惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Palo Alto Networks Blog
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
NISL@THU
NISL@THU
L
Lohrmann on Cybersecurity
有赞技术团队
有赞技术团队
The GitHub Blog
The GitHub Blog
C
Cisco Blogs
B
Blog
Microsoft Azure Blog
Microsoft Azure Blog
Recent Announcements
Recent Announcements
Simon Willison's Weblog
Simon Willison's Weblog
T
Tenable Blog
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
WordPress大学
WordPress大学
月光博客
月光博客
Latest news
Latest news
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
I
InfoQ
D
Darknet – Hacking Tools, Hacker News & Cyber Security
W
WeLiveSecurity
Hacker News - Newest:
Hacker News - Newest: "LLM"
酷 壳 – CoolShell
酷 壳 – CoolShell
U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
Google DeepMind News
Google DeepMind News
Apple Machine Learning Research
Apple Machine Learning Research
Attack and Defense Labs
Attack and Defense Labs
罗磊的独立博客
T
The Exploit Database - CXSecurity.com
I
Intezer
GbyAI
GbyAI
Jina AI
Jina AI
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Blog — PlanetScale
Blog — PlanetScale
博客园 - 司徒正美
Google Online Security Blog
Google Online Security Blog
Engineering at Meta
Engineering at Meta
D
Docker
Recent Commits to openclaw:main
Recent Commits to openclaw:main
小众软件
小众软件
云风的 BLOG
云风的 BLOG
爱范儿
爱范儿
Project Zero
Project Zero

Datadog | The Monitor blog

Introducing our open source AI-native SAST Instrument and monitor Boomi integration flows with OpenTelemetry and Datadog Not all index scans are equal: How we cut query latency by over 99% Platform engineering metrics: What to measure and what to ignore Integrate Recorded Future threat intelligence with Datadog Cloud SIEM CI/CD security: threat modeling using a MITRE-style threat matrix CI/CD security: How to secure your GitHub ecosystem Ingress NGINX is EOL: A practical guide for migrating to Kubernetes Gateway API Operating agentic AI with Amazon Bedrock AgentCore and Datadog LLM Observability: Lessons from NTT DATA Introducing the Datadog Code Security MCP Capture and analyze custom heatmaps in Session Replay Understand session replays faster with AI summaries and smart chapters Monitor ClickHouse query performance with Datadog Database Monitoring How we designed empathetic alert sounds for on-call engineers Search and act across Datadog to resolve issues faster with Bits Assistant Measure the business impact of every product change with Datadog Experiments Analyzing round trip query latency Configuring JavaScript caches for better performance Introducing Bits AI Dev Agent for Code Security Datadog achieves ISO 42001 certification for responsible AI Monitor Nutanix clusters, hosts, and VMs with Datadog Monitor Juniper Mist in Datadog A new Host Map for modern infrastructure Annotate traces to improve LLM quality with Datadog LLM Observability What’s new in Cloud SIEM: AI-powered investigations, enhanced threat intelligence, and scalable security operations Explore Kubernetes with native OpenTelemetry data Monitor Oracle Fusion Cloud Applications with Datadog Announcing the Datadog Terraform provider v4.0.0 Scaling Kubernetes workloads on custom metrics How to design cloud environments for AI-powered threat analysis Monitor Aruba Central in Datadog How we centralize and remediate risks with Datadog Case Management Accelerate incident response with Datadog and ServiceNow Monitor your application and network load balancer logs Understanding Karpenter architecture for Kubernetes autoscaling Tools for collecting metrics and logs from Karpenter Monitor Karpenter with Datadog What your product data is actually saying Key metrics for monitoring Karpenter Securing Datadog’s platform in the AI age: The role of observability data Four ways engineering teams use the Datadog MCP Server to power AI agents Approaching your observability migration with the right mindset Meet the new Bits AI SRE: Deeper reasoning, twice as fast Key learnings from the 2026 State of DevSecOps study Use plain English to query your multi-cloud infrastructure in Resource Catalog Simplifying troubleshooting across the user journey with Datadog Synthetic Monitoring Protect your OCI resources with Datadog Cloud Security This Month in Datadog - February 2026 Amazon EC2 security: How misconfigured and public AMIs expand your cloud attack surface Enable end-to-end visibility into your Java apps with a single command Measure and improve mobile app startup performance with Datadog RUM Evaluating our AI Guard application to improve quality and control cost Identify untested code across every level of your codebase Make use of guardrail metrics and stop babysitting your releases Monitor Versa Networks SD-WAN performance in Datadog Improve performance and reliability with APM Recommendations Remediate transitive vulnerabilities faster with Datadog Software Composition Analysis Generate audit-ready vulnerability and compliance reports with Datadog Sheets Monitor Fortinet FortiManager performance in Datadog Improve test coverage across codebases with Datadog Code Coverage Move fast, don’t break things: Consistent testing standards at scale Enrich logs with ServiceNow CMDB context before routing to any SIEM or logging tool Monitor Lustre with Datadog Make faster, better product decisions with Datadog Product Analytics Surface and remediate runtime posture issues with Workload Protection Findings Protect agentic AI applications with Datadog AI Guard How to optimize JavaScript code with CSS Trace Google Pub/Sub workloads in Cloud Run with Datadog Detect human names in logs with ML in Sensitive Data Scanner How we cut our NLQ agent debugging time from hours to minutes with LLM Observability Debug PostgreSQL query latency faster with EXPLAIN ANALYZE in Datadog Database Monitoring Datadog acquires Propolis Unify and correlate frontend and backend data with retention filters Scale compliance across global frameworks with Datadog Cloud Security Monitor Arista VeloCloud SD-WAN performance with Datadog Building reliable dashboard agents with Datadog LLM Observability Simplify log collection and aggregation for MSSPs with Datadog Observability Pipelines Mitigation for Node.js denial-of-service vulnerability affecting Datadog APM Automate flaky test fixes with the Bits AI Dev Agent and Test Optimization How we built an AI SRE agent that investigates like a team of engineers Datadog integrations 2025 recap: Observability for AI, security, and hybrid cloud Design effective executive dashboards with Datadog Implement dbt data quality checks with dbt-expectations Bring faster visibility into AWS Lambda functions with remote instrumentation Troubleshoot faster with the GitLab Source Code integration in Datadog How Cambia Health Solutions saved $30,000 monthly with Cloud Cost Management and the Datadog Resource Catalog Normalize any logs for Cloud SIEM with Datadog's OCSF processor Optimizing Datadog at scale: Cost-efficient observability at Zendesk Detect, diagnose, and resolve network issues easily with CNM Network Health Connect engineering errors to user impact in early-stage products Cilium configuration for Kubernetes operations at scale Designing feedback loops for progressive delivery Ship features faster and safer with Datadog Feature Flags Choosing the right OpenTelemetry Collector distribution Route your monitor alerts with Datadog monitor notification rules Automate Cloud SIEM investigations with Bits AI Security Analyst Cloud threat detection: How to identify risky activity across control and data planes Collecting Kafka performance metrics Monitoring Kafka with Datadog Monitoring Kafka performance metrics
A deep dive into Database Monitoring index recommendations
2025-02-21 · via Datadog | The Monitor blog
Alex Weisberger

Alex Weisberger

Datadog Database Monitoring (DBM) Recommendations help you proactively optimize performance throughout your database fleet. DBM draws on a wide range of data sources in order to detect and provide actionable guidance on issues such as blocking queries, low disk space, and missing indexes.

In this post, we’ll show you how DBM formulates targeted indexing recommendations to help you optimize database performance. We’ll explain how we use static data sources such as explain plans and table schemas, as well as dynamic sources such as query metrics, in order to help you stay ahead of issues and strategically prioritize your optimizations. You will learn:

How we identify indexing opportunities

Analyzing explain plans

The first step in our index recommendation process is to identify the queries that are the strongest candidates for indexing. To do so, we rely on explain plans: the data structures generated by database management systems that detail the step-by-step operations involved in executing specific queries. In an explain plan, the execution of a query is represented as a tree of operation nodes.

In order to formulate recommendations, Database Monitoring continuously collects explain plans for your databases and analyzes them for particular nodes and node patterns. For example, sequential scans with filter predicates are among the most common indicators of strong indexing opportunities. A sequential scan is exactly what it sounds like: a scan of a table that reads every row, one after another. Filter predicates are the pieces of query syntax that conditionally limit the rows a query scans or returns—for example, WHERE clauses in SQL queries.

Filter predicates are the pieces of query syntax that conditionally limit the rows a query scans or returns.

Testing every row in a table can be an efficient strategy for small tables, but as the number of rows returned by a query increases, so does the load these operations impose on an instance. Another common indicator of indexing opportunities is the pairing of sequential scans with both sort and limit operations—for example, a SQL query with ORDER BY and LIMIT clauses.

Once we find a sequential scan, we mark it as a candidate for indexing and begin to apply additional heuristics. For example, the cost of a sequential scan node may account for a very small proportion of the overall costs associated with an explain plan. In that case, indexing is unlikely to materially impact performance, so we remove the node from further consideration. We also consider selectivity: the capacity of a query with one or more filter predicates to limit the proportion of rows in a table that it returns (the smaller the proportion, the more selective the node). Indexing is generally most beneficial for highly selective nodes. For low-selectivity nodes, indexing may not provide any net performance benefits compared with full-table scans.

Analyzing query text

Once we’ve identified an index-worthy node, our next step is to determine which table and columns it accesses in order to determine where specifically an index could be placed. In general, this information can be derived by parsing the full text of a query. With Postgres databases, however, we get a helping hand from the Postgres explain plan format, in which filter predicates are treated as node attributes that include valid query fragments:

In the Postgres explain plan format, filter predicates are treated as node attributes that include valid query fragments.

This allows us to parse filters into abstract syntax trees (ASTs) in which we can search for semantically significant nodes. Postgres has a particular AST node that denotes a column access, called ColumnRef, which we use to find the columns referenced in the filter.

We also analyze the logical operations of the filter, since not all of these are indexable. For example, col1 = 7 is indexable, whereas col2 ILIKE '%tailstr' is not. Predicate expressions appear in the AST as A_Expr nodes, which contain queries’ logical operators in their name attributes. This allows us to exclude from consideration any filter that isn’t actually indexable.

Column vs. expression-based indexes

Indexes are typically column-based, but they can also be expression-based. Rather than referencing column values directly, expression-based indexes reference the results of computations from column values. When it comes to indexing recommendations, expression-based indexes require special consideration. Take the following query as an example:

SELECT * FROM inventory WHERE lower(sku) = 'abc';

Here, the sku column is passed to the lower function in the WHERE clause. This means that even if an index exists on sku, it won’t be used in the execution of this query, because the index is built on the raw (non-lowercased) values in sku. With DBM, we detect this type of scenario by scanning for FuncCall nodes in the AST and checking for ColumnRef arguments. If we find column values passed as function arguments in a query, we create a Function in Filter recommendation. This allows us to tailor the specifics of our recommendations to this scenario, as we’ll describe later in this post.

Prioritizing indexing recommendations via query metrics

So far, we’ve outlined how we home in on indexing opportunities by analyzing explain plans for patterns that are frequently associated with poor query performance. Next, we prioritize our recommendations by using metrics for these queries to gauge the severity of their performance issues.

In order to gauge the impact of a query on database performance, we use the percent total duration by host metric, which tells us the proportion of time that an individual query contributes to the total processing time on an instance. Based on this metric, we label our index recommendations Low, Medium, or High severity in order to help users set priorities.

For example, let’s say we have three queries running on a database instance. In the past hour, these queries have been measured to have the following total execution times:

QueryExecution time
q150 minutes
q22 minutes
q38 minutes

Altogether, the instance has spent one hour executing queries, of which q1 accounts for about 83 percent of that time, q3 for about 13 percent, and q2 for about three percent. In this case, it’s clear that we should prioritize any significant improvements we can make to q1. Having already assessed the selectivity of q1’s filter predicate, as discussed above, we can gauge the potential impact of indexing on the query time and set a priority level for the recommendation.

Scoping this calculation to individual hosts is essential, since processing times can differ greatly between instances with different CPU, memory, and disk capacity. For example, q1 might only account for a small proportion of the total processing time within a cluster with varying host types, giving it a low percent total duration despite the fact that it accounts for most of the execution time on one replica. When a query runs in a cluster, we use the maximum value for this metric across all hosts in case of this kind of scenario, since an incident on a single host can cause cascading failures throughout a cluster.

We also allow you to create monitors for DBM recommendations based on severity. You can create monitors on all of our recommendations, but configuring different types of alerts for different severity levels can help you stay vigilant while preventing alert fatigue. For example, you may want to be paged about missing indexes on queries with a high percent total duration by host, which can be crippling to the overall performance of a database. You can create a monitor for High-severity index recommendations by filtering for @recommendation.severity:high and @recommendation.recommendation_type:missing_index in a Database Monitoring monitor definition:

Creating monitors on DBM index recommendations can help you proactively respond to database performance issues.

Presenting all-in-one contextual workflows

Having formulated and prioritized an index recommendation, we present it along with relevant contextual data and a step-by-step guide to evaluating and applying it.

For column-based indexes, we start by showing the recommended CREATE INDEX statement along with its associated query. Alongside this, we provide additional context in order to explain our recommendations and help guide your decision-making. The Percent Total Duration by Host graph shows the data behind our severity calculation, so you can see the scope and host-by-host impact of this query.

DBM index recommendations are presented along with relevant contextual data and step-by-step guides.

We then display the explain plan where we detected the offending sequential scan, highlighting what to look for in the plan visualization.

We provide relevant explain plans to help guide your decision-making.

If schema collection is enabled, we also display the existing indexes on the schema for the given table; if not, we provide a query for collecting this information from the database manually. This is essential context, since there may be a similar index on the table that’s now made obsolete and should be dropped.

It's essential to review existing indexes before applying index recommendations.

For queries passing column values as arguments to function calls, the Function in Filter recommendation highlights the call that we detected and recommends one of two courses of action: either modify the query to avoid the function call or create an expression-based index. Expression-based indexes can be relatively expensive to maintain since they impose additional computations on every write operation in the tables on which they’re created. This extra expense may be worth it when a query is unable to use an index otherwise—such as with case-insensitive search via the ILIKE operator. Often, however, the best solution is to remove the function call from the query. For example, we could avoid calling lower in our queries by lowercasing our column values ahead of time—which might have broader benefits for our application by helping us ensure more consistent, normalized data.

Function in Filter recommendations outline two potential courses of action: removing function calls from filters or creating an expression-based index.

Optimize database performance with confidence

In this post, we’ve examined how Datadog DBM draws on a holistic range of data sources to make targeted index recommendations. We’ve also discussed the guidance we provide for implementing these recommendations, including detailed workflows and contextual data to aid users’ decision-making and expedite their response to performance issues. In providing these insights into our index recommendation process, we have sought to highlight DBM’s unique positioning to provide effective recommendations, and above all to enable DBM users to proactively optimize database performance with confidence.

To get started with Datadog DBM Recommendations, check out our documentation. And if you’re new to Datadog, you can sign up for a 14-day free trial.