Add PowerShell script for querying Datadog logs

Adds Get-DatadogLogs.ps1 helper script to simplify querying logs from the Datadog Logs API. The script supports multiple output formats (table, json, raw) and follows the same pattern as the existing Get-DatadogTrace.ps1 script.

Updates QueryingDatadogAPIs.md documentation with comprehensive usage examples and parameter descriptions for the new script.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: lucaspimentel

docs/development/QueryingDatadogAPIs.md

@@ -238,7 +238,7 @@ This script retrieves all spans for a given trace ID and displays them in variou
 
 ## Logs Search API
 
-### Search for logs with specific criteria
+### Search for logs with specific criteria (curl)
 
 ```bash
 curl -s -X POST https://api.datadoghq.com/api/v2/logs/events/search \
@@ -260,6 +260,68 @@ curl -s -X POST https://api.datadoghq.com/api/v2/logs/events/search \
 
 **Note:** Unlike the Spans API, the Logs API does not require the `{"data": {"attributes": {...}, "type": "search_request"}}` wrapper structure. The request body is directly the filter/sort/page configuration.
 
+## PowerShell Helper Script - Logs
+
+The repository includes a PowerShell script that simplifies querying logs from the Datadog API.
+
+### Get-DatadogLogs.ps1
+
+**Location**: `tracer/tools/Get-DatadogLogs.ps1`
+
+This script retrieves logs matching a query and displays them in various formats.
+
+**Prerequisites:**
+- Set environment variables: `DD_API_KEY` and `DD_APPLICATION_KEY`
+- API keys can be obtained from https://app.datadoghq.com/organization-settings/api-keys
+
+**Basic usage:**
+```powershell
+.\tracer\tools\Get-DatadogLogs.ps1 -Query "service:my-service error"
+```
+
+**Parameters:**
+- `-Query` (required) - Log query using Datadog query syntax (e.g., "service:my-service error")
+- `-TimeRange` (optional) - How far back to search (default: "1h"). Examples: "15m", "1h", "2h", "1d"
+- `-Limit` (optional) - Maximum number of log entries to return (default: 50, max: 1000)
+- `-OutputFormat` (optional) - Output format: "table" (default), "json", or "raw"
+
+**Output formats:**
+
+1. **Table** (default) - Formatted table with key log information:
+   ```powershell
+   .\tracer\tools\Get-DatadogLogs.ps1 -Query "service:my-service error"
+   ```
+   Shows: Timestamp, Status, Service, Host, Message (truncated to 100 chars)
+
+2. **JSON** - Raw JSON output for further processing:
+   ```powershell
+   .\tracer\tools\Get-DatadogLogs.ps1 -Query "service:my-service" -OutputFormat json
+   ```
+
+3. **Raw** - Simple timestamp and message format:
+   ```powershell
+   .\tracer\tools\Get-DatadogLogs.ps1 -Query "service:my-service" -OutputFormat raw
+   ```
+
+**Example workflows:**
+
+1. Search for recent errors in a service:
+   ```powershell
+   .\tracer\tools\Get-DatadogLogs.ps1 -Query "service:my-service error" -TimeRange "1h" -Limit 20
+   ```
+
+2. Find tracer debug logs from Azure Functions:
+   ```powershell
+   .\tracer\tools\Get-DatadogLogs.ps1 -Query "service:lucasp-premium-linux-isolated AspNetCoreDiagnosticObserver" -TimeRange "30m"
+   ```
+
+3. Export logs as JSON for processing:
+   ```powershell
+   .\tracer\tools\Get-DatadogLogs.ps1 -Query "service:my-service DD-TRACE-DOTNET" -OutputFormat json | ConvertFrom-Json | ConvertTo-Json -Depth 10
+   ```
+
+**Note**: The script uses `Invoke-RestMethod` which properly handles authentication headers, avoiding the shell variable substitution issues that can occur with curl.
+
 ### Search for tracer debug logs
 
 ```bash

tracer/tools/Get-DatadogLogs.ps1

@@ -0,0 +1,149 @@
+<#
+.SYNOPSIS
+Retrieves logs from the Datadog Logs API.
+
+.DESCRIPTION
+Queries the Datadog Logs API to retrieve logs matching a specific query.
+Requires DD_API_KEY and DD_APPLICATION_KEY environment variables to be set.
+
+.PARAMETER Query
+The log query to search for (e.g., "service:my-service error")
+
+.PARAMETER TimeRange
+How far back to search for logs. Defaults to "1h" (1 hour).
+Examples: "15m", "1h", "2h", "1d"
+
+.PARAMETER Limit
+Maximum number of log entries to return (default: 50, max: 1000)
+
+.PARAMETER OutputFormat
+Output format: "table" (default), "json", or "raw"
+
+.EXAMPLE
+.\Get-DatadogLogs.ps1 -Query "service:lucasp-premium-linux-isolated AspNetCoreDiagnosticObserver"
+
+.EXAMPLE
+.\Get-DatadogLogs.ps1 -Query "service:my-app error" -TimeRange "2h" -Limit 100
+
+.EXAMPLE
+.\Get-DatadogLogs.ps1 -Query "service:my-app" -OutputFormat json | ConvertFrom-Json | ConvertTo-Json -Depth 10
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $true, Position = 0)]
+    [string]$Query,
+
+    [Parameter(Mandatory = $false)]
+    [string]$TimeRange = "1h",
+
+    [Parameter(Mandatory = $false)]
+    [int]$Limit = 50,
+
+    [Parameter(Mandatory = $false)]
+    [ValidateSet("table", "json", "raw")]
+    [string]$OutputFormat = "table"
+)
+
+# Check for required environment variables
+$apiKey = $env:DD_API_KEY
+$appKey = $env:DD_APPLICATION_KEY
+
+if ([string]::IsNullOrEmpty($apiKey)) {
+    Write-Error "DD_API_KEY environment variable is not set. Please set it before running this script."
+    exit 1
+}
+
+if ([string]::IsNullOrEmpty($appKey)) {
+    Write-Error "DD_APPLICATION_KEY environment variable is not set. Please set it before running this script."
+    exit 1
+}
+
+# Build the request
+$uri = "https://api.datadoghq.com/api/v2/logs/events/search"
+$headers = @{
+    "DD-API-KEY"         = $apiKey
+    "DD-APPLICATION-KEY" = $appKey
+    "Content-Type"       = "application/json"
+}
+
+$body = @{
+    filter = @{
+        query = $Query
+        from  = "now-$TimeRange"
+        to    = "now"
+    }
+    sort   = "timestamp"
+    page   = @{
+        limit = $Limit
+    }
+} | ConvertTo-Json -Depth 10
+
+Write-Verbose "Querying Datadog Logs API with query: $Query"
+Write-Verbose "Time range: now-$TimeRange to now"
+Write-Verbose "Limit: $Limit"
+
+try {
+    $response = Invoke-RestMethod -Uri $uri -Method Post -Headers $headers -Body $body -ErrorAction Stop
+
+    if ($null -eq $response.data -or $response.data.Count -eq 0) {
+        Write-Warning "No logs found for query: $Query"
+        Write-Warning "Make sure the query is correct and logs exist within the time range (now-$TimeRange to now)"
+        exit 0
+    }
+
+    $logs = $response.data | ForEach-Object {
+        $attrs = $_.attributes
+
+        [PSCustomObject]@{
+            Timestamp = $attrs.timestamp
+            Status    = $attrs.status
+            Service   = $attrs.service
+            Message   = $attrs.message
+            Host      = $attrs.host
+            Tags      = $attrs.tags -join ", "
+        }
+    }
+
+    switch ($OutputFormat) {
+        "table" {
+            Write-Host "`nFound $($logs.Count) log entries:" -ForegroundColor Green
+            Write-Host "Query: $Query`n" -ForegroundColor Cyan
+
+            $logs | Format-Table -Property @(
+                @{Label = "Timestamp"; Expression = {
+                    $dt = [DateTime]::Parse($_.Timestamp)
+                    $dt.ToString("yyyy-MM-dd HH:mm:ss.fff")
+                }; Width = 23 }
+                @{Label = "Status"; Expression = { $_.Status }; Width = 8 }
+                @{Label = "Service"; Expression = { $_.Service }; Width = 30 }
+                @{Label = "Host"; Expression = { $_.Host }; Width = 20 }
+                @{Label = "Message"; Expression = {
+                    if ($_.Message.Length -gt 100) {
+                        $_.Message.Substring(0, 97) + "..."
+                    } else {
+                        $_.Message
+                    }
+                }; Width = 100 }
+            ) -AutoSize -Wrap
+        }
+        "json" {
+            $logs | ConvertTo-Json -Depth 10
+        }
+        "raw" {
+            $logs | ForEach-Object {
+                $dt = [DateTime]::Parse($_.Timestamp)
+                $ts = $dt.ToString("yyyy-MM-dd HH:mm:ss.fff")
+                Write-Host "$ts [$($_.Status)] $($_.Service) - $($_.Message)"
+            }
+        }
+    }
+
+} catch {
+    Write-Error "Failed to query Datadog Logs API: $_"
+    Write-Error $_.Exception.Message
+    if ($_.ErrorDetails.Message) {
+        Write-Error "API Response: $($_.ErrorDetails.Message)"
+    }
+    exit 1
+}