Enrich new Zendesk tickets with Datadog error context

Every 10 minutes, an agent enriches brand new Zendesk tickets with the engineering error context support reps would otherwise have to ask an SRE for.

Agentic Task
ZendeskDatadogSlack BotCustomer SupportEngineeringFeedback TriageNotifications & Alerts
PromptCreate workflow

Build an agent workflow that enriches brand new Zendesk tickets with Datadog error context so support reps stop pinging engineering to ask "is this just my customer, or is something on fire?"

Trigger: a cron that runs every 10 minutes.

On each run, use Zendesk Search Tickets to pull tickets created since the last run (status:new or status:open created>{last_run_iso}). For each ticket, extract:

- The requester's email

- Any account id, order id, tenant id, or trace id mentioned in the subject or description

- The ticket's created_at timestamp

Then call Datadog Search Logs (POST) scoped to a window of roughly 30 minutes before the ticket was opened through the ticket's created_at time, filtered by the requester's email and/or any account id you found, looking for errors and exceptions. Also call Datadog Search Monitors to see if any monitors were in alert state during that window, and Datadog Search Incidents to see if any incidents were active or recently opened.

Use Zendesk Update Ticket to add an internal note (public:false) on the ticket. Keep it under 8 lines. Either:

- "No related errors found in Datadog for {email} in the 30 minutes before this ticket opened." plus a link to the Datadog log search that was run, or

- A summary of the top 3 error patterns observed: for each pattern include status code, service, count, and a one-line summary. Include a link to the Datadog log search and call out any firing monitor or open incident by name.

Never post a public reply. The note is always internal-only.

If across the batch of tickets in this run the agent detects what looks like a platform-wide incident (multiple unrelated tickets in the same window plus a firing Datadog monitor or open incident), also use Slack Bot Send a Message to post a heads-up to a configured incident channel (default #incidents) so on-call and CX leads can coordinate before the ticket queue spikes. The Slack message should name the suspected service or monitor, count of affected tickets in this window, and link to the relevant Datadog log search, monitor, and ticket list.

Configurable parameters: cron interval (default every 10 minutes), Datadog lookback window in minutes (default 30), Slack incident channel (default #incidents), and the list of identifier patterns to extract from ticket bodies (default: email, account_id, order_id, trace_id, tenant_id).

Use agent mode because deciding which errors are relevant to the ticket, summarizing log patterns into a short rep-friendly note, and judging "is this a platform-wide incident" all require reasoning, not a fixed pipeline.

Additional information

What does this prompt do?
  • Watches Zendesk for new tickets every 10 minutes and pulls out the customer's email plus any account, order, or trace ID mentioned in the description.
  • Looks in Datadog for errors and alerts around the time the ticket opened, scoped to that specific customer when possible.
  • Drops a short internal-only note on the ticket summarizing what it found, so the support rep sees the engineering picture before they reply.
  • If the same window looks like a platform-wide incident, posts a heads-up to a Slack channel so on-call and CX leads can coordinate before the queue spikes.
What do I need to use this?
  • A Zendesk account (admin access required to create the connection)
  • A Datadog account with permission to read logs, monitors, and incidents
  • A Slack workspace and the channel where you want incident heads-ups posted
  • A rough idea of how you tag customer identifiers in your logs (email, account ID, etc.)
How can I customize it?
  • Change how often it runs (every 5 minutes, every 15 minutes, hourly).
  • Widen or narrow the lookback window for errors around the ticket time.
  • Pick which Slack channel gets the platform-wide incident heads-up, and what counts as 'platform-wide' for your team.
  • Add other identifiers you care about, like order ID, trace ID, or tenant ID, so the agent searches on those too.

Frequently asked questions

Will the customer see the notes the agent adds?
No. The agent only adds internal notes that are visible to your support agents inside Zendesk. It never sends a public reply to the customer.
What happens when there are no related errors in Datadog?
The note simply says no related errors were found in the lookback window. That itself is useful, because it tells the rep the problem is likely customer-specific and not a platform issue.
How does it decide something is a platform-wide incident?
It looks for signals like multiple unrelated tickets in the same window plus an active alert or open incident in Datadog. If those line up, it posts to Slack. Otherwise the note stays on the ticket only.
Does this fire for tickets that already exist?
No. It only enriches tickets that were created since the last run, so your existing backlog stays untouched.
Can I send the Slack heads-up to a different channel later?
Yes. The channel is a setting you can change anytime, and you can also point it at a private channel or a DM if you want it to start quiet.

Stop pinging an SRE every time a ticket comes in.

Connect Zendesk, Datadog, and Slack once, and every new ticket arrives with the engineering context already attached.

Explore more promptsCreate workflow