The following reference contains a list of global fields that have a well defined semantic meaning in Dynatrace and can be used across different monitoring types. The fields are organized in namespaces that are separated with dots.
The top level fields contain generally relevant information for all monitoring data
timestamp1649822520123123123timeframestart_timeend_time.1649822520123123123end_timestart_time.1649822520123123165durationstart_time and end_time in nanoseconds.42interval1 minadobe.em.env_typedev; stage; prodadobe.em.programadobe.em.serviceadobe.em.tierauthor; publish; previewOneAgent might aggregate spans having the same parent span into a single one. The aggregated span contains attributes to indicated that aggregation happened and to allow to reconstruct details.
For aggregated spans the start_time holds the earliest start_time, end_time holds the latest end_time of all aggregated spans.
aggregation.count3aggregation.duration_max482aggregation.duration_min42aggregation.duration_samples[42, 482, 301]aggregation.duration_sum123aggregation.exception_count0; 6aggregation.parallel_executiontrue indicates that aggregated spans may have been executed in parallel. Therefore start_time + duration_sum may exceed end_time.apache.httpd.config.pathapache.spark.master.ipapache.tomcat.base/usr/share/tomcat6apache.tomcat.home/usr/share/tomcat6The app namespace contains information on the application sending the event.
app.bundlecom.example.easytravelapp.iddynatrace.notebooks; my.awesome.appapp.short_version5.23app.version5.23.15789; 143542The artifact namespace contains information about software artifacts.
artifact.attestation.filenameartifact.filename.carts-service-amd64-0.1.1.tar.gz.intoto.json1artifact.attestation.hashb4e370270ac4fe8d728b845ab8d190a7c931f09ff7b0156dd4d6abf797f1fe6aartifact.filenameartifact.id, but can contain the artifact.version and other data like file extension.carts-service-amd64-0.1.1.tar.gzartifact.hash6c323d126547f71fafb4bffa02cdc480fb284678644ef0b6c69029f051fe5137artifact.idcarts-serviceartifact.nameCarts serviceartifact.purlpkg:npm/%40dynatrace/backstage@2.0.0; pkg:deb/debian/curl@7.50.3-1?arch=i386&distro=jessieartifact.version0.1.1aspnetcore.appl.pathAuthentication type and method used to login to a Dynatrace system.
authentication.client.iddt0s02.UZCK6ENL.2YQ2A3DZUEISRJSUU5544J3SC3TMPXSEEMNA5HK7RW54SJ6XKLYGMWJNKL7B2DNHauthentication.grant.typeAUTHORIZATION_CODE; CLIENT_CREDENTIALSauthentication.tokendt0c01.AM4SEYKIBROBEJ2N3HAXZ4IXauthentication.typeOAUTH2authentication.grant.type MUST be one of the following:
AUTHORIZATION_CODECLIENT_CREDENTIALSauthentication.type MUST be one of the following:
DEVOPSTOKENNONETOKENauthentication.client.id and authentication.token MUST follow the Dynatrace token format definition.
Specifically, authentication.client.id MUST be prefixed with dt0s02.
Information about entity availability. Sample usage is reporting hosts and PGI-s availability by OS Agent. Value of availability.state can be used for calculating aggregate availability (dividing count of "successful" requests by count of all requests). With constant frequency of requests it can be treated as a time-base availability, showing percentage of time that the monitored entity was available.
availability.stateupavailability.state has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
availableno_datano_data_agent_inactivereboot_gracefulreboot_ungracefulshutdown_hostunavailableunimportantunmonitored_agent_stoppedunmonitored_agent_uninstalledunmonitored_agent_upgradeupFields that can come from applications running on AWS.
aws.account.idpermission123456789012aws.alb.namemy-albaws.arnarn:aws:lambda:us-east-1:478983378254:function:acceptanceWeatherBackendaws.availability_zoneus‑east‑1a; us‑east‑1baws.ecr.account.idaws.ecr.regionaws.ecs.clusteraws.ecs.container.arnarn:aws:ecs:us-west-2:111122223333:container/05966557-f16c-49cb-9352-24b3a0dcd0e1aws.ecs.container.nameaws.ecs.docker.idcd189a933e5849daa93386466019ab50-2495160603aws.ecs.docker.namecurl-imageaws.ecs.familyaws.ecs.revisionaws.ecs.task.arnarn:aws:ecs:us-west-2:111122223333:task/default/cd189a933e5849daa93386466019ab50aws.lambda.function.nameaws.lambda.initialization_typesnap_startaws.log_group/aws/lambda/a-SomeFumction-1AWHD6W1QC5DHaws.log_stream2021/01/04/[$LATEST]b2e34f11da04232cb9f9d3d5799a5c12aws.regionus-east-1aws.resource.idi-0922cda4579db3a45aws.resource.namemy-ec2-instanceaws.resource.typegroup; cluster; instanceaws.services3aws.lambda.initialization_type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
on-demandprovisioned-concurrencysnap-startaws.lambda.invoked_arnContext passed to the function (Lambda-Runtime-Invoked-Function-Arn response header from the request to /runtime/invocation/next).arn:aws:lambda:us-east-1:123456789012:function:acceptanceWeatherBackend:productionaws.x_amzn_request_id123344566aws.x_amzn_trace_idRoot=1-63441c4a-abcdef012345678912345678; Self=1-63441c4a-12456789abcdef012345678;Root=1-67891233-abcdef012345678912345678Fields that can come from applications running on Azure.
azure.class_nameHost.Functionsazure.event_hub_namespace.namemy-event-hubazure.locationEast USazure.management_groupTenant Root Group; My Custom Groupazure.resource.grouppermissiondemo-backend-rgazure.resource.id/subscriptions/27e9b03f-04d2-2b69-b327-32f433f7ed21/resourceGroups/demo-backend-rg/providers/Microsoft.ContainerService/managedClusters/demo-aksazure.resource.namedemo-aksazure.resource.typeMicrosoft.ContainerService/managedClustersazure.service_bus_namespace.namemy-service-busazure.site_namedt-function-scriptedazure.sql_elastic_pool.namecontoso-elastic-poolazure.sql_server.namecontoso-sql-serverazure.subscriptionpermission27e9b03f-04d2-2b69-b327-32f433f7ed21azure.vm.namemy-virtual-machineazure.vm_scale_set.namemy-vmssazure.vmid090556DA-D4FA-764F-A9F1-63614EDA019AFields that are integral to applications managed by BOSH.
bosh.availability_zoneus-east-1abosh.instance_idaf318409-9e9d-4a18-aca4-0fb52bbdc526bosh.nameisolated_diego_cell_devimaThe browser namespace contains information on the browser running an application.
browser.nameMozillabrowser.typedesktop; mobile; tablet; robot; otherbrowser.user_agentMozilla/5.0 (Windows NT 10.0; Win64; x64)browser.version5.0Span scoped attributes (e.g. method parameters, return values, class names, …) captured by the OneAgent based on a request attribute rule. The actual name of the attribute is the prefix "captured_attribute" plus the "request attribute name" defined in the request attributes configuration. In contrast to request attributes, captured attributes contain the raw values reported by the OneAgent at the location (i.e. on the active span) where they appeared. No aggregation (first/last value, distinct values, ...), type conversion or normalization is performed on them. They are the basis for request attributes.
captured_attribute.__attribute_name____attribute_name__ defined by the request attribute configuration. The values are always mapped as array according to the type of the captured attributes, so either boolean, double, long or string. If the captured attributes have mixed types (e.g. long and string, or double and long, etc.), all attributes are converted to string and stored as string array.[42]; ['Platinum']; [32, 16, 8]; ['Special Offer', '1702']; ['18.35', '16']cassandra.cluster.nameThe cicd namespace contains information about Continuous Integration and Continuous Deployment systems.
cicd.pipeline.id12345cicd.pipeline.nameCI pipeline for main branchcicd.pipeline.run.id9876cicd.pipeline.run.outcomesuccesscicd.pipeline.run.url.fullhttps://github.com/ACME/ACME-repo/actions/runs/9876cicd.pipeline.url.fullhttps://github.com/ACME/ACME-repo/actions/workflows/ci-build.ymlcicd.upstream_pipeline.id12345cicd.upstream_pipeline.run.id1337cicd.pipeline.run.outcome has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
cancelederrorfailureskippedsuccesstimed_outwarningThe client namespace contains information on the initiator of a network connection.
client.ipsensitive-spans194.232.104.141; 2a01:468:1000:9::140client.ip.is_publictrueclient.ispInternet Service Provider Nameclient.port65123; 80Fields related to cloud deployments that can be used across different providers.
cloud.account.id111111111111; opentelemetrycloud.availability_zoneus-east-1acloud.provideralibaba_cloudcloud.regionus-east-1cloud.resource_idarn:aws:lambda:REGION:ACCOUNT_ID:function:my-function; //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID; /subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>The prefix of the service matches the one specified in cloud.provider.
cloud.platform MUST be one of the following:
alibaba_cloud_ecsalibaba_cloud_fcalibaba_cloud_openshiftaws_app_runneraws_ec2aws_ecsaws_eksaws_elastic_beanstalkaws_lambdaaws_openshiftazure_aksazure_app_serviceazure_container_instancesazure_functionsazure_openshiftazure_vmgcp_app_enginegcp_cloud_functionsgcp_cloud_rungcp_compute_enginegcp_kubernetes_enginegcp_openshiftibm_cloud_openshifttencent_cloud_cvmtencent_cloud_ekstencent_cloud_scfcloud.provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
alibaba_cloudawsazuregcpherokuibm_cloudtencent_cloudcloudfoundry.application.idcloudfoundry.application.namecloudfoundry.instance.indexcloudfoundry.space.idcloudfoundry.space.namecode.call_stackcode.function. The call stack starts with the code.function and the stack frames are separated by a line feed.com.example.SampleClass.doProcessing(SampleClass.java) com.example.SampleClass.doSomeWork(SampleClass.java) com.example.SampleClass.main(SampleClass.java)code.filepath/usr/local/MyApplication/content_root/app/index.phpcode.functionserveRequestcode.invoked.filepathcode.filepath, only it represents the file path of the function that was active when a span has been started. Typically it is the function that has been instrumented. Should only be set if it differs from code.filepath./usr/local/MyApplication/content_root/app/index.phpcode.invoked.functioncode.function, only it represents the function that was active when a span has been started. Typically it is the function that has been instrumented. The spans duration does not reflect the duration of this function execution. Should only be set if it differs from code.function.invokecode.invoked.namespacecode.namespace, only it represents the namespace of the function that was active when a span has been started. Typically it is the function that has been instrumented. Should only be set if it differs from code.namespace.com.sun.xml.ws.server.InvokerTube$2code.namespacecode.function is defined. Usually the qualified class or module name, such that code.namespace + some separator + code.function form a unique identifier for the code unit.com.example.MyHttpServicecoldfusion.jvm.config.filecoldfusion.service.nameFor some technologies compilation of code might be a significant contributor to request execution time. Compilation timings provide insight into this, where available.
compilation_timings.compilation_countcompilation_timings.duration_sum.7compilation_timings.duration_sum6723compilation_timings.top_compilationscompilation_timings.duration_sum, represented as map from compilation unit name to duration in nanoseconds spent.{'/home/user/test/php/build/tmp/php-htdocs/memcached/memcachedCli.php': 1952, '/home/user/test/php/build/tmp/php-htdocs/curl_cli_uri_filtering.php': 1306}container.ida3bf90e006b2container.image.namegcr.io/opentelemetry/operatorcontainer.image.version0.1container.nameopentelemetry-autoconfCTG (shorthand for "CICS Transaction Gateway") is a connector for enterprise modernization of CICS assets. It empowers various application platforms, such as Java servlets, to incorporate CICS programs.
CICS (shorthand for "Customer Information Control System") is a middleware to support rapid, high-volume online transaction processing on IBM mainframe systems on z/OS. CTG features a client and a server, which communicate via so-called GatewayRequests.
ctg.request.call_type2ctg.request.commarea_length0ctg.request.extend_mode11ctg.request.flow_type5ctg.request.gateway_urltcp://1.2.3.4:5678/ctg.request.object_namectg.request.server_idIPICTESTctg.request.term_idCN02ctg.request.typeBASEctg.response.code-23The values are defined in the IBM CTG API source code.
ctg.request.type MUST be one of the following:
ADMINAUTHBASEECIEPIESIXAcustom_service.methodstartTask; run; authenticatecustom_service.nameMyCustomService; AuthenticationComponentdb.affected_item_count32db.collection.namecustomers; public.usersdb.connection_stringsensitive-spansjdbc:dynamodb:Access Key=XXX;Secret Key=XXX;Domain=amazonaws.com;Regiondb.cosmosdb.request_charge4.95; 2.0db.dynamodb.regioncloud.region).us-east-1db.dynamodb.table_names[Cats, Dogs]db.namespacecustomers; test.usersdb.operation.namedrop; findAndModify; SELECT; PREPARE; GetItem; set; LPUSH; mutateIn; ReadItemsdb.query.parameterssensitive-spans[{'name': 'paul', 'age': '23'}, {'name': 'mary', 'age': '32'}]; [{'0': 'paul', '1': '23'}, {'0': 'mary', '1': '32'}]db.query.textSELECT * FROM wuser_table; SET mykey "WuValue"db.result.duration_max345db.result.duration_min123db.result.duration_sum234db.result.exception_count2db.result.execution_count12db.result.roundtrip_count2db.systemmongodb; mysqlDepending on the data provided on ingest this attribute may be derived by e.g. parse of db.query.text. Parsing might fail or result might be inaccurate.
The value may be sanitized to exclude sensitive information.
db.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
adabascachecassandraclickhousecloudscapecockroachdbcoldfusioncosmosdbcouchbasecouchdbdb2derbydl/idynamodbedbelasticsearchfilemakerfirebirdfirstsqlgeodeh2hanadbhbasehivehsqldbinformixingresinstantdbinterbasemariadbmaxdbmemcachedmongodbmssqlmssqlcompactmysqlneo4jnetezzaopensearchoracleother_sqlpervasivepointbasepostgresqlprogressredisredshiftspannersqlitesybaseteradataverticadeployment.release_build_version2021-03-24deployment.release_productWoGo Maindeployment.release_stageproductiondeployment.release_version0.4.1The device namespace contains information on the device running an application. This should only be used for end-user devices or devices outside of a private infrastructure. In line with the naming conventions and guidelines, we are in this case adhering to the emerging Open Telemetry convention around this, with some additions.
device.battery.level100device.is_rootedfalsedevice.manufacturerAppledevice.model.identifieriPhone3,4device.orientationlandscapedevice.screen.height1152device.screen.width2048Fields describing a disk.
disk.all_mountpoints[/mnt/storage, /home, /var/log]disk.device_namesdadisk.mountpoint/mnt/storagedb.dli.pcb3; MYPCBNAMdb.dli.pcb_typeDC; DL/I; F/Pdb.dli.processing_optionsGRdb.dli.segment_level3; 24db.dli.segment_namePARTROOTdb.dli.status_codeQCdb.dli.terminal_nameHWSAM5ZD; 10505db.dli.pcb_type MUST be one of the following:
DCDL/IF/Pdotnet.dll.filedotnet.dll.pathMetadata with ActiveGate realated information.
dt.active_gate.group.nameGdanskLabdt.active_gate.id0x0xef3d21c3dt.active_gate.working_modeclusterdt.active_gate.working_mode MUST be one of the following:
clusterembeddedenvironmentmultitenantdt.active_gate.api_connector.config_id123; 9276dt.active_gate.api_connector.pipeline_identifierKubernetes/Topologydt.active_gate.api_connector.pipeline_statusfaileddt.active_gate.api_connector.technology_idKubernetes; CloudFoundry; AWS; Dynatrace Extension; Azuredt.active_gate.api_connector.pipeline_status MUST be one of the following:
failedskippedsucceededMetadata of the OneAgent module that reported a signal. These attributes are what one would also see in OneAgent Health.
dt.agent.module.id031f613871fab0b4; fc3cd1bb276f0beddt.agent.module.parent_idea89eef5db8b85a9dt.agent.module.typeapachedt.agent.module.version1.269.17.20221117-132428dt.agent.module.version_shortdt.agent.module.version's cardinality would be a problem1.269dt.agent.module.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
apachedotnetdumpprocextensionsgoiisjavalog_analyticsnetnettracernginxnodejsopentracingnativeosphppluginprocesspythonremote_pluginrubysdksupportupdatervarnishwsmbzSome attributes are used in the context of the Davis engine.
These fields can be set in events to influence the Davis engine behavior.
dt.davis.analysis_time_budgetdt.davis.analysis_trigger_delaydt.davis.is_entity_remapping_alloweddt.davis.is_frequent_issue_detection_alloweddt.davis.is_merging_alloweddt.davis.is_problem_suppresseddt.davis.is_rootcause_relevantdt.davis.preferred_entity_typemy.custom.entity.typedt.davis.timeoutThese fields can be set by Davis routines.
dt.davis.anomaly_detection.alertdt.davis.anomaly_detection.anomalydt.davis.anomaly_detection.lowerdt.davis.anomaly_detection.upperdt.davis.forecast.lowerdt.davis.forecast.pointdt.davis.forecast.upperThe Dynatrace OneAgent associates monitoring data with a so called Monitored Entity ID (ME ID). On OneAgent monitored environments, whenever ME IDs are accessible within the monitored system they should be used to enrich monitoring data to facilitate correlations with data primarily addressed through ME IDs coming from other channels.
The structure for keys that signify entity IDs is dt.entity.{type of entity}.
The value associated with such a key must be valid Dynatrace entity identifier
(see Monitored entities API).
To allow linking Entity IDs across various different monitoring artifacts (logs, metrics, etc.), all string representations of Entity IDs are required to follow a canonical form, which for all current entities is defined as PREFIX-0123456789ABCDEF.
Consumers should treat the token as an opaque value and must not infer any semantics on the ID itself. Producers need to match the Entity ID that is being returned by Dynatrace Entity API verbatim.
Producers of string representation must treat the string as if it was parsed case-sensitively, even though some parts of the product may be more lenient.
The structure of the entity ID is currently as follows: <ID-NAMESPACE>-<16-digit-hex-string>. The <ID-NAMESPACE> is type specific but cannot be used to determine the actual entity type reliably, especially in cases of CUSTOM_DEVICE. The <16-digit-hex-string> needs to be zero-padded (prefix) to a length of 16 digits and must use upper case letters A-F.
Current entity IDs in cannonical form can be represented structurally with the following regular expression: [A-Z][A-Z_]*-[0-9A-F]{16}.
Additional characters or changes in the format may happen in the future but will not invalidate existing IDs or ID generation rules.
When adding a name to an entity ID via the Grail function entityName, by default, the name of the respective entity will be represented as dt.entity.{type of entity}.name. Similarly, further entity attributes can be added via the Grail function entityAttr, resulting in additional field(s) following the naming convention dt.entity.{type of entity}.{name of attribute}.
dt.entity.applicationentity-idAPPLICATION-DC92E74A7A844E6Edt.entity.aws_availability_zoneentity-idAWS_AVAILABILITY_ZONE-6000A4E2BD2AB971dt.entity.azure_regionentity-idAZURE_REGION-0DD5C79E4034F0AAdt.entity.azure_vmentity-idAZURE_VM-326478B733D6CFB0dt.entity.cloud_applicationentity-idCLOUD_APPLICATION-3AB5BBF3E09A7942dt.entity.cloud_application_instanceentity-idCLOUD_APPLICATION_INSTANCE-E0D8F94D9065F24Fdt.entity.cloud_application_namespaceentity-idCLOUD_APPLICATION_NAMESPACE-C61324AA70F57BCBdt.entity.container_groupentity-idCONTAINER_GROUP-7C2B1C24FFB288CBdt.entity.container_group_instanceentity-idCONTAINER_GROUP_INSTANCE-F4A1347110826781dt.entity.custom_applicationentity-idCUSTOM_APPLICATION-343A92501A51F286dt.entity.custom_deviceentity-idCUSTOM_DEVICE-E0D8F94D9065F24Fdt.entity.diskentity-idDISK-5472CBC1ED0981D6dt.entity.ec2_instanceentity-idEC2_INSTANCE-0004DD30F142D18Cdt.entity.gcp_zoneentity-idGCP_ZONE-3699CB75E19C8505dt.entity.hostentity-idHOST-E0D8F94D9065F24Fdt.entity.host_groupentity-idHOST_GROUP-E7FBBCF7B1467174dt.entity.kubernetes_clusterentity-idKUBERNETES_CLUSTER-E0D8F94D9065F24Fdt.entity.kubernetes_nodeentity-idKUBERNETES_NODE-874C66B68CE15070dt.entity.kubernetes_serviceentity-idKUBERNETES_SERVICE-FE6E75BB9DF02347dt.entity.mobile_applicationentity-idMOBILE_APPLICATION-E8A8751A60D5BCE8dt.entity.network_interfaceentity-idNETWORK_INTERFACE-FC7B4A5937FC125Cdt.entity.process_groupentity-idPROCESS_GROUP-E0D8F94D9065F24Fdt.entity.process_group_instanceentity-idPROCESS_GROUP_INSTANCE-E0D8F94D9065F24Fdt.entity.serviceentity-idSERVICE-57EC3CFC1FE72449dt.entity.service_methodentity-idSERVICE_METHOD-659B35CA9AAC96C1dt.entity.service_method_groupentity-idSERVICE_METHOD_GROUP-02000E1DB1CDAF9Fdt.entity.synthetic_locationentity-idSYNTHETIC_LOCATION-D140F3B85BCCBD1AAdditional extension information sent via self-monitoring.
dt.extension.config.idvu9U3hXa3q0AAAABAAtleHQ6ZXh0LTA0MAAIYWdfZ3JvdXAAA0FHMQAkMjY2YTIyM2YtZDgxYi0zNTNjLThlYzctYzk2YzliZjg4OGQ3vu9U3hXa3q0dt.extension.dsSNMPTrapdt.extension.endpoint.hints[nat-test.lab.dynatrace.org, 1521, orc]dt.extension.namecom.snmptrap.genericdt.extension.statusAUTHENTICATION_ERRORdt.extension.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AUTHENTICATION_ERRORDEVICE_CONNECTION_ERROREEC_CONNECTION_ERRORGENERIC_ERRORINVALID_ARGS_ERRORINVALID_CONFIG_ERROROKUNKNOWN_ERRORAttributes used for Process Group enrichment in extensions.
Attributes defined in this namespace are used by Dynatrace to describe different aspects of the ingested data.
dt.ingest.debug_messages[MyATTribute mapped to myAttribute]dt.ingest.formatdtapi/json; otlp/protobufdt.ingest.warnings[attr_count_trimmed, content_trimmed]dt.ingest.format MUST be one of the following:
dtapi/jsondtapi/plaintextotlp/jsonotlp/protobufdt.ingest.warnings MUST contain only values from the following list:
content_trimmedcontent_trimmed_pipeattr_count_trimmedattr_count_trimmed_pipeattr_key_case_mismatchattr_val_count_trimmedattr_val_count_trimmed_pipeattr_val_size_trimmedattr_val_size_trimmed_pipetimestamp_correctedcommon_attr_correctedprocessing_batch_timeoutprocessing_transformer_timeoutprocessing_transformer_errorprocessing_transformer_throttledprocessing_output_record_conversion_errorprocessing_prepare_input_errordt.cost.costcenterTeam Adt.cost.productProduct Adt.host_group.idpermissionmyHostGroupdt.metrics.sourcetelegraf; com.dynatrace.extension.sql-oracledt.pg_detection.cluster.iddt.pg_detection.declarative.iddt.pg_detection.environment.idDT_ENVIRONMENT_ID environment variabledt.pg_detection.node.iddt.process_group.detected_nameApache Web Server httpd; Redis unguard-redis-* redisdt.querytimeseries avg(dt.host.cpu.idle); fetch logsdt.security_contextpermissiondt.source_entityentity-idHOST-E0D8F94D9065F24F; PROCESS_GROUP_INSTANCE-E0D8F94D9065F24Fdt.source_entity.typehost; process_group_instance; cloud:azure:resource_groupThis is the framework used for capturing, processing and forwarding metrics, not the emitting monitored entity. Exemplary custom value: name of an extension sending metrics.
Value of this attribute will be based on one of dt.entity.<type> attributes value. That means that both attributes dt.source_entity and corresponding dt.entity.<type> will be set to the same ID.
dt.metrics.source has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
dynatrace_codemoduledynatrace_ingestdynatrace_osagentmicrometeroneagent_metric_apiopentelemetrystatsdtelegrafFields defined in this namespace are used by Dynatrace to describe various aspects of the data ingested through OpenPipeline, providing detailed insights into the ingestion process.
dt.openpipeline.pipelines[[logs:default], [logs:pipeline_haproxy_2656, bizevents:default]]dt.openpipeline.source/platform/ingest/v1/events; oneagentThe dt.rum namespace contains Dynatrace RUM specific fields.
dt.rum.application.idea7c4b59f27d43eb; 89b1a1e7-fe89-4151-81e9-410fa0235f0ddt.rum.instance.id3735928559dt.rum.schema_version0.1dt.rum.session.idHOPCPWKILUKHFHWRRQGBHHPAFLUJUOSH-0; 23626166142035610_1-0Fields for referencing Settings 2.0 objects, schemas and scopes.
Although the dt.settings.object_id is enough to identify a specific settings value within a dynatrace environment, adding explicit information about the schema, scope and/or scope type can be useful nonetheless. If your use-case will only ever involve a single schema, scope type and/or scope, documenting this is good enough - if multiple schemas, scope types and/or scopes can be involved, filling the corresponding fields is strongly recommended.
dt.settings.references can be used if multiple settings objects need to be referenced. In that case, each entry in the array can hold a reference to a single settings object.
The top level fields contain generally relevant information for all monitoring data.
dt.settings.object_idvu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQdt.settings.object_summaryJourney Service all errors; Really, this can be anything; My alerting ruledt.settings.references[{'dt.settings.object_id': 'vu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQ', 'dt.settings.relationship': 'matched_rule'}, {'dt.settings.object_id': 'vu9U3hXa3q0AAAABAB9idWlsdGluOmRhdmlzLmFub21hbHktZGV0ZWN0b3JzAAZ0ZW5hbnQABnRlbmFudAAkMzM2NTc3MTgtYWNjYi0zOGY1LTlmOGUtMTg5NTBiYmNjNmRhvu9U3hXa3q0', 'dt.settings.relationship': 'triggered_alert'}]dt.settings.relationshipsnake_case) here that describe the relationship for your use-case.matched_rule; triggered_alertdt.settings.schema_idbuiltin:problem.notifications; app:dynatrace.jenkins:connectiondt.settings.schema_version1.0.0; 1.2.3dt.settings.scope_idenvironment; HOST-EFAB6D2FE7274823dt.settings.scope_namedeb-10-k3s-oi-01.lab.dynatrace.orgdt.settings.scope_typeenvironment; host_group; hostThe dt.synthetic namespace contains Dynatrace synthetic specific fields.
dt.synthetic.batch.iddt.synthetic.custom_log.loglevelinfodt.synthetic.custom_log.messagelog messagedt.synthetic.custom_log.timestamp1629891695487dt.synthetic.execution.end_timestamp1629891695487dt.synthetic.execution.id100681465183dt.synthetic.execution.typeon-demanddt.synthetic.failed_execution.execution.iddt.synthetic.failed_execution.execution.stageData retrieveddt.synthetic.failed_execution.execution.timestamp1629891693487dt.synthetic.failed_execution.location.idSYNTHETIC_LOCATION-9BB04DAEBA71B8CAdt.synthetic.failed_execution.monitor.idHTTP_CHECK-6349B98E1CD87352dt.synthetic.failed_execution.status.code599dt.synthetic.failed_execution.status.detailsconnection timed out after 5000 ms: google.comdt.synthetic.failed_execution.status.messageTIMEOUTdt.synthetic.failed_execution.status.on_demand.detailsPERFORMANCE_THRESHOLD_VIOLATIONdt.synthetic.failed_execution.status.on_demand.messageSuccessdt.synthetic.location.idSYNTHETIC_LOCATION-9BB04DAEBA71B8CAdt.synthetic.location.idsSYNTHETIC_LOCATION-9BB04DAEBA71B8CAdt.synthetic.monitor.idHTTP_CHECK-6349B98E1CD87352dt.synthetic.multi_protocol.request.targets127.0.0.1:22dt.synthetic.result.statistics.duration456dt.synthetic.result.statistics.start_timestampdt.synthetic.step.idHTTP_CHECK_STEP-6349B98E1CD87352dt.synthetic.step.idsHTTP_CHECK_STEP-6349B98E1CD87352dt.synthetic.triggering_problem.causeLocation not founddt.synthetic.triggering_problem.detailsThrottling on the location. Minimum duration between successive executions for a single user is 60 secdt.synthetic.triggering_problem.entity.idHTTP_CHECK-6349B98E1CD87352dt.synthetic.triggering_problem.execution.iddt.synthetic.triggering_problem.location.idSYNTHETIC_LOCATION-9BB04DAEBA71B8CAdt.synthetic.failed_execution.execution.stage MUST be one of the following:
Data retrievedExecutedNot triggeredTimed outTriggeredWaitingThe namespace dt.system is reserved for Grail. These fields cannot be ingested but instead will be set by Grail directly. Every record that is fetched from Grail provides these fields, but by default they are hidden. You can display them by using the fieldsAdd command.
Example query:
// display the bucket for each log recordfetch logs| fieldsAdd dt.system.bucket
dt.system.bucketdefault_logs; default_spans; default_bizeventsdt.system.environmentwkf10640dt.system.monitoring_sourcefullstack_host; infrastructuredt.system.sampling_ratio1dt.system.segment_id5d97c09e-7337-443e-bab5-2f0474804687dt.system.storage_interval1 mindt.system.tablelogs; bizeventsdt.system.monitoring_source MUST be one of the following:
discoveryfullstack_containerfullstack_hostinfrastructuremainframedt.system.storage_interval MUST be one of the following:
1 minFields defined in this namespace are used by Dynatrace to describe different aspects of the context propagation between spans.
dt.tracing.custom_link.id736bd2684696c4a8dt.tracing.custom_link.original_bytesycXlxUBAQEDee9lm8pBcA8nF5cVAQEBA3nvZZvKQXAPee9lm8s4SAQ==dt.tracing.custom_link.transformed_bytesycXlxUBAQEDee9lm8pBcA8nF5cVAQEBA3nvZZvKQXAPee9lm8s4SAQ==dt.tracing.custom_link.typedt.tracing.custom_link.original_bytes to the dt.tracing.custom_link.transformed_bytes was applied.genericdt.tracing.foreign_link.bytes00000004000000010000000200000003000000040000002300000001dt.tracing.foreign_link.textFW4;129;12;-2023406815;4539717;0;17;66;c511;2h02;3h12345678;4h676767; FW1;129;4711;59959450;-1859959450;3;17;0dt.tracing.link.directionoutgoingdt.tracing.link.iddt.tracing.link.is_synctrue indicates that caller waits on the response. Only available on span links with dt.tracing.link.direction set to outgoing.dt.tracing.response.headers{'traceresponse': ['00-7b9e3e4068167838398f50017bfad358-d4ffc7e33530967a-01'], 'x-dt-tracestate': ['9651e1a8-19506b7c@dt']}dt.tracing.custom_link.type MUST be one of the following:
genericdt.tracing.custom_link.original_bytes have no special meaning.ibm_mqdt.tracing.custom_link.original_bytes are an IBM MQ custom link.ibm_mq_ignore_qnamedt.tracing.custom_link.original_bytes are an IBM MQ custom link, but the qname part should be ignored in mapping.dt.tracing.link.direction MUST be one of the following:
incomingoutgoingelasticsearch.cluster.nameelasticsearch.node.nameEndpoints define the public interface of services.
endpoint.name/; /get-cart; /productpage; Reviews.GetReviewsFields that describe entities.
entity.conditional_nameCl-Prod1 Ser-1entity.customized_nameHost 1234entity.detected_nameip-10-100-200-5.eu-west-1.compute.internalentity.nameentity.customized_name, entity.conditional_name, entity.detected_name.easyTravelentity.typehost; serviceequinox.config.pathesb.application.namemyBusinessApp; YourServiceApp; any_workesb.library.namemyWebServicesLib; YourMessagingLibrary; any_toolsesb.vendoribm; tibcoesb.workflow.namemyMessageFlow; YourBusinessWorkflow; any_flowThe event namespace contains common identification, categorization and context on events in Dynatrace.
event.categoryAvailabilityevent.descriptionThe current response time (11 s) exceeds the auto-detected baseline (767 ms) by 1,336 %event.end16481073970000event.group_labelAvailabilityevent.id5547782627070661074_1647601320000event.kindpermissionINFRASTRUCTURE_EVENT; DAVIS_EVENT; BIZ_EVENT; RUM_EVENT; AUDIT_EVENT; BILLING_USAGE_EVENTevent.nameProcess crashed; CPU Saturationevent.original_content{"severity_id": 3,"state_id": 1,"time": "2024-06-26T07:15:06.139000Z","state": "New","type_uid": 200101}event.outcome200; success; failureevent.parent_id5547782627070661074_1647601319999event.providerpermissionOneAgent; K8S; Davis; VMWare; GCP; AWS; LIMA_USAGE_STREAMevent.start16481073970000event.statusActiveevent.status_transitionRecoveredevent.typepermissionESXI_HOST_MEMORY_SATURATION; PROCESS_RESTART; CPU_SATURATION; MEMORY_SATURATION; Automation Workflow; AppEngine Functions - Smallevent.version1.0.0Values are either in title-case or screaming snake case.
event.category SHOULD be one of the following:
AvailabilityErrorSlowdownResource contentionWarningInfoVulnerability managementevent.status SHOULD be one of the following:
ActiveClosedevent.status_transition SHOULD be one of the following:
CreatedUpdatedRefreshedResolvedRecoveredClosedTimed outReopenedexception.caused_by_idexception.id of the exception the current exception was caused by.exception.column_number12304exception.escapedtrue indicates that the exception was recorded at a point where it is known that the exception escaped the scope of the span.exception.file.domainexception.file.full.www.foo.barexception.file.fullhttps://www.foo.bar/path/main.js; main.jsexception.file.pathexception.file.full./path/main.jsexception.idexception.is_caused_by_roottrue if the exception is first exception of a caused by chain.exception.line_number1401exception.messageDivision by zeroexception.stack_trace@https://www.foo.bar/path/main.js:59:26 e@https://www.foo.bar/path/lib/1.1/lib.js:2:30315exception.typejava.net.ConnectException; OSErrorFields that can be expected from serverless functions or Function as a Service (FaaS) on various cloud platforms.
faas.max_memoryfaas.namemy-function; myazurefunctionapp/some-function-name; test_functionThis is the name of the function as configured/deployed on the FaaS
platform and is usually different from the name of the callback
function (which may be stored in the code.namespace/code.function span attributes).
Value of the field depends on a cloud provider. This field is not set for Azure.
faas.coldstartfaas.invoked_namemy-functionfaas.invoked_providercloud.provider resource attribute of the invoked function.alibaba_cloudfaas.triggerdatasourceWill be equal to the cloud.region resource attribute of the invoked function.
faas.invoked_provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
alibaba_cloudawsazuregcptencent_cloudfaas.trigger MUST be one of the following:
datasourcehttpotherpubsubtimerfeature_flag.keylogo-colorfeature_flag.provider_nameFlag Managerfeature_flag.variantred; true; onA semantic identifier, commonly referred to as a variant, provides a means
for referring to a value without including the value itself. This can
provide additional context for understanding the meaning behind a value.
For example, the variant red maybe be used for the value #c05543.
A stringified version of the value can be used in situations where a semantic identifier is unavailable. String representation of the value should be determined by the implementer.
gcp.app_engine.instancegcp.app_engine.servicegcp.cloud_run.servicegcp.instance.id6639848141313102286gcp.instance.namesingle-vm-testgcp.locationeurope-west3-cgcp.project.idpermissiondynatrace-gcp-extensiongcp.regioneurope-west3gcp.resource.name//cloudfunctions.googleapis.com/projects/gcp-example-project/locations/us-central1/functions/examplefunctiongcp.resource.typecloudsql_databasegcp.zoneeurope-west3-cThe geo namespace contains geo location information. This section only holds all currently agreed upon fields in the Dynatrace Semantic Dictionary. Aligned closely to the ECS, with some adaptions around field groupings
geo.city.nameMontrealgeo.continent.nameNorth Americageo.country.nameCanadageo.region.nameQuebecglassfish.domain.nameglassfish.instance.namego.linkageFields describing a host.
Dynatrace aims to use the best fitting name for the field host.name. See below, how Dynatrace determines the host name in an ordered by precedence fashion:
Dynatrace supports customizing the host.name property. A custom set host name takes precedence over the auto detection mechanisms described further down.
oneagentctl tool can be used to set a custom host name. See Documentation for details.If no customized name is set locally, the OneAgent attempts to determine the host.name value by accessing cloud metadata where applicable.
name (case insensitive) is found, the tag's value is used as the host.name.name (case insensitive) instance metadata property is used. See Microsoft Azure documentationhostname instance metadata property is used. See Google Cloud documentation.gethostname() if it can be interpreted as a fully qualified domain name (FQDN) and doesn't contain "localhost".getaddrinfo() for port 80 is issued, again sanity checking whether the returned name is an FQDN and doesn't contain "localhost".GetComputerNameExA is used to determine a host's name. In particular, the resulting name is composed of <hostname>.<domainname> with the following details
hostname = ComputerNameDnsHostname retrieved by GetComputerNameExdomainname = ComputerNameDnsDomain retrieved by GetComputerNameExEmptyHostName if neither property can be resolved.host.ip[194.232.104.141, 2a01:468:1000:9::140]host.namepermissionip-10-178-54-32.ec2.internalhttp.request.body.size3495http.request.header.__key____key__ being the lowercase HTTP header name, e.g. "http.request.header.accept-encoding". The value is a string. If there are multiple headers with the same name or multiple header values, the values will be comma separated into a single string.sensitive-spanshttps://www.foo.bar/; gzip, deflate, br; 1.2.3.4, 1.2.3.5http.request.methodGET; POST; HEADhttp.request.parameter.__key____key__ being the lowercase HTTP parameter name, for example, "http.request.parameter.username". The value is a string. If there are multiple parameters with the same name or multiple parameter values, the values will be a single, comma-separated string.admin; premiumhttp.response.body.size3495http.response.header.__key____key__ being the lowercase HTTP header name, e.g. "http.response.header.content-type". The value is a string. If there are multiple headers with the same name or multiple header values, the values will be comma separated into a single string.909; text/html; charset=utf-8; abc, defhttp.response.reason_phraseNot foundhttp.route/users/:userID?; Home/Index/{id?}http.server_nameMyServer; localhost:8000hybris.bin.dir/opt/hybris-60/hybris/binhybris.config.dir/opt/hybris-60/hybris/confighybris.data.dir/opt/hybris-60/hybris/dataibm.ace.integration_node.namemyIntegrationNode; YourBroker; the_management_instanceibm.ace.integration_server.namemyIntegrationServer; YourExecutionGroup; dataflow_engineibm.cics.aoribm.cics.programEDUCHANibm.cics.regionibm.cics.toribm.ctg.nameibm.ims.connectibm.ims.controlibm.ims.mpribm.ims.soap_gw.nameiis.app_pool.nameiis.role.namejava.jar.filejava.jar.pathjava.main.classjava.main.modulejboss.homejboss.modeorg.jboss.as.standalone; org.jboss.as.serverjboss.server.namejdbc.connection.pool.namejdbc/db2journald.unitcron.service; oneagent.service; kubepods.slicek8s.cluster.namepermissionunguard-dev; k3s-oneagentk8s.cluster.uid1c7a24c7-ff51-46e0-bcc9-c52637ceec57k8s.container.namecontainer.name).redisk8s.namespace.namepermissiondefaultk8s.node.namecluster-pool-1-c3c7423d-azthk8s.pod.nameopentelemetry-pod-autoconfk8s.pod.uid275ecb36-5aa8-4c2a-9c47-d8bb681b9affk8s.service.namemy-servicek8s.workload.kinddeployment; statefulset; cronjob; job; daemonset; replicasetk8s.workload.namecheckoutserviceFields relevant for log events
log.file.namemessages; agent.loglog.file.path/var/log/messages; /var/log/dynatrace/agent.loglog.iostreamstdout; stderrlog.source/var/log/messages; Windows Event Log; Docker Container Output; stdoutlog.source.originCUSTOM; IIS_LOG_DETECTORloglevelERROR; INFO; TRACECan contain e.g. a file path, standard output, an URI etc., depending on log stream type. The value should be stable for one logical source, so e.g. not affected by log file rotation digits.
log.iostream MUST be one of the following:
stderrstdoutlog.source.origin MUST be one of the following:
CONTAINER_LOG_DETECTORCUSTOM_LOGIIS_LOG_DETECTORJOURNALD_LOG_DETECTOROPEN_LOG_DETECTORSYSTEM_LOG_DETECTORloglevel MUST be one of the following:
ALERTCRITICALDEBUGEMERGENCYERRORFATALINFONONENOTICESEVERETRACEWARNmessaging.destination.kindqueue; topicmessaging.destination.temporarymessaging.message.body.size2738messaging.message.conversation_idMyConversationIdmessaging.message.id452a7c7c7c7048c2f887f61572b18fc2messaging.operation.typepeekmessaging.source.kindqueue; topicmessaging.source.temporarymessaging.systemkafka; rabbitmqManager name SHOULD uniquely identify the broker.
Destination name SHOULD uniquely identify a specific queue, topic or other entity within the broker.
If a custom value is used for messaging.operation.type, it MUST be of low cardinality.
Manager name SHOULD uniquely identify the broker.
Source name SHOULD uniquely identify a specific queue, topic, or other entity within the broker.
messaging.destination.kind MUST be one of the following:
queuetopicmessaging.operation.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
peekprocesspublishreceivemessaging.source.kind MUST be one of the following:
queuetopicmessaging.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
activemqartemisaws_snsaws_sqsazure_eventgridazure_eventhubsazure_servicebusgcp_pubsubhornetqjmskafkamqseriesmsmqrabbitmqrocketmqsag_webmethods_istibco_emsweblogicwebspheremessaging.akka.actor.kindsystem; usermessaging.akka.actor.path/system/log1-Logging$DefaultLogger; /remote/akka.tcp/RequesterSystem@localhost:52133/user/requestActor/$amessaging.akka.actor.systemRequesterSystem; ResponseSystemmessaging.akka.actor.typecom.acme.RespondingActormessaging.akka.message.typejava.lang.String; akka.event.Logging$Info2; com.acme.twosuds.ResponseActor$RequestMessageIn webserver technologies a multitude of modules might be contributing to handling a single web request. Module insights provides timings for these, where available.
module_insights.modules{'HttpRedirectionModule': 10299, 'BasicAuthenticationModule': 4665}These attributes may be used for any network related operation.
network.carrier.nameMagenta; AT&Tnetwork.connection.subtypelte; 802.11xnetwork.connection.typecell; wifinetwork.protocol.nameamqp; http; mqttnetwork.protocol.version1.1; 3.1.1network.transporttcp; udpnetwork.connection.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
cellunavailableunknownwifiwirednetwork.transport has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
inprocotherpipetcpudpunixSignals that there is only in-process communication not using a "real" network protocol in cases where network attributes would normally be expected. Usually all other network attributes can be left out in that case.
network.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ipv4ipv6Fields that are used in extensions to describe network devices.
device10.102.0.45:161device.address10.102.0.45device.nameAT1i-WLC-TestingLab.dynatrace.orgdevice.port161nodejs.app.base.dirnodejs.app.namenodejs.script.nameFields that can come from applications running on Openstack.
openstack.availability_zoneus-east-1aopenstack.instance_uuid6790cb48-f8e9-4773-bcea-001469de0599The origin of a request associated with this event.
origin.address10.11.12.13origin.sessionnode0hfzncorigin.typeREST; LOCALorigin.x_forwarded_for1.2.3.4origin.type MUST be one of the following:
LOCALRESTThe os namespace contains information on the operating system running an application.
os.nameiOSos.version15.3.1otel.scope.nameInstrumentationScope.Name in OTLP).io.opentelemetry.contrib.mongodbotel.scope.versionInstrumentationScope.Version in OTLP).1.0.0php.cli.script.pathphp.cli.working.dirphp.drupal.application.namephp.fpm.pool.namephp.symfony.application.namephp.wordpress.blog.nameprocess.executable.nameName in proc/[pid]/status. On Windows, can be set to the base name of GetProcessImageFileNameW.otelcolprocess.executable.pathproc/[pid]/exe. On Windows, can be set to the result of GetProcessImageFileNameW./usr/bin/cmd/otelcolprocess.pid1234request.id95efd70fcdb5b7b3; 96835e1d65490b48request.is_failedrequest.is_root_spanRequest scoped attributes (e.g. method parameters, return values, class names, …) captured by the OneAgent based on a request attribute definition. The actual name of the attribute is the prefix "request_attribute" plus the "request attribute name" defined in the request attributes configuration. Request attributes are built based on captured attributes and other attributes like HTTP header values or "normal" span attributes, on which the aggregations (first/last value, distinct values, ...), type conversion and normalizations defined in the request attribute configuration are performed. They are evaluated for an entire request (possibly consisting of multiple spans) and are stored only on the request root node.
request_attribute.__attribute_name____attribute_name__ defined by the request attribute configuration. The data type of the value depends on the request attribute definition.sensitive-spans42; Platinum; ['Product A', 'Product B']; ['Special Offer', '1702']rpc.namespacetempuri.orgrpc.servicemyservice.EchoServicerpc.systemapache_cxf; dotnet_wcf; grpc; jax_wsThis is the logical name of the method from the RPC interface perspective, which can be different from the name of any implementing method/function. The code.function attribute may be used to store the latter (e.g., method actually executing the call on the server side, RPC client stub method on the client side).
This is the logical name of the service from the RPC interface perspective, which can be different from the name of any implementing class. The code.namespace attribute may be used to store the latter (despite the attribute name, it may include a class name; e.g., class with method actually executing the call on the server side, RPC client stub class on the client side).
rpc.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
apache_axisapache_cxfapache_winkdotnet_remotingdotnet_wcfgrpcjava_rmijax_wsjbossjerseyopenedgeresteasyrestletspring_wstibco_wsweblogic_wswebmethodsThe server namespace contains information on the responder of a network connection.
server.addressexample.comserver.port65123; 80server.resolved_ipsserver.address.[194.232.104.141, 2a01:468:1000:9::140]service.nameshoppingcartservlet.context.nameservlet.context.pathFields that are used in SNMP extensions.
trap_oidSNMPv2-MIB::coldStartversionSNMPv3softwareag.install.rootsoftwareag.product.prop.namespan.alternate_parent_idspan.id of this span's parent span. In case a trace is monitored by more tracing systems (e.g. OneAgent + OpenTelemetry) there might be two potential parent spans. If these two spans differ, span.parent_id holds the span.id of the parent which is known to originate from same tenant and this attribute shows the other. The span.alternate_parent_id is a 8-byte id and hex-encoded if shown as a string.f76281848bd8288cspan.eventsspan.exit_by_exception_idexception.id of the exception the its span.events with the current span exited. The referenced exception has set the attribute exception.escaped to true.span.idspan.id is a 8-byte id and hex-encoded if shown as a string.f76281848bd8288cspan.is_exit_by_exceptiontrue if the span was exited by an exception. If set to false the span has exception events but the span was not exited by one of them.span.is_subroutinetrue indicates that this span is a subroutine of its parent span. The spans represent functions running on the same thread on the same call stack.span.kindserverspan.linksspan.nameprepareOrderItemsAndShippingQuoteFromCart; org.example.CheckoutService/PlaceOrder; orders process; GET /products/{product_id}; HTTP POSTspan.parent_idspan.id of this span's parent span. The span.parent_id is a 8-byte id and hex-encoded if shown as a string.f76281848bd8288cspan.status_codeunset.errorspan.status_messagespan.status_code is error.Connection closed before message completed; Error sending request for urlspan.timing.cpuspan.timing.cpu_selfspan.kind MUST be one of the following:
clientconsumerproducer request.internallinkproducerserverspan.status_code MUST be one of the following:
errorokspan_event.nameexceptionspan_event.name has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
bizeventexceptionfeature_flagLanguage Independent Interface Types For OpenTelemetry
spring.profile.namespring.startup.classDisk
storage.disk.encryptedstorage.disk.fstypeext4; btrfsstorage.disk.knamesdastorage.disk.modelbaracudastorage.disk.mountpoint/mnt/disk1storage.disk.other-mountpoints[/home/user1/mydisk, /opt/volume1]storage.disk.path/dev/sdastorage.disk.read-onlystorage.disk.removablestorage.disk.serial1234-56789storage.disk.typedisk; hardware raidstorage.disk.vendorseagatePartition
storage.partition.encryptedstorage.partition.fstypeext4; btrfsstorage.partition.knamesda1storage.partition.mountpoint/mnt/diskAstorage.partition.other-mountpoints[/home/user1/mydiskA, /opt/volumeA]storage.partition.path/dev/sda1storage.partition.read-onlystorage.partition.removablestorage.partition.typepartitionVolume
storage.volume.display-namevg0-lv1; vg1-lv2; my-volumestorage.volume.fstypeext4; btrfsstorage.volume.knamedm-1; dm-2; dm-5storage.volume.mountpoint/mnt/diskAstorage.volume.other-mountpoints[/home/user1/mydiskA, /opt/volumeA]storage.volume.path/dev/mapper/vg0-lv1storage.volume.read-onlystorage.volume.removablestorage.volume.typelvmSoftware RAID
storage.software-raid.encryptedstorage.software-raid.fstypeext4; btrfsstorage.software-raid.knamemd0; md1; md3storage.software-raid.mountpoint/mnt/diskAstorage.software-raid.other-mountpoints[/home/user1/mydiskA, /opt/volumeA]storage.software-raid.parentmd0storage.software-raid.path/dev/md0storage.software-raid.read-onlystorage.software-raid.removablestorage.software-raid.typeraid0, raid10Additional information about the attributes of a data point.
supportability.alr_sampling_ratiosupportability.alr_sampling_ratio would be 8 and the numerator is 1.8supportability.atm_sampling_ratiosupportability.atm_sampling_ratio would be 16 and the numerator is 1.16supportability.custom_service.rule_id4d76194c11a9426197a9062548f9e66esupportability.dropped_attributes_count1supportability.dropped_events_count1supportability.dropped_links_count1supportability.endpoint_name_ruleendpoint.name.http.route; rpc.methodsupportability.flaws[C4, S3, A2]supportability.non_persisted_attribute_keys["my_span_attribute", "db.name"]supportability.original_start_timestart_time attribute was truncated. Truncating the start time is technically required for long running spans that have a start time older than three days in the past.1649822520123123123supportability.serverid.addresseesupportability.serverid.processing.5supportability.serverid.processing5The telemetry.sdk.* fields are used to describe the telemetry SDK in OpenTelemetry or ODIN ingest. It can be considered the closest equivalent of ODIN/OTel data to dt.agent.module.*.
The telemetry.exporter.* fields are used to define the exporter that exports telemetry data and is expected to be different for each exporter in case when multiple exporters co-exist.
telemetry.exporter.nameodintelemetry.exporter.package_version1.285.1telemetry.exporter.version1.285.1.20240101-256988telemetry.sdk.languagenodejs; python; javatelemetry.sdk.nameodin; opentelemetrytelemetry.sdk.version1.20.0thread.id42thread.namemainthread.pool.nameWorkerThreadPooltibco.businessworks.app.node.nametibco.businessworks.app.space.nametibco.businessworks.domain.nametibco.businessworks.hometibco.businessworks.property.file.nametibco.businessworks.property.file.pathtibco.businessworks_ce.app.nametibco.businessworks_ce.versionThe time_correction namespace contains information on time corrections applied to the timestamps of an event, for example, start_time, timestamp or event.end.
Time corrections may be necessary if events are reported with timestamps that are completely off compared to cluster time. For example, Dynatrace RUM reported data can be off depending on client time.
time_correction.is_appliedfalsetime_correction.offset<corrected timestamp> = <original timestamp> + <offset>). May be a negative number. Example: original timestamp: 1670399998423233001, offset: 127927969312, corrected timestamp: 1670400126351202313127927969312trace.alternate_idtrace.alternate_id is a 16-byte id and hex-encoded if shown as a string.357bf70f3c617cb34584b31bd4616af8trace.idtrace.id is a 16-byte id and hex-encoded if shown as a string.357bf70f3c617cb34584b31bd4616af8trace.is_sampledtrace.statef4fe05b2-bd92206c@dt=fw4;3;abf102d9;c4592;0;0;0;2ee;5607;2h01;3habf102d9;4h0c4592;5h01;6h5f9a543f1184a52b1b744e383038911c;7h6564df6f55bd6eae,apmvendor=boo,foo=barThe url namespace contains semantic conventions for URL and its components.
url.domainwww.foo.bar; google.com; wikipedia.orgurl.fragmentSemConvurl.fullsensitive-spanshttps://www.foo.bar/docs/search?q=OpenTelemetry#SemConvurl.path/docs/searchurl.port443; 80url.querysensitive-spansq=OpenTelemetryurl.schemehttps; ftp; telneturl.truncated_pathhttp.route. The truncation logic depends on the technology and is a best effort to provide a stable value. Example Adobe Experience Manager (AEM): First two parts of url.path. Truncated value of /content/wknd/us/en/ is /content/wknd./docsRepresentation of a physical or logical user.
user.emailuser@mail.comuser.id35ba9499-f87c-4047-962c-14dc32e255e5; systemuser.nameWolfgang Amadeus Mozart; Systemuser.organizationDYNATRACE; CUSTOMER; PARTNERuser.organization MUST be one of the following:
CUSTOMERDYNATRACEPARTNERuser.organization MUST be one of the following:
DYNATRACECUSTOMERPARTNERThe vcs namespace contains information about Version Control Systems.
vcs.repository.change.id1234vcs.repository.change.titleCA-1234: Fix some stuff; [chore] update dependencyvcs.repository.ref.namemy-branch-namevcs.repository.ref.revisiond4322ab6cba38d21ad83c9de304a6a214ecf2cdc; main; 1337vcs.repository.ref.typebranch; tagvcs.repository.url.fullhttps://github.com/dynatrace-oss/terraform-provider-dynatraceFields that can come from applications running on VMware.
vmware.datacenter.namesrvwasapp1Cell01vmware.disk.namesrvwasapp1Cell01vmware.hypervisor.namemy-hypervisor.lab.dynatrace.orgvmware.nic.namevmnic0; vmnic1; vmnic2vmware.vcenter.namemy-vcenter.lab.dynatrace.orgvmware.vm.nameeasytravel-demovulnerability.code_location.nameorg.dynatrace.profileservice.BioController.markdownToHtml(String):80vulnerability.cvss.base_score8.1vulnerability.cvss.version3.1vulnerability.davis_assessment.assessment_modeFULL; NOT_AVAILABLE; REDUCEDvulnerability.davis_assessment.assessment_mode_reasons[LIMITED_BY_CONFIGURATION, LIMITED_AGENT_SUPPORT]vulnerability.davis_assessment.data_assets_statusNOT_AVAILABLE; NOT_DETECTED; REACHABLEvulnerability.davis_assessment.exploit_statusAVAILABLE; NOT_AVAILABLEvulnerability.davis_assessment.exposure_statusNOT_AVAILABLE; NOT_DETECTED; PUBLIC_NETWORK; ADJACENT_NETWORKvulnerability.davis_assessment.levelLOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.davis_assessment.score8.1vulnerability.davis_assessment.vulnerable_function_statusIN_USE; NOT_AVAILABLE; NOT_IN_USEvulnerability.descriptionMore detailed description about improper input validation vulnerability.vulnerability.display_idS-1234vulnerability.external_idSNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646vulnerability.external_urlhttps://example.comvulnerability.first_seen2023-03-22T13:19:36.945Zvulnerability.id2039861408676243188vulnerability.is_fix_availablevulnerability.mute.change_date2023-03-22T13:19:36.945Zvulnerability.mute.commentMuted because it's a false positive.vulnerability.mute.reasonFALSE_POSITIVE; IGNORE; AFFECTED; CONFIGURATION_NOT_AFFECTED; OTHERvulnerability.mute.statusMUTED; NOT_MUTEDvulnerability.mute.useruser@example.comvulnerability.parent.davis_assessment.assessment_modeFULL; NOT_AVAILABLE; REDUCEDvulnerability.parent.davis_assessment.data_assets_statusNOT_AVAILABLE; NOT_DETECTED; REACHABLEvulnerability.parent.davis_assessment.exposure_statusNOT_AVAILABLE; NOT_DETECTED; PUBLIC_NETWORK; ADJACENT_NETWORKvulnerability.parent.davis_assessment.levelLOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.parent.davis_assessment.score8.1vulnerability.parent.davis_assessment.vulnerable_function_statusIN_USE when there's at least one vulnerable function in use by an application.IN_USE; NOT_AVAILABLE; NOT_IN_USEvulnerability.parent.first_seen2023-03-22T13:19:36.945Zvulnerability.parent.mute.change_date2023-03-22T13:19:36.945Zvulnerability.parent.mute.reasonFALSE_POSITIVE; IGNORE; AFFECTED; CONFIGURATION_NOT_AFFECTED; OTHERvulnerability.parent.mute.statusMUTED; NOT_MUTEDvulnerability.parent.mute.useruser@example.comvulnerability.parent.resolution.change_date2023-03-22T13:19:37.466Zvulnerability.parent.resolution.statusOPEN; RESOLVEDvulnerability.parent.risk.levelLOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.parent.risk.score8.1vulnerability.previous.cvss.base_score8.1vulnerability.previous.davis_assessment.data_assets_statusNOT_AVAILABLE; NOT_DETECTED; REACHABLEvulnerability.previous.davis_assessment.exploit_statusAVAILABLE; NOT_AVAILABLEvulnerability.previous.davis_assessment.exposure_statusNOT_AVAILABLE; NOT_DETECTED; PUBLIC_NETWORK; ADJACENT_NETWORKvulnerability.previous.davis_assessment.levelLOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.previous.davis_assessment.score8.1vulnerability.previous.davis_assessment.vulnerable_function_statusIN_USE; NOT_AVAILABLE; NOT_IN_USEvulnerability.previous.mute.change_date2023-03-22T13:19:36.945Zvulnerability.previous.mute.commentMuted because it's a false positive.vulnerability.previous.mute.reasonMuted: False positivevulnerability.previous.mute.statusMUTED; NOT_MUTEDvulnerability.previous.mute.useruser@example.comvulnerability.previous.resolution.statusOPEN; RESOLVEDvulnerability.previous.risk.levelLOW; MEDIUM; HIGH; CRITICALvulnerability.previous.risk.score8.1vulnerability.references.cve[CVE-2021-41079]vulnerability.references.cwe[CWE-20]vulnerability.references.owasp[2021:A3]vulnerability.remediation.descriptionUpgrade component to version 1.2.3 or highervulnerability.resolution.change_date2023-03-22T13:19:37.466Zvulnerability.resolution.statusOPEN; RESOLVEDvulnerability.risk.levelLOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.risk.scaleDavis Security Scorevulnerability.risk.score8.1vulnerability.stackCODE; CODE_LIBRARY; SOFTWARE; CONTAINER_ORCHESTRATIONvulnerability.technologyJAVA; DOTNET; GO; PHP; NODE_JSvulnerability.titleImproper Input Validationvulnerability.typeImproper Input Validationvulnerability.urlhttps://example.comvulnerability.davis_assessment.assessment_mode has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
FULLNOT_AVAILABLEREDUCEDvulnerability.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
NOT_AVAILABLENOT_DETECTEDREACHABLEvulnerability.davis_assessment.exploit_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AVAILABLENOT_AVAILABLEvulnerability.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ADJACENT_NETWORKNOT_AVAILABLENOT_DETECTEDPUBLIC_NETWORKvulnerability.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IN_USENOT_AVAILABLENOT_IN_USEvulnerability.mute.reason has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AFFECTEDCONFIGURATION_NOT_AFFECTEDFALSE_POSITIVEIGNOREOTHERvulnerability.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
MUTEDNOT_MUTEDvulnerability.parent.davis_assessment.assessment_mode has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
FULLNOT_AVAILABLEREDUCEDvulnerability.parent.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
NOT_AVAILABLENOT_DETECTEDREACHABLEvulnerability.parent.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ADJACENT_NETWORKNOT_AVAILABLENOT_DETECTEDPUBLIC_NETWORKvulnerability.parent.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.parent.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IN_USENOT_AVAILABLENOT_IN_USEvulnerability.parent.mute.reason has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AFFECTEDCONFIGURATION_NOT_AFFECTEDFALSE_POSITIVEIGNOREOTHERvulnerability.parent.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
MUTEDNOT_MUTEDvulnerability.parent.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
OPENRESOLVEDvulnerability.parent.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.previous.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
NOT_AVAILABLENOT_DETECTEDREACHABLEvulnerability.previous.davis_assessment.exploit_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AVAILABLENOT_AVAILABLEvulnerability.previous.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ADJACENT_NETWORKNOT_AVAILABLENOT_DETECTEDPUBLIC_NETWORKvulnerability.previous.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.previous.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IN_USENOT_AVAILABLENOT_IN_USEvulnerability.previous.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
MUTEDNOT_MUTEDvulnerability.previous.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
OPENRESOLVEDvulnerability.previous.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
OPENRESOLVEDvulnerability.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.stack has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CODECODE_LIBRARYCONTAINER_ORCHESTRATIONSOFTWAREvulnerability.technology has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
DOTNETGOJAVANODE_JSPHPweblogic.cluster.nameOrderManagement2weblogic.domain.nameCustomerManagementFulfillmentSvcweblogic.home/apps/infra/wls/bin/10.3.6_64/wlserver_10.3/serverweblogic.server.nameOrderManagement2Srv1websphere.cell.namesrvwasapp1Cell01websphere.cluster.nameCluApp1websphere.node.namenodeSrvApp2websphere.server.nameSrvApp2websphere_liberty.server.namedefaultServerwinlog.eventid4624; 1000winlog.keywordsClassic; Startedwinlog.levelCritical; Error; Warrningwinlog.opcodeInfo; Downloadwinlog.providerAvecto Service; Security-SPPwinlog.task5; 12804winlog.usernameSYSTEM; N/Azos.address_space_id1; 296zos.job_idJOB12345zos.job_nameCICSAOR0; CTGATM00; IMSCR15zos.job_step_id00000001; 00000002zos.lpar_nameS0W1; ABCDzos.sys_idC259; CICS; IMSFzos.transaction.call_typeCTGzos.transaction.idCEMT; DTAX; IVTNOzos.transaction.job_nameCICSAOR0; CTGATM00; IMSCR15zos.transaction.lpar_nameS0W1; ABCDzos.transaction.program_typeDLI_DB; DLI_DC; MQ; DB2zos.transaction.call_type MUST be one of the following:
CTGDPLHTTPIMS_CONNECTIMS_CONNECT_APIITRAMQMSCPGM_SWITCHSDKSHARED_QUEUESOAPSTARTTTXTXZOS_CONNECTzos.transaction.program_type MUST be one of the following:
DB2DLI_DBDLI_DCMQcics.transaction.class_namenull; DFHTCL00cics.transaction.client.ip194.232.104.141; 2a01:468:1000:9::140cics.transaction.client.port65123; 80cics.transaction.path.name/dtroutercics.transaction.system_idC259; CICScics.transaction.task_id1234cics.transaction.transaction_group_id160dd5c5e3c44bc8e5c5c1c3f4f4f9df9fa2d8b049cb800000000000cics.transaction.unit_of_work_id15977055984148641282; 15977055491352760323cics.transaction.user_idUSER1; anoncics.transaction.wlm.reporting_service_class_namenull; BAT_ATM; RC_CICScics.transaction.wlm.service_class_namenull; SYSSTC; VEL15I5cics.file.defining_region_nameC259; CICScics.file.is_localtruecics.file_nameEXMPCAT; CICSFILEims.message.transaction.message.segment_count1; 5ims.message.transaction.message.size10; 421ims.message.transaction.terminal_nameHWSAM5ZD; 10505ims.message.transaction.unit_of_work_id5981228500318430862871015129591113287966852300630664295044916520394057871645605888; 5981112713529734741010744557477214433959078921583025076794253743298954785382793216ims.message.transaction.user_idUSER1; anonims.execution.transaction.commit_count4; 5ims.execution.transaction.current_priority1; 5ims.execution.transaction.execution_class45; 66ims.execution.transaction.psb_nameHWSAM5ZD; 10505ims.execution.transaction.schedule_count346613; 421ims.execution.transaction.unit_of_work_id5981228500318430862871015129591113287966852300630664295044916520394057871645605888; 5981112713529734741010744557477214433959078921583025076794253743298954785382793216ims.connect.transaction.client.ip194.232.104.141; 2a01:468:1000:9::140ims.connect.transaction.server.port65123; 80ims.connect.transaction.user_idUSER1; anonims.tm.resource.adapter.semantic_detection_version1ims.tm.resource.adapter.transaction.client.ip194.232.104.141; 2a01:468:1000:9::140ims.tm.resource.adapter.transaction.client.port65123; 80ims.tm.resource.adapter.transaction.commit_mode0ims.tm.resource.adapter.transaction.datastore_nameIMS1500ims.tm.resource.adapter.transaction.interaction_verb0ims.tm.resource.adapter.transaction.lpar_nameS0W1; ABCDims.tm.resource.adapter.transaction.sync_level0ims.tm.resource.adapter.transaction.commit_mode MUST be one of the following:
01ims.tm.resource.adapter.transaction.interaction_verb MUST be one of the following:
0134567ims.tm.resource.adapter.transaction.sync_level MUST be one of the following:
01zosconnect.api.descriptionAPI for the CICS catalog manager sample applicationzosconnect.api.namecatalogzosconnect.api.version1.0.0zosconnect.request.body.size234zosconnect.request.id2215zosconnect.response.body.size125zosconnect.service.descriptionEDUCHAN service using the CICS Service Providerzosconnect.service.nameplaceOrderzosconnect.service.provider.nameCICS-1.0zosconnect.service.version2.0zosconnect.sor.identifierlocalhost:8080zosconnect.sor.referencecicsConnzosconnect.sor.resource01,DFH0XCMNzosconnect.sor.typeCICSzosconnect.request.type MUST be one of the following:
ADMINAPISERVICEUNKNOWNzosconnect.sor.type MUST be one of the following:
CICSIMSMQRESTWOLA