152.0 to v0.153.0 (core v1.58.0 to v1.59.0).
See the full upstream changelogs: collector-contrib v0.153.0, collector core v0.153.0.
-
Upgrade OpenTelemetry Collector dependencies from v0.153.0 to v0.154.0 (core v1.59.0 to v1.60.0).
See the full upstream changelogs: collector-contrib v0.154.0, collector core v0.154.0.
New Features
-
In-place vertical scaling is enabled as the default strategy for workload autoscaling.
-
New metrics for GPU memory have been added to the GPU Monitoring product:
gpu.memory.utilization: Ratio of used memory compared to total memory.
-
Add passthrough entry for genresources EVP intake track.
-
This change adds two new metric points for the GPU Monitoring product:
gpu.pci.link.speed.current: Current usable bandwidth for the PCI link in bytes per secondgpu.pci.link.speed.max: Max usable bandwidth for the PCI link in bytes per second
-
Add a new ReportIssue method to the Python bridge to report issues to Agent Health Platform
-
APM: The trace-agent can now receive span tag equivalence and peer tag mapping updates over Remote Configuration and apply them at runtime, without an agent restart. The feature is opt-in via the new
remote_configuration.apm_semantics.enabledsetting (defaultfalse). Stats aggregation picks up the updated peer-tag keys on the next span processed. If the backend removes or untargets a previously-applied payload, the trace-agent reverts to the mappings it ships with. Existing deployments see no behavior change with default settings. -
APM:
remote_configuration.agent_config.enabledis now a settable configuration entry that controls the trace-agent's Remote Configuration subscription for agent-config updates (such as runtime log-level overrides) independently fromremote_configuration.apm_sampling.enabled. When the user has explicitly setapm_sampling.enabledbut notagent_config.enabled, the trace-agent mirrors the former into the latter so existing configurations continue to behave exactly as before. -
On Linux, when the DDOT extension is installed with the Datadog Agent, DDOT is now managed by
dd-procmgrdthroughprocesses.d/datadog-agent-ddot.yamlinstead of relying on the legacydatadog-agent-ddotsystemd unit. Uninstalling the extension removes that config file. To roll back to the legacy behavior manually, removeprocesses.d/datadog-agent-ddot.yamland restartdatadog-agent. -
Add Go stack trace aggregation to the auto multi-line log pipeline. When auto multi-line aggregation is enabled (
logs_config.auto_multi_line_detection), multi-line Go crash dumps (panic:,fatal error:,runtime:errors, signal crashes, and unexpected faults) are automatically detected and combined into a single log entry using a streaming state-machine parser. -
gpu: all gpu.nvlink.* metrics now have a nvlink_port tag and are emitted per-port. We provide GPU-level alternatives for certain metrics such as gpu.nvlink.throughput.data.rx/tx.total
-
Enable
instrumentation_crd_controller.enabledand a new autodiscovery provider will schedule checks derived fromDatadogInstrumentationcustom resources deployed in the Kubernetes cluster. -
Parses and collects
kubernetes.pod.cpu.requests,kubernetes.pod.memory.requests,kubernetes.pod.cpu.limits, andkubernetes.pod.memory.limits. -
Process Autodiscovery is now enabled by default on Linux through the
processautoconfig feature. It can be disabled withDD_AUTOCONFIG_EXCLUDE_FEATURES=process. -
Register
process_manager.enabledin the Agent configuration schema (pkg/config/schema/core_schema.yaml), set its default inpkg/config/setup, and document it inconfig_template.yaml. On Windows, this option controls whether the core Agent startsdd-procmgr-service. On Linux,dd-procmgrdis started by systemd; this setting is ignored there.
Enhancement Notes
-
Use compensated floating point summation to accurately calculate the sum and average aggregates of histograms for inputs where magnitudes significantly vary.
-
Scale
.sum,.avg, and.countaggregates by the exact1/SampleRateto avoid undercount of these aggregates for sample rates whose reciprocal is not an integer (e.g.@0.21). -
The macOS battery check now adds a
power_state:battery_criticaltag to thesystem.battery.power_statemetric when the operating system reports a degraded battery. -
Update the SNMP traps database with new MIB additions, including
PANZURA-TRAP-MIB. -
Updated the ntp check to support the default location of
systemd-timesyncd(/etc/systemd/timesyncd.conf). The check now parsesNTP=andFallbackNTP=keys in addition to the existing chrony/ntp.confserver/pool/peerdirectives. -
On startup the Datadog Agent will now validate its configuration against the schema and report any violations through the Agent Health pipeline.
-
APM stats now mask additional metric tag values that exceed the value length or per-bucket cardinality limits.
-
APM : The
enable_otlp_container_tags_v2behavior is now enabled by default. Container tags on OTLP traces are now extracted using the infraattributes processor instead of calling the tagger directly, reducing redundant work and outgoing traffic. To opt out, setdisable_otlp_container_tags_v2inapm_config.features. -
Agents are now built with Go
1.26.4. -
CWS: Add support for monitoring the
socketsystem call, enabling detection rules based on socket creation events (domain, type, protocol). -
The
comp/dataobs/queryactionscomponent now supports an optionalschedulefield on Data Observability monitor queries. The field accepts a standard 5-field cron expression (e.g."20 * * * *"for 20 minutes past every hour) and enables wall-clock-aligned scheduling in place of the fixedinterval_secondscadence. When bothscheduleandinterval_secondsare set on the same query,scheduletakes precedence andinterval_secondsis ignored. At least one of the two fields must be set; the agent rejects Remote Configuration payloads containing queries where neither field is provided or where the cron expression is syntactically invalid. -
Expanded the functionality of the experimental fentry-based network connection tracer. This tracer remains experimental and disabled by default.
-
gpu: add new PCI link width metrics
gpu.pci.link.width.{current,max}and add degraded PCI link metricsgpu.pci.link.{width,speed}.degraded. -
gpu: add
gpu.nvlink.errors.fec.{none,light,heavy}metrics to easily group error thresholds -
The in-place vertical autoscaler throttles disruptive resizes to at most 15% of a workload's replicas per reconcile, configurable via
autoscaling.workload.in_place_vertical_scaling.disruption_tolerance_percent. -
use the
/healthzroute to check and validate kubelet connection, instead of the deprecated/specroute. -
The agent automatically detects Kueue-related labels in pods and adds them as
kueue_local_queueandkueue_cluster_queuetags. -
Network Config Management: Adds support for Cisco ASA firewalls by adding a new profile for these. Previously, Cisco ASA was not supported and would be unmonitored by the NCM integration.
-
Extended the ntp check's
systemd-timesyncddiscovery to also read drop-in files under/etc/systemd/timesyncd.conf.d/,/run/systemd/timesyncd.conf.d/,/usr/local/lib/systemd/timesyncd.conf.d/, and/usr/lib/systemd/timesyncd.conf.d/. This covers hosts whereNTP=is set by cloud-init or another tool that writes a drop-in instead of editing the main configuration file. -
Oracle: The Database Monitoring agent now derives blocking session and instance information from
v$lock/gv$lockfor sessions waiting on enqueue locks (enq:wait events) when the database does not auto-populate these fields. This requires grantingSELECTonv$lockandgv$lockto the agent database user. -
Added
dockerstatsreceiver,kubeletstatsreceiver, andpodmanreceiverto the Datadog Distribution of OpenTelemetry (DDOT) Collector default component set. -
Add
datadog-private-action-runner rotate-identityto force a new enrollment and rotate the runner's credentials. Restart the process to apply. -
Reduced memory allocation pressure in the orchestrator check by deferring deep copies and model extraction until after a cache miss is confirmed, eliminating the allocation cost for unchanged resources in steady-state clusters.
-
Bumped the Security Agent policies to v0.81.0
-
SNMP traps listener now supports a
network_devices.snmp_traps.tagsconfiguration option to attach a user-supplied list of tags to every forwarded trap and to every SNMP traps telemetry metric. -
Add a new
datadog-agent snmp walk --analyzemode that converts SNMP walk output into a readable analysis report. The report summarizes matched and unmatched OIDs and includes profile context to help troubleshoot profile-to-device mismatches. Profile matching uses built-in and on-disk profiles only; profiles delivered via remote configuration (use_remote_config_profiles) are not loaded. -
The host Software Inventory metadata now reports the
install_pathsof each detected application, i.e. the filesystem location(s) where the software is installed, on macOS and Windows. -
Send CNM/USM data directly to Datadog from system-probe on Linux. This eliminates the need to run process-agent in certain configurations.
-
Add
ebpf.core_load_success,ebpf.core_load_error,ebpf.core_remoteconfig_success, andebpf.core_remoteconfig_errorto internal telemetry. -
System Probe will now download BTF (BPF Type Format) data, if needed, to support eBPF-based features. This behavior will only take effect in environments where the Linux kernel is newer than the Agent release and BTF is not available directly from the kernel.
-
Windows: Added a new MSI property
DDAGENTUSER_KEEP_RIGHTSthat, when set to1,true, oryes, instructs the installer to skip re-applying theSeDeny*LogonRightassignments on the configured Agent service account (ddagentuserby default, or a custom account set viaDDAGENTUSER_NAME). This lets customers preserve custom user-rights changes — for example, removing the service account fromSeDenyNetworkLogonRightso the Agent can access network resources — across upgrades.SeServiceLogonRightis always granted regardless of this flag because the Agent service cannot start without it.Default behavior is unchanged: when the property is not set, the installer continues to enforce the hardened user-rights baseline.
Deprecation Notes
- APM : The
evp_proxy_config.app_keyconfiguration option has been removed, along with support for theX-Datadog-NeedsAppKeyrequest header in the trace-agent EVP proxy. The EVP proxy no longer attaches an Application key to forwarded requests. - APM : The
enable_otlp_container_tags_v2feature flag has been removed and no longer has any effect. Usedisable_otlp_container_tags_v2to opt out of the new default behavior.
Bug Fixes
- APM : On Windows, the .NET ETW tracer now forwards only the .NET runtime events that match its configured keywords, instead of all events delivered by the tracing session.
- APM : Prevent incoming msgpack payloads from over-allocating maps and lists.
- Fixed the Cluster Agent AppSec ingress-nginx injector so the injected init container starts on clusters that enforce
runAsNonRoot. The init container setrunAsNonRoot: truewithout an explicitrunAsUser, and the injection image runs as root, so the kubelet rejected it with "container has runAsNonRoot and image will run as root", leaving the ingress-nginx controller pod stuck inCreateContainerConfigError. The init container now runs with an explicit non-root UID/GID, configurable viaadmission_controller.appsec.nginx.init_run_as_userandadmission_controller.appsec.nginx.init_run_as_group(defaults 101/82; set a negative value to honor a custom init image's own user). - Logs: Fix duplicate logs from containers tailed via the Docker socket when
logs_config.auto_multi_line_detectionis enabled. The auto-multiline aggregator emitted combined messages stamped with the first aggregated line's timestamp, which the Docker tailer committed as its resume offset; any reader restart then replayed lines 2..N of the group as duplicate, un-aggregated entries. The aggregator now carries the last aggregated line's timestamp through to the emitted message so the offset advances past the full group. Container logs tailed via files and the regex-drivenlog_processing_rulesmulti-line path were unaffected. - Workload autoscaling: fixed a bug where custom tags added through the
ad.datadoghq.com/tagsannotation on a local-ownerDatadogPodAutoscalerwere not applied to thedatadog.cluster-agent.autoscaling.workload.*metrics until the Cluster Agent was restarted (or the autoscaler spec was otherwise modified). The annotation is now part of the metadata fingerprint used to detect changes, so edits are picked up on the next reconcile. - Enforce close socket after container stats read to prevent fd leaks.
- Fix the
health_platform.forwarder.intervalconfiguration field type from integer to string. Previously, setting an integer value (e.g.900) would be interpreted as nanoseconds by the agent instead of seconds, resulting in an unexpectedly short flush interval. The field now accepts duration strings such as15mor5m30s, consistent with other duration configuration fields in the agent. - Fix Jetson check failing to parse
tegrastatsoutput on boards (e.g. Jetson AGX Thor) whereGR3D_FREQreports only per-GPC frequencies with no usage percentage (e.g.GR3D_FREQ @[494,494,494]). When no percentage is present,nvidia.jetson.gpu.usageis omitted instead of causing a parse error. - Fixes a memory leak in the Kubernetes State Core check where Kubernetes watch connections and their cached data were not released when the check was unscheduled. In environments with frequent check rescheduling, this caused memory to grow unboundedly over time.
- Fix the kubelet check double-counting
kubernetes.cpu.usage.total,kubernetes.memory.usage,kubernetes.memory.working_set,kubernetes.filesystem.usage,kubernetes.filesystem.usage_pct,kubernetes.network.rx_bytesandkubernetes.network.tx_byteswhenuse_stats_summary_as_sourceis enabled. The cAdvisor source no longer emits the metrics already produced by the kubelet/stats/summaryendpoint, sosum:aggregations no longer roughly double when the option is turned on. The summary provider now also covers init and ephemeral containers, so enabling the option does not drop their CPU, memory, and filesystem metrics. - Fix OTel Agent panic at startup when
DD_SYNC_DELAYorDD_SYNC_TOis set to a bare number without a Go duration unit suffix (e.g.30instead of30s). The agent now prints a clear error message with a suggested fix instead of crashing with a stack trace. - Fix a startup crash of the
simple-all-in-oneDocker image (used for ECS Fargate sidecar deployments) caused by a missing entrypoint wrapper for the Private Action Runner. - Fixed an issue where the SBOM runtime usage enrichment (the "package in use" indicators such as
LastSeenRunning) was never reported for containers managed by the kubelet. The enriched SBOM was keyed by the container image's manifest digest instead of its config digest, so it landed on a separate image entity that was never shipped to the backend. - Fixed the SBOM runtime usage enrichment ("package in use") not being reported for some binaries on usr-merged Linux distributions (for example
mountandsuon Debian/Ubuntu). The package database records these under their pre-merge path such as/bin/mountwhile the kernel resolves the executed path to/usr/bin/mount. The resolver now normalizes both the/binand/usr/binlayouts, so the affected packages'HasSetSuidBitandLastSeenRunningproperties are populated correctly. - Fixes a regression in serverless-init and the Lambda extension where the trace-agent's EVPProxy was disabled at startup, producing "EVPProxy is disabled: Has been disabled in config" 405 responses to clients sending LLM Observability spans (and other EVP-routed payloads). The
evp_proxy_config.*andol_proxy_config.*default registrations were only reachable under the non-serverless build, so the trace-agent's unconditional read ofevp_proxy_config.enabledreturnedfalseand clobbered the package-leveltruedefault. The defaults have been moved into the shared APM config setup so they take effect under both the regular andserverlessbuild tags. - Fixes a segmentation fault that occurred when the Agent was shut down while
agent stream-logswas running. The diagnostic message receiver's filter goroutine now detects a closed input channel during shutdown instead of dereferencing a nil message. - Fix an issue on Windows where the
datadog-system-probeservice could hang during shutdown when Cloud Workload Security was enabled, resulting in delayed Agent restarts and a forced service termination. The same underlying issue could also preventdatadog-system-probefrom initializing the DNS monitoring or Network Path features, leaving them unable to collect data. - The
infra_modehost tag emitted inend_user_devicemode now uses the same key as the system CPU checks (infra_mode:), replacing the mismatchedinfrastructure_mode:key. - Logs: Fix an issue where the TCP/Unix stream socket tailer would silently drop the final message of a connection when the peer closed the connection without sending a trailing newline. Forwarders that use the connect-send-close-per-message pattern (one TCP connection per log event) now have their final message emitted on end-of-stream rather than discarded.
- Fix F5 BIG-IP TMOS running-config validation for
#TMSH-VERSIONlines and configs that start withltm. - Fixed an OTLP explicit-bucket histogram bug where percentile aggregations (p50, p75, p90, p95, p99) for distribution metrics could collapse to 0 when a histogram's first non-empty bucket was
(0, B]. This affected the default boundary set used by Micrometer's OTLP registry and many OTel SDKs ([0, 5, 10, 25, 50, 75, 100, 250, …]), most visibly when high-cardinality tagging and short delta intervals produced small per-bucket counts.avg,sum,min,max, andcountaggregations were not affected. - OTLP: The
_dd.stats_computed=falseresource attribute now overrides theDatadog-Client-Computed-Stats: trueHTTP header. Collectors that cannot compute APM stats out-of-band can set this attribute to ensure APM metrics are computed by the Agent regardless of the header value. When the attribute is absent, the header still governs. - Fixed an issue where the Private Action Runner (PAR) would fail to start up properly, causing it to not execute any tasks. This was caused by a race condition where the Remote Configuration notification could be fired before the PAR component had finished subscribing, causing it to miss the initial configuration.
- Fix an issue where the Private Action Runner binary was built without
zlibandzstdcompression support, causing invalid compressions when forwarding logs through the event-platform pipeline. - Container image SBOMs no longer report a layer's diff_id as its
LayerDigest. A diff_id is the uncompressed-content hash, while theLayerDigestis the compressed manifest blob digest; the two are distinct identifiers. The CRI-OLayerDigestis now read from the image manifest CRI-O stores on disk, and itsLayerDiffIDis taken from the image config rather than the containers-storage layer ID. Docker exposes no per-layer manifest digest and leavesLayerDigestempty instead of substituting the diff_id. - Fixed numeric list settings such as
network_config.dns_monitoring_portsignoring environment-variable overrides:DD_NETWORK_CONFIG_DNS_MONITORING_PORTSnow accepts a JSON array ("[53,5353]") or a space-separated list ("53 5353") instead of only a single value. - Fixed an issue on Windows where
C:\ProgramData\Datadog\application_monitoring.yamlwas not readable by IIS App Pool identities (and other non-administrator accounts), causing the .NET tracer to silently ignore fleet-managed stable configuration with anAccess is deniederror. The Fleet installer now grantsEveryoneread access onapplication_monitoring.yamlwhen the file is created or updated (at install time and via remote config experiments), matching the world-readable (0644) behavior on Linux.
Other Notes
-
The v3beta metrics series shadow sampling introduced in Agent 7.80.0 is now disabled by default.
-
Internal refactoring of the health platform component: introduces an
egresscomponent that owns the periodicstore → intakeflush loop, and simplifies theforwardercomponent to a stateless HTTP client (Send(ctx, *HealthReport) error). TheSetProvider/IssueProvidercallback workaround for the circular dependency between the store and the forwarder has been removed. -
Internal refactoring of the health platform component: introduces a
runnercomponent that executes health check functions, decouples the scheduler from the store, and replaces theSetReporter/SetProvidercallback pattern with direct fx dependencies. -
The health platform now uses a single shared issue registry component, eliminating duplicate registry construction and improving consistency of issue template lookups.
-
The health platform store now accepts fully-built proto
Issueobjects directly viaReportIssue, removing its dependency on the issue template registry. Template resolution moves to the runner (for built-in health checks) and to direct callers (for AD misconfiguration and check-failure issues). -
Added Cross-Org Agent Telemetry (COAT) metrics to track whether agent services are supervised by
dd-procmgrdor legacy supervisors (systemd on Linux, Windows Service Manager on Windows). DDOT is the first tracked service. Metrics are reported under theprocmgrCOAT profile:Metric Name Type Description runtime.procmgr_daemon_reachableGauge Whether the agent can reach dd-procmgrdruntime.procmgr_daemon_readyGauge Whether dd-procmgrdreports readyruntime.procmgr_process_runningGauge Whether a procmgr-managed process is running ( processtag)runtime.agent_service_installedGauge Whether a migratable service is installed ( servicetag)runtime.agent_service_procmgr_configuredGauge Whether a processes.dconfig exists (servicetag)runtime.agent_service_management_modeGauge Active supervisor for a service ( service,modetags)
Datadog Cluster Agent
Prelude
Released on: 2026-07-08 Pinned to datadog-agent v7.81.0: CHANGELOG.
New Features
-
The admission controller can now automatically pick the Datadog CSI driver as the library injection mechanism for APM single step instrumentation when the
autoinjection mode is selected, the Datadog CSI driver is installed in the cluster and APM support is advertised on its annotations. Otherwise, the admission controller falls back to the init container injection mechanism. This auto-detection is disabled by default. -
The admission webhook now writes a set of APM Single Step Instrumentation (SSI) observability annotations directly on mutated pods, making the full injection outcome inspectable via
kubectl get pod -o yamlwithout requiring cluster-level access.New annotations written by the webhook:
internal.apm.datadoghq.com/injection-status: overall outcome —injected,partial,skipped, orerror.internal.apm.datadoghq.com/injected-libraries: JSON array listing every component the webhook attempted to inject (injector + per-language libraries), each with its name, image, and individual status.internal.apm.datadoghq.com/effective-injection-mode: the injection mode actually used (e.g.csi,init_container,csi (auto)), set immediately after provider selection so it is present even when injection is subsequently skipped.internal.apm.datadoghq.com/injection-error: human-readable reason when injection was skipped or errored.internal.apm.datadoghq.com/csi-driver-status: observed state of the Datadog CSI driver at injection time —apm-enabled,apm-disabled(driver present but APM SSI not advertised), ornot-installed. Set independently of the configured injection mode.
Per-library failures (unsupported language, library injection error) no longer prevent the webhook patch from being applied. The webhook now logs a warning and reflects the partial outcome in the annotations instead of discarding the entire mutation.
-
Add support for
CPURequestsRemoveLimitsMemoryRequestsAndLimitsas a containercontrolledValuesinDatadogPodAutoscalerandDatadogPodAutoscalerClusterProfile. When set, CPU requests are controlled and any existing CPU limits are removed, allowing containers to burst freely. Memory requests and limits are controlled as usual. -
A
DatadogInstrumentationcustom resource can now target a KubernetesServiceto run checks against each of its endpoints. -
Add
external_metrics_provider.autoscaler_autogen_label_selectorconfiguration option to the Cluster Agent. When set, only HPAs and WPAs matching the label selector trigger autogeneration ofDatadogMetricobjects. Autoscalers with explicitdatadogmetric@references are always tracked regardless of the selector. This allows filtering out autoscalers managed by other controllers (e.g. KEDA) to avoid creating unwantedDatadogMetricobjects.
Enhancement Notes
- The Cluster Agent now reports its own pod name as
pod_namein its inventory metadata payload (datadog_cluster_agent_metadata), providing a stable per-replica identifier for each Cluster Agent. - Added
kubernetes_apiserver_client_qpsandkubernetes_apiserver_client_burstconfiguration options to control the rate limiter for the Cluster Agent's Kubernetes API server client. Default QPS and burst values are increased. - Add
datadog-cluster-agent rotate-par-identityto rotate the Private Action Runner credentials. The new identity is written to the shared Kubernetes secret. Run a Kubernetes rollout restart of the Cluster Agent deployment to apply the new identity. - Cluster checks now keep the same check ID across Cluster Agent restarts when their configuration is unchanged.
Bug Fixes
- Fixed the Cluster Agent's cluster check rebalancing algorithm to operate on configuration digests rather than individual instance IDs. Previously, multi-instance configurations could be incorrectly split across different runners, causing inaccurate workload estimates and suboptimal rebalancing decisions.
- Fix APM auto-injection being blocked when a container has no CPU or memory limit and requests below the minimum threshold. The Admission Controller now correctly distinguishes between "no limit set" (unlimited resources) and "low limit", preventing the request value from being incorrectly used as the effective limit.
- Fixed an issue in the algorithm used to rebalance cluster checks that could cause unnecessary check moves between runners.
- Fix nginx AppSec init container image having the controller version tag appended even when
admission_controller.appsec.nginx.init_imageis set to a fully-qualified image reference that already includes a tag.