The following reference contains a list of global fields that have a well defined semantic meaning in Dynatrace and can be used across different monitoring types. The fields are organized in namespaces that are separated with dots.
The top level fields contain generally relevant information for all monitoring data
timestamp1649822520123123123timeframestart_timeend_time.1649822520123123123end_timestart_time.1649822520123123165durationstart_time and end_time in nanoseconds.42interval1 minadobe.em.env_typedev; stage; prodadobe.em.programadobe.em.serviceadobe.em.tierauthor; publish; previewOneAgent might aggregate spans that have the same parent span into a single span. The aggregated span contains attributes to indicate the aggregation and to allow reconstructing details.
For aggregated spans the start_time holds the earliest start_time, end_time holds the latest end_time of all aggregated spans.
aggregation.count3aggregation.duration_max482aggregation.duration_min42aggregation.duration_samples[42, 482, 301]aggregation.duration_sum123aggregation.exception_count0; 6aggregation.parallel_executiontrue indicates that aggregated spans may have been executed in parallel. Therefore, start_time + duration_sum may exceed end_time.apache.tomcat.base/usr/share/tomcat6apache.tomcat.home/usr/share/tomcat6apache.httpd.config.pathapache.httpd.module.namecore; proxyapache.spark.master.ipThe app namespace contains information on the application sending the event.
app.bundleapplicationId on Android.com.example.easytravelapp.ideasytravelapp.short_version5.23app.version5.23.15789; 143542The argocd namespace contains Argo CD specific deployment attributes.
argocd.app.health.statusHealthy; Progressing; Degraded; Missing; Suspended; Unknownargocd.sync.operation_state.outcomesuccessfully synced (no more tasks); Operation terminated (retried 4 times)argocd.sync.operation_state.phaseRunning; Succeeded; Error; Failedargocd.sync.statusSYNCED; OUT OF SYNC; UNKNOWNThe value is equal to the app.status.health.status value in Argo CD.
The value is equal to the app.status.operationState.message value in Argo CD.
The value is equal to the app.status.operationState.phase value in Argo CD.
The value is equal to the app.status.sync.status value in Argo CD.
The artifact namespace contains information about software artifacts.
artifact.attestation.filenameartifact.filename.carts-service-amd64-0.1.1.tar.gz.intoto.json1artifact.attestation.hashb4e370270ac4fe8d728b845ab8d190a7c931f09ff7b0156dd4d6abf797f1fe6aartifact.filenameartifact.id, but can contain the artifact.version and other data like file extension.carts-service-amd64-0.1.1.tar.gzartifact.hash6c323d126547f71fafb4bffa02cdc480fb284678644ef0b6c69029f051fe5137artifact.idcarts-serviceartifact.nameCarts serviceartifact.purlpkg:npm/%40dynatrace/backstage@2.0.0; pkg:deb/debian/curl@7.50.3-1?arch=i386&distro=jessieartifact.version0.1.1aspnetcore.appl.pathFields that can come from audit logs.
audit.actionAccess to Azure Resource Manager; New User Created; User added to Groupaudit.identityname.surname@example.comaudit.resultSucceeded; Failedaudit.statusStarted; In Progress; Succeeded; Failed; Active; Resolvedaudit.time16/01/2025, 10:34 AMAuthentication type and method used to login to a Dynatrace system.
authentication.client.iddt0s02.UZCK6ENL.2YQ2A3DZUEISRJSUU5544J3SC3TMPXSEEMNA5HK7RW54SJ6XKLYGMWJNKL7B2DNHauthentication.grant.typeAUTHORIZATION_CODE; CLIENT_CREDENTIALSauthentication.tokendt0c01.AM4SEYKIBROBEJ2N3HAXZ4IXauthentication.typeOAUTH2authentication.grant.type MUST be one of the following:
AUTHORIZATION_CODECLIENT_CREDENTIALSauthentication.type MUST be one of the following:
DEVOPSTOKENNONETOKENauthentication.client.id and authentication.token MUST follow the Dynatrace token format definition.
Specifically, authentication.client.id MUST be prefixed with dt0s02.
Information about entity availability. Sample usage is reporting hosts and PGI-s availability by OS Agent. Value of availability.state can be used for calculating aggregate availability (dividing count of "successful" requests by count of all requests). With constant frequency of requests it can be treated as a time-base availability, showing percentage of time that the monitored entity was available.
availability.stateupavailability.state has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
availableno_datano_data_agent_inactivereboot_gracefulreboot_ungracefulshutdown_hostunavailableunimportantunmonitored_agent_stoppedunmonitored_agent_uninstalledunmonitored_agent_upgradeupFields that can come from applications running on AWS.
aws.account.idpermission primary-field123456789012aws.account.nameexample.comaws.alb.namemy-albaws.arnarn:aws:lambda:us-east-1:478983378254:function:acceptanceWeatherBackendaws.availability_zoneus‑east‑1a; us‑east‑1baws.availability_zone.iduse1-az1; use1-az2; use1-az3aws.cloudfront.detailed_result_typeOriginShieldHit; MissGeneratedResponse; InvalidRequestaws.cloudfront.response.result_typeHit; Miss; LimitExceededaws.cloudfront.result_typeHit; Miss; LimitExceededaws.ecr.account.idaws.ecr.regionaws.ecs.clusteraws.ecs.container.arnarn:aws:ecs:us-west-2:111122223333:container/05966557-f16c-49cb-9352-24b3a0dcd0e1aws.ecs.container.nameaws.ecs.docker.idcd189a933e5849daa93386466019ab50-2495160603aws.ecs.docker.namecurl-imageaws.ecs.familyaws.ecs.revisionaws.ecs.task.arnarn:aws:ecs:us-west-2:111122223333:task/default/cd189a933e5849daa93386466019ab50aws.execution_environmentAWS_Lambda_java8aws.fle.fields_number12; 27aws.fle.statusFieldLengthLimitClientErroraws.lambda.function.nameaws.lambda.initialization_typesnap_startaws.log_group/aws/lambda/a-SomeFumction-1AWHD6W1QC5DHaws.log_stream2021/01/04/[$LATEST]b2e34f11da04232cb9f9d3d5799a5c12aws.regionprimary-fieldus-east-1aws.resource.idi-0922cda4579db3a45aws.resource.namemy-ec2-instanceaws.resource.typegroup; cluster; instanceaws.services3aws.tags.__tag_key____tag_key__ defined in the tag enrichment configuration.dt_owner_mailaws.fle.status MUST be one of the following:
FieldLengthLimitClientErrorFieldNumberLimitClientErrorForwardedByContentTypeForwardedByQueryArgsForwardedDueToNoProfileMalformedContentTypeClientErrorMalformedInputClientErrorMalformedQueryArgsClientErrorProcessedRejectedByContentTypeRejectedByQueryArgsRequestLengthLimitClientErrorServerErroraws.lambda.initialization_type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
on-demandprovisioned-concurrencysnap-startaws.kinesis.arnarn:aws:kinesis:us-east-2:123456789012:stream/MyKinesisStream; arn:aws:kinesis:us-west-2:123456789012:stream/MyKinesisStream/consumer/MyKinesisConsumer:1616044553aws.kinesis.consumer.arnarn:aws:kinesis:us-west-2:123456789012:stream/MyKinesisStream/consumer/MyKinesisConsumer:1616044553aws.kinesis.consumer.nameMyKinesisConsumeraws.kinesis.stream.arnarn:aws:kinesis:us-east-2:123456789012:stream/MyKinesisStreamaws.kinesis.stream.nameMyKinesisStreamaws.lambda.invoked_arnContext passed to the function (Lambda-Runtime-Invoked-Function-Arn response header from the request to /runtime/invocation/next).arn:aws:lambda:us-east-1:123456789012:function:acceptanceWeatherBackend:productionaws.request_idx-amzn-requestid, x-amzn-request-id, or x-amz-request-id HTTP header, awsRequestId field in AWS lambda context object).0e7bc729-a468-57e8-8143-98f2eec5c925aws.s3.bucketamzn-s3-demo-bucket; amzn-s3-demo-bucket1-a1b2c3d4-5678-90ab-cdef-example11111aws.s3.keyDevelopment/Projects.xls; Finance/statement1.pdf; s3-dg.pdfaws.s3.object_version3sL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUoaws.s3.part_number3456aws.s3.source.bucketamzn-s3-source-bucketaws.s3.source.keyFinance/statement1.pdfaws.s3.source.object_version3sL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUoaws.s3.upload_iddfRtDYWFbkRONycy.Yxwh66Yjlx.cph0gtNBtJaws.xray.trace_idx-amzn-trace-id HTTP header, _X_AMZN_TRACE_ID environment variable on AWS lambda)Root=1-63441c4a-abcdef012345678912345678; Self=1-63441c4a-12456789abcdef012345678;Root=1-67891233-abcdef012345678912345678Fields that can come from applications running on Azure.
azure.availability_zones[1]azure.class_nameHost.Functionsazure.container_app.dnssuffixredbeach-0f8a3e63.northeurope.azurecontainerapps.ioazure.container_app.hostnamekapitan-bomba-demo--nk4tc46.redbeach-0f8a3e63.northeurope.azurecontainerapps.ioazure.container_app.namekapitan-bomba-demoazure.container_app.replica.namekapitan-bomba-demo--nk4tc46-5d568c5df6-49px7azure.event_hub_namespace.namemy-event-hubazure.locationprimary-fieldwesteuropeazure.management_groupTenant Root Group; My Custom Groupazure.resource.grouppermission primary-fielddemo-backend-rgazure.resource.id/subscriptions/27e9b03f-04d2-2b69-b327-32f433f7ed21/resourceGroups/demo-backend-rg/providers/Microsoft.ContainerService/managedClusters/demo-aksazure.resource.namedemo-aksazure.resource.typeMicrosoft.ContainerService/managedClustersazure.service_bus_namespace.namemy-service-busazure.site_namedt-function-scriptedazure.sql_elastic_pool.namecontoso-elastic-poolazure.sql_server.namecontoso-sql-serverazure.subscriptionpermission primary-field27e9b03f-04d2-2b69-b327-32f433f7ed21azure.tags.__tag_key____tag_key__ defined in the tag enrichment configuration.dt_owner_mailazure.tenant.id37c4add3-612a-483d-8b24-cccbb35d3306azure.tenant.nameMyAzureTenantazure.vm.namemy-virtual-machineazure.vm_scale_set.namemy-vmssazure.vmid090556DA-D4FA-764F-A9F1-63614EDA019Abizflow.idbizflow.prioritycritical; high; medium; lowbizflow.urlFields that are integral to applications managed by BOSH.
bosh.availability_zoneus-east-1abosh.deployment.idcf-c32ffe771e4ad26b9711bosh.instance.namediego_databasebosh.instance_idaf318409-9e9d-4a18-aca4-0fb52bbdc526bosh.nameisolated_diego_cell_devimabosh.stemcell.version621.448The browser namespace contains information on the browser running an application.
browser.frame.idbrowser.frame.id is an 8-byte ID and hex-encoded if shown as a string.f76281848bd8288cbrowser.frame.parent_idbrowser.frame.parent_id is an 8-byte ID and hex-encoded if shown as a string.f76281848bd8288cbrowser.tab.idbrowser.tab.id is an 8-byte ID and hex-encoded if shown as a string.f76281848bd8288cbrowser.window.device_pixel_ratio1.0browser.window.height384browser.window.width2048browser.nameMozillabrowser.typedesktop; mobile; tablet; robot; otherbrowser.user_agentUser-Agent request header.Mozilla/5.0 (Windows NT 10.0; Win64; x64)browser.version5.0Span scoped attributes (e.g. method parameters, return values, class names, …) captured by the OneAgent based on a request attribute rule. The actual name of the attribute is the prefix "captured_attribute" plus the "request attribute name" defined in the request attributes configuration. In contrast to request attributes, captured attributes contain the raw values reported by the OneAgent at the location (i.e. on the active span) where they appeared. No aggregation (first/last value, distinct values, ...), type conversion or normalization is performed on them. They are the basis for request attributes.
captured_attribute.__attribute_name____attribute_name__ defined by the request attribute configuration. The values are mapped as an array according to the type of the captured attributes, so either boolean, double, long, or string. If the captured attributes have mixed types (e.g. long and string, or double and long, etc.), all attributes are converted to string and stored as string array.[42]; ['Platinum']; [32, 16, 8]; ['Special Offer', '1702']; ['18.35', '16']cassandra.cluster.nameThe cicd namespace contains information about Continuous Integration and Continuous Deployment systems.
cicd.deployment.id1337cicd.deployment.namedeploy frontend app; deploy cart servicecicd.deployment.namespacedefaultcicd.deployment.release_stagedevelopment; staging; productioncicd.deployment.server.url.fullhttps://kubernetes.default.svccicd.deployment.service.id92ba59d6-379e-4ffd-a67e-d544a9c24deacicd.deployment.statusfailed; succeededcicd.pipeline.id12345cicd.pipeline.nameCI pipeline for main branchcicd.pipeline.run.id9876cicd.pipeline.run.outcomesuccesscicd.pipeline.run.queued.duration1234cicd.pipeline.run.url.fullhttps://github.com/ACME/ACME-repo/actions/runs/9876cicd.pipeline.url.fullhttps://github.com/ACME/ACME-repo/actions/workflows/ci-build.ymlcicd.upstream_pipeline.id12345cicd.upstream_pipeline.run.id1337cicd.deployment.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
failedsucceededcicd.pipeline.run.outcome has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
cancelederrorfailureskippedsuccesstimed_outwarningThe client namespace contains information on the initiator of a network connection.
When observered from the server side, and when communicating through an intermediary,
client.ip and client.port typically represent the client information behind any intermediaries (such as proxies) if it's available.
client.addressclient.example.com; 10.1.2.80; [local]client.app.nameMS Outlookclient.ipsensitive-spans194.232.104.141; 2a01:468:1000:9::140client.ip.is_publictrueclient.ispInternet Service Provider Nameclient.port65123; 80Fields related to cloud deployments that can be used across different providers.
cloud.account.id111111111111; opentelemetrycloud.availability_zoneus-east-1acloud.provideralibaba_cloudcloud.regionus-east-1cloud.resource_idarn:aws:lambda:REGION:ACCOUNT_ID:function:my-function; //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID; /subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>The prefix of the service matches the one specified in cloud.provider.
cloud.platform MUST be one of the following:
alibaba_cloud_ecsalibaba_cloud_fcalibaba_cloud_openshiftaws_app_runneraws_ec2aws_ecsaws_eksaws_elastic_beanstalkaws_lambdaaws_openshiftazure_aksazure_app_serviceazure_container_instancesazure_functionsazure_openshiftazure_vmgcp_app_enginegcp_cloud_functionsgcp_cloud_rungcp_compute_enginegcp_kubernetes_enginegcp_openshiftibm_cloud_openshifttencent_cloud_cvmtencent_cloud_ekstencent_cloud_scfcloud.provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
alibaba_cloudawsazuregcpherokuibm_cloudtencent_cloudFields related to operations related to a cloud.
The cloud.target namespace provides information on the entity targeted by outgoing requests.
cloud.target.account.id111111111111; 984398786124cloud.target.provideralibaba_cloudcloud.target.regionus-east-1cloud.target.resource_idarn:aws:lambda:REGION:ACCOUNT_ID:function:my-function; //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID; /subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>cloud.target.provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
alibaba_cloudawsazuregcpherokuibm_cloudtencent_cloudThe cloud.origin namespace provides information on the entity from which incoming requests originate.
cloud.origin.account.id111111111111; 984398786124cloud.origin.provideralibaba_cloudcloud.origin.regionus-east-1cloud.origin.resource_idarn:aws:lambda:REGION:ACCOUNT_ID:function:my-function; //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID; /subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>cloud.origin.provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
alibaba_cloudawsazuregcpherokuibm_cloudtencent_cloudcloudfoundry.application.idcloudfoundry.application.namecloudfoundry.instance.indexcloudfoundry.space.idcloudfoundry.space.namecode.call_stackcode.function. The call stack starts with the code.function, and the stack frames are separated by a line feed.com.example.SampleClass.doProcessing(SampleClass.java) com.example.SampleClass.doSomeWork(SampleClass.java) com.example.SampleClass.main(SampleClass.java)code.filepath/usr/local/MyApplication/content_root/app/index.phpcode.functionserveRequestcode.invoked.filepathcode.filepath, only it represents the file path of the function that was active when a span has been started. Typically, it is the function that has been instrumented. It should only be set if it differs from code.filepath./usr/local/MyApplication/content_root/app/index.phpcode.invoked.functioncode.function, only it represents the function that was active when a span has been started. Typically, it's the function that has been instrumented. The spans duration does not reflect the duration of this function execution. It should only be set if it differs from code.function.invokecode.invoked.namespacecode.namespace, only it represents the namespace of the function that was active when a span has been started. Typically, it's the function that has been instrumented. It should only be set if it differs from code.namespace.com.sun.xml.ws.server.InvokerTube$2code.line.number1337code.namespacecode.function is defined. Usually, the qualified class or module name, such that code.namespace + some separator + code.function forms a unique identifier for the code unit.com.example.MyHttpServicecoldfusion.jvm.config.filecoldfusion.service.nameFor some technologies compilation of code might be a significant contributor to request execution time. Compilation timings provide insight into this, where available.
compilation_timings.compilation_countcompilation_timings.duration_sum.7compilation_timings.duration_sum6723compilation_timings.top_compilationscompilation_timings.duration_sum, represented as map from compilation unit name to duration in nanoseconds spent.{'/home/user/test/php/build/tmp/php-htdocs/memcached/memcachedCli.php': 1952, '/home/user/test/php/build/tmp/php-htdocs/curl_cli_uri_filtering.php': 1306}container.ida3bf90e006b2container.image.namegcr.io/opentelemetry/operatorcontainer.image.version0.1container.nameopentelemetry-autoconfCTG (shorthand for "CICS Transaction Gateway") is a connector for enterprise modernization of CICS assets. It empowers various application platforms, such as Java servlets, to incorporate CICS programs.
CICS (shorthand for "Customer Information Control System") is a middleware to support rapid, high-volume online transaction processing on IBM mainframe systems on z/OS. CTG features a client and a server, which communicate via so-called GatewayRequests.
ctg.request.call_type2ctg.request.commarea_length0ctg.request.extend_mode11ctg.request.flow_type5ctg.request.gateway_urltcp://1.2.3.4:5678/ctg.request.object_namectg.request.server_idIPICTESTctg.request.term_idCN02ctg.request.typeBASEctg.response.code-23The values are defined in the IBM CTG API source code.
ctg.request.type MUST be one of the following:
ADMINAUTHBASEECIEPIESIXAcustom_service.methodstartTask; run; authenticatecustom_service.nameMyCustomService; AuthenticationComponentdb.affected_item_count32db.collection.namecustomers; public.usersdb.connection_stringsensitive-spansjdbc:dynamodb:Access Key=XXX;Secret Key=XXX;Domain=amazonaws.com;Regiondb.cosmosdb.request_charge4.95; 2.0db.dynamodb.table_names[Cats, Dogs]db.namespacecustomers; test.usersdb.operation.namedrop; findAndModify; SELECT; PREPARE; GetItem; set; LPUSH; mutateIn; ReadItemsdb.query.parameterssensitive-spans[{'name': 'paul', 'age': '23'}, {'name': 'mary', 'age': '32'}]; [{'0': 'paul', '1': '23'}, {'0': 'mary', '1': '32'}]db.query.textSELECT * FROM wuser_table; SET mykey "WuValue"db.result.duration_max345db.result.duration_min123db.result.duration_sum234db.result.exception_count2db.result.execution_count12db.result.roundtrip_count2db.systemmongodb; mysqlDepending on the data provided on ingest, this attribute may be derived by e.g., parsing db.query.text. Parsing might fail, or the result might be inaccurate.
The value may be sanitized to exclude sensitive information.
db.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
adabascachecassandraclickhousecloudscapecockroachdbcoldfusioncosmosdbcouchbasecouchdbdb2derbydl/idynamodbedbelasticsearchfilemakerfirebirdfirstsqlgeodeh2hanadbhbasehivehsqldbinformixingresinstantdbinterbasemariadbmaxdbmemcachedmongodbmssqlmssqlcompactmysqlneo4jnetezzaopensearchoracleother_sqlpervasivepointbasepostgresqlprogressredisredshiftspannersqlitesybaseteradataverticadeployment.release_build_version2021-03-24deployment.release_productWoGo Maindeployment.release_stageproductiondeployment.release_version0.4.1The device namespace contains information on the device running an application. This should only be used for end-user devices or devices outside of a private infrastructure. In line with the naming conventions and guidelines, we are in this case adhering to the emerging Open Telemetry convention around this, with some additions.
device.battery.level100device.orientationlandscapedevice.orientation MUST be one of the following:
landscapeportraitdevice.is_rootedtrue, the device is rooted or jailbroken.falsedevice.manufacturerAppledevice.model.identifieriPhone3,4device.screen.height1152device.screen.width2048Fields describing a disk.
disk.all_mountpoints[/mnt/storage, /home, /var/log]disk.device_namesdadisk.mountpoint/mnt/storagedisk.remote_disk_id0; 16864135562327138441; 18446744073709551615db.dli.pcb3; MYPCBNAMdb.dli.pcb_typeDC; DL/I; F/Pdb.dli.processing_optionsGRdb.dli.segment_level3; 24db.dli.segment_namePARTROOTdb.dli.status_codeQCdb.dli.terminal_nameHWSAM5ZD; 10505db.dli.pcb_type MUST be one of the following:
DCDL/IF/Pdotnet.dll.filedotnet.dll.pathMetadata with ActiveGate realated information.
dt.active_gate.group.nameGdanskLabdt.active_gate.id0x0xef3d21c3dt.active_gate.module_nameautoupdatedt.active_gate.working_modeclusterdt.active_gate.working_mode MUST be one of the following:
clusterembeddedenvironmentmultitenantdt.active_gate.api_connector.config_id123; 9276dt.active_gate.api_connector.pipeline_identifierKubernetes/Topologydt.active_gate.api_connector.pipeline_statusfaileddt.active_gate.api_connector.technology_idKubernetes; CloudFoundry; AWS; Dynatrace Extension; Azuredt.active_gate.api_connector.pipeline_status MUST be one of the following:
failedskippedsucceededMetadata of the OneAgent module that reported a signal. These attributes are what one would also see in OneAgent Health.
dt.agent.module.id031f613871fab0b4; fc3cd1bb276f0beddt.agent.module.parent_idea89eef5db8b85a9dt.agent.module.typeapachedt.agent.module.version1.269.17.20221117-132428dt.agent.module.version_shortdt.agent.module.version's cardinality would be a problem1.269dt.agent.monitoring_modeDISCOVERYdt.agent.module.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
apachedotnetdumpprocextensionsgoiisjavalog_analyticsnetnettracernginxnodejsopentracingnativeosphppluginprocesspythonremote_pluginrubysdksupportupdatervarnishwsmbzdt.agent.monitoring_mode MUST be one of the following:
DISCOVERYFULL_STACKINFRASTRUCTUREFields defined in this namespace are used by Dynatrace to describe various aspects of events emitted by the AutomationEngine.
dt.automation_engine.action.appdynatrace.workflowsdt.automation_engine.action.functiontask_1dt.automation_engine.action_execution.id23e7b55a-884f-4497-8ad6-8d49d52b4348dt.automation_engine.action_execution.loop.indexdt.automation_engine.action_execution.retry.countdt.automation_engine.root_workflow.ide6388e3a-9db2-4226-9327-2ba86eaf12f7dt.automation_engine.root_workflow_execution.ida641fb59-4627-44cd-abaf-b68d86455a5bdt.automation_engine.stateIDLE; RUNNING; WAITING; SUCCESS; ERROR; CANCELLEDdt.automation_engine.state.is_finaldt.automation_engine.state is a final and immutable state or if further processing will happen.true; falsedt.automation_engine.state_infoERRORdt.automation_engine.task.nametask_1dt.automation_engine.task_execution.id6580d4af-6b1f-4e54-92fa-f47e94507acddt.automation_engine.throttle.limit1000dt.automation_engine.workflow.id26c0334e-a3e1-4585-8cd8-2d72742fe141dt.automation_engine.workflow.last_execution_state_fliptrue; falsedt.automation_engine.workflow.titleMy Workflowdt.automation_engine.workflow.typeSIMPLE; STANDARDdt.automation_engine.workflow_execution.id737a248b-d1cb-49a4-bf08-7d4c37dbfb1edt.automation_engine.workflow_execution.trigger.typeSchedule; Event; Workflow; Manualdt.automation_engine.workflow_execution.trigger.user.iddad18fa7-3c11-40a1-b760-1d8281bb5dccdt.automation_engine.workflow_execution.trigger.workflow_execution.id737a248b-d1cb-49a4-bf08-7d4c37dbfb1eAttributes defined in this namespace are used by Dynatrace to describe different aspects of the ingested data.
dt.da.aws.data_firehose.arnarn:aws:firehose:us-east-1:111110000111:deliverystream/tenantId-http-endpoint-direct-firehose-streamdt.da.aws.log_group/aws/lambda/a-SomeFumction-1AWHD6W1QC5DHdt.da.aws.log_stream2025/02/18/[$LATEST]12312312313123123123123123123123dt.da.aws.s3.bucket.nameaws-cloudtrail-logsdt.da.aws.s3.key.nameAWSLogs/111110000111/CloudTrail/us-east-1/2025/02/18/111110000111_CloudTrail_us-east-1_20250218T0000Z.json.gzdt.da.azure.event_hub.locationpolandcentraldt.da.azure.event_hub.namelogs-ingest-eventHub/logs-ingestdt.da.sourceaws-log-ingestdt.da.source has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
aws-log-ingestaws-metric-polleraws-metrics-ingestSome attributes are used in the context of the Davis engine.
These fields can be set in events to influence the Davis engine behavior.
dt.davis.analysis_time_budgetdt.davis.analysis_trigger_delaydt.davis.is_entity_remapping_alloweddt.davis.is_frequent_issue_detection_alloweddt.davis.is_merging_alloweddt.davis.is_problem_suppresseddt.davis.is_rootcause_relevantdt.davis.preferred_entity_typemy.custom.entity.typedt.davis.timeoutdt.event.correlation_tagcustom correlation tagsThese fields can be set by Davis routines.
dt.davis.anomaly_detection.alertdt.davis.anomaly_detection.anomalydt.davis.anomaly_detection.lowerdt.davis.anomaly_detection.upperdt.davis.forecast.lowerdt.davis.forecast.pointdt.davis.forecast.upperFields that can be expected on a Dynatrace span where endpoint detection was applied.
dt.endpoint_detection.rule_id4d76194c11a9426197a9062548f9e66eThe dt.enrichment namespace contains fields related to Dynatrace Apps and App-Functions that are used for security intelligence enrichment execution.
dt.enrichment.duration4000000000dt.enrichment.integration.connection.idvu9U3hXa3q0AAAABACNhcHA6ZHluYXRyYWNlLmFidXNlaXBkYjpjb25uZWN0aW9ucwAGdGVuYW50AAZ0ZW5hbnQAJDA0NzY2OTJhLTIzMDItMzdhOS05MTk5LTc1ZWI3M2MzNjYwMr7vVN4V2t6tdt.enrichment.integration.iddynatrace.abuseipdb; dynatrace.virustotaldt.enrichment.integration.method.idcheck-ip; enrich-observabledt.enrichment.result.is_cachedtrue; falseThe Dynatrace OneAgent associates monitoring data with a so called Monitored Entity ID (ME ID). On OneAgent monitored environments, whenever ME IDs are accessible within the monitored system they should be used to enrich monitoring data to facilitate correlations with data primarily addressed through ME IDs coming from other channels.
The structure for keys that signify entity IDs is dt.entity.{type of entity}.
The value associated with such a key must be valid Dynatrace entity identifier
(see Monitored entities API).
To allow linking Entity IDs across various different monitoring artifacts (logs, metrics, etc.), all string representations of Entity IDs are required to follow a canonical form, which for all current entities is defined as PREFIX-0123456789ABCDEF.
Consumers should treat the token as an opaque value and must not infer any semantics on the ID itself. Producers need to match the Entity ID that is being returned by Dynatrace Entity API verbatim.
Producers of string representation must treat the string as if it was parsed case-sensitively, even though some parts of the product may be more lenient.
The structure of the entity ID is currently as follows: <ID-NAMESPACE>-<16-digit-hex-string>. The <ID-NAMESPACE> is type specific but cannot be used to determine the actual entity type reliably, especially in cases of CUSTOM_DEVICE. The <16-digit-hex-string> needs to be zero-padded (prefix) to a length of 16 digits and must use upper case letters A-F.
Current entity IDs in cannonical form can be represented structurally with the following regular expression: [A-Z][A-Z_]*-[0-9A-F]{16}.
Additional characters or changes in the format may happen in the future but will not invalidate existing IDs or ID generation rules.
When adding a name to an entity ID via the Grail function entityName, by default, the name of the respective entity will be represented as dt.entity.{type of entity}.name. Similarly, further entity attributes can be added via the Grail function entityAttr, resulting in additional field(s) following the naming convention dt.entity.{type of entity}.{name of attribute}.
dt.entity.applicationentity-idAPPLICATION-DC92E74A7A844E6Edt.entity.aws_availability_zoneentity-idAWS_AVAILABILITY_ZONE-6000A4E2BD2AB971dt.entity.azure_regionentity-idAZURE_REGION-0DD5C79E4034F0AAdt.entity.azure_vmentity-idAZURE_VM-326478B733D6CFB0dt.entity.cloud_applicationentity-idCLOUD_APPLICATION-3AB5BBF3E09A7942dt.entity.cloud_application_instanceentity-idCLOUD_APPLICATION_INSTANCE-E0D8F94D9065F24Fdt.entity.cloud_application_namespaceentity-idCLOUD_APPLICATION_NAMESPACE-C61324AA70F57BCBdt.entity.container_groupentity-idCONTAINER_GROUP-7C2B1C24FFB288CBdt.entity.container_group_instanceentity-idCONTAINER_GROUP_INSTANCE-F4A1347110826781dt.entity.custom_applicationentity-idCUSTOM_APPLICATION-343A92501A51F286dt.entity.custom_deviceentity-idCUSTOM_DEVICE-E0D8F94D9065F24Fdt.entity.diskentity-idDISK-5472CBC1ED0981D6dt.entity.ec2_instanceentity-idEC2_INSTANCE-0004DD30F142D18Cdt.entity.external_synthetic_testentity-idEXTERNAL_SYNTHETIC_TEST-A140F3B85BCCBD1Adt.entity.external_synthetic_test_stepentity-idEXTERNAL_SYNTHETIC_TEST_STEP-A140F3B85BCCBD1Adt.entity.gcp_zoneentity-idGCP_ZONE-3699CB75E19C8505dt.entity.hostentity-idHOST-E0D8F94D9065F24Fdt.entity.host_groupentity-idHOST_GROUP-E7FBBCF7B1467174dt.entity.http_checkentity-idHTTP_CHECK-A140F3B85BCCBD1Adt.entity.http_check_stepentity-idHTTP_CHECK_STEP-A140F3B85BCCBD1Adt.entity.kubernetes_clusterentity-idKUBERNETES_CLUSTER-E0D8F94D9065F24Fdt.entity.kubernetes_nodeentity-idKUBERNETES_NODE-874C66B68CE15070dt.entity.kubernetes_serviceentity-idKUBERNETES_SERVICE-FE6E75BB9DF02347dt.entity.mobile_applicationentity-idMOBILE_APPLICATION-E8A8751A60D5BCE8dt.entity.multiprotocol_monitorentity-idMULTIPROTOCOL_MONITOR-A140F3B85BCCBD1Adt.entity.network_interfaceentity-idNETWORK_INTERFACE-FC7B4A5937FC125Cdt.entity.process_groupentity-idPROCESS_GROUP-E0D8F94D9065F24Fdt.entity.process_group_instanceentity-idPROCESS_GROUP_INSTANCE-E0D8F94D9065F24Fdt.entity.serviceentity-idSERVICE-57EC3CFC1FE72449dt.entity.service_methodentity-idSERVICE_METHOD-659B35CA9AAC96C1dt.entity.service_method_groupentity-idSERVICE_METHOD_GROUP-02000E1DB1CDAF9Fdt.entity.synthetic_locationentity-idSYNTHETIC_LOCATION-D140F3B85BCCBD1Adt.entity.synthetic_testentity-idSYNTHETIC_TEST-A140F3B85BCCBD1Adt.entity.synthetic_test_stepentity-idSYNTHETIC_TEST_STEP-A140F3B85BCCBD1AAdditional extension information sent via self-monitoring.
dt.extension.config.idvu9U3hXa3q0AAAABAAtleHQ6ZXh0LTA0MAAIYWdfZ3JvdXAAA0FHMQAkMjY2YTIyM2YtZDgxYi0zNTNjLThlYzctYzk2YzliZjg4OGQ3vu9U3hXa3q0dt.extension.dsSNMPTrapdt.extension.endpoint.hints[nat-test.lab.dynatrace.org, 1521, orc]dt.extension.namecom.snmptrap.genericdt.extension.statusAUTHENTICATION_ERRORdt.extension.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AUTHENTICATION_ERRORDEVICE_CONNECTION_ERROREEC_CONNECTION_ERRORGENERIC_ERRORINVALID_ARGS_ERRORINVALID_CONFIG_ERROROKUNKNOWN_ERRORAttributes used for Process Group enrichment in extensions.
Attributes defined in this namespace are used by Dynatrace to describe different aspects of the ingested data.
dt.ingest.debug_messages[MyATTribute mapped to myAttribute]dt.ingest.formatdtapi/json; otlp/protobufdt.ingest.size2005dt.ingest.warnings[attr_count_trimmed, content_trimmed]dt.ingest.format MUST be one of the following:
dtapi/jsondtapi/plaintextjournaldotlp/jsonotlp/protobufplaintextsyslogunknownwindowseventlogdt.ingest.warnings MUST contain only values from the following list:
content_trimmedcontent_trimmed_pipeattr_count_trimmedattr_count_trimmed_pipeattr_key_case_mismatchattr_key_trimmedattr_val_count_trimmedattr_val_count_trimmed_pipeattr_val_size_trimmedattr_val_size_trimmed_pipetimestamp_correctedcommon_attr_correctedprocessing_batch_timeoutprocessing_transformer_timeoutprocessing_transformer_errorprocessing_transformer_throttledprocessing_output_record_conversion_errorprocessing_prepare_input_errordt.cost.costcenterTeam Adt.cost.productProduct Adt.host_group.idpermission primary-fieldmyHostGroupdt.metrics.sourcetelegraf; com.dynatrace.extension.sql-oracledt.network_zone.idvpc-123dt.pg_detection.cluster.iddt.pg_detection.custom_entrydt.pg_detection.declarative.iddt.pg_detection.environment.idDT_ENVIRONMENT_ID environment variabledt.pg_detection.node.iddt.process_group.detected_nameApache Web Server httpd; Redis unguard-redis-* redisdt.security_contextpermissiondt.smartscape_source.idsmartscape-idK8S_CLUSTER-E0D8F94D9065F24F; AWS_LAMBDA_FUNCTION-E0D8F94D9065F24Fdt.smartscape_source.typeK8S_CLUSTER; AWS_LAMBDA_FUNCTIONdt.source_entityentity-idHOST-E0D8F94D9065F24F; PROCESS_GROUP_INSTANCE-E0D8F94D9065F24Fdt.source_entity.typedt.source_entity. Note, however, that the type identifiers are expected to be lowercased in alignment with suffixes of dt.entity.* keys.host; process_group_instance; cloud:azure:resource_groupThis is the framework used for capturing, processing and forwarding metrics, not the emitting monitored entity. Exemplary custom value: name of an extension sending metrics.
The value of this field will be based on one of dt.smartscape.<type> fields value. That means that both fields dt.smartscape_source.id and dt.smartscape.<type> will be set to the same ID.
The value of this field will be based on one of the dt.entity.<type> fields value. This means that both dt.source_entity and dt.entity.<type> fields will be set to the same ID.
dt.metrics.source has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
dynatrace_codemoduledynatrace_ingestdynatrace_osagentmicrometeroneagent_metric_apiopentelemetrystatsdtelegrafdt.maintenance_window_idsc715d677-eb1b-3e1b-8dbc-db06cad5b8ebdt.querytimeseries avg(dt.host.cpu.idle); fetch logsdt.raw_data{"content": "example record content"}Fields defined in this namespace are used by Dynatrace to describe various aspects of the data ingested through OpenPipeline, providing detailed insights into the ingestion process.
dt.openpipeline.pipelines[[logs:default], [logs:pipeline_haproxy_2656, bizevents:default]]dt.openpipeline.source/platform/ingest/v1/events; oneagentdt.openpipeline.source_typeotlp; oneagentdt.openpipeline.source_type MUST be one of the following:
apiaws_firehoseextensiononeagentotlpunknownThe dt.rum namespace contains Dynatrace RUM specific fields.
dt.rum.application.entityentity-idAPPLICATION-DC92E74A7A844E6E; MOBILE_APPLICATION-E8A8751A60D5BCE8dt.rum.application.idea7c4b59f27d43eb; 89b1a1e7-fe89-4151-81e9-410fa0235f0ddt.rum.browser.session_id4D3133F359A76AB05AAF39691696858Adt.rum.session.idHOPCPWKILUKHFHWRRQGBHHPAFLUJUOSH-0; 23626166142035610_1-0dt.rum.user_tagjohn.doe@dynatrace.comdt.rum.agent.typeandroiddt.rum.agent.version8.263.1; 9.293.2.1; 1.313.0.20250402-172634dt.rum.event.source.typeflutterdt.rum.instance.id3735928559; 1742973444821E7E6Q3E3SG28ATQPAGTT6T8HU92VFRFQdt.rum.schema_version0.1dt.rum.user_typereal_userdt.rum.agent.type MUST be one of the following:
androidiosjavascriptdt.rum.event.source.type MUST be one of the following:
flutterreact_nativedt.rum.user_type MUST be one of the following:
real_userrobotsyntheticThe dt.rum.invalid namespace is used for fields that are removed because of user event ingest validation.
For example, if the calculated web_vitals.largest_contentful_paint value would be less than 0, the value is copied over to dt.rum.invalid.web_vitals.largest_contentful_paint and web_vitals.largest_contentful_paint is removed.
Fields for referencing Settings 2.0 objects, schemas and scopes.
Although the dt.settings.object_id is enough to identify a specific settings value within a dynatrace environment, adding explicit information about the schema, scope and/or scope type can be useful nonetheless. If your use-case will only ever involve a single schema, scope type and/or scope, documenting this is good enough - if multiple schemas, scope types and/or scopes can be involved, filling the corresponding fields is strongly recommended.
dt.settings.references can be used if multiple settings objects need to be referenced. In that case, each entry in the array can hold a reference to a single settings object.
The top level fields contain generally relevant information for all monitoring data.
dt.settings.object_idvu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQdt.settings.object_summaryJourney Service all errors; Really, this can be anything; My alerting ruledt.settings.references[{'dt.settings.object_id': 'vu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQ', 'dt.settings.relationship': 'matched_rule'}, {'dt.settings.object_id': 'vu9U3hXa3q0AAAABAB9idWlsdGluOmRhdmlzLmFub21hbHktZGV0ZWN0b3JzAAZ0ZW5hbnQABnRlbmFudAAkMzM2NTc3MTgtYWNjYi0zOGY1LTlmOGUtMTg5NTBiYmNjNmRhvu9U3hXa3q0', 'dt.settings.relationship': 'triggered_alert'}]dt.settings.relationshipsnake_case) here that describe the relationship for your use-case.matched_rule; triggered_alertdt.settings.schema_idbuiltin:problem.notifications; app:dynatrace.jenkins:connectiondt.settings.schema_version1.0.0; 1.2.3dt.settings.scope_idenvironment; HOST-EFAB6D2FE7274823dt.settings.scope_namedeb-10-k3s-oi-01.lab.dynatrace.orgdt.settings.scope_typeenvironment; host_group; hostEntities stored in the Grail based Smartscape storage will coexist with classic entities. To ensure we can distinguish between classic IDs and Smartscape IDs, we use the dt.smartscape.* namespace to enrich entity IDs in signal data.
dt.smartscape.__type____type__ is a placeholder for any Smartscape type.smartscape-idK8S_CLUSTER-E0D8F94D9065F24FAdditional information about the attributes of a data point.
The dt.synthetic namespace contains Dynatrace synthetic specific fields.
dt.synthetic.batch.iddt.synthetic.location.missing_capabilitiesBROWSER; ICMPdt.synthetic.monitor.idHTTP_CHECK-6349B98E1CD87352dt.synthetic.monitored_entity_idsAPPLICATION-EA7C4B59F27D43EBdt.synthetic.request.targets127.0.0.1:22dt.synthetic.violated_entity_idsHTTP_CHECK-9349B98E1CD87352; HTTP_CHECK_STEP-6349B98E1CD87352The namespace dt.system is reserved for Grail. These fields cannot be ingested but instead will be set by Grail directly. Every record that is fetched from Grail provides these fields, but by default they are hidden. You can display them by using the fieldsAdd command.
Example query:
// display the bucket for each log recordfetch logs| fieldsAdd dt.system.bucket
dt.system.bucketdefault_logs; default_spans; default_bizeventsdt.system.environmentwkf10640dt.system.monitoring_sourcefullstack_host; infrastructuredt.system.sampling_ratio1dt.system.segment_id5d97c09e-7337-443e-bab5-2f0474804687dt.system.storage_interval1 mindt.system.tablelogs; bizeventsdt.system.monitoring_source MUST be one of the following:
discoveryfullstack_containerfullstack_hostinfrastructuremainframedt.system.storage_interval MUST be one of the following:
1 minFields defined in this namespace are used by Dynatrace to describe different aspects of the context propagation between spans.
dt.tracing.custom_link.id736bd2684696c4a8dt.tracing.custom_link.original_bytesycXlxUBAQEDee9lm8pBcA8nF5cVAQEBA3nvZZvKQXAPee9lm8s4SAQ==dt.tracing.custom_link.transformed_bytesycXlxUBAQEDee9lm8pBcA8nF5cVAQEBA3nvZZvKQXAPee9lm8s4SAQ==dt.tracing.custom_link.typedt.tracing.custom_link.original_bytes to the dt.tracing.custom_link.transformed_bytes was applied.genericdt.tracing.foreign_link.bytes00000004000000010000000200000003000000040000002300000001dt.tracing.foreign_link.textFW4;129;12;-2023406815;4539717;0;17;66;c511;2h02;3h12345678;4h676767; FW1;129;4711;59959450;-1859959450;3;17;0dt.tracing.link.directionoutgoingdt.tracing.link.iddt.tracing.link.is_synctrue indicates that the caller waits on the response. Only available on span links with dt.tracing.link.direction set to outgoing.dt.tracing.response.headers{'traceresponse': ['00-7b9e3e4068167838398f50017bfad358-d4ffc7e33530967a-01'], 'x-dt-tracestate': ['9651e1a8-19506b7c@dt']}dt.tracing.custom_link.type MUST be one of the following:
genericdt.tracing.custom_link.original_bytes have no special meaning.ibm_mqdt.tracing.custom_link.original_bytes are an IBM MQ custom link.ibm_mq_ignore_qnamedt.tracing.custom_link.original_bytes are an IBM MQ custom link, but the qname part should be ignored in mapping.dt.tracing.link.direction MUST be one of the following:
incomingoutgoingelasticsearch.cluster.nameelasticsearch.node.nameEndpoints define the public interface of services.
endpoint.namehttp.route or rpc.method. Endpoints are exclusively detected on request root spans.GET /; PUT /users/:userID?; GET /productpage; Reviews.GetReviewsequinox.config.pathThe error namespace contains general information on errors.
error.code-1; 3072error.csp_violation_count1error.display_nameerror.id.500: foo.bar/path/file; path/file:1:5error.dropped_exception_count1error.exception_count1error.http_4xx_counthttp.response.status_code of 400 - 499.1error.http_5xx_counthttp.response.status_code of 500 - 599.1error.http_other_counthttp.response.status_code of 0-99 or 600+ (undefined errors).1error.iderror.id is a 16-byte ID and hex-encoded if shown as a string.357bf70f3c617cb34584b31bd4616af8error.is_fataltrue, the error resulted in a fatal exit (for example, an unhandled exception). Otherwise this attribute should be omitted.trueerror.reasonno networkerror.sourcefetch; consoleerror.typerequesterror.reason has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
abortcspno_networktimeouterror.source has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
consoledocument_requestexceptionfetchpromise_rejectionxhrerror.type MUST be one of the following:
anrcrashcspexceptionreportedrequestesb.application.namemyBusinessApp; YourServiceApp; any_workesb.library.namemyWebServicesLib; YourMessagingLibrary; any_toolsesb.vendoribm; tibcoesb.workflow.namemyMessageFlow; YourBusinessWorkflow; any_flowThe event namespace contains common identification, categorization and context on events in Dynatrace.
event.categoryAvailabilityevent.descriptionThe current response time (11 s) exceeds the auto-detected baseline (767 ms) by 1,336 %event.end16481073970000event.group_labelAvailabilityevent.id5547782627070661074_1647601320000event.kindpermissionINFRASTRUCTURE_EVENT; DAVIS_EVENT; BIZ_EVENT; RUM_EVENT; AUDIT_EVENT; BILLING_USAGE_EVENTevent.nameProcess crashed; CPU Saturationevent.original_content{"severity_id": 3,"state_id": 1,"time": "2024-06-26T07:15:06.139000Z","state": "New","type_uid": 200101}event.outcome200; success; failureevent.parent_id5547782627070661074_1647601319999event.providerpermissionOneAgent; K8S; Davis; VMWare; GCP; AWS; LIMA_USAGE_STREAMevent.reasonuser is missing permission "logs.read"event.start16481073970000event.statusActiveevent.status_transitionRecoveredevent.typepermissionESXI_HOST_MEMORY_SATURATION; PROCESS_RESTART; CPU_SATURATION; MEMORY_SATURATION; Automation Workflow; AppEngine Functions - Smallevent.version1.0.0Values are either in title-case or screaming snake case.
event.category SHOULD be one of the following:
AvailabilityErrorSlowdownResource contentionWarningInfoVulnerability managementevent.status SHOULD be one of the following:
ActiveClosedevent.status_transition SHOULD be one of the following:
CreatedUpdatedRefreshedResolvedRecoveredClosedTimed outReopenedEvent properties are custom-defined key-value pairs. Dynatrace RUM captures event properties as part of each of your users' journeys to enrich user events.
event_properties.__property_name____property_name__ defined by the event and session property configuration. The data type of the value depends on the definition; default is data type string.42; valueexception.caused_by_idexception.id of the exception the current exception was caused by.exception.column_number12304exception.escapedtrue indicates that the exception was recorded at a point where it is known that the exception escaped the scope of the span.exception.file.domainexception.file.full.www.foo.barexception.file.fullhttps://www.foo.bar/path/main.js; main.jsexception.file.pathexception.file.full./path/main.jsexception.idexception.is_caused_by_roottrue if the exception is the first exception caused by the chain.exception.line_number1401exception.messageDivision by zeroexception.stack_trace@https://www.foo.bar/path/main.js:59:26 e@https://www.foo.bar/path/lib/1.1/lib.js:2:30315exception.typejava.net.ConnectException; OSErrorFields that can be expected from serverless functions or Function as a Service (FaaS) on various cloud platforms.
faas.max_memoryfaas.namemy-function; myazurefunctionapp/some-function-name; test_functionfaas.version14; 254This is the name of the function as configured/deployed on the FaaS platform and is usually different from the name of the callback
function (which may be stored in the code.namespace/code.function span attributes).
Value of the field depends on a cloud provider. This field is not set for Azure.
faas.coldstartfaas.document.collectionmy-coll-namefaas.document.namemy-file.jpg; 63eeb6e7d418cd98afb1c1d7faas.document.operationdeletefaas.document.time2020-03-08T00:30:12.456Zfaas.event.__key____key__ attribute in a Faas event represents the precise attribute name as received in the event. For example, it might be "faas.event.StackId" for the "StackId" attribute in an AWS CloudFormation event or "faas.event.IdentityPoolId" for the "IdentityPoolId" attribute in an AWS Cognito event. The value of this attribute is identical to the value received in the event.arn:aws:cloudformation:us-west-2:123456789012:stack/MyStack/1a2b3c4d-5678-90ab-cdef-EXAMPLE11111; eu-west-1:12345678-1234-1234-1234-123456789012faas.event_nameObjectCreated:Put (aws:s3); INSERT (aws:dynamodb)faas.event_sourceaws:cloudwatch; aws:cloudformationfaas.invoked_namemy-functionfaas.invoked_providercloud.provider resource attribute.alibaba_cloudfaas.triggerdatasourceRelevant only for faas.trigger=datasource trigger
Relevant only for faas.trigger=datasource trigger
Relevant only for faas.trigger=datasource trigger
The value of this attribute is specific to the service that generated the event.
Will be equal to the invoked function's cloud.region resource attribute.
faas.document.operation has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
deleteeditinsertfaas.invoked_provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
alibaba_cloudawsazuregcptencent_cloudfaas.trigger has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
datasourcehttpotherpubsubtimerFields that can be expected for a failure detection on a Dynatrace span. For more details and how failure detection is embedded in a span, see Dynatrace Span model.
dt.failure_detection.general_parameters_idid of the failure detection general parameters (failure detection v1) that were applied to that span (uid128).4d76194c11a9426197a9062548f9e66fdt.failure_detection.global_parameters_idid of the global failure detection parameters (failure detection v1) that were applied to that span (uid128).dt.failure_detection.global_rule_id.4d76194c11a9426197a9062548f9e66cdt.failure_detection.global_rule_idid of the global failure detection rule (failure detection v1) that was applied to that span (uid128).dt.failure_detection.global_parameters_id.4d76194c11a9426197a9062548f9e66bdt.failure_detection.http_parameters_idid of the failure detection HTTP parameters (failure detection v1) that were applied to that span (uid128).4d76194c11a9426197a9062548f9e66adt.failure_detection.resultsdt.failure_detection.ruleset_idid of the failure detection rule set (failure detection v2) that was applied to that span (uid128).4d76194c11a9426197a9062548f9e66eThe event name MUST be feature_flag.evaluation.
feature_flag.context.id5157782b-2203-4c80-a857-dbbd5e7761dbfeature_flag.keylogo-colorfeature_flag.provider.nameFlag Managerfeature_flag.result.reasonstatic; targeting_match; error; defaultfeature_flag.result.variantred; true; onfeature_flag.set.idproj-1; ab98sgs; service1/devfeature_flag.version1; 01ABCDEFA semantic identifier, commonly referred to as a variant, provides a means
for referring to a value without including the value itself. This can
provide additional context for understanding the meaning behind a value.
For example, the variant red maybe be used for the value #c05543.
feature_flag.result.reason MUST be one of the following:
cacheddefaultdisablederrorsplitstalestatictargeting_matchunknowngcp.app_engine.instancegcp.app_engine.servicegcp.cloud_run.servicegcp.instance.id6639848141313102286gcp.instance.namesingle-vm-testgcp.locationprimary-fieldeurope-west3-cgcp.organization.id123456789012gcp.organization.namedynatrace.comgcp.project.idpermission primary-fielddynatrace-gcp-extensiongcp.regioneurope-west3gcp.resource.name//cloudfunctions.googleapis.com/projects/gcp-example-project/locations/us-central1/functions/examplefunctiongcp.resource.typecloudsql_databasegcp.zoneeurope-west3-cFields that can come from applications running on AWS.
gen_ai.guardrail.idsensitive_data_guardrailgen_ai.guardrail.versionDRAFT; 5; 12345678gen_ai.operation.namechat; generate_content; text_completiongen_ai.prompt_cachingread; writegen_ai.provider.nameaws_bedrock; openaigen_ai.request.frequency_penalty0.4gen_ai.request.max_tokens50gen_ai.request.modelamazon.nova-micro-v1:0; anthropic.claude-3-7-sonnet-20250219-v1:0gen_ai.request.presence_penalty0.4gen_ai.request.stop_sequences[forest, lived]gen_ai.request.temperature0.8gen_ai.request.top_k300gen_ai.request.top_p0.6gen_ai.response.finish_reasons[["stop_sequence"], ["stop_sequence", "max_tokens"]]gen_ai.response.modelamazon.nova-micro-v1:0; anthropic.claude-3-7-sonnet-20250219-v1:0gen_ai.usage.input_tokens42gen_ai.usage.output_tokens42gen_ai.prompt_caching has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
readwriteThe geo namespace contains geo location information. This section only holds all currently agreed upon fields in the Dynatrace Semantic Dictionary. Aligned closely to the ECS, with some adaptions around field groupings
geo.city.nameMontrealgeo.continent.nameNorth Americageo.country.iso_codeCA; GBgeo.country.nameCanadageo.location.latitude45.505918geo.location.longitude-73.61483geo.region.nameQuebecglassfish.domain.nameglassfish.instance.namego.linkageFields describing a host.
Dynatrace aims to use the best fitting name for the field host.name. See below, how Dynatrace determines the host name in an ordered by precedence fashion:
Dynatrace supports customizing the host.name property. A custom set host name takes precedence over the auto detection mechanisms described further down.
oneagentctl tool can be used to set a custom host name. See Documentation for details.If no customized name is set locally, the OneAgent attempts to determine if we're deployed by Dynatrace Operator in Kubernetes or OpenShift and sets host.name to the name of the Node.
If the Kubernetes isn't present, the OneAgent attempts to determine the host.name value by accessing cloud metadata where applicable.
name (case insensitive) is found, the tag's value is used as the host.name.name (case insensitive) instance metadata property is used. See Microsoft Azure documentationhostname instance metadata property is used. See Google Cloud documentation.gethostname() if it can be interpreted as a fully qualified domain name (FQDN) and doesn't contain "localhost".getaddrinfo() for port 80 is issued, again sanity checking whether the returned name is an FQDN and doesn't contain "localhost".gethostname() was successful, and the returned string is not empty and doesn't contain "localhost", then it's used.EmptyHostName if neither property can be resolved.GetComputerNameExA is used to determine a host's name. In particular, the resulting name is composed of <hostname>.<domainname> with the following details
hostname = ComputerNameDnsHostname retrieved by GetComputerNameExdomainname = ComputerNameDnsDomain retrieved by GetComputerNameExGetComputerNameExA is used when it can be interpreted as a fully qualified domain name (FQDN).GetComputerNameExA is used when it's not empty.EmptyHostName if neither property can be resolved.host.fqdn[ec2-43-213-176-3.compute-1.amazonaws.com, localhost.example.com]host.ip[194.232.104.141, 2a01:468:1000:9::140]host.logical.cpu.cores8host.logical.cpus8host.mac4C:03:4F:5B:E8:89; 00:15:5D:2F:1C:2Ahost.namepermissionip-10-178-54-32.ec2.internalhost.physical.memory8141684736host.simultaneous.multithreading4host.virtual.cpus2http.request.body.size3495http.request.header.__key____key__ being the lowercase HTTP header name, for example "http.request.header.accept-encoding". The value is a string. If multiple headers have the same name or multiple header values, the values will be comma-separated into a single string.sensitive-spanshttps://www.foo.bar/; gzip, deflate, br; 1.2.3.4, 1.2.3.5http.request.idSOX4xwn4XV6Q4rgb7XiVGOHms_BGlTAC4KyHmureZmBNrjGdRLiNIQ==; k6WGMNkEzR5BEM_SaF47gjtX9zBDO2m349OY2an0QPEaUum1ZOLrow==http.request.methodGET; POST; HEADhttp.request.parameter.__key____key__ for example, "http.request.parameter.username". The value is a string. If there are multiple parameters with the same name or multiple parameter values, the values will be a single, comma-separated string.admin; premiumhttp.request.size114; 702http.response.body.size3495http.response.header.__key____key__ being the lowercase HTTP header name, for example, "http.response.header.content-type". The value is a string. If multiple headers have the same name or multiple header values, the values will be comma-separated into a single string.909; text/html; charset=utf-8; abc, defhttp.response.range_end_value499; 1999http.response.range_start_value0; 1000http.response.reason_phraseNot foundhttp.response.size251; 608http.response.time_to_first_byte0.022; 0.071http.route/users/:userID?; Home/Index/{id?}http.server_nameMyServer; localhost:8000hybris.bin.dir/opt/hybris-60/hybris/binhybris.config.dir/opt/hybris-60/hybris/confighybris.data.dir/opt/hybris-60/hybris/dataibm.ace.integration_node.namemyIntegrationNode; YourBroker; the_management_instanceibm.ace.integration_server.namemyIntegrationServer; YourExecutionGroup; dataflow_engineibm.cics.aoribm.cics.programEDUCHANibm.cics.regionibm.cics.toribm.ctg.nameibm.ims.connectibm.ims.controlibm.ims.mpribm.ims.soap_gw.nameiis.app_pool.nameiis.role.namejava.jar.filejava.jar.pathjava.main.classjava.main.modulejboss.homejboss.modeorg.jboss.as.standalone; org.jboss.as.serverjboss.server.namejdbc.connection.pool.namejdbc/db2journald.unitcron.service; oneagent.service; kubepods.slicek8s.cluster.namepermission primary-fieldunguard-dev; acme-prod10k8s.cluster.uid1c7a24c7-ff51-46e0-bcc9-c52637ceec57k8s.configmap.namemy-configmapk8s.container.namecontainer.name).redisk8s.cronjob.namemy-cronjobk8s.customresourcedefinition.namedynakubes.dynatrace.comk8s.daemonset.namemy-daemonsetk8s.deployment.namemy-deploymentk8s.deploymentconfig.namemy-deploymentconfigk8s.dynakube.namemy-dynakubek8s.edgeconnect.namemy-edgeconnectk8s.ingress.namemy-ingressk8s.job.namemy-jobk8s.namespace.namepermission primary-fielddefault; kube-systemk8s.namespace.uidbfb1ba44-3bcb-467d-a2dc-188fd74d1db5k8s.networkpolicy.namemy-networkpolicyk8s.node.namecluster-pool-1-c3c7423d-azthk8s.persistentvolume.namemy-persistentvolumek8s.persistentvolumeclaim.namemy-persistentvolumeclaimk8s.pod.namecheckoutservice-7895755b94-mzs5mk8s.pod.uid275ecb36-5aa8-4c2a-9c47-d8bb681b9affk8s.replicaset.namemy-replicasetk8s.replicationcontroller.namemy-replicationcontrollerk8s.secret.namemy-secretk8s.service.namemy-servicek8s.statefulset.namemy-statefulsetk8s.workload.kinddeployment; statefulset; cronjob; job; daemonset; replicasetk8s.workload.namecheckoutservicek8s.workload.uid786a41e4-e673-44bb-bb30-18888f797a2bk8s.namespace.annotation.__attribute_name__k8s.namespace.annotation.team=a_teamk8s.namespace.label.__attribute_name__k8s.namespace.label.env=devk8s.pod.annotation.__attribute_name__k8s.pod.annotation.team=a_teamk8s.pod.label.__attribute_name__k8s.pod.label.env=devk8s.workload.annotation.__attribute_name__k8s.workload.annotation.team=a_teamk8s.workload.label.__attribute_name__k8s.workload.label.env=devFields relevant for log events
log.file.namemessages; agent.loglog.file.path/var/log/messages; /var/log/dynatrace/agent.loglog.iostreamstdout; stderrlog.loggermain.logger; kafka.server.KafkaServerlog.raw_levelsilly; verboselog.source/var/log/messages; Windows Event Log; Docker Container Output; stdoutlog.source.originCUSTOM; IIS_LOG_DETECTORloglevelERROR; INFO; TRACEThe log.raw_level can vary in type depending on the log entry. It may be represented as a string in some cases or as an integer (for example, 30, 40, 50) in others.
Can contain, for example, a file path, standard output, or an URI etc., depending on the log stream type. The value should be stable for one logical source (for example, not affected by log file rotation digits).
log.iostream MUST be one of the following:
stderrstdoutlog.source.origin MUST be one of the following:
CONTAINER_LOG_DETECTORCUSTOM_LOGIIS_LOG_DETECTORJOURNALD_LOG_DETECTOROPEN_LOG_DETECTORSYSTEM_LOG_DETECTORloglevel MUST be one of the following:
ALERTCRITICALDEBUGEMERGENCYERRORFATALINFONONENOTICESEVERETRACEWARNmessaging.batch.message_count1; 2; 3messaging.client.idaclient; myhost@68d46b89c9-c29qcmessaging.consumer.group.namemy-group; indexermessaging.destination.kindqueue; topicmessaging.destination.partition.id1messaging.destination.temporarymessaging.message.body.size2738messaging.message.conversation_idMyConversationIdmessaging.message.header.__key____key__ being the message header/attribute name, for example, "messaging.message.header.ExtendedPayloadSize". The data type of the value depends on the attribute.1024, "my-eu-bucket-3", ["a", "b"]messaging.message.id452a7c7c7c7048c2f887f61572b18fc2messaging.operation.typepeekmessaging.source.kindqueue; topicmessaging.source.manager_nameMyBrokermessaging.source.nameMyQueue; MyTopicmessaging.source.temporarymessaging.destination.temporary.messaging.systemkafka; rabbitmqManager name uniquely identifies the broker.
Destination name uniquely identifies a specific queue, topic or other entity within the broker.
Manager name uniquely identifies the broker.
Source name uniquely identifies a specific queue, topic, or other entity within the broker.
messaging.destination.kind MUST be one of the following:
queuetopicmessaging.operation.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
peekspan.kind is "consumer").processspan.kind is "consumer").publishspan.kind is "producer").receivespan.kind is "consumer").messaging.source.kind MUST be one of the following:
queuetopicmessaging.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
activemqartemisaws_eventbridgeaws_snsaws_sqsazure_eventgridazure_eventhubsazure_servicebusgcp_pubsubhornetqjmskafkamqseriesmsmqrabbitmqrocketmqsag_webmethods_istibco_emsweblogicwebspheremessaging.akka.actor.kindsystem; usermessaging.akka.actor.path/system/log1-Logging$DefaultLogger; /remote/akka.tcp/RequesterSystem@localhost:52133/user/requestActor/$amessaging.akka.actor.systemRequesterSystem; ResponseSystemmessaging.akka.actor.typecom.acme.RespondingActormessaging.akka.message.typejava.lang.String; akka.event.Logging$Info2; com.acme.twosuds.ResponseActor$RequestMessagemessaging.kafka.message.keykey property of the message.mykeymessaging.kafka.message.tombstonetruemessaging.kafka.offset42If the message is a tombstone, the value is true. When missing, the value is assumed to be false.
In webserver technologies a multitude of modules might be contributing to handling a single web request. Module insights provides timings for these, where available.
module_insights.modules{'HttpRedirectionModule': 10299, 'BasicAuthenticationModule': 4665}These attributes may be used for any network related operation.
network.carrier.nameMagenta; AT&Tnetwork.connection.subtypenetwork.connection.type, such as the cellular or WI-FI technology.lte; 802.11xnetwork.connection.typecell; wifinetwork.protocol.version1.1; 3.1.1network.connection.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
cellunavailableunknownwifiwirednetwork.transport has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
inprocotherpipetcpudpunixSignals that there is only in-process communication not using a "real" network protocol in cases where network attributes would typically be expected. Usually, all other network attributes can be left out.
network.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ipv4ipv6Fields that are used in extensions to describe network devices.
device10.102.0.45:161device.address10.102.0.45device.nameAT1i-WLC-TestingLab.dynatrace.orgdevice.port161Fields relevant for network flows
network_flow.bytes.rxnetwork_flow.bytes.txnetwork_flow.destination.address192.33.1.2; 2001:0db8:85a3:0000:0000:8a2e:0370:7334network_flow.destination.port22; 8080network_flow.directionSrcIsClientnetwork_flow.network.transportTCP; other; UDPnetwork_flow.network.typeIPV4network_flow.packets.retransmitted.base.rxnetwork_flow.packets.retransmitted.base.txnetwork_flow.packets.retransmitted.rxnetwork_flow.packets.retransmitted.txnetwork_flow.packets.rxnetwork_flow.packets.txnetwork_flow.source.address192.33.1.2; 2001:0db8:85a3:0000:0000:8a2e:0370:7334network_flow.tcp.rttnetwork_flow.tcp.rtt.acknetwork_flow.tcp.sessions.newnetwork_flow.tcp.sessions.resetnetwork_flow.tcp.sessions.timeoutnetwork_flow.direction has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
SrcIsClientSrcIsServerUNKNOWNnetwork_flow.network.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IPV4IPV6nodejs.app.base.dirnodejs.app.namenodejs.script.nameFields that can come from applications running on OpenStack.
openstack.availability_zoneus-east-1aopenstack.instance_uuid6790cb48-f8e9-4773-bcea-001469de0599The origin of a request associated with this event.
origin.address10.11.12.13origin.sessionnode0hfzncorigin.typeREST; LOCALorigin.x_forwarded_for1.2.3.4origin.type MUST be one of the following:
LOCALRECOVERYRESTThe os namespace contains information on the operating system running an application.
os.architectureX86os.nameiOSos.typeLINUX; WINDOWSos.version15.3.1; Ubuntu 16.04.7 LTS (Xenial Xerus) (kernel 4.15.0-206-generic); Windows Server 2022 Datacenter 21H2 2009, ver. 10.0.20348otel.scope.nameInstrumentationScope.Name in OTLP).io.opentelemetry.contrib.mongodbotel.scope.versionInstrumentationScope.Version in OTLP).1.0.0The page namespace contains information on the web page of an event.
page.background_time0page.detected_namepage.url.full.#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6epage.foreground_time900000000page.idpage.id is an 8-byte ID and hex-encoded if shown as a string.f76281848bd8288cpage.namepage.detected_name.#dashboard;id=<uuid>page.prerender_time0page.source.url.domainpage.source.url.full.www.foo.barpage.source.url.fragmentpage.source.url.full.#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2hpage.source.url.fullscheme://host[:port]/path[?query][#fragment]. This value is captured using document.referrer and may be missing or incomplete.https://www.foo.bar/path?q=value#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2hpage.source.url.pathpage.source.url.full./pathpage.source.url.querypage.source.url.full.q=valuepage.source.url.schemepage.source.url.full.https; httppage.titledocument.title property.FooBar - Titlepage.url.domainpage.url.full.www.foo.barpage.url.fragmentpage.url.full.dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2hpage.url.fullscheme://host[:port]/path[?query][#fragment].https://www.foo.bar/path?q=value#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2hpage.url.pathpage.url.full./pathpage.url.querypage.url.full.q=valuepage.url.schemepage.url.full.https; httpphp.cli.script.pathphp.cli.working.dirphp.drupal.application.namephp.fpm.pool.namephp.symfony.application.namephp.wordpress.blog.namepostgresql.session.id00112233-4455-6677-8899-aabbccddeeffPrimary Grail tags are a small set of important, customer-selected tags—such as Kubernetes labels, AWS/Azure tags, or key organizational attributes—that Dynatrace automatically attaches to all raw telemetry data at ingest, using the primary_tags.* prefix. This enrichment enables fast, consistent filtering, grouping, and permission management across all data, without complex joins or proprietary tagging rules. Primary Grail tags are centrally configured and ensure that cloud-native and business-relevant metadata is always available for queries, dashboards, and access control.
primary_tags.__key____key__ is populated with the tag name, for example, primary_tags.ownership. In case of single-value tags, the value is a string. In case of multi-value tags, the value is an array of strings.team-alpha; team-bravoprocess.bitness64process.containerizedprocess.executable.nameName in proc/[pid]/status. On Windows, can be set to the base name of GetProcessImageFileNameW.otelcolprocess.executable.pathproc/[pid]/exe. On Windows, can be set to the result of GetProcessImageFileNameW./usr/bin/cmd/otelcolprocess.listen_ports50000; 50001; 50002; 50003process.metadataNODE_JS_APP_BASE_DIRECTORY:C:/home/site/wwwrootprocess.pid1234rabbitmq.function.arityrabbitmq.function.name takes.2; 5rabbitmq.function.namerabbitmq.module.name that generated the log entry.start_it; mainrabbitmq.module.namerabbit; my_modulerabbitmq.pid0.58.0; 1.20.4The react_native namespace contains information on React Native details of an event.
react_native.bundle.nameRNBundleNamereact_native.bundle.version0.0.1redis.roleCredis.role MUST be one of the following:
CMRXrequest.is_failedrequest.is_root_spanRequest scoped attributes (e.g. method parameters, return values, class names, …) captured by the OneAgent based on a request attribute definition. The actual name of the attribute is the prefix "request_attribute" plus the "request attribute name" defined in the request attributes configuration. Request attributes are built based on captured attributes and other attributes like HTTP header values or "normal" span attributes, on which the aggregations (first/last value, distinct values, ...), type conversion and normalizations defined in the request attribute configuration are performed. They are evaluated for an entire request (possibly consisting of multiple spans) and are stored only on the request root node.
request_attribute.__attribute_name____attribute_name__ defined by the request attribute configuration. The data type of the value depends on the request attribute definition.sensitive-spans42; Platinum; ['Product A', 'Product B']; ['Special Offer', '1702']rpc.namespacetempuri.orgrpc.servicemyservice.EchoServicerpc.systemapache_cxf; dotnet_wcf; grpc; jax_wsThis is the logical name of the method from the RPC interface perspective, which can be different from the name of any implementing method/function. The code.function attribute may be used to store the latter (e.g., method executing the call on the server side, RPC client stub method on the client side).
This is the logical name of the service from the RPC interface perspective, which can be different from the name of any implementing class. The code.namespace attribute may be used to store the latter (despite the attribute name, it may include a class name, e.g., class with method executing actually executing the call on the server side, RPC client stub class on the client side).
rpc.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
apache_axisapache_cxfapache_winkaws_apidotnet_remotingdotnet_wcfgrpcjava_rmijax_wsjbossjerseyopenedgeresteasyrestletspring_wstibco_wsweblogic_wswebmethodsThe server namespace contains information on the responder of a network connection.
server.addressexample.comserver.port65123; 80server.resolved_ipsserver.address.[194.232.104.141, 2a01:468:1000:9::140]service.nameshoppingcartservlet.context.nameservlet.context.pathSession properties are custom-defined key-value pairs. Dynatrace RUM captures session properties as part of each of your users' journeys to enrich user sessions.
session_properties.__property_name____property_name__ defined by the event and session property configuration. The data type of the value depends on the definition; default is data type string.42; valueFields that are used in SNMP extensions.
trap_oidSNMPv2-MIB::coldStartversionSNMPv3softwareag.install.rootsoftwareag.product.prop.namespan.alternate_parent_idspan.id of this span's parent span. If a trace is monitored by more tracing systems (for example, OneAgent and OpenTelemetry), there might be two parent spans. If the two parent spans differ, span.parent_id holds the ID of the parent span originating from same tenant of the span while span.alternate_parent_id holds the other parent span ID. The span.alternate_parent_id is an 8-byte ID and hex-encoded if shown as a string.f76281848bd8288cspan.eventsspan.exit_by_exception_idexception.id of the exception the its span.events with the current span exited. The referenced exception has set the attribute exception.escaped to true.span.idspan.id is an 8-byte ID and hex-encoded if shown as a string.f76281848bd8288cspan.is_exit_by_exceptiontrue if an exception exited the span. If set to false, the span has exception events, but none exited the span.span.is_subroutinetrue, it indicates that this span is a subroutine of its parent span. The spans represent functions running on the same thread on the same call stack.span.kindserverspan.linksspan.nameprepareOrderItemsAndShippingQuoteFromCart; org.example.CheckoutService/PlaceOrder; orders process; GET /products/{product_id}; HTTP POSTspan.parent_idspan.id of this span's parent span. The span.parent_id is an 8-byte ID and hex-encoded if shown as a string.f76281848bd8288cspan.status_codeunset.errorspan.status_messagespan.status_code is error.Connection closed before message completed; Error sending request for urlspan.timing.cpuspan.timing.cpu_selfspan.kind MUST be one of the following:
clientconsumerproducer request.internallinkproducerserverspan.status_code MUST be one of the following:
errorokspan_event.nameexceptionspan_event.name has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
bizeventexceptionfeature_flagLanguage Independent Interface Types For OpenTelemetry
spring.profile.namespring.startup.classDisk
storage.disk.encryptedstorage.disk.fstypeext4; btrfsstorage.disk.knamesdastorage.disk.modelbaracudastorage.disk.mountpoint/mnt/disk1storage.disk.other-mountpoints[/home/user1/mydisk, /opt/volume1]storage.disk.path/dev/sdastorage.disk.read-onlystorage.disk.removablestorage.disk.serial1234-56789storage.disk.typedisk; hardware raidstorage.disk.vendorseagatePartition
storage.partition.encryptedstorage.partition.fstypeext4; btrfsstorage.partition.knamesda1storage.partition.mountpoint/mnt/diskAstorage.partition.other-mountpoints[/home/user1/mydiskA, /opt/volumeA]storage.partition.path/dev/sda1storage.partition.read-onlystorage.partition.removablestorage.partition.typepartitionVolume
storage.volume.display-namevg0-lv1; vg1-lv2; my-volumestorage.volume.fstypeext4; btrfsstorage.volume.knamedm-1; dm-2; dm-5storage.volume.mountpoint/mnt/diskAstorage.volume.other-mountpoints[/home/user1/mydiskA, /opt/volumeA]storage.volume.path/dev/mapper/vg0-lv1storage.volume.read-onlystorage.volume.removablestorage.volume.typelvmSoftware RAID
storage.software-raid.encryptedstorage.software-raid.fstypeext4; btrfsstorage.software-raid.knamemd0; md1; md3storage.software-raid.mountpoint/mnt/diskAstorage.software-raid.other-mountpoints[/home/user1/mydiskA, /opt/volumeA]storage.software-raid.parentmd0storage.software-raid.path/dev/md0storage.software-raid.read-onlystorage.software-raid.removablestorage.software-raid.typeraid0, raid10subtrace.id95efd70fcdb5b7b3; 96835e1d65490b48subtrace.is_root_spanAdditional information about the attributes of a data point.
supportability.alr_sampling_ratiosupportability.alr_sampling_ratio would be 8 and the numerator is 1.8supportability.atm_sampling_ratiosupportability.atm_sampling_ratio would be 16 and the numerator is 1.16supportability.custom_service.rule_id4d76194c11a9426197a9062548f9e66esupportability.dropped_attributes_count1supportability.dropped_events_count1supportability.dropped_http_request_headers_counthttp.request.header.__key__ that were discarded.1supportability.dropped_http_request_parameters_counthttp.request.parameter.__key__ that were discarded.1supportability.dropped_links_count1supportability.flaws[C4, S3, A2]supportability.non_persisted_attribute_keys["my_span_attribute", "db.name"]supportability.original_start_timestart_time attribute was truncated. Truncating the start time is technically required for long running spans that have a start time older than three days in the past.1649822520123123123supportability.serverid.addresseesupportability.serverid.processing.5supportability.serverid.processing5Span sensor rules used during ingestion of OpenTelemetry/OpenTracing spans by instrumentation of the OpenTelemetry/OpenTracing Apis are applied at span start time. Therefore these rules can only operate on span attributes given at span start time.
The value at span start time of attributes captured by this instrumentation is preserved to allow proper rule configuration.
supportability.span_start.__key____key__ is a placeholder for the actual attribute name. The data type of the value depends on the attribute.5, "initial", ["a", "b"]supportability.span_start.attribute_namessupportability.span_start.span.nameGETThe telemetry.sdk.* fields are used to describe the telemetry SDK in OpenTelemetry or ODIN ingest. It can be considered the closest equivalent of ODIN/OTel data to dt.agent.module.*.
The telemetry.exporter.* fields are used to define the exporter that exports telemetry data and is expected to be different for each exporter in case when multiple exporters co-exist.
telemetry.exporter.nameodintelemetry.exporter.package_version1.285.1telemetry.exporter.version1.285.1.20240101-256988telemetry.sdk.languagenodejs; python; javatelemetry.sdk.nameodin; opentelemetrytelemetry.sdk.version1.20.0thread.id42thread.namemainthread.pool.nameWorkerThreadPooltibco.businessworks.app.node.nametibco.businessworks.app.space.nametibco.businessworks.domain.nametibco.businessworks.hometibco.businessworks.property.file.nametibco.businessworks.property.file.pathtibco.businessworks_ce.app.nametibco.businessworks_ce.versionThe time_correction namespace contains information on time corrections applied to the timestamps of an event, for example, start_time, timestamp or event.end.
Time corrections may be necessary if events are reported with timestamps that are completely off compared to cluster time. For example, Dynatrace RUM reported data can be off depending on client time.
time_correction.is_appliedtrue, time correction has been applied to the event's timestamps.falsetime_correction.offset127927969312tls.cipherTLS_RSA_WITH_3DES_EDE_CBC_SHA; TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256tls.protocol.namessl; tlstls.protocol.version1.2; 3trace.alternate_idtrace.alternate_id is a 16-byte ID and hex-encoded if shown as a string.357bf70f3c617cb34584b31bd4616af8trace.idtrace.id is a 16-byte ID and hex-encoded if shown as a string.357bf70f3c617cb34584b31bd4616af8trace.is_sampledtrue, the trace is recorded. If set to false, the trace is ignored.trace.statef4fe05b2-bd92206c@dt=fw4;3;abf102d9;c4592;0;0;0;2ee;5607;2h01;3habf102d9;4h0c4592;5h01;6h5f9a543f1184a52b1b744e383038911c;7h6564df6f55bd6eae,apmvendor=boo,foo=barThe url namespace contains semantic conventions for URL and its components.
url.domainwww.foo.bar; google.com; wikipedia.orgurl.fragmentSemConvurl.fullsensitive-spanshttps://www.foo.bar/docs/search?q=OpenTelemetry#SemConvurl.path/docs/searchurl.port443; 80url.providerurl.full. This information is determined by Dynatrace RUM resource detection.third_partyurl.querysensitive-spansq=OpenTelemetryurl.schemehttps; ftp; telneturl.truncated_pathhttp.route. The truncation logic depends on the technology and is a best effort to provide a stable value. Example Adobe Experience Manager (AEM): First two parts of url.path. Truncated value of /content/wknd/us/en/ is /content/wknd./docsurl.provider MUST be one of the following:
cdnfirst_partythird_partyRepresentation of a physical or logical user.
user.emailuser@mail.comuser.id35ba9499-f87c-4047-962c-14dc32e255e5; systemuser.nameWolfgang Amadeus Mozart; Systemuser.organizationDYNATRACE; CUSTOMER; PARTNERuser.organization MUST be one of the following:
CUSTOMERDYNATRACEPARTNERuser.organization MUST be one of the following:
DYNATRACECUSTOMERPARTNERThe vcs namespace contains information about Version Control Systems.
vcs.change.id1234vcs.change.statewip; open; reopened; closed; mergedvcs.change.titleCA-1234: Fix some stuff; [chore] update dependencyvcs.change.url.fullhttps://github.com/dynatrace-oss/terraform-provider-dynatrace/pull/20vcs.line_change.typeadded; removedvcs.ref.base.namemy-branch-namevcs.ref.base.revisiond4322ab6cba38d21ad83c9de304a6a214ecf2cdc; main; 1337vcs.ref.head.namemy-branch-namevcs.ref.head.revisiond4322ab6cba38d21ad83c9de304a6a214ecf2cdc; main; 1337vcs.ref.typebranch; tagvcs.repository.namedynatrace-configuration-as-codevcs.repository.url.fullhttps://github.com/dynatrace-oss/terraform-provider-dynatracevcs.revision_delta.directionahead; behindThe base name refers to the starting point of a change. For example, if a feature branch was created from main,
main is the base reference of type branch.
The base revision refers to the starting revision of a change. For example, if a branch was created from a certain commit, this commit is the base revision.
The base type refers to the reference type of the starting point of a change. For example,
if a feature branch was created from the main branch, branch is the base reference's type.
The head name refers to the current reference's name. For example,
if main is currently checked out, the head name is main.
The head revision refers to the currently referenced revision.
The head type refers to the currently referenced type in the repository. For example,
if the main branch is currently checked out, the head reference is of type branch.
Be aware that the repository name might clash with forked repositories.
For Git VCS, this should not include the .git URL suffix.
vcs.change.state has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
closedmergedopenreopenedclosed and is ready for review again.wipvcs.line_change.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
addedremovedvcs.ref.base.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
branchtagvcs.ref.head.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
branchtagvcs.ref.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
branchtagvcs.revision_delta.direction has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
aheadbehindThe view namespace contains information on the view of a user event.
view.background_time0view.detected_nameview.url.full. Not applicable for OneAgent for Mobile.#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6eview.foreground_time900000000view.idview.id is an 8-byte ID and hex-encoded if shown as a string.f76281848bd8288cview.nameview.detected_name for user events reported by RUM JavaScript.#dashboard;id=<uuid>; LoginActivityview.prerender_time0view.sequence_number1view.source.detected_nameview.detected_name value of the previous view. Not applicable for OneAgent for Mobile.#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6eview.source.idf76281848bd8288cview.source.nameview.name value of the previous view. Not supported by OneAgent for Mobile.#dashboard;id=<uuid>view.source.url.domainview.source.url.full.www.foo.barview.source.url.fragmentview.source.url.full.#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2hview.source.url.fulllocation.href of the previous view. This is the full URL provided in the format scheme://host[:port]/path[?query][#fragment]. Not applicable for OneAgent for Mobile.https://www.foo.bar/path?q=value#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2hview.source.url.pathview.source.url.full./pathview.source.url.queryview.source.url.full.q=valueview.source.url.schemeview.source.url.full.https; httpview.url.domainview.url.full.www.foo.barview.url.fragmentview.url.full.dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2hview.url.fulllocation.href at the time of the event. This is the full URL provided in the format scheme://host[:port]/path[?query][#fragment]. Not applicable for OneAgent for Mobile.https://www.foo.bar/path?q=value#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2hview.url.pathview.url.full./pathview.url.queryview.url.full.q=valueview.url.schemeview.url.full.https; httpFields that can come from applications running on VMware.
vmware.datacenter.namesrvwasapp1Cell01vmware.disk.namesrvwasapp1Cell01vmware.hypervisor.namemy-hypervisor.lab.dynatrace.orgvmware.nic.namevmnic0; vmnic1; vmnic2vmware.vcenter.namemy-vcenter.lab.dynatrace.orgvmware.vm.nameeasytravel-demovulnerability.code_location.nameorg.dynatrace.profileservice.BioController.markdownToHtml(String):80vulnerability.cvss.base_score8.1vulnerability.cvss.version3.1; 4.0vulnerability.davis_assessment.assessment_modeFULL; NOT_AVAILABLE; REDUCEDvulnerability.davis_assessment.assessment_mode_reasons[LIMITED_BY_CONFIGURATION, LIMITED_AGENT_SUPPORT]vulnerability.davis_assessment.data_assets_statusNOT_AVAILABLE; NOT_DETECTED; REACHABLEvulnerability.davis_assessment.exploit_statusAVAILABLE; NOT_AVAILABLEvulnerability.davis_assessment.exposure_statusNOT_AVAILABLE; NOT_DETECTED; PUBLIC_NETWORK; ADJACENT_NETWORKvulnerability.davis_assessment.levelLOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.davis_assessment.score8.1vulnerability.davis_assessment.vulnerable_function_statusIN_USE; NOT_AVAILABLE; NOT_IN_USEvulnerability.descriptionMore detailed description about improper input validation vulnerability.vulnerability.display_idS-1234vulnerability.exploit.statusAVAILABLE; NOT_AVAILABLEvulnerability.external_idSNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646vulnerability.external_urlhttps://example.comvulnerability.first_seen2023-03-22T13:19:36.945Zvulnerability.id2039861408676243188vulnerability.is_fix_availablevulnerability.mute.change_date2023-03-22T13:19:36.945Zvulnerability.mute.commentMuted because it's a false positive.vulnerability.mute.reasonFALSE_POSITIVE; IGNORE; AFFECTED; CONFIGURATION_NOT_AFFECTED; OTHERvulnerability.mute.statusMUTED; NOT_MUTEDvulnerability.mute.useruser@example.comvulnerability.parent.davis_assessment.assessment_modeFULL; NOT_AVAILABLE; REDUCEDvulnerability.parent.davis_assessment.data_assets_statusNOT_AVAILABLE; NOT_DETECTED; REACHABLEvulnerability.parent.davis_assessment.exposure_statusNOT_AVAILABLE; NOT_DETECTED; PUBLIC_NETWORK; ADJACENT_NETWORKvulnerability.parent.davis_assessment.levelLOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.parent.davis_assessment.score8.1vulnerability.parent.davis_assessment.vulnerable_function_statusIN_USE when there's at least one vulnerable function in use by an application.IN_USE; NOT_AVAILABLE; NOT_IN_USEvulnerability.parent.first_seen2023-03-22T13:19:36.945Zvulnerability.parent.mute.change_date2023-03-22T13:19:36.945Zvulnerability.parent.mute.reasonFALSE_POSITIVE; IGNORE; AFFECTED; CONFIGURATION_NOT_AFFECTED; OTHERvulnerability.parent.mute.statusMUTED; NOT_MUTEDvulnerability.parent.mute.useruser@example.comvulnerability.parent.resolution.change_date2023-03-22T13:19:37.466Zvulnerability.parent.resolution.statusOPEN; RESOLVEDvulnerability.parent.risk.levelLOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.parent.risk.score8.1vulnerability.previous.cvss.base_score8.1vulnerability.previous.davis_assessment.data_assets_statusNOT_AVAILABLE; NOT_DETECTED; REACHABLEvulnerability.previous.davis_assessment.exploit_statusAVAILABLE; NOT_AVAILABLEvulnerability.previous.davis_assessment.exposure_statusNOT_AVAILABLE; NOT_DETECTED; PUBLIC_NETWORK; ADJACENT_NETWORKvulnerability.previous.davis_assessment.levelLOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.previous.davis_assessment.score8.1vulnerability.previous.davis_assessment.vulnerable_function_statusIN_USE; NOT_AVAILABLE; NOT_IN_USEvulnerability.previous.mute.change_date2023-03-22T13:19:36.945Zvulnerability.previous.mute.commentMuted because it's a false positive.vulnerability.previous.mute.reasonMuted: False positivevulnerability.previous.mute.statusMUTED; NOT_MUTEDvulnerability.previous.mute.useruser@example.comvulnerability.previous.resolution.statusOPEN; RESOLVEDvulnerability.previous.risk.levelLOW; MEDIUM; HIGH; CRITICALvulnerability.previous.risk.score8.1vulnerability.references.cve[CVE-2021-41079]vulnerability.references.cwe[CWE-20]vulnerability.references.owasp[2021:A3]vulnerability.remediation.descriptionUpgrade component to version 1.2.3 or highervulnerability.remediation.statusAVAILABLE; NOT_AVAILABLEvulnerability.resolution.change_date2023-03-22T13:19:37.466Zvulnerability.resolution.statusOPEN; RESOLVEDvulnerability.risk.levelLOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.risk.scaleDavis Security Scorevulnerability.risk.score8.1vulnerability.stackCODE; CODE_LIBRARY; SOFTWARE; CONTAINER_ORCHESTRATIONvulnerability.technologyJAVA; DOTNET; GO; PHP; NODE_JSvulnerability.titleImproper Input Validationvulnerability.typeImproper Input Validationvulnerability.urlhttps://example.comvulnerability.davis_assessment.assessment_mode has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
FULLNOT_AVAILABLEREDUCEDvulnerability.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
NOT_AVAILABLENOT_DETECTEDREACHABLEvulnerability.davis_assessment.exploit_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AVAILABLENOT_AVAILABLEvulnerability.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ADJACENT_NETWORKNOT_AVAILABLENOT_DETECTEDPUBLIC_NETWORKvulnerability.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IN_USENOT_AVAILABLENOT_IN_USEvulnerability.mute.reason has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AFFECTEDCONFIGURATION_NOT_AFFECTEDFALSE_POSITIVEIGNOREOTHERvulnerability.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
MUTEDNOT_MUTEDvulnerability.parent.davis_assessment.assessment_mode has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
FULLNOT_AVAILABLEREDUCEDvulnerability.parent.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
NOT_AVAILABLENOT_DETECTEDREACHABLEvulnerability.parent.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ADJACENT_NETWORKNOT_AVAILABLENOT_DETECTEDPUBLIC_NETWORKvulnerability.parent.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.parent.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IN_USENOT_AVAILABLENOT_IN_USEvulnerability.parent.mute.reason has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AFFECTEDCONFIGURATION_NOT_AFFECTEDFALSE_POSITIVEIGNOREOTHERvulnerability.parent.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
MUTEDNOT_MUTEDvulnerability.parent.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
OPENRESOLVEDvulnerability.parent.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.previous.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
NOT_AVAILABLENOT_DETECTEDREACHABLEvulnerability.previous.davis_assessment.exploit_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AVAILABLENOT_AVAILABLEvulnerability.previous.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ADJACENT_NETWORKNOT_AVAILABLENOT_DETECTEDPUBLIC_NETWORKvulnerability.previous.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.previous.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IN_USENOT_AVAILABLENOT_IN_USEvulnerability.previous.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
MUTEDNOT_MUTEDvulnerability.previous.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
OPENRESOLVEDvulnerability.previous.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
OPENRESOLVEDvulnerability.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.stack has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CODECODE_LIBRARYCONTAINER_ORCHESTRATIONSOFTWAREvulnerability.technology has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
DOTNETGOJAVANODE_JSPHPThe web vitals namespace contains the web vitals attributes captured by Dynatrace RUM.
web_vitals.cumulative_layout_shiftCumulative Layout Shift (CLS) value.0.1279web_vitals.first_contentful_paintFirst Contentful Paint (FCP) value.92000000web_vitals.first_inputFirst Input value.6000000web_vitals.first_input_delayFirst Input Delay (FID) value.6000000web_vitals.first_paintFirst Paint value.92451200web_vitals.interaction_to_next_paintInteraction to Next Paint (INP) value.190000000web_vitals.largest_contentful_paintLargest Contentful Paint (LCP) value.880000000web_vitals.time_to_first_byteTime to First Byte value.92000000weblogic.cluster.nameOrderManagement2weblogic.domain.nameCustomerManagementFulfillmentSvcweblogic.home/apps/infra/wls/bin/10.3.6_64/wlserver_10.3/serverweblogic.server.nameOrderManagement2Srv1websphere.cell.namesrvwasapp1Cell01websphere.cluster.nameCluApp1websphere.node.namenodeSrvApp2websphere.server.nameSrvApp2websphere_liberty.server.namedefaultServerwinlog.eventid4624; 1000winlog.keywordsClassic; Startedwinlog.levelCritical; Error; Warrningwinlog.opcodeInfo; Downloadwinlog.providerAvecto Service; Security-SPPwinlog.task5; 12804winlog.usernameSYSTEM; N/Acics.transaction.system_idC259; CICSzos.address_space_id1; 296zos.job_idJOB12345zos.job_nameCICSAOR0; CTGATM00; IMSCR15zos.job_step_id00000001; 00000002zos.lpar_nameS0W1; ABCDzos.sys_idC259; CICS; IMSFzos.transaction.job_nameCICSAOR0; CTGATM00; IMSCR15zos.transaction.lpar_nameS0W1; ABCDzos.transaction.call_typeCTGzos.transaction.idCEMT; DTAX; IVTNOzos.transaction.program_typeDLI_DB; DLI_DC; MQ; DB2zos.transaction.call_type MUST be one of the following:
CTGDPLHTTPIMS_CONNECTIMS_CONNECT_APIIMS_TRANS_EXECITRAMQMSCPGM_SWITCHSDKSHARED_QUEUESOAPSTARTTTXTXZOS_CONNECTzos.transaction.program_type MUST be one of the following:
DB2DLI_DBDLI_DCMQcics.transaction.class_namenull; DFHTCL00cics.transaction.client.ip194.232.104.141; 2a01:468:1000:9::140cics.transaction.client.port65123; 80cics.transaction.path.name/dtroutercics.transaction.task_id1234cics.transaction.transaction_group_id160dd5c5e3c44bc8e5c5c1c3f4f4f9df9fa2d8b049cb800000000000cics.transaction.unit_of_work_id15977055984148641282; 15977055491352760323cics.transaction.user_idUSER1; anoncics.transaction.wlm.reporting_service_class_namenull; BAT_ATM; RC_CICScics.transaction.wlm.service_class_namenull; SYSSTC; VEL15I5cics.file.defining_region_nameC259; CICScics.file.is_localtruecics.file_nameEXMPCAT; CICSFILEims.message.transaction.message.segment_count1; 5ims.message.transaction.message.size10; 421ims.message.transaction.terminal_nameHWSAM5ZD; 10505ims.message.transaction.unit_of_work_id5981228500318430862871015129591113287966852300630664295044916520394057871645605888; 5981112713529734741010744557477214433959078921583025076794253743298954785382793216ims.message.transaction.user_idUSER1; anonims.execution.transaction.commit_count4; 5ims.execution.transaction.current_priority1; 5ims.execution.transaction.execution_class45; 66ims.execution.transaction.psb_nameHWSAM5ZD; 10505ims.execution.transaction.schedule_count346613; 421ims.execution.transaction.unit_of_work_id5981228500318430862871015129591113287966852300630664295044916520394057871645605888; 5981112713529734741010744557477214433959078921583025076794253743298954785382793216ims.connect.transaction.client.ip194.232.104.141; 2a01:468:1000:9::140ims.connect.transaction.server.port65123; 80ims.connect.transaction.user_idUSER1; anonims.tm.resource.adapter.semantic_detection_version1ims.tm.resource.adapter.transaction.client.ip194.232.104.141; 2a01:468:1000:9::140ims.tm.resource.adapter.transaction.client.port65123; 80ims.tm.resource.adapter.transaction.commit_mode0ims.tm.resource.adapter.transaction.datastore_nameIMS1500ims.tm.resource.adapter.transaction.interaction_verb0ims.tm.resource.adapter.transaction.lpar_nameS0W1; ABCDims.tm.resource.adapter.transaction.sync_level0ims.tm.resource.adapter.transaction.commit_mode MUST be one of the following:
01ims.tm.resource.adapter.transaction.interaction_verb MUST be one of the following:
0134567ims.tm.resource.adapter.transaction.sync_level MUST be one of the following:
01zosconnect.api.descriptionThe API for the CICS catalog manager sample application.zosconnect.api.namecatalogzosconnect.api.version1.0.0zosconnect.request.body.size234zosconnect.request.id2215zosconnect.response.body.size125zosconnect.service.descriptionEDUCHAN service using the CICS Service Providerzosconnect.service.nameplaceOrderzosconnect.service.provider.nameCICS-1.0zosconnect.service.version2.0zosconnect.sor.identifierlocalhost:8080zosconnect.sor.referencecicsConnzosconnect.sor.resource01,DFH0XCMNzosconnect.sor.typeCICSzosconnect.request.type MUST be one of the following:
ADMINAPISERVICEUNKNOWNzosconnect.sor.type MUST be one of the following:
CICSIMSMQRESTWOLA