The following reference contains a list of global fields that have a well defined semantic meaning in Dynatrace and can be used across different monitoring types. The fields are organized in namespaces that are separated with dots.
The top level fields contain generally relevant information for all monitoring data
timestamp
1649822520123123123
timeframe
start_time
end_time
.1649822520123123123
end_time
start_time
.1649822520123123165
duration
start_time
and end_time
in nanoseconds.42
interval
1 min
adobe.em.env_type
dev
; stage
; prod
adobe.em.program
adobe.em.service
adobe.em.tier
author
; publish
; preview
OneAgent might aggregate spans having the same parent span into a single one. The aggregated span contains attributes to indicated that aggregation happened and to allow to reconstruct details.
For aggregated spans the start_time
holds the earliest start_time
, end_time
holds the latest end_time
of all aggregated spans.
aggregation.count
3
aggregation.duration_max
482
aggregation.duration_min
42
aggregation.duration_samples
[42, 482, 301]
aggregation.duration_sum
123
aggregation.exception_count
0
; 6
aggregation.parallel_execution
true
indicates that aggregated spans may have been executed in parallel. Therefore start_time + duration_sum
may exceed end_time
.apache.httpd.config.path
apache.spark.master.ip
apache.tomcat.base
/usr/share/tomcat6
apache.tomcat.home
/usr/share/tomcat6
The app namespace contains information on the application sending the event.
app.bundle
com.example.easytravel
app.id
easytravel
app.short_version
5.23
app.version
5.23.15789
; 143542
The artifact
namespace contains information about software artifacts.
artifact.attestation.filename
artifact.filename
.carts-service-amd64-0.1.1.tar.gz.intoto.json1
artifact.attestation.hash
b4e370270ac4fe8d728b845ab8d190a7c931f09ff7b0156dd4d6abf797f1fe6a
artifact.filename
artifact.id
, but can contain the artifact.version
and other data like file extension.carts-service-amd64-0.1.1.tar.gz
artifact.hash
6c323d126547f71fafb4bffa02cdc480fb284678644ef0b6c69029f051fe5137
artifact.id
carts-service
artifact.name
Carts service
artifact.purl
pkg:npm/%40dynatrace/backstage@2.0.0
; pkg:deb/debian/curl@7.50.3-1?arch=i386&distro=jessie
artifact.version
0.1.1
aspnetcore.appl.path
Authentication type and method used to login to a Dynatrace system.
authentication.client.id
dt0s02.UZCK6ENL.2YQ2A3DZUEISRJSUU5544J3SC3TMPXSEEMNA5HK7RW54SJ6XKLYGMWJNKL7B2DNH
authentication.grant.type
AUTHORIZATION_CODE
; CLIENT_CREDENTIALS
authentication.token
dt0c01.AM4SEYKIBROBEJ2N3HAXZ4IX
authentication.type
OAUTH2
authentication.grant.type
MUST be one of the following:
AUTHORIZATION_CODE
CLIENT_CREDENTIALS
authentication.type
MUST be one of the following:
DEVOPSTOKEN
NONE
TOKEN
authentication.client.id
and authentication.token
MUST follow the Dynatrace token format definition.
Specifically, authentication.client.id
MUST be prefixed with dt0s02.
Information about entity availability. Sample usage is reporting hosts and PGI-s availability by OS Agent. Value of availability.state can be used for calculating aggregate availability (dividing count of "successful" requests by count of all requests). With constant frequency of requests it can be treated as a time-base availability, showing percentage of time that the monitored entity was available.
availability.state
up
availability.state
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
available
no_data
no_data_agent_inactive
reboot_graceful
reboot_ungraceful
shutdown_host
unavailable
unimportant
unmonitored_agent_stopped
unmonitored_agent_uninstalled
unmonitored_agent_upgrade
up
Fields that can come from applications running on AWS.
aws.account.id
permission
123456789012
aws.alb.name
my-alb
aws.arn
arn:aws:lambda:us-east-1:478983378254:function:acceptanceWeatherBackend
aws.availability_zone
us‑east‑1a
; us‑east‑1b
aws.ecr.account.id
aws.ecr.region
aws.ecs.cluster
aws.ecs.container.arn
arn:aws:ecs:us-west-2:111122223333:container/05966557-f16c-49cb-9352-24b3a0dcd0e1
aws.ecs.container.name
aws.ecs.docker.id
cd189a933e5849daa93386466019ab50-2495160603
aws.ecs.docker.name
curl-image
aws.ecs.family
aws.ecs.revision
aws.ecs.task.arn
arn:aws:ecs:us-west-2:111122223333:task/default/cd189a933e5849daa93386466019ab50
aws.lambda.function.name
aws.lambda.initialization_type
snap_start
aws.log_group
/aws/lambda/a-SomeFumction-1AWHD6W1QC5DH
aws.log_stream
2021/01/04/[$LATEST]b2e34f11da04232cb9f9d3d5799a5c12
aws.region
us-east-1
aws.resource.id
i-0922cda4579db3a45
aws.resource.name
my-ec2-instance
aws.resource.type
group
; cluster
; instance
aws.service
s3
aws.lambda.initialization_type
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
on-demand
provisioned-concurrency
snap-start
aws.lambda.invoked_arn
Context
passed to the function (Lambda-Runtime-Invoked-Function-Arn
response header from the request to /runtime/invocation/next
).arn:aws:lambda:us-east-1:123456789012:function:acceptanceWeatherBackend:production
aws.x_amzn_request_id
123344566
aws.x_amzn_trace_id
Root=1-63441c4a-abcdef012345678912345678
; Self=1-63441c4a-12456789abcdef012345678;Root=1-67891233-abcdef012345678912345678
Fields that can come from applications running on Azure.
azure.class_name
Host.Functions
azure.event_hub_namespace.name
my-event-hub
azure.location
East US
azure.management_group
Tenant Root Group
; My Custom Group
azure.resource.group
permission
demo-backend-rg
azure.resource.id
/subscriptions/27e9b03f-04d2-2b69-b327-32f433f7ed21/resourceGroups/demo-backend-rg/providers/Microsoft.ContainerService/managedClusters/demo-aks
azure.resource.name
demo-aks
azure.resource.type
Microsoft.ContainerService/managedClusters
azure.service_bus_namespace.name
my-service-bus
azure.site_name
dt-function-scripted
azure.sql_elastic_pool.name
contoso-elastic-pool
azure.sql_server.name
contoso-sql-server
azure.subscription
permission
27e9b03f-04d2-2b69-b327-32f433f7ed21
azure.vm.name
my-virtual-machine
azure.vm_scale_set.name
my-vmss
azure.vmid
090556DA-D4FA-764F-A9F1-63614EDA019A
Fields that are integral to applications managed by BOSH.
bosh.availability_zone
us-east-1a
bosh.instance_id
af318409-9e9d-4a18-aca4-0fb52bbdc526
bosh.name
isolated_diego_cell_devima
The browser namespace contains information on the browser running an application.
browser.name
Mozilla
browser.type
desktop
; mobile
; tablet
; robot
; other
browser.user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64)
browser.version
5.0
Span scoped attributes (e.g. method parameters, return values, class names, …) captured by the OneAgent based on a request attribute rule. The actual name of the attribute is the prefix "captured_attribute" plus the "request attribute name" defined in the request attributes configuration. In contrast to request attributes, captured attributes contain the raw values reported by the OneAgent at the location (i.e. on the active span) where they appeared. No aggregation (first/last value, distinct values, ...), type conversion or normalization is performed on them. They are the basis for request attributes.
captured_attribute.__attribute_name__
__attribute_name__
defined by the request attribute configuration. The values are always mapped as array according to the type of the captured attributes, so either boolean, double, long or string. If the captured attributes have mixed types (e.g. long and string, or double and long, etc.), all attributes are converted to string and stored as string array.[42]
; ['Platinum']
; [32, 16, 8]
; ['Special Offer', '1702']
; ['18.35', '16']
cassandra.cluster.name
The cicd
namespace contains information about Continuous Integration and Continuous Deployment systems.
cicd.pipeline.id
12345
cicd.pipeline.name
CI pipeline for main branch
cicd.pipeline.run.id
9876
cicd.pipeline.run.outcome
success
cicd.pipeline.run.url.full
https://github.com/ACME/ACME-repo/actions/runs/9876
cicd.pipeline.url.full
https://github.com/ACME/ACME-repo/actions/workflows/ci-build.yml
cicd.upstream_pipeline.id
12345
cicd.upstream_pipeline.run.id
1337
cicd.pipeline.run.outcome
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
canceled
error
failure
skipped
success
timed_out
warning
The client namespace contains information on the initiator of a network connection.
client.ip
sensitive-spans
194.232.104.141
; 2a01:468:1000:9::140
client.ip.is_public
true
client.isp
Internet Service Provider Name
client.port
65123
; 80
Fields related to cloud deployments that can be used across different providers.
cloud.account.id
111111111111
; opentelemetry
cloud.availability_zone
us-east-1a
cloud.provider
alibaba_cloud
cloud.region
us-east-1
cloud.resource_id
arn:aws:lambda:REGION:ACCOUNT_ID:function:my-function
; //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID
; /subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>
The prefix of the service matches the one specified in cloud.provider
.
cloud.platform
MUST be one of the following:
alibaba_cloud_ecs
alibaba_cloud_fc
alibaba_cloud_openshift
aws_app_runner
aws_ec2
aws_ecs
aws_eks
aws_elastic_beanstalk
aws_lambda
aws_openshift
azure_aks
azure_app_service
azure_container_instances
azure_functions
azure_openshift
azure_vm
gcp_app_engine
gcp_cloud_functions
gcp_cloud_run
gcp_compute_engine
gcp_kubernetes_engine
gcp_openshift
ibm_cloud_openshift
tencent_cloud_cvm
tencent_cloud_eks
tencent_cloud_scf
cloud.provider
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
alibaba_cloud
aws
azure
gcp
heroku
ibm_cloud
tencent_cloud
cloudfoundry.application.id
cloudfoundry.application.name
cloudfoundry.instance.index
cloudfoundry.space.id
cloudfoundry.space.name
code.call_stack
code.function
. The call stack starts with the code.function
and the stack frames are separated by a line feed.com.example.SampleClass.doProcessing(SampleClass.java) com.example.SampleClass.doSomeWork(SampleClass.java) com.example.SampleClass.main(SampleClass.java)
code.filepath
/usr/local/MyApplication/content_root/app/index.php
code.function
serveRequest
code.invoked.filepath
code.filepath
, only it represents the file path of the function that was active when a span has been started. Typically it is the function that has been instrumented. Should only be set if it differs from code.filepath
./usr/local/MyApplication/content_root/app/index.php
code.invoked.function
code.function
, only it represents the function that was active when a span has been started. Typically it is the function that has been instrumented. The spans duration does not reflect the duration of this function execution. Should only be set if it differs from code.function
.invoke
code.invoked.namespace
code.namespace
, only it represents the namespace of the function that was active when a span has been started. Typically it is the function that has been instrumented. Should only be set if it differs from code.namespace
.com.sun.xml.ws.server.InvokerTube$2
code.namespace
code.function
is defined. Usually the qualified class or module name, such that code.namespace
+ some separator + code.function
form a unique identifier for the code unit.com.example.MyHttpService
coldfusion.jvm.config.file
coldfusion.service.name
For some technologies compilation of code might be a significant contributor to request execution time. Compilation timings provide insight into this, where available.
compilation_timings.compilation_count
compilation_timings.duration_sum
.7
compilation_timings.duration_sum
6723
compilation_timings.top_compilations
compilation_timings.duration_sum
, represented as map from compilation unit name to duration in nanoseconds spent.{'/home/user/test/php/build/tmp/php-htdocs/memcached/memcachedCli.php': 1952, '/home/user/test/php/build/tmp/php-htdocs/curl_cli_uri_filtering.php': 1306}
container.id
a3bf90e006b2
container.image.name
gcr.io/opentelemetry/operator
container.image.version
0.1
container.name
opentelemetry-autoconf
CTG (shorthand for "CICS Transaction Gateway") is a connector for enterprise modernization of CICS assets. It empowers various application platforms, such as Java servlets, to incorporate CICS programs.
CICS (shorthand for "Customer Information Control System") is a middleware to support rapid, high-volume online transaction processing on IBM mainframe systems on z/OS. CTG features a client and a server, which communicate via so-called GatewayRequests.
ctg.request.call_type
2
ctg.request.commarea_length
0
ctg.request.extend_mode
11
ctg.request.flow_type
5
ctg.request.gateway_url
tcp://1.2.3.4:5678/
ctg.request.object_name
ctg.request.server_id
IPICTEST
ctg.request.term_id
CN02
ctg.request.type
BASE
ctg.response.code
-23
The values are defined in the IBM CTG API source code.
ctg.request.type
MUST be one of the following:
ADMIN
AUTH
BASE
ECI
EPI
ESI
XA
custom_service.method
startTask
; run
; authenticate
custom_service.name
MyCustomService
; AuthenticationComponent
db.affected_item_count
32
db.collection.name
customers
; public.users
db.connection_string
sensitive-spans
jdbc:dynamodb:Access Key=XXX;Secret Key=XXX;Domain=amazonaws.com;Region
db.cosmosdb.request_charge
4.95
; 2.0
db.dynamodb.region
cloud.region
).us-east-1
db.dynamodb.table_names
[Cats, Dogs]
db.namespace
customers
; test.users
db.operation.name
drop
; findAndModify
; SELECT
; PREPARE
; GetItem
; set
; LPUSH
; mutateIn
; ReadItems
db.query.parameters
sensitive-spans
[{'name': 'paul', 'age': '23'}, {'name': 'mary', 'age': '32'}]
; [{'0': 'paul', '1': '23'}, {'0': 'mary', '1': '32'}]
db.query.text
SELECT * FROM wuser_table
; SET mykey "WuValue"
db.result.duration_max
345
db.result.duration_min
123
db.result.duration_sum
234
db.result.exception_count
2
db.result.execution_count
12
db.result.roundtrip_count
2
db.system
mongodb
; mysql
Depending on the data provided on ingest this attribute may be derived by e.g. parse of db.query.text
. Parsing might fail or result might be inaccurate.
The value may be sanitized to exclude sensitive information.
db.system
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
adabas
cache
cassandra
clickhouse
cloudscape
cockroachdb
coldfusion
cosmosdb
couchbase
couchdb
db2
derby
dl/i
dynamodb
edb
elasticsearch
filemaker
firebird
firstsql
geode
h2
hanadb
hbase
hive
hsqldb
informix
ingres
instantdb
interbase
mariadb
maxdb
memcached
mongodb
mssql
mssqlcompact
mysql
neo4j
netezza
opensearch
oracle
other_sql
pervasive
pointbase
postgresql
progress
redis
redshift
spanner
sqlite
sybase
teradata
vertica
deployment.release_build_version
2021-03-24
deployment.release_product
WoGo Main
deployment.release_stage
production
deployment.release_version
0.4.1
The device namespace contains information on the device running an application. This should only be used for end-user devices or devices outside of a private infrastructure. In line with the naming conventions and guidelines, we are in this case adhering to the emerging Open Telemetry convention around this, with some additions.
device.battery.level
100
device.is_rooted
false
device.manufacturer
Apple
device.model.identifier
iPhone3,4
device.orientation
landscape
device.screen.height
1152
device.screen.width
2048
Fields describing a disk.
disk.all_mountpoints
[/mnt/storage, /home, /var/log]
disk.device_name
sda
disk.mountpoint
/mnt/storage
disk.remote_disk_id
0
; 16864135562327138441
; 18446744073709551615
db.dli.pcb
3
; MYPCBNAM
db.dli.pcb_type
DC
; DL/I
; F/P
db.dli.processing_options
GR
db.dli.segment_level
3
; 24
db.dli.segment_name
PARTROOT
db.dli.status_code
QC
db.dli.terminal_name
HWSAM5ZD
; 10505
db.dli.pcb_type
MUST be one of the following:
DC
DL/I
F/P
dotnet.dll.file
dotnet.dll.path
Metadata with ActiveGate realated information.
dt.active_gate.group.name
GdanskLab
dt.active_gate.id
0x
0xef3d21c3
dt.active_gate.working_mode
cluster
dt.active_gate.working_mode
MUST be one of the following:
cluster
embedded
environment
multitenant
dt.active_gate.api_connector.config_id
123
; 9276
dt.active_gate.api_connector.pipeline_identifier
Kubernetes/Topology
dt.active_gate.api_connector.pipeline_status
failed
dt.active_gate.api_connector.technology_id
Kubernetes
; CloudFoundry
; AWS
; Dynatrace Extension
; Azure
dt.active_gate.api_connector.pipeline_status
MUST be one of the following:
failed
skipped
succeeded
Metadata of the OneAgent module that reported a signal. These attributes are what one would also see in OneAgent Health.
dt.agent.module.id
031f613871fab0b4
; fc3cd1bb276f0bed
dt.agent.module.parent_id
ea89eef5db8b85a9
dt.agent.module.type
apache
dt.agent.module.version
1.269.17.20221117-132428
dt.agent.module.version_short
dt.agent.module.version
's cardinality would be a problem1.269
dt.agent.module.type
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
apache
dotnet
dumpproc
extensions
go
iis
java
log_analytics
net
nettracer
nginx
nodejs
opentracingnative
os
php
plugin
process
python
remote_plugin
ruby
sdk
support
updater
varnish
wsmb
z
Fields defined in this namespace are used by Dynatrace to describe various aspects of events emitted by the AutomationEngine.
dt.automation_engine.action.app
dynatrace.workflows
dt.automation_engine.action.function
task_1
dt.automation_engine.action_execution.id
23e7b55a-884f-4497-8ad6-8d49d52b4348
dt.automation_engine.action_execution.loop.index
dt.automation_engine.action_execution.retry.count
dt.automation_engine.state
IDLE
; RUNNING
; WAITING
; SUCCESS
; ERROR
; CANCELLED
dt.automation_engine.state.is_final
dt.automation_engine.state
is a final and immutable state or if further processing will happen.true
; false
dt.automation_engine.state_info
ERROR
dt.automation_engine.task.name
task_1
dt.automation_engine.task_execution.id
6580d4af-6b1f-4e54-92fa-f47e94507acd
dt.automation_engine.workflow.id
26c0334e-a3e1-4585-8cd8-2d72742fe141
dt.automation_engine.workflow.title
My Workflow
dt.automation_engine.workflow.type
SIMPLE
; STANDARD
dt.automation_engine.workflow_execution.id
737a248b-d1cb-49a4-bf08-7d4c37dbfb1e
dt.automation_engine.workflow_execution.trigger.type
Schedule
; Event
; Manual
dt.automation_engine.workflow_execution.trigger.user.id
dad18fa7-3c11-40a1-b760-1d8281bb5dcc
Some attributes are used in the context of the Davis engine.
These fields can be set in events to influence the Davis engine behavior.
dt.davis.analysis_time_budget
dt.davis.analysis_trigger_delay
dt.davis.is_entity_remapping_allowed
dt.davis.is_frequent_issue_detection_allowed
dt.davis.is_merging_allowed
dt.davis.is_problem_suppressed
dt.davis.is_rootcause_relevant
dt.davis.preferred_entity_type
my.custom.entity.type
dt.davis.timeout
These fields can be set by Davis routines.
dt.davis.anomaly_detection.alert
dt.davis.anomaly_detection.anomaly
dt.davis.anomaly_detection.lower
dt.davis.anomaly_detection.upper
dt.davis.forecast.lower
dt.davis.forecast.point
dt.davis.forecast.upper
The Dynatrace OneAgent associates monitoring data with a so called Monitored Entity ID (ME ID). On OneAgent monitored environments, whenever ME IDs are accessible within the monitored system they should be used to enrich monitoring data to facilitate correlations with data primarily addressed through ME IDs coming from other channels.
The structure for keys that signify entity IDs is dt.entity.{type of entity}
.
The value associated with such a key must be valid Dynatrace entity identifier
(see Monitored entities API).
To allow linking Entity IDs across various different monitoring artifacts (logs, metrics, etc.), all string representations of Entity IDs are required to follow a canonical form, which for all current entities is defined as PREFIX-0123456789ABCDEF
.
Consumers should treat the token as an opaque value and must not infer any semantics on the ID itself. Producers need to match the Entity ID that is being returned by Dynatrace Entity API verbatim.
Producers of string representation must treat the string as if it was parsed case-sensitively, even though some parts of the product may be more lenient.
The structure of the entity ID is currently as follows: <ID-NAMESPACE>-<16-digit-hex-string>
. The <ID-NAMESPACE>
is type specific but cannot be used to determine the actual entity type reliably, especially in cases of CUSTOM_DEVICE
. The <16-digit-hex-string>
needs to be zero-padded (prefix) to a length of 16 digits and must use upper case letters A-F
.
Current entity IDs in cannonical form can be represented structurally with the following regular expression: [A-Z][A-Z_]*-[0-9A-F]{16}
.
Additional characters or changes in the format may happen in the future but will not invalidate existing IDs or ID generation rules.
When adding a name to an entity ID via the Grail function entityName, by default, the name of the respective entity will be represented as dt.entity.{type of entity}.name
. Similarly, further entity attributes can be added via the Grail function entityAttr, resulting in additional field(s) following the naming convention dt.entity.{type of entity}.{name of attribute}
.
dt.entity.application
entity-id
APPLICATION-DC92E74A7A844E6E
dt.entity.aws_availability_zone
entity-id
AWS_AVAILABILITY_ZONE-6000A4E2BD2AB971
dt.entity.azure_region
entity-id
AZURE_REGION-0DD5C79E4034F0AA
dt.entity.azure_vm
entity-id
AZURE_VM-326478B733D6CFB0
dt.entity.cloud_application
entity-id
CLOUD_APPLICATION-3AB5BBF3E09A7942
dt.entity.cloud_application_instance
entity-id
CLOUD_APPLICATION_INSTANCE-E0D8F94D9065F24F
dt.entity.cloud_application_namespace
entity-id
CLOUD_APPLICATION_NAMESPACE-C61324AA70F57BCB
dt.entity.container_group
entity-id
CONTAINER_GROUP-7C2B1C24FFB288CB
dt.entity.container_group_instance
entity-id
CONTAINER_GROUP_INSTANCE-F4A1347110826781
dt.entity.custom_application
entity-id
CUSTOM_APPLICATION-343A92501A51F286
dt.entity.custom_device
entity-id
CUSTOM_DEVICE-E0D8F94D9065F24F
dt.entity.disk
entity-id
DISK-5472CBC1ED0981D6
dt.entity.ec2_instance
entity-id
EC2_INSTANCE-0004DD30F142D18C
dt.entity.external_synthetic_test
entity-id
EXTERNAL_SYNTHETIC_TEST-A140F3B85BCCBD1A
dt.entity.gcp_zone
entity-id
GCP_ZONE-3699CB75E19C8505
dt.entity.host
entity-id
HOST-E0D8F94D9065F24F
dt.entity.host_group
entity-id
HOST_GROUP-E7FBBCF7B1467174
dt.entity.http_check
entity-id
HTTP_CHECK-A140F3B85BCCBD1A
dt.entity.http_check_step
entity-id
HTTP_CHECK_STEP-A140F3B85BCCBD1A
dt.entity.kubernetes_cluster
entity-id
KUBERNETES_CLUSTER-E0D8F94D9065F24F
dt.entity.kubernetes_node
entity-id
KUBERNETES_NODE-874C66B68CE15070
dt.entity.kubernetes_service
entity-id
KUBERNETES_SERVICE-FE6E75BB9DF02347
dt.entity.mobile_application
entity-id
MOBILE_APPLICATION-E8A8751A60D5BCE8
dt.entity.multiprotocol_monitor
entity-id
MULTIPROTOCOL_MONITOR-A140F3B85BCCBD1A
dt.entity.network_interface
entity-id
NETWORK_INTERFACE-FC7B4A5937FC125C
dt.entity.process_group
entity-id
PROCESS_GROUP-E0D8F94D9065F24F
dt.entity.process_group_instance
entity-id
PROCESS_GROUP_INSTANCE-E0D8F94D9065F24F
dt.entity.service
entity-id
SERVICE-57EC3CFC1FE72449
dt.entity.service_method
entity-id
SERVICE_METHOD-659B35CA9AAC96C1
dt.entity.service_method_group
entity-id
SERVICE_METHOD_GROUP-02000E1DB1CDAF9F
dt.entity.synthetic_location
entity-id
SYNTHETIC_LOCATION-D140F3B85BCCBD1A
dt.entity.synthetic_test
entity-id
SYNTHETIC_TEST-A140F3B85BCCBD1A
dt.entity.synthetic_test_step
entity-id
SYNTHETIC_TEST_STEP-A140F3B85BCCBD1A
Additional extension information sent via self-monitoring.
dt.extension.config.id
vu9U3hXa3q0AAAABAAtleHQ6ZXh0LTA0MAAIYWdfZ3JvdXAAA0FHMQAkMjY2YTIyM2YtZDgxYi0zNTNjLThlYzctYzk2YzliZjg4OGQ3vu9U3hXa3q0
dt.extension.ds
SNMPTrap
dt.extension.endpoint.hints
[nat-test.lab.dynatrace.org, 1521, orc]
dt.extension.name
com.snmptrap.generic
dt.extension.status
AUTHENTICATION_ERROR
dt.extension.status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AUTHENTICATION_ERROR
DEVICE_CONNECTION_ERROR
EEC_CONNECTION_ERROR
GENERIC_ERROR
INVALID_ARGS_ERROR
INVALID_CONFIG_ERROR
OK
UNKNOWN_ERROR
Attributes used for Process Group enrichment in extensions.
Attributes defined in this namespace are used by Dynatrace to describe different aspects of the ingested data.
dt.ingest.debug_messages
[MyATTribute mapped to myAttribute]
dt.ingest.format
dtapi/json
; otlp/protobuf
dt.ingest.warnings
[attr_count_trimmed, content_trimmed]
dt.ingest.format
MUST be one of the following:
dtapi/json
dtapi/plaintext
otlp/json
otlp/protobuf
dt.ingest.warnings
MUST contain only values from the following list:
content_trimmed
content_trimmed_pipe
attr_count_trimmed
attr_count_trimmed_pipe
attr_key_case_mismatch
attr_val_count_trimmed
attr_val_count_trimmed_pipe
attr_val_size_trimmed
attr_val_size_trimmed_pipe
timestamp_corrected
common_attr_corrected
processing_batch_timeout
processing_transformer_timeout
processing_transformer_error
processing_transformer_throttled
processing_output_record_conversion_error
processing_prepare_input_error
dt.cost.costcenter
Team A
dt.cost.product
Product A
dt.host_group.id
permission
myHostGroup
dt.metrics.source
telegraf
; com.dynatrace.extension.sql-oracle
dt.pg_detection.cluster.id
dt.pg_detection.declarative.id
dt.pg_detection.environment.id
DT_ENVIRONMENT_ID
environment variabledt.pg_detection.node.id
dt.process_group.detected_name
Apache Web Server httpd
; Redis unguard-redis-* redis
dt.query
timeseries avg(dt.host.cpu.idle)
; fetch logs
dt.security_context
permission
dt.source_entity
entity-id
HOST-E0D8F94D9065F24F
; PROCESS_GROUP_INSTANCE-E0D8F94D9065F24F
dt.source_entity.type
host
; process_group_instance
; cloud:azure:resource_group
This is the framework used for capturing, processing and forwarding metrics, not the emitting monitored entity. Exemplary custom value: name of an extension sending metrics.
Value of this attribute will be based on one of dt.entity.<type>
attributes value. That means that both attributes dt.source_entity and corresponding dt.entity.<type>
will be set to the same ID.
dt.metrics.source
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
dynatrace_codemodule
dynatrace_ingest
dynatrace_osagent
micrometer
oneagent_metric_api
opentelemetry
statsd
telegraf
Fields defined in this namespace are used by Dynatrace to describe various aspects of the data ingested through OpenPipeline, providing detailed insights into the ingestion process.
dt.openpipeline.pipelines
[[logs:default], [logs:pipeline_haproxy_2656, bizevents:default]]
dt.openpipeline.source
/platform/ingest/v1/events
; oneagent
The dt.rum namespace contains Dynatrace RUM specific fields.
dt.rum.application.id
ea7c4b59f27d43eb
; 89b1a1e7-fe89-4151-81e9-410fa0235f0d
dt.rum.instance.id
3735928559
dt.rum.schema_version
0.1
dt.rum.session.id
HOPCPWKILUKHFHWRRQGBHHPAFLUJUOSH-0
; 23626166142035610_1-0
Fields for referencing Settings 2.0 objects, schemas and scopes.
Although the dt.settings.object_id
is enough to identify a specific settings value within a dynatrace environment, adding explicit information about the schema, scope and/or scope type can be useful nonetheless. If your use-case will only ever involve a single schema, scope type and/or scope, documenting this is good enough - if multiple schemas, scope types and/or scopes can be involved, filling the corresponding fields is strongly recommended.
dt.settings.references
can be used if multiple settings objects need to be referenced. In that case, each entry in the array can hold a reference to a single settings object.
The top level fields contain generally relevant information for all monitoring data.
dt.settings.object_id
vu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQ
dt.settings.object_summary
Journey Service all errors
; Really, this can be anything
; My alerting rule
dt.settings.references
[{'dt.settings.object_id': 'vu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQ', 'dt.settings.relationship': 'matched_rule'}, {'dt.settings.object_id': 'vu9U3hXa3q0AAAABAB9idWlsdGluOmRhdmlzLmFub21hbHktZGV0ZWN0b3JzAAZ0ZW5hbnQABnRlbmFudAAkMzM2NTc3MTgtYWNjYi0zOGY1LTlmOGUtMTg5NTBiYmNjNmRhvu9U3hXa3q0', 'dt.settings.relationship': 'triggered_alert'}]
dt.settings.relationship
snake_case
) here that describe the relationship for your use-case.matched_rule
; triggered_alert
dt.settings.schema_id
builtin:problem.notifications
; app:dynatrace.jenkins:connection
dt.settings.schema_version
1.0.0
; 1.2.3
dt.settings.scope_id
environment
; HOST-EFAB6D2FE7274823
dt.settings.scope_name
deb-10-k3s-oi-01.lab.dynatrace.org
dt.settings.scope_type
environment
; host_group
; host
The dt.synthetic namespace contains Dynatrace synthetic specific fields.
dt.synthetic.batch.id
dt.synthetic.custom_log.loglevel
info
dt.synthetic.custom_log.message
log message
dt.synthetic.custom_log.timestamp
1629891695487
dt.synthetic.execution.end_timestamp
1629891695487
dt.synthetic.execution.id
100681465183
dt.synthetic.execution.type
on-demand
dt.synthetic.failed_execution.execution.id
dt.synthetic.failed_execution.execution.stage
Data retrieved
dt.synthetic.failed_execution.execution.timestamp
1629891693487
dt.synthetic.failed_execution.location.id
SYNTHETIC_LOCATION-9BB04DAEBA71B8CA
dt.synthetic.failed_execution.monitor.id
HTTP_CHECK-6349B98E1CD87352
dt.synthetic.failed_execution.status.code
599
dt.synthetic.failed_execution.status.details
connection timed out after 5000 ms: google.com
dt.synthetic.failed_execution.status.message
TIMEOUT
dt.synthetic.failed_execution.status.on_demand.details
PERFORMANCE_THRESHOLD_VIOLATION
dt.synthetic.failed_execution.status.on_demand.message
Success
dt.synthetic.location.id
SYNTHETIC_LOCATION-9BB04DAEBA71B8CA
dt.synthetic.location.ids
SYNTHETIC_LOCATION-9BB04DAEBA71B8CA
dt.synthetic.monitor.id
HTTP_CHECK-6349B98E1CD87352
dt.synthetic.multi_protocol.request.targets
127.0.0.1:22
dt.synthetic.result.statistics.duration
456
dt.synthetic.result.statistics.start_timestamp
dt.synthetic.step.id
HTTP_CHECK_STEP-6349B98E1CD87352
dt.synthetic.step.ids
HTTP_CHECK_STEP-6349B98E1CD87352
dt.synthetic.step.sequence_number
0
dt.synthetic.triggering_problem.cause
Location not found
dt.synthetic.triggering_problem.details
Throttling on the location. Minimum duration between successive executions for a single user is 60 sec
dt.synthetic.triggering_problem.entity.id
HTTP_CHECK-6349B98E1CD87352
dt.synthetic.triggering_problem.execution.id
dt.synthetic.triggering_problem.location.id
SYNTHETIC_LOCATION-9BB04DAEBA71B8CA
dt.synthetic.failed_execution.execution.stage
MUST be one of the following:
Data retrieved
Executed
Not triggered
Timed out
Triggered
Waiting
The namespace dt.system
is reserved for Grail. These fields cannot be ingested but instead will be set by Grail directly. Every record that is fetched from Grail provides these fields, but by default they are hidden. You can display them by using the fieldsAdd
command.
Example query:
// display the bucket for each log recordfetch logs| fieldsAdd dt.system.bucket
dt.system.bucket
default_logs
; default_spans
; default_bizevents
dt.system.environment
wkf10640
dt.system.monitoring_source
fullstack_host
; infrastructure
dt.system.sampling_ratio
1
dt.system.segment_id
5d97c09e-7337-443e-bab5-2f0474804687
dt.system.storage_interval
1 min
dt.system.table
logs
; bizevents
dt.system.monitoring_source
MUST be one of the following:
discovery
fullstack_container
fullstack_host
infrastructure
mainframe
dt.system.storage_interval
MUST be one of the following:
1 min
Fields defined in this namespace are used by Dynatrace to describe different aspects of the context propagation between spans.
dt.tracing.custom_link.id
736bd2684696c4a8
dt.tracing.custom_link.original_bytes
ycXlxUBAQEDee9lm8pBcA8nF5cVAQEBA3nvZZvKQXAPee9lm8s4SAQ==
dt.tracing.custom_link.transformed_bytes
ycXlxUBAQEDee9lm8pBcA8nF5cVAQEBA3nvZZvKQXAPee9lm8s4SAQ==
dt.tracing.custom_link.type
dt.tracing.custom_link.original_bytes
to the dt.tracing.custom_link.transformed_bytes
was applied.generic
dt.tracing.foreign_link.bytes
00000004000000010000000200000003000000040000002300000001
dt.tracing.foreign_link.text
FW4;129;12;-2023406815;4539717;0;17;66;c511;2h02;3h12345678;4h676767
; FW1;129;4711;59959450;-1859959450;3;17;0
dt.tracing.link.direction
outgoing
dt.tracing.link.id
dt.tracing.link.is_sync
true
indicates that caller waits on the response. Only available on span links with dt.tracing.link.direction
set to outgoing
.dt.tracing.response.headers
{'traceresponse': ['00-7b9e3e4068167838398f50017bfad358-d4ffc7e33530967a-01'], 'x-dt-tracestate': ['9651e1a8-19506b7c@dt']}
dt.tracing.custom_link.type
MUST be one of the following:
generic
dt.tracing.custom_link.original_bytes
have no special meaning.ibm_mq
dt.tracing.custom_link.original_bytes
are an IBM MQ custom link.ibm_mq_ignore_qname
dt.tracing.custom_link.original_bytes
are an IBM MQ custom link, but the qname part should be ignored in mapping.dt.tracing.link.direction
MUST be one of the following:
incoming
outgoing
elasticsearch.cluster.name
elasticsearch.node.name
Endpoints define the public interface of services.
endpoint.name
/
; /get-cart
; /productpage
; Reviews.GetReviews
Fields that describe entities.
entity.conditional_name
Cl-Prod1 Ser-1
entity.customized_name
Host 1234
entity.detected_name
ip-10-100-200-5.eu-west-1.compute.internal
entity.name
entity.customized_name
, entity.conditional_name
, entity.detected_name
.easyTravel
entity.type
host
; service
equinox.config.path
esb.application.name
myBusinessApp
; YourServiceApp
; any_work
esb.library.name
myWebServicesLib
; YourMessagingLibrary
; any_tools
esb.vendor
ibm
; tibco
esb.workflow.name
myMessageFlow
; YourBusinessWorkflow
; any_flow
The event namespace contains common identification, categorization and context on events in Dynatrace.
event.category
Availability
event.description
The current response time (11 s) exceeds the auto-detected baseline (767 ms) by 1,336 %
event.end
16481073970000
event.group_label
Availability
event.id
5547782627070661074_1647601320000
event.kind
permission
INFRASTRUCTURE_EVENT
; DAVIS_EVENT
; BIZ_EVENT
; RUM_EVENT
; AUDIT_EVENT
; BILLING_USAGE_EVENT
event.name
Process crashed
; CPU Saturation
event.original_content
{"severity_id": 3,"state_id": 1,"time": "2024-06-26T07:15:06.139000Z","state": "New","type_uid": 200101}
event.outcome
200
; success
; failure
event.parent_id
5547782627070661074_1647601319999
event.provider
permission
OneAgent
; K8S
; Davis
; VMWare
; GCP
; AWS
; LIMA_USAGE_STREAM
event.reason
user is missing permission "logs.read"
event.start
16481073970000
event.status
Active
event.status_transition
Recovered
event.type
permission
ESXI_HOST_MEMORY_SATURATION
; PROCESS_RESTART
; CPU_SATURATION
; MEMORY_SATURATION
; Automation Workflow
; AppEngine Functions - Small
event.version
1.0.0
Values are either in title-case or screaming snake case.
event.category
SHOULD be one of the following:
Availability
Error
Slowdown
Resource contention
Warning
Info
Vulnerability management
event.status
SHOULD be one of the following:
Active
Closed
event.status_transition
SHOULD be one of the following:
Created
Updated
Refreshed
Resolved
Recovered
Closed
Timed out
Reopened
exception.caused_by_id
exception.id
of the exception the current exception was caused by.exception.column_number
12304
exception.escaped
true
indicates that the exception was recorded at a point where it is known that the exception escaped the scope of the span.exception.file.domain
exception.file.full
.www.foo.bar
exception.file.full
https://www.foo.bar/path/main.js
; main.js
exception.file.path
exception.file.full
./path/main.js
exception.id
exception.is_caused_by_root
true
if the exception is first exception of a caused by chain.exception.line_number
1401
exception.message
Division by zero
exception.stack_trace
@https://www.foo.bar/path/main.js:59:26 e@https://www.foo.bar/path/lib/1.1/lib.js:2:30315
exception.type
java.net.ConnectException
; OSError
Fields that can be expected from serverless functions or Function as a Service (FaaS) on various cloud platforms.
faas.max_memory
faas.name
my-function
; myazurefunctionapp/some-function-name
; test_function
This is the name of the function as configured/deployed on the FaaS
platform and is usually different from the name of the callback
function (which may be stored in the code.namespace
/code.function
span attributes).
Value of the field depends on a cloud provider. This field is not set for Azure.
faas.coldstart
faas.invoked_name
my-function
faas.invoked_provider
cloud.provider
resource attribute of the invoked function.alibaba_cloud
faas.trigger
datasource
Will be equal to the cloud.region
resource attribute of the invoked function.
faas.invoked_provider
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
alibaba_cloud
aws
azure
gcp
tencent_cloud
faas.trigger
MUST be one of the following:
datasource
http
other
pubsub
timer
feature_flag.key
logo-color
feature_flag.provider_name
Flag Manager
feature_flag.variant
red
; true
; on
A semantic identifier, commonly referred to as a variant, provides a means
for referring to a value without including the value itself. This can
provide additional context for understanding the meaning behind a value.
For example, the variant red
maybe be used for the value #c05543
.
A stringified version of the value can be used in situations where a semantic identifier is unavailable. String representation of the value should be determined by the implementer.
gcp.app_engine.instance
gcp.app_engine.service
gcp.cloud_run.service
gcp.instance.id
6639848141313102286
gcp.instance.name
single-vm-test
gcp.location
europe-west3-c
gcp.project.id
permission
dynatrace-gcp-extension
gcp.region
europe-west3
gcp.resource.name
//cloudfunctions.googleapis.com/projects/gcp-example-project/locations/us-central1/functions/examplefunction
gcp.resource.type
cloudsql_database
gcp.zone
europe-west3-c
The geo namespace contains geo location information. This section only holds all currently agreed upon fields in the Dynatrace Semantic Dictionary. Aligned closely to the ECS, with some adaptions around field groupings
geo.city.name
Montreal
geo.continent.name
North America
geo.country.name
Canada
geo.region.name
Quebec
glassfish.domain.name
glassfish.instance.name
go.linkage
Fields describing a host.
Dynatrace aims to use the best fitting name for the field host.name
. See below, how Dynatrace determines the host name in an ordered by precedence fashion:
Dynatrace supports customizing the host.name
property. A custom set host name takes precedence over the auto detection mechanisms described further down.
oneagentctl
tool can be used to set a custom host name. See Documentation for details.If no customized name is set locally, the OneAgent attempts to determine the host.name
value by accessing cloud metadata where applicable.
name
(case insensitive) is found, the tag's value is used as the host.name
.name
(case insensitive) instance metadata property is used. See Microsoft Azure documentationhostname
instance metadata property is used. See Google Cloud documentation.gethostname()
if it can be interpreted as a fully qualified domain name (FQDN) and doesn't contain "localhost".getaddrinfo()
for port 80 is issued, again sanity checking whether the returned name is an FQDN and doesn't contain "localhost".GetComputerNameExA
is used to determine a host's name. In particular, the resulting name is composed of <hostname>.<domainname>
with the following details
hostname
= ComputerNameDnsHostname retrieved by GetComputerNameExdomainname
= ComputerNameDnsDomain retrieved by GetComputerNameExEmptyHostName
if neither property can be resolved.host.fqdn
[ec2-43-213-176-3.compute-1.amazonaws.com, localhost.example.com]
host.ip
[194.232.104.141, 2a01:468:1000:9::140]
host.name
permission
ip-10-178-54-32.ec2.internal
http.request.body.size
3495
http.request.header.__key__
__key__
being the lowercase HTTP header name, e.g. "http.request.header.accept-encoding". The value is a string. If there are multiple headers with the same name or multiple header values, the values will be comma separated into a single string.sensitive-spans
https://www.foo.bar/
; gzip, deflate, br
; 1.2.3.4, 1.2.3.5
http.request.method
GET
; POST
; HEAD
http.request.parameter.__key__
__key__
for example, "http.request.parameter.username". The value is a string. If there are multiple parameters with the same name or multiple parameter values, the values will be a single, comma-separated string.admin
; premium
http.response.body.size
3495
http.response.header.__key__
__key__
being the lowercase HTTP header name, e.g. "http.response.header.content-type". The value is a string. If there are multiple headers with the same name or multiple header values, the values will be comma separated into a single string.909
; text/html; charset=utf-8
; abc, def
http.response.reason_phrase
Not found
http.route
/users/:userID?
; Home/Index/{id?}
http.server_name
MyServer
; localhost:8000
hybris.bin.dir
/opt/hybris-60/hybris/bin
hybris.config.dir
/opt/hybris-60/hybris/config
hybris.data.dir
/opt/hybris-60/hybris/data
ibm.ace.integration_node.name
myIntegrationNode
; YourBroker
; the_management_instance
ibm.ace.integration_server.name
myIntegrationServer
; YourExecutionGroup
; dataflow_engine
ibm.cics.aor
ibm.cics.program
EDUCHAN
ibm.cics.region
ibm.cics.tor
ibm.ctg.name
ibm.ims.connect
ibm.ims.control
ibm.ims.mpr
ibm.ims.soap_gw.name
iis.app_pool.name
iis.role.name
java.jar.file
java.jar.path
java.main.class
java.main.module
jboss.home
jboss.mode
org.jboss.as.standalone
; org.jboss.as.server
jboss.server.name
jdbc.connection.pool.name
jdbc/db2
journald.unit
cron.service
; oneagent.service
; kubepods.slice
k8s.cluster.name
permission
unguard-dev
; k3s-oneagent
k8s.cluster.uid
1c7a24c7-ff51-46e0-bcc9-c52637ceec57
k8s.container.name
container.name
).redis
k8s.namespace.name
permission
default
k8s.node.name
cluster-pool-1-c3c7423d-azth
k8s.pod.name
opentelemetry-pod-autoconf
k8s.pod.uid
275ecb36-5aa8-4c2a-9c47-d8bb681b9aff
k8s.service.name
my-service
k8s.workload.kind
deployment
; statefulset
; cronjob
; job
; daemonset
; replicaset
k8s.workload.name
checkoutservice
Fields relevant for log events
log.file.name
messages
; agent.log
log.file.path
/var/log/messages
; /var/log/dynatrace/agent.log
log.iostream
stdout
; stderr
log.source
/var/log/messages
; Windows Event Log
; Docker Container Output
; stdout
log.source.origin
CUSTOM
; IIS_LOG_DETECTOR
loglevel
ERROR
; INFO
; TRACE
Can contain e.g. a file path, standard output, an URI etc., depending on log stream type. The value should be stable for one logical source, so e.g. not affected by log file rotation digits.
log.iostream
MUST be one of the following:
stderr
stdout
log.source.origin
MUST be one of the following:
CONTAINER_LOG_DETECTOR
CUSTOM_LOG
IIS_LOG_DETECTOR
JOURNALD_LOG_DETECTOR
OPEN_LOG_DETECTOR
SYSTEM_LOG_DETECTOR
loglevel
MUST be one of the following:
ALERT
CRITICAL
DEBUG
EMERGENCY
ERROR
FATAL
INFO
NONE
NOTICE
SEVERE
TRACE
WARN
messaging.destination.kind
queue
; topic
messaging.destination.temporary
messaging.message.body.size
2738
messaging.message.conversation_id
MyConversationId
messaging.message.id
452a7c7c7c7048c2f887f61572b18fc2
messaging.operation.type
peek
messaging.source.kind
queue
; topic
messaging.source.temporary
messaging.system
kafka
; rabbitmq
Manager name SHOULD uniquely identify the broker.
Destination name SHOULD uniquely identify a specific queue, topic or other entity within the broker.
If a custom value is used for messaging.operation.type
, it MUST be of low cardinality.
Manager name SHOULD uniquely identify the broker.
Source name SHOULD uniquely identify a specific queue, topic, or other entity within the broker.
messaging.destination.kind
MUST be one of the following:
queue
topic
messaging.operation.type
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
peek
process
publish
receive
messaging.source.kind
MUST be one of the following:
queue
topic
messaging.system
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
activemq
artemis
aws_eventbridge
aws_sns
aws_sqs
azure_eventgrid
azure_eventhubs
azure_servicebus
gcp_pubsub
hornetq
jms
kafka
mqseries
msmq
rabbitmq
rocketmq
sag_webmethods_is
tibco_ems
weblogic
websphere
messaging.akka.actor.kind
system
; user
messaging.akka.actor.path
/system/log1-Logging$DefaultLogger
; /remote/akka.tcp/RequesterSystem@localhost:52133/user/requestActor/$a
messaging.akka.actor.system
RequesterSystem
; ResponseSystem
messaging.akka.actor.type
com.acme.RespondingActor
messaging.akka.message.type
java.lang.String
; akka.event.Logging$Info2
; com.acme.twosuds.ResponseActor$RequestMessage
In webserver technologies a multitude of modules might be contributing to handling a single web request. Module insights provides timings for these, where available.
module_insights.modules
{'HttpRedirectionModule': 10299, 'BasicAuthenticationModule': 4665}
These attributes may be used for any network related operation.
network.carrier.name
Magenta
; AT&T
network.connection.subtype
lte
; 802.11x
network.connection.type
cell
; wifi
network.protocol.name
amqp
; http
; mqtt
network.protocol.version
1.1
; 3.1.1
network.transport
tcp
; udp
network.connection.type
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
cell
unavailable
unknown
wifi
wired
network.transport
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
inproc
other
pipe
tcp
udp
unix
Signals that there is only in-process communication not using a "real" network protocol in cases where network attributes would normally be expected. Usually all other network attributes can be left out in that case.
network.type
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ipv4
ipv6
Fields that are used in extensions to describe network devices.
device
10.102.0.45:161
device.address
10.102.0.45
device.name
AT1i-WLC-TestingLab.dynatrace.org
device.port
161
nodejs.app.base.dir
nodejs.app.name
nodejs.script.name
Fields that can come from applications running on Openstack.
openstack.availability_zone
us-east-1a
openstack.instance_uuid
6790cb48-f8e9-4773-bcea-001469de0599
The origin of a request associated with this event.
origin.address
10.11.12.13
origin.session
node0hfznc
origin.type
REST
; LOCAL
origin.x_forwarded_for
1.2.3.4
origin.type
MUST be one of the following:
LOCAL
REST
The os namespace contains information on the operating system running an application.
os.name
iOS
os.version
15.3.1
otel.scope.name
InstrumentationScope.Name
in OTLP).io.opentelemetry.contrib.mongodb
otel.scope.version
InstrumentationScope.Version
in OTLP).1.0.0
php.cli.script.path
php.cli.working.dir
php.drupal.application.name
php.fpm.pool.name
php.symfony.application.name
php.wordpress.blog.name
process.executable.name
Name
in proc/[pid]/status
. On Windows, can be set to the base name of GetProcessImageFileNameW
.otelcol
process.executable.path
proc/[pid]/exe
. On Windows, can be set to the result of GetProcessImageFileNameW
./usr/bin/cmd/otelcol
process.pid
1234
request.id
95efd70fcdb5b7b3
; 96835e1d65490b48
request.is_failed
request.is_root_span
Request scoped attributes (e.g. method parameters, return values, class names, …) captured by the OneAgent based on a request attribute definition. The actual name of the attribute is the prefix "request_attribute" plus the "request attribute name" defined in the request attributes configuration. Request attributes are built based on captured attributes and other attributes like HTTP header values or "normal" span attributes, on which the aggregations (first/last value, distinct values, ...), type conversion and normalizations defined in the request attribute configuration are performed. They are evaluated for an entire request (possibly consisting of multiple spans) and are stored only on the request root node.
request_attribute.__attribute_name__
__attribute_name__
defined by the request attribute configuration. The data type of the value depends on the request attribute definition.sensitive-spans
42
; Platinum
; ['Product A', 'Product B']
; ['Special Offer', '1702']
rpc.namespace
tempuri.org
rpc.service
myservice.EchoService
rpc.system
apache_cxf
; dotnet_wcf
; grpc
; jax_ws
This is the logical name of the method from the RPC interface perspective, which can be different from the name of any implementing method/function. The code.function
attribute may be used to store the latter (e.g., method actually executing the call on the server side, RPC client stub method on the client side).
This is the logical name of the service from the RPC interface perspective, which can be different from the name of any implementing class. The code.namespace
attribute may be used to store the latter (despite the attribute name, it may include a class name; e.g., class with method actually executing the call on the server side, RPC client stub class on the client side).
rpc.system
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
apache_axis
apache_cxf
apache_wink
dotnet_remoting
dotnet_wcf
grpc
java_rmi
jax_ws
jboss
jersey
openedge
resteasy
restlet
spring_ws
tibco_ws
weblogic_ws
webmethods
The server namespace contains information on the responder of a network connection.
server.address
example.com
server.port
65123
; 80
server.resolved_ips
server.address
.[194.232.104.141, 2a01:468:1000:9::140]
service.name
shoppingcart
servlet.context.name
servlet.context.path
Fields that are used in SNMP extensions.
trap_oid
SNMPv2-MIB::coldStart
version
SNMPv3
softwareag.install.root
softwareag.product.prop.name
span.alternate_parent_id
span.id
of this span's parent span. In case a trace is monitored by more tracing systems (e.g. OneAgent + OpenTelemetry) there might be two potential parent spans. If these two spans differ, span.parent_id
holds the span.id
of the parent which is known to originate from same tenant and this attribute shows the other. The span.alternate_parent_id
is a 8-byte id and hex-encoded if shown as a string.f76281848bd8288c
span.events
span.exit_by_exception_id
exception.id
of the exception the its span.events
with the current span exited. The referenced exception has set the attribute exception.escaped
to true.span.id
span.id
is a 8-byte id and hex-encoded if shown as a string.f76281848bd8288c
span.is_exit_by_exception
true
if the span was exited by an exception. If set to false
the span has exception events but the span was not exited by one of them.span.is_subroutine
true
indicates that this span is a subroutine of its parent span. The spans represent functions running on the same thread on the same call stack.span.kind
server
span.links
span.name
prepareOrderItemsAndShippingQuoteFromCart
; org.example.CheckoutService/PlaceOrder
; orders process
; GET /products/{product_id}
; HTTP POST
span.parent_id
span.id
of this span's parent span. The span.parent_id
is a 8-byte id and hex-encoded if shown as a string.f76281848bd8288c
span.status_code
unset
.error
span.status_message
span.status_code
is error
.Connection closed before message completed
; Error sending request for url
span.timing.cpu
span.timing.cpu_self
span.kind
MUST be one of the following:
client
consumer
producer
request.internal
link
producer
server
span.status_code
MUST be one of the following:
error
ok
span_event.name
exception
span_event.name
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
bizevent
exception
feature_flag
Language Independent Interface Types For OpenTelemetry
spring.profile.name
spring.startup.class
Disk
storage.disk.encrypted
storage.disk.fstype
ext4
; btrfs
storage.disk.kname
sda
storage.disk.model
baracuda
storage.disk.mountpoint
/mnt/disk1
storage.disk.other-mountpoints
[/home/user1/mydisk, /opt/volume1]
storage.disk.path
/dev/sda
storage.disk.read-only
storage.disk.removable
storage.disk.serial
1234-56789
storage.disk.type
disk
; hardware raid
storage.disk.vendor
seagate
Partition
storage.partition.encrypted
storage.partition.fstype
ext4
; btrfs
storage.partition.kname
sda1
storage.partition.mountpoint
/mnt/diskA
storage.partition.other-mountpoints
[/home/user1/mydiskA, /opt/volumeA]
storage.partition.path
/dev/sda1
storage.partition.read-only
storage.partition.removable
storage.partition.type
partition
Volume
storage.volume.display-name
vg0-lv1
; vg1-lv2
; my-volume
storage.volume.fstype
ext4
; btrfs
storage.volume.kname
dm-1
; dm-2
; dm-5
storage.volume.mountpoint
/mnt/diskA
storage.volume.other-mountpoints
[/home/user1/mydiskA, /opt/volumeA]
storage.volume.path
/dev/mapper/vg0-lv1
storage.volume.read-only
storage.volume.removable
storage.volume.type
lvm
Software RAID
storage.software-raid.encrypted
storage.software-raid.fstype
ext4
; btrfs
storage.software-raid.kname
md0
; md1
; md3
storage.software-raid.mountpoint
/mnt/diskA
storage.software-raid.other-mountpoints
[/home/user1/mydiskA, /opt/volumeA]
storage.software-raid.parent
md0
storage.software-raid.path
/dev/md0
storage.software-raid.read-only
storage.software-raid.removable
storage.software-raid.type
raid0, raid10
Additional information about the attributes of a data point.
supportability.alr_sampling_ratio
supportability.alr_sampling_ratio
would be 8 and the numerator is 1.8
supportability.atm_sampling_ratio
supportability.atm_sampling_ratio
would be 16 and the numerator is 1.16
supportability.custom_service.rule_id
4d76194c11a9426197a9062548f9e66e
supportability.dropped_attributes_count
1
supportability.dropped_events_count
1
supportability.dropped_http_request_headers_count
http.request.header.__key__
that were discarded.1
supportability.dropped_http_request_parameters_count
http.request.parameter.__key__
that were discarded.1
supportability.dropped_links_count
1
supportability.endpoint_name_rule
endpoint.name
.http.route
; rpc.method
supportability.flaws
[C4, S3, A2]
supportability.non_persisted_attribute_keys
["my_span_attribute", "db.name"]
supportability.original_start_time
start_time
attribute was truncated. Truncating the start time is technically required for long running spans that have a start time older than three days in the past.1649822520123123123
supportability.serverid.addressee
supportability.serverid.processing
.5
supportability.serverid.processing
5
The telemetry.sdk.*
fields are used to describe the telemetry SDK in OpenTelemetry or ODIN ingest. It can be considered the closest equivalent of ODIN/OTel data to dt.agent.module.*
.
The telemetry.exporter.*
fields are used to define the exporter that exports telemetry data and is expected to be different for each exporter in case when multiple exporters co-exist.
telemetry.exporter.name
odin
telemetry.exporter.package_version
1.285.1
telemetry.exporter.version
1.285.1.20240101-256988
telemetry.sdk.language
nodejs
; python
; java
telemetry.sdk.name
odin
; opentelemetry
telemetry.sdk.version
1.20.0
thread.id
42
thread.name
main
thread.pool.name
WorkerThreadPool
tibco.businessworks.app.node.name
tibco.businessworks.app.space.name
tibco.businessworks.domain.name
tibco.businessworks.home
tibco.businessworks.property.file.name
tibco.businessworks.property.file.path
tibco.businessworks_ce.app.name
tibco.businessworks_ce.version
The time_correction namespace contains information on time corrections applied to the timestamps of an event, for example, start_time
, timestamp
or event.end
.
Time corrections may be necessary if events are reported with timestamps that are completely off compared to cluster time. For example, Dynatrace RUM reported data can be off depending on client time.
time_correction.is_applied
false
time_correction.offset
<corrected timestamp>
= <original timestamp>
+ <offset>
). May be a negative number. Example: original timestamp: 1670399998423233001, offset: 127927969312, corrected timestamp: 1670400126351202313127927969312
trace.alternate_id
trace.alternate_id
is a 16-byte id and hex-encoded if shown as a string.357bf70f3c617cb34584b31bd4616af8
trace.id
trace.id
is a 16-byte id and hex-encoded if shown as a string.357bf70f3c617cb34584b31bd4616af8
trace.is_sampled
trace.state
f4fe05b2-bd92206c@dt=fw4;3;abf102d9;c4592;0;0;0;2ee;5607;2h01;3habf102d9;4h0c4592;5h01;6h5f9a543f1184a52b1b744e383038911c;7h6564df6f55bd6eae,apmvendor=boo,foo=bar
The url namespace contains semantic conventions for URL and its components.
url.domain
www.foo.bar
; google.com
; wikipedia.org
url.fragment
SemConv
url.full
sensitive-spans
https://www.foo.bar/docs/search?q=OpenTelemetry#SemConv
url.path
/docs/search
url.port
443
; 80
url.query
sensitive-spans
q=OpenTelemetry
url.scheme
https
; ftp
; telnet
url.truncated_path
http.route
. The truncation logic depends on the technology and is a best effort to provide a stable value. Example Adobe Experience Manager (AEM): First two parts of url.path
. Truncated value of /content/wknd/us/en/
is /content/wknd
./docs
Representation of a physical or logical user.
user.email
user@mail.com
user.id
35ba9499-f87c-4047-962c-14dc32e255e5
; system
user.name
Wolfgang Amadeus Mozart
; System
user.organization
DYNATRACE
; CUSTOMER
; PARTNER
user.organization
MUST be one of the following:
CUSTOMER
DYNATRACE
PARTNER
user.organization
MUST be one of the following:
DYNATRACE
CUSTOMER
PARTNER
The vcs
namespace contains information about Version Control Systems.
vcs.repository.change.id
1234
vcs.repository.change.title
CA-1234: Fix some stuff
; [chore] update dependency
vcs.repository.ref.name
my-branch-name
vcs.repository.ref.revision
d4322ab6cba38d21ad83c9de304a6a214ecf2cdc
; main
; 1337
vcs.repository.ref.type
branch
; tag
vcs.repository.url.full
https://github.com/dynatrace-oss/terraform-provider-dynatrace
Fields that can come from applications running on VMware.
vmware.datacenter.name
srvwasapp1Cell01
vmware.disk.name
srvwasapp1Cell01
vmware.hypervisor.name
my-hypervisor.lab.dynatrace.org
vmware.nic.name
vmnic0
; vmnic1
; vmnic2
vmware.vcenter.name
my-vcenter.lab.dynatrace.org
vmware.vm.name
easytravel-demo
vulnerability.code_location.name
org.dynatrace.profileservice.BioController.markdownToHtml(String):80
vulnerability.cvss.base_score
8.1
vulnerability.cvss.version
3.1
vulnerability.davis_assessment.assessment_mode
FULL
; NOT_AVAILABLE
; REDUCED
vulnerability.davis_assessment.assessment_mode_reasons
[LIMITED_BY_CONFIGURATION, LIMITED_AGENT_SUPPORT]
vulnerability.davis_assessment.data_assets_status
NOT_AVAILABLE
; NOT_DETECTED
; REACHABLE
vulnerability.davis_assessment.exploit_status
AVAILABLE
; NOT_AVAILABLE
vulnerability.davis_assessment.exposure_status
NOT_AVAILABLE
; NOT_DETECTED
; PUBLIC_NETWORK
; ADJACENT_NETWORK
vulnerability.davis_assessment.level
LOW
; MEDIUM
; HIGH
; CRITICAL
; NONE
vulnerability.davis_assessment.score
8.1
vulnerability.davis_assessment.vulnerable_function_status
IN_USE
; NOT_AVAILABLE
; NOT_IN_USE
vulnerability.description
More detailed description about improper input validation vulnerability.
vulnerability.display_id
S-1234
vulnerability.external_id
SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646
vulnerability.external_url
https://example.com
vulnerability.first_seen
2023-03-22T13:19:36.945Z
vulnerability.id
2039861408676243188
vulnerability.is_fix_available
vulnerability.mute.change_date
2023-03-22T13:19:36.945Z
vulnerability.mute.comment
Muted because it's a false positive.
vulnerability.mute.reason
FALSE_POSITIVE
; IGNORE
; AFFECTED
; CONFIGURATION_NOT_AFFECTED
; OTHER
vulnerability.mute.status
MUTED
; NOT_MUTED
vulnerability.mute.user
user@example.com
vulnerability.parent.davis_assessment.assessment_mode
FULL
; NOT_AVAILABLE
; REDUCED
vulnerability.parent.davis_assessment.data_assets_status
NOT_AVAILABLE
; NOT_DETECTED
; REACHABLE
vulnerability.parent.davis_assessment.exposure_status
NOT_AVAILABLE
; NOT_DETECTED
; PUBLIC_NETWORK
; ADJACENT_NETWORK
vulnerability.parent.davis_assessment.level
LOW
; MEDIUM
; HIGH
; CRITICAL
; NONE
vulnerability.parent.davis_assessment.score
8.1
vulnerability.parent.davis_assessment.vulnerable_function_status
IN_USE
when there's at least one vulnerable function in use by an application.IN_USE
; NOT_AVAILABLE
; NOT_IN_USE
vulnerability.parent.first_seen
2023-03-22T13:19:36.945Z
vulnerability.parent.mute.change_date
2023-03-22T13:19:36.945Z
vulnerability.parent.mute.reason
FALSE_POSITIVE
; IGNORE
; AFFECTED
; CONFIGURATION_NOT_AFFECTED
; OTHER
vulnerability.parent.mute.status
MUTED
; NOT_MUTED
vulnerability.parent.mute.user
user@example.com
vulnerability.parent.resolution.change_date
2023-03-22T13:19:37.466Z
vulnerability.parent.resolution.status
OPEN
; RESOLVED
vulnerability.parent.risk.level
LOW
; MEDIUM
; HIGH
; CRITICAL
; NONE
vulnerability.parent.risk.score
8.1
vulnerability.previous.cvss.base_score
8.1
vulnerability.previous.davis_assessment.data_assets_status
NOT_AVAILABLE
; NOT_DETECTED
; REACHABLE
vulnerability.previous.davis_assessment.exploit_status
AVAILABLE
; NOT_AVAILABLE
vulnerability.previous.davis_assessment.exposure_status
NOT_AVAILABLE
; NOT_DETECTED
; PUBLIC_NETWORK
; ADJACENT_NETWORK
vulnerability.previous.davis_assessment.level
LOW
; MEDIUM
; HIGH
; CRITICAL
; NONE
vulnerability.previous.davis_assessment.score
8.1
vulnerability.previous.davis_assessment.vulnerable_function_status
IN_USE
; NOT_AVAILABLE
; NOT_IN_USE
vulnerability.previous.mute.change_date
2023-03-22T13:19:36.945Z
vulnerability.previous.mute.comment
Muted because it's a false positive.
vulnerability.previous.mute.reason
Muted: False positive
vulnerability.previous.mute.status
MUTED
; NOT_MUTED
vulnerability.previous.mute.user
user@example.com
vulnerability.previous.resolution.status
OPEN
; RESOLVED
vulnerability.previous.risk.level
LOW
; MEDIUM
; HIGH
; CRITICAL
vulnerability.previous.risk.score
8.1
vulnerability.references.cve
[CVE-2021-41079]
vulnerability.references.cwe
[CWE-20]
vulnerability.references.owasp
[2021:A3]
vulnerability.remediation.description
Upgrade component to version 1.2.3 or higher
vulnerability.resolution.change_date
2023-03-22T13:19:37.466Z
vulnerability.resolution.status
OPEN
; RESOLVED
vulnerability.risk.level
LOW
; MEDIUM
; HIGH
; CRITICAL
; NONE
vulnerability.risk.scale
Davis Security Score
vulnerability.risk.score
8.1
vulnerability.stack
CODE
; CODE_LIBRARY
; SOFTWARE
; CONTAINER_ORCHESTRATION
vulnerability.technology
JAVA
; DOTNET
; GO
; PHP
; NODE_JS
vulnerability.title
Improper Input Validation
vulnerability.type
Improper Input Validation
vulnerability.url
https://example.com
vulnerability.davis_assessment.assessment_mode
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
FULL
NOT_AVAILABLE
REDUCED
vulnerability.davis_assessment.data_assets_status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
NOT_AVAILABLE
NOT_DETECTED
REACHABLE
vulnerability.davis_assessment.exploit_status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AVAILABLE
NOT_AVAILABLE
vulnerability.davis_assessment.exposure_status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ADJACENT_NETWORK
NOT_AVAILABLE
NOT_DETECTED
PUBLIC_NETWORK
vulnerability.davis_assessment.level
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICAL
HIGH
LOW
MEDIUM
NONE
vulnerability.davis_assessment.vulnerable_function_status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IN_USE
NOT_AVAILABLE
NOT_IN_USE
vulnerability.mute.reason
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AFFECTED
CONFIGURATION_NOT_AFFECTED
FALSE_POSITIVE
IGNORE
OTHER
vulnerability.mute.status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
MUTED
NOT_MUTED
vulnerability.parent.davis_assessment.assessment_mode
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
FULL
NOT_AVAILABLE
REDUCED
vulnerability.parent.davis_assessment.data_assets_status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
NOT_AVAILABLE
NOT_DETECTED
REACHABLE
vulnerability.parent.davis_assessment.exposure_status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ADJACENT_NETWORK
NOT_AVAILABLE
NOT_DETECTED
PUBLIC_NETWORK
vulnerability.parent.davis_assessment.level
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICAL
HIGH
LOW
MEDIUM
NONE
vulnerability.parent.davis_assessment.vulnerable_function_status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IN_USE
NOT_AVAILABLE
NOT_IN_USE
vulnerability.parent.mute.reason
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AFFECTED
CONFIGURATION_NOT_AFFECTED
FALSE_POSITIVE
IGNORE
OTHER
vulnerability.parent.mute.status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
MUTED
NOT_MUTED
vulnerability.parent.resolution.status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
OPEN
RESOLVED
vulnerability.parent.risk.level
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICAL
HIGH
LOW
MEDIUM
NONE
vulnerability.previous.davis_assessment.data_assets_status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
NOT_AVAILABLE
NOT_DETECTED
REACHABLE
vulnerability.previous.davis_assessment.exploit_status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AVAILABLE
NOT_AVAILABLE
vulnerability.previous.davis_assessment.exposure_status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ADJACENT_NETWORK
NOT_AVAILABLE
NOT_DETECTED
PUBLIC_NETWORK
vulnerability.previous.davis_assessment.level
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICAL
HIGH
LOW
MEDIUM
NONE
vulnerability.previous.davis_assessment.vulnerable_function_status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IN_USE
NOT_AVAILABLE
NOT_IN_USE
vulnerability.previous.mute.status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
MUTED
NOT_MUTED
vulnerability.previous.resolution.status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
OPEN
RESOLVED
vulnerability.previous.risk.level
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICAL
HIGH
LOW
MEDIUM
NONE
vulnerability.resolution.status
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
OPEN
RESOLVED
vulnerability.risk.level
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICAL
HIGH
LOW
MEDIUM
NONE
vulnerability.stack
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CODE
CODE_LIBRARY
CONTAINER_ORCHESTRATION
SOFTWARE
vulnerability.technology
has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
DOTNET
GO
JAVA
NODE_JS
PHP
weblogic.cluster.name
OrderManagement2
weblogic.domain.name
CustomerManagementFulfillmentSvc
weblogic.home
/apps/infra/wls/bin/10.3.6_64/wlserver_10.3/server
weblogic.server.name
OrderManagement2Srv1
websphere.cell.name
srvwasapp1Cell01
websphere.cluster.name
CluApp1
websphere.node.name
nodeSrvApp2
websphere.server.name
SrvApp2
websphere_liberty.server.name
defaultServer
winlog.eventid
4624
; 1000
winlog.keywords
Classic
; Started
winlog.level
Critical
; Error
; Warrning
winlog.opcode
Info
; Download
winlog.provider
Avecto Service
; Security-SPP
winlog.task
5
; 12804
winlog.username
SYSTEM
; N/A
zos.address_space_id
1
; 296
zos.job_id
JOB12345
zos.job_name
CICSAOR0
; CTGATM00
; IMSCR15
zos.job_step_id
00000001
; 00000002
zos.lpar_name
S0W1
; ABCD
zos.sys_id
C259
; CICS
; IMSF
zos.transaction.call_type
CTG
zos.transaction.id
CEMT
; DTAX
; IVTNO
zos.transaction.job_name
CICSAOR0
; CTGATM00
; IMSCR15
zos.transaction.lpar_name
S0W1
; ABCD
zos.transaction.program_type
DLI_DB
; DLI_DC
; MQ
; DB2
zos.transaction.call_type
MUST be one of the following:
CTG
DPL
HTTP
IMS_CONNECT
IMS_CONNECT_API
ITRA
MQ
MSC
PGM_SWITCH
SDK
SHARED_QUEUE
SOAP
START
TTX
TX
ZOS_CONNECT
zos.transaction.program_type
MUST be one of the following:
DB2
DLI_DB
DLI_DC
MQ
cics.transaction.class_name
null
; DFHTCL00
cics.transaction.client.ip
194.232.104.141
; 2a01:468:1000:9::140
cics.transaction.client.port
65123
; 80
cics.transaction.path.name
/dtrouter
cics.transaction.system_id
C259
; CICS
cics.transaction.task_id
1234
cics.transaction.transaction_group_id
160dd5c5e3c44bc8e5c5c1c3f4f4f9df9fa2d8b049cb800000000000
cics.transaction.unit_of_work_id
15977055984148641282
; 15977055491352760323
cics.transaction.user_id
USER1
; anon
cics.transaction.wlm.reporting_service_class_name
null
; BAT_ATM
; RC_CICS
cics.transaction.wlm.service_class_name
null
; SYSSTC
; VEL15I5
cics.file.defining_region_name
C259
; CICS
cics.file.is_local
true
cics.file_name
EXMPCAT
; CICSFILE
ims.message.transaction.message.segment_count
1
; 5
ims.message.transaction.message.size
10
; 421
ims.message.transaction.terminal_name
HWSAM5ZD
; 10505
ims.message.transaction.unit_of_work_id
5981228500318430862871015129591113287966852300630664295044916520394057871645605888
; 5981112713529734741010744557477214433959078921583025076794253743298954785382793216
ims.message.transaction.user_id
USER1
; anon
ims.execution.transaction.commit_count
4
; 5
ims.execution.transaction.current_priority
1
; 5
ims.execution.transaction.execution_class
45
; 66
ims.execution.transaction.psb_name
HWSAM5ZD
; 10505
ims.execution.transaction.schedule_count
346613
; 421
ims.execution.transaction.unit_of_work_id
5981228500318430862871015129591113287966852300630664295044916520394057871645605888
; 5981112713529734741010744557477214433959078921583025076794253743298954785382793216
ims.connect.transaction.client.ip
194.232.104.141
; 2a01:468:1000:9::140
ims.connect.transaction.server.port
65123
; 80
ims.connect.transaction.user_id
USER1
; anon
ims.tm.resource.adapter.semantic_detection_version
1
ims.tm.resource.adapter.transaction.client.ip
194.232.104.141
; 2a01:468:1000:9::140
ims.tm.resource.adapter.transaction.client.port
65123
; 80
ims.tm.resource.adapter.transaction.commit_mode
0
ims.tm.resource.adapter.transaction.datastore_name
IMS1500
ims.tm.resource.adapter.transaction.interaction_verb
0
ims.tm.resource.adapter.transaction.lpar_name
S0W1
; ABCD
ims.tm.resource.adapter.transaction.sync_level
0
ims.tm.resource.adapter.transaction.commit_mode
MUST be one of the following:
0
1
ims.tm.resource.adapter.transaction.interaction_verb
MUST be one of the following:
0
1
3
4
5
6
7
ims.tm.resource.adapter.transaction.sync_level
MUST be one of the following:
0
1
zosconnect.api.description
API for the CICS catalog manager sample application
zosconnect.api.name
catalog
zosconnect.api.version
1.0.0
zosconnect.request.body.size
234
zosconnect.request.id
2215
zosconnect.response.body.size
125
zosconnect.service.description
EDUCHAN service using the CICS Service Provider
zosconnect.service.name
placeOrder
zosconnect.service.provider.name
CICS-1.0
zosconnect.service.version
2.0
zosconnect.sor.identifier
localhost:8080
zosconnect.sor.reference
cicsConn
zosconnect.sor.resource
01,DFH0XCMN
zosconnect.sor.type
CICS
zosconnect.request.type
MUST be one of the following:
ADMIN
API
SERVICE
UNKNOWN
zosconnect.sor.type
MUST be one of the following:
CICS
IMS
MQ
REST
WOLA