Global field reference

  • Latest Dynatrace
  • Reference
  • Published Sep 09, 2025

The following reference contains a list of global fields that have a well defined semantic meaning in Dynatrace and can be used across different monitoring types. The fields are organized in namespaces that are separated with dots.

Top level fields

The top level fields contain generally relevant information for all monitoring data

AttributeTypeDescriptionExamples
timestamptimestampstable
The time (UNIX Epoch time in nanoseconds) when the event originated, typically when the source created it. If no original timestamp is available, it will be populated at ingest time and required for all events. In the case of a correlated event (for example, ITIL events), this time could be different from the event.start time, as this time represents the actual timestamp when the "update" for the event was created.		1649822520123123123
timeframerecord[]stable
The timeframe represented by a timeseries record.
start_timetimestampstable
Start time of a data point. Value is a UNIX Epoch time in nanoseconds and less or equal to the end_time.		1649822520123123123
end_timetimestampstable
End time of a data point. Value is a UNIX Epoch time in nanoseconds and greater or equal to the start_time.		1649822520123123165
durationdurationstable
The difference between start_time and end_time in nanoseconds.		42
intervalstringstable
Denotes the timeframe of represented by individual timeseries measurements returned by a timeseries record.		1 min

Adobe

Fields

AttributeTypeDescriptionExamples
adobe.em.env_typestringresource experimental
Adobe Experience Manager (AEM) environment type.		dev; stage; prod
adobe.em.programstringresource experimental
Adobe Experience Manager (AEM) service. Contains the customer defined name of the AEM environment.
adobe.em.servicestringresource experimental
Adobe Experience Manager (AEM) service. Contains the program and environment IDs the customer is exposed to.
adobe.em.tierstringresource experimental
Adobe Experience Manager (AEM) tier.		author; publish; preview

Aggregation

OneAgent might aggregate spans that have the same parent span into a single span. The aggregated span contains attributes to indicate the aggregation and to allow reconstructing details.

For aggregated spans the start_time holds the earliest start_time, end_time holds the latest end_time of all aggregated spans.

Fields

AttributeTypeDescriptionExamples
aggregation.countlongstable
The number of spans aggregated into this span. Because this span represents multiple spans, the value is >1.		3
aggregation.duration_maxdurationstable
The duration in nanoseconds for the longest aggregated span.		482
aggregation.duration_mindurationstable
The duration in nanoseconds for the shortest aggregated span.		42
aggregation.duration_samplesduration[]stable
Array of reservoir sampled span durations of the aggregated spans. The duration samples can be used to estimate a more accurate duration distribution of aggregated spans rather than the average value.		[42, 482, 301]
aggregation.duration_sumdurationstable
The duration sum in nanoseconds for all aggregated spans.		123
aggregation.exception_countlongstable
The number of aggregated spans that included an exception.		0; 6
aggregation.parallel_executionbooleanstable
true indicates that aggregated spans may have been executed in parallel. Therefore, start_time + duration_sum may exceed end_time.

Apache HTTP Server

Fields

AttributeTypeDescriptionExamples
apache.tomcat.basestringresource experimental
The server's base directory. This is what usually is referred to as CATALINA_BASE.		/usr/share/tomcat6
apache.tomcat.homestringresource experimental
The server's home directory. This is what usually is referred to as CATALINA_HOME.		/usr/share/tomcat6
AttributeTypeDescriptionExamples
apache.httpd.config.pathstringresource experimental
apache.httpd.module.namestringresource experimental
The name of the Apache HTTP Server module that generated the log entry.		core; proxy
AttributeTypeDescriptionExamples
apache.spark.master.ipstringresource experimental

App

The app namespace contains information on the application sending the event.

Fields

AttributeTypeDescriptionExamples
app.bundlestringresource stable
The name of the bundle, for example the bundle identifier on iOS or the applicationId on Android.		com.example.easytravel
app.idstringresource stable
An optional unique application identifier. Chosen by the customer		easytravel
app.short_versionstringresource stable
The application's publicly visible version number, as, for example, displayed in App Store or Google Play. Usually this is just the major and minor version with no patch number.		5.23
app.versionstringresource stable
The application's internal build number, which can include information such as patch number and build number.		5.23.15789; 143542

Continuous Integration/Continuous Deployment

The argocd namespace contains Argo CD specific deployment attributes.

Fields

AttributeTypeDescriptionExamples
argocd.app.health.statusstringexperimental
The health state of the tracked resource. 1		Healthy; Progressing; Degraded; Missing; Suspended; Unknown
argocd.sync.operation_state.outcomestringexperimental
Message associated with synchronization operation. 2		successfully synced (no more tasks); Operation terminated (retried 4 times)
argocd.sync.operation_state.phasestringexperimental
Status of the synchronization operation between source and target. 3		Running; Succeeded; Error; Failed
argocd.sync.statusstringexperimental
The sync status represents the current state of reconciliation. 4		SYNCED; OUT OF SYNC; UNKNOWN
1

The value is equal to the app.status.health.status value in Argo CD.

2

The value is equal to the app.status.operationState.message value in Argo CD.

3

The value is equal to the app.status.operationState.phase value in Argo CD.

4

The value is equal to the app.status.sync.status value in Argo CD.

Artifact

The artifact namespace contains information about software artifacts.

Fields

AttributeTypeDescriptionExamples
artifact.attestation.filenamestringexperimental
The provenance filename of the built attestation. It directly relates to the artifact.filename.		carts-service-amd64-0.1.1.tar.gz.intoto.json1
artifact.attestation.hashstringexperimental
The full hash value of the built attestation.		b4e370270ac4fe8d728b845ab8d190a7c931f09ff7b0156dd4d6abf797f1fe6a
artifact.attestation.idstringexperimental
The ID of the build software attestation.		1337
artifact.filenamestringexperimental
The filename of the software artifact, typically generated by the build process. This is similar to the artifact.id, but can contain the artifact.version and other data like file extension.		carts-service-amd64-0.1.1.tar.gz
artifact.hashstringexperimental
The full hash value of the software artifact. This value is used to verify the integrity of the software artifact.		6c323d126547f71fafb4bffa02cdc480fb284678644ef0b6c69029f051fe5137
artifact.idstringexperimental
The identifier of the software artifact, typically the name of the artifact.		carts-service
artifact.namestringexperimental
The human-readable name of the software artifact.		Carts service
artifact.purlstringexperimental
The Package URL of the package artifact. This value is used to identify and locate the artifact.		pkg:npm/%40dynatrace/backstage@2.0.0; pkg:deb/debian/curl@7.50.3-1?arch=i386&distro=jessie
artifact.versionstringexperimental
The version of the software artifact, typically in Semantic Versioning format.		0.1.1

ASP.NET Core

Fields

AttributeTypeDescriptionExamples
aspnetcore.appl.pathstringresource experimental

Audit

Fields that can come from audit logs.

Fields

AttributeTypeDescriptionExamples
audit.actionstringstable
Audited action.		Access to Azure Resource Manager; New User Created; User added to Group
audit.identitystringstable
User name, service account name, or principal name that executes audited action.		name.surname@example.com
audit.resultstringstable
Result of the audited action.		Succeeded; Failed
audit.statusstringstable
Status of the audited action.		Started; In Progress; Succeeded; Failed; Active; Resolved
audit.timetimestampexperimental
Timestamp of the audited action.		16/01/2025, 10:34 AM

Authentication

Authentication type and method used to login to a Dynatrace system.

Fields

AttributeTypeDescriptionExamples
authentication.client.idstringexperimental
The OAuth2 client id if of type 'CLIENT_CREDENTIALS'.		dt0s02.UZCK6ENL.2YQ2A3DZUEISRJSUU5544J3SC3TMPXSEEMNA5HK7RW54SJ6XKLYGMWJNKL7B2DNH
authentication.grant.typestringexperimental
The grant type used during OAuth2 authentication.		AUTHORIZATION_CODE; CLIENT_CREDENTIALS
authentication.tokenstringexperimental
The public token identifier of authentication.type 'TOKEN'.		dt0c01.AM4SEYKIBROBEJ2N3HAXZ4IX
authentication.typestringexperimental
The method of authentication.		OAUTH2

authentication.grant.type MUST be one of the following:

ValueDescription
AUTHORIZATION_CODEThe OAuth 2.0 "Authorization Code" grant type
CLIENT_CREDENTIALSThe OAuth 2.0 "Client Credentials" grant type

authentication.type MUST be one of the following:

ValueDescription
DEVOPSTOKENAuthenticated via DevOps token
NONENot authenticated (authentication not necessary)
OAUTH2The OAuth 2.0 authentication type grant type
TOKENAuthenticated via API access token or personal access token

authentication.client.id and authentication.token MUST follow the Dynatrace token format definition.

Specifically, authentication.client.id MUST be prefixed with dt0s02.

Availability

Information about entity availability. Sample usage is reporting hosts and PGI-s availability by OS Agent. Value of availability.state can be used for calculating aggregate availability (dividing count of "successful" requests by count of all requests). With constant frequency of requests it can be treated as a time-base availability, showing percentage of time that the monitored entity was available.

Fields

AttributeTypeDescriptionExamples
availability.statestringstable
State of entity (host or PGI) availability.		up

availability.state has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
available[PGI] PGI is available and reported.
no_data[HOST] Host is working, agent active but no data are sent.
no_data_agent_inactive[HOST] Host is working, agent inactive (disabled manually in configuration). No data are sent.
reboot_graceful[HOST] Host has started after graceful shutdown.
reboot_ungraceful[HOST] Host has started after ungraceful shutdown.
shutdown_host[HOST] Host has been shut down.
unavailable[PGI] PGI is unavailable and not reported.
unimportant[PGI] PGI is available but not reported because it became unimportant.
unmonitored_agent_stopped[HOST] Host is unmonitored because agent stopped.
unmonitored_agent_uninstalled[HOST] Host is unmonitored because agent has been uninstalled.
unmonitored_agent_upgrade[HOST] Host is unmonitored because agent is upgrading.
up[HOST] Host is working, agent active and sending data.

Amazon Web Services (AWS)

Fields that can come from applications running on AWS.

Fields

Resource attributes

AttributeTypeDescriptionExamples
aws.account.idstringresource stable
The 12-digit number, such as 123456789012, that uniquely identifies an AWS account.
Tags: permission primary-field		123456789012
aws.account.namestringresource experimental
Name associated with the AWS account.		example.com
aws.alb.namestringresource experimental
Application load balancer name that instance is behind.		my-alb
aws.arnstringresource experimental
Amazon Resource Name (ARN).		arn:aws:lambda:us-east-1:478983378254:function:acceptanceWeatherBackend
aws.availability_zonestringresource experimental
A specific availability zone or array of zones in given AWS region.		us‑east‑1a; us‑east‑1b
aws.availability_zone.idstringresource experimental
ID for the availability zone.		use1-az1; use1-az2; use1-az3
aws.cloudfront.detailed_result_typestringresource experimental
Extends the aws.cloudfront.result_type with additional states. See full list under x-edge-detailed-result-type.		OriginShieldHit; MissGeneratedResponse; InvalidRequest
aws.cloudfront.response.result_typestringresource experimental
How the server classified the response just before returning the response to the viewer.		Hit; Miss; LimitExceeded
aws.cloudfront.result_typestringresource experimental
How the server classified the response after the last byte left the server.		Hit; Miss; LimitExceeded
aws.ecr.account.idstringresource experimental
aws.ecr.regionstringresource experimental
aws.ecs.clusterstringresource experimental
aws.ecs.container.arnstringresource experimental
The full Amazon Resource Name (ARN) of the container.		arn:aws:ecs:us-west-2:111122223333:container/05966557-f16c-49cb-9352-24b3a0dcd0e1
aws.ecs.container.namestringresource experimental
aws.ecs.docker.idstringresource experimental
The Docker ID for the container.		cd189a933e5849daa93386466019ab50-2495160603
aws.ecs.docker.namestringresource experimental
The name of the container supplied to Docker.		curl-image
aws.ecs.familystringresource experimental
aws.ecs.revisionstringresource experimental
aws.ecs.task.arnstringresource experimental
The full Amazon Resource Name (ARN) of the task to which the container belongs.		arn:aws:ecs:us-west-2:111122223333:task/default/cd189a933e5849daa93386466019ab50
aws.execution_environmentstringresource experimental
The runtime identifier, prefixed by AWS_Lambda_. Lambda supports multiple languages through the use of runtimes. A runtime provides a language-specific environment that relays invocation events, context information, and responses between Lambda and the function.		AWS_Lambda_java8
aws.fle.fields_numberlongresource experimental
The number of field-level encryption fields that the server encrypted and forwarded to the origin.		12; 27
aws.fle.statusstringresource experimental
When field-level encryption is configured for a distribution, this field contains a code that indicates whether the request body was successfully processed.		FieldLengthLimitClientError
aws.lambda.function.namestringresource experimental
aws.lambda.initialization_typestringresource experimental
The AWS Lambda initialization type. Same string value as available in AWS_LAMBDA_INITIALIZATION_TYPE.		snap_start
aws.log_groupstringresource experimental
Amazon CloudWatch group of log streams that share the same retention, monitoring, and access control settings.		/aws/lambda/a-SomeFumction-1AWHD6W1QC5DH
aws.log_streamstringresource experimental
A sequence of log events that share the same source.		2021/01/04/[$LATEST]b2e34f11da04232cb9f9d3d5799a5c12
aws.regionstringresource stable
A specific geographical AWS Cloud location.
Tags: primary-field		us-east-1
aws.resource.idstringresource experimental
Unique, immutable, identifier assigned to the Azure cloud resource.		i-0922cda4579db3a45
aws.resource.namestringresource experimental
Name of the resource (value of the "Name" tag in AWS).		my-ec2-instance
aws.resource.typestringresource experimental
The name of a resource type.		group; cluster; instance
aws.servicestringresource experimental
The service that identifies the AWS product.		s3
aws.tags.__tag_key__stringresource experimental
Contains the value for the tag with the tag key named __tag_key__ defined in the tag enrichment configuration.		dt_owner_mail

aws.fle.status MUST be one of the following:

ValueDescription
FieldLengthLimitClientErrorA field that is configured to be encrypted exceeds the maximum length allowed.
FieldNumberLimitClientErrorA request that the distribution is configured to encrypt contains more than the number of fields allowed.
ForwardedByContentTypeThe server forwarded the request to the origin without parsing or encryption because no content type was configured.
ForwardedByQueryArgsThe server forwarded the request to the origin without parsing or encryption because the request contains a query argument that wasn't in the configuration for field-level encryption.
ForwardedDueToNoProfileThe server forwarded the request to the origin without parsing or encryption because no profile was specified in the configuration for field-level encryption.
MalformedContentTypeClientErrorThe server rejected the request and returned an HTTP 400 status code to the viewer because the value of the Content-Type header was in an invalid format.
MalformedInputClientErrorThe server rejected the request and returned an HTTP 400 status code to the viewer because the request body was in an invalid format.
MalformedQueryArgsClientErrorThe server rejected the request and returned an HTTP 400 status code to the viewer because a query argument was empty or in an invalid format.
ProcessedThe server successfully processed the request body, encrypted values in the specified fields, and forwarded the request to the origin.
RejectedByContentTypeThe server rejected the request and returned an HTTP 400 status code to the viewer because no content type was specified in the configuration for field-level encryption.
RejectedByQueryArgsThe server rejected the request and returned an HTTP 400 status code to the viewer because no query argument was specified in the configuration for field-level encryption.
RequestLengthLimitClientErrorThe length of the request body exceeded the maximum length allowed when field-level encryption is configured.
ServerErrorThe origin server returned an error.

aws.lambda.initialization_type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
on-demandOn demand
provisioned-concurrencyProvisioned concurrency
snap-startSnapStart

Span attributes

AttributeTypeDescriptionExamples
aws.kinesis.arnstringexperimental
Amazon resource name (ARN) of a Kinesis stream or consumer.		arn:aws:kinesis:us-east-2:123456789012:stream/MyKinesisStream; arn:aws:kinesis:us-west-2:123456789012:stream/MyKinesisStream/consumer/MyKinesisConsumer:1616044553
aws.kinesis.consumer.arnstringexperimental
Amazon resource name (ARN) of a Kinesis consumer.		arn:aws:kinesis:us-west-2:123456789012:stream/MyKinesisStream/consumer/MyKinesisConsumer:1616044553
aws.kinesis.consumer.namestringexperimental
Name of a Kinesis consumer.		MyKinesisConsumer
aws.kinesis.stream.arnstringexperimental
Amazon resource name (ARN) of a Kinesis stream.		arn:aws:kinesis:us-east-2:123456789012:stream/MyKinesisStream
aws.kinesis.stream.namestringexperimental
Name of a Kinesis stream.		MyKinesisStream
aws.lambda.invoked_arnstringexperimental
The full invoked ARN as provided on the Context passed to the function (Lambda-Runtime-Invoked-Function-Arn response header from the request to /runtime/invocation/next).		arn:aws:lambda:us-east-1:123456789012:function:acceptanceWeatherBackend:production
aws.request_idstringexperimental
The AWS request ID (e.g., value of x-amzn-requestid, x-amzn-request-id, or x-amz-request-id HTTP header, awsRequestId field in AWS lambda context object).		0e7bc729-a468-57e8-8143-98f2eec5c925
aws.s3.bucketstringexperimental
Name of an S3 bucket.		amzn-s3-demo-bucket; amzn-s3-demo-bucket1-a1b2c3d4-5678-90ab-cdef-example11111
aws.s3.keystringexperimental
Key name of the object.		Development/Projects.xls; Finance/statement1.pdf; s3-dg.pdf
aws.s3.object_versionstringexperimental
Version ID for the specific version of the object.		3sL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo
aws.s3.part_numberlongexperimental
Part number in a multi-part upload.		3456
aws.s3.source.bucketstringexperimental
Name of the bucket containing the object to copy.		amzn-s3-source-bucket
aws.s3.source.keystringexperimental
Key of the object to copy.		Finance/statement1.pdf
aws.s3.source.object_versionstringexperimental
Version of the source object to copy. By default, the latest version is copied.		3sL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo
aws.s3.upload_idstringexperimental
Upload ID identifying the multipart upload targeted by an operation (abort/complete/upload/…).		dfRtDYWFbkRONycy.Yxwh66Yjlx.cph0gtNBtJ
aws.xray.trace_idstringexperimental
Contains the AWS X-Ray trace id (e.g., value of the x-amzn-trace-id HTTP header, _X_AMZN_TRACE_ID environment variable on AWS lambda)		Root=1-63441c4a-abcdef012345678912345678; Self=1-63441c4a-12456789abcdef012345678;Root=1-67891233-abcdef012345678912345678

Azure Resource

Fields that can come from applications running on Azure.

Fields

Resource attributes

AttributeTypeDescriptionExamples
azure.availability_zonesstring[]resource experimental
Availability zones of Azure Cloud resource.		[1]
azure.class_namestringresource experimental
The fully qualified name of the class executing an Azure function.		Host.Functions
azure.container_app.dnssuffixstringresource experimental
The DNS suffix for the Container Apps environment.		redbeach-0f8a3e63.northeurope.azurecontainerapps.io
azure.container_app.hostnamestringresource experimental
The revision-specific hostname of the container app.		kapitan-bomba-demo--nk4tc46.redbeach-0f8a3e63.northeurope.azurecontainerapps.io
azure.container_app.namestringresource experimental
The name of the container app.		kapitan-bomba-demo
azure.container_app.replica.namestringresource experimental
The name of the container app replica.		kapitan-bomba-demo--nk4tc46-5d568c5df6-49px7
azure.event_hub_namespace.namestringresource experimental
Azure Event Hub Namespace name.		my-event-hub
azure.locationstringresource stable
A specific geographical location of Azure Cloud resource.
Tags: primary-field		westeurope
azure.management_groupstringresource experimental
A group of Azure subscriptions used for governance use cases.		Tenant Root Group; My Custom Group
azure.resource.groupstringresource stable
A resource group is a container that holds related resources for an Azure solution.
Tags: permission primary-field		demo-backend-rg
azure.resource.idstringresource experimental
A unique, immutable identifier assigned to each Azure cloud resource.		/subscriptions/27e9b03f-04d2-2b69-b327-32f433f7ed21/resourceGroups/demo-backend-rg/providers/Microsoft.ContainerService/managedClusters/demo-aks
azure.resource.namestringresource experimental
User-provided name of the Azure cloud resource.		demo-aks
azure.resource.typestringresource experimental
The name of a resource type in the format: {resource-provider}/{resource-type}.		Microsoft.ContainerService/managedClusters
azure.service_bus_namespace.namestringresource experimental
Azure Service Bus name.		my-service-bus
azure.site_namestringresource experimental
Globally unique deployment information about an Azure function.		dt-function-scripted
azure.sql_elastic_pool.namestringresource experimental
Azure SQL Server Elastic Pool name.		contoso-elastic-pool
azure.sql_server.namestringresource experimental
Azure SQL Server name.		contoso-sql-server
azure.subscriptionstringresource stable
An Azure subscription is a logical container used to provision resources in Azure.
Tags: permission primary-field		27e9b03f-04d2-2b69-b327-32f433f7ed21
azure.tags.__tag_key__stringresource experimental
Contains the value for the tag with the tag key named __tag_key__ defined in the tag enrichment configuration.		dt_owner_mail
azure.tenant.idstringresource experimental
Unique, immutable identifier assigned to the Azure tenant.		37c4add3-612a-483d-8b24-cccbb35d3306
azure.tenant.namestringresource experimental
Name assigned to the Azure tenant.		MyAzureTenant
azure.vm.namestringresource experimental
Azure Virtual Machine name.		my-virtual-machine
azure.vm_scale_set.namestringresource experimental
Azure Virtual Machine Scale Set name.		my-vmss
azure.vmidstringresource experimental
Azure Virtual Machine unique 128bits identifier		090556DA-D4FA-764F-A9F1-63614EDA019A

Bizflow

Fields

AttributeTypeDescriptionExamples
bizflow.idstringexperimental
Internal ID from the business flow configured in the Business Flow app.
bizflow.prioritystringexperimental
The priority of a business process.		critical; high; medium; low
bizflow.urlstringexperimental
URL to explore the business flow in the Business Flow app from a result in a DQL query against Smartscape nodes.

BOSH

Fields that are integral to applications managed by BOSH.

Fields

Resource attributes

AttributeTypeDescriptionExamples
bosh.availability_zonestringresource experimental
A specific geographical BOSH location.		us-east-1a
bosh.deployment.idstringresource stable
BOSH depoloyment ID, retrievied from /var/vcap on monitored host.		cf-c32ffe771e4ad26b9711
bosh.instance.namestringresource stable
BOSH instance name, retrievied from /var/vcap on monitored host.		diego_database
bosh.instance_idstringresource experimental
A unique identifier assigned to each deployed instance.		af318409-9e9d-4a18-aca4-0fb52bbdc526
bosh.namestringresource experimental
A unique identifier to a deployment or instance.		isolated_diego_cell_devima
bosh.stemcell.versionstringresource stable
Version of BOSH stemcell, retrievied from /var/vcap on monitored host.		621.448

Browser

The browser namespace contains information on the browser running an application.

Fields

AttributeTypeDescriptionExamples
browser.frame.iduidexperimental
A unique ID generated by RUM JavaScript to identify the browser frame. The browser.frame.id is an 8-byte ID and hex-encoded if shown as a string.		f76281848bd8288c
browser.frame.parent_iduidexperimental
A unique ID generated by RUM JavaScript to identify the browser's next-higher frame (if that frame exists and is reachable). The browser.frame.parent_id is an 8-byte ID and hex-encoded if shown as a string.		f76281848bd8288c
browser.tab.iduidexperimental
A unique ID generated by RUM JavaScript to identify the browser tab. The browser.tab.id is an 8-byte ID and hex-encoded if shown as a string.		f76281848bd8288c
browser.window.device_pixel_ratiodoubleexperimental
The ratio of the resolution in physical pixels to the resolution in CSS pixels for the current display device.		1.0
browser.window.heightlongexperimental
The browser window's inner height, in pixels.		384
browser.window.widthlongexperimental
The browser window's inner width, in pixels.		2048

Resource attributes

AttributeTypeDescriptionExamples
browser.namestringresource stable
The browser name.		Mozilla
browser.typestringresource stable
The browser type.		desktop; mobile; tablet; robot; other
browser.user_agentstringresource stable
The full user agent string as provided by the browser in the HTTP User-Agent request header.		Mozilla/5.0 (Windows NT 10.0; Win64; x64)
browser.versionstringresource stable
The browser version.		5.0

Captured Attributes

Span scoped attributes (e.g. method parameters, return values, class names, …) captured by the OneAgent based on a request attribute rule. The actual name of the attribute is the prefix "captured_attribute" plus the "request attribute name" defined in the request attributes configuration. In contrast to request attributes, captured attributes contain the raw values reported by the OneAgent at the location (i.e. on the active span) where they appeared. No aggregation (first/last value, distinct values, ...), type conversion or normalization is performed on them. They are the basis for request attributes.

Fields

AttributeTypeDescriptionExamples
captured_attribute.__attribute_name__arraystable
Contains the span scoped raw values that were captured under the name __attribute_name__ defined by the request attribute configuration. The values are mapped as an array according to the type of the captured attributes, so either boolean, double, long, or string. If the captured attributes have mixed types (e.g. long and string, or double and long, etc.), all attributes are converted to string and stored as string array.		[42]; ['Platinum']; [32, 16, 8]; ['Special Offer', '1702']; ['18.35', '16']

Cassandra

Fields

AttributeTypeDescriptionExamples
cassandra.cluster.namestringresource experimental

Continuous Integration/Continuous Deployment

The cicd namespace contains information about Continuous Integration and Continuous Deployment systems.

Fields

AttributeTypeDescriptionExamples
cicd.deployment.idstringexperimental
The identifier of the deployment.		1337
cicd.deployment.namestringexperimental
The name of the deployment.		deploy frontend app; deploy cart service
cicd.deployment.namespacestringexperimental
The destination namespace where the deployment resource is created.		default
cicd.deployment.release_stagestringexperimental
The name of the deployment environment, also known as deployment tier.		development; staging; production
cicd.deployment.server.url.fullstringexperimental
The deployment server URL.		https://kubernetes.default.svc
cicd.deployment.service.idstringexperimental
The identifier of the service that is deployed.		92ba59d6-379e-4ffd-a67e-d544a9c24dea
cicd.deployment.statusstringexperimental
The status of the deployment.		failed; succeeded
cicd.pipeline.idstringexperimental
The CI/CD pipeline's identifier, which is unique within one CI/CD system.		12345
cicd.pipeline.namestringexperimental
The human-readable name of the CI/CD pipeline.		CI pipeline for main branch
cicd.pipeline.run.idstringexperimental
An identifier for a pipeline run, which is unique within one CI/CD system.		9876
cicd.pipeline.run.outcomestringexperimental
The outcome of one pipeline run.		success
cicd.pipeline.run.queued.durationdurationexperimental
How long was the pipeline run queued before it was started, in nanoseconds.		1234
cicd.pipeline.run.url.fullstringexperimental
The URL pointing to one specific pipeline run.		https://github.com/ACME/ACME-repo/actions/runs/9876
cicd.pipeline.url.fullstringexperimental
The CI/CD pipeline's full URL.		https://github.com/ACME/ACME-repo/actions/workflows/ci-build.yml
cicd.upstream_pipeline.idstringexperimental
The identifier of the upstream CI/CD pipeline. If a pipeline run was triggered by another pipeline, this attribute is used to reference the triggering pipeline.		12345
cicd.upstream_pipeline.run.idstringexperimental
The identifier of the upstream CI/CD pipeline run. If a pipeline run was triggered by another pipeline, this attribute is used to reference the triggering pipeline run.		1337

cicd.deployment.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
failedThe deployment failed.
succeededThe deployment succeeded.

cicd.pipeline.run.outcome has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
canceledThe pipeline run was canceled and did not complete.
errorThe pipeline run failed with an error.
failureThe pipeline run failed.
skippedThe pipeline did not run, but was skipped.
successThe pipeline run completed successfully.
timed_outThe pipeline run timed out, and therefore did not complete.
warningThe pipeline run completed with at least one warning.

Client

The client namespace contains information on the initiator of a network connection. When observered from the server side, and when communicating through an intermediary, client.ip and client.port typically represent the client information behind any intermediaries (such as proxies) if it's available.

Fields

AttributeTypeDescriptionExamples
client.addressstringexperimental
Client address - domain name if available without reverse DNS lookup; otherwise, IP address or Unix domain socket name.		client.example.com; 10.1.2.80; [local]
client.app.namestringexperimental
The name of the client application used to perform the request.		MS Outlook
client.ipipAddressexperimental
The IP address of the client that makes the request. This may be IPv4 or IPv6.
Tags: sensitive-spans		194.232.104.141; 2a01:468:1000:9::140
client.ip.is_publicbooleanexperimental
Indicates whether IP is a public IP.		true
client.ispstringexperimental
The name of the Internet Service Provider (ISP) associated with the client's IP address.		Internet Service Provider Name
client.portlongstable
Client port number.		65123; 80

Cloud

Fields related to cloud deployments that can be used across different providers.

Fields

AttributeTypeDescriptionExamples
cloud.account.idstringresource stable
The cloud account ID to which the resource is assigned.		111111111111; opentelemetry
cloud.availability_zonestringresource stable
Identifier referring to the availability zone within a cloud vendor's region.		us-east-1a
cloud.platformstringresource stable
The cloud platform in use. 1		alibaba_cloud_ecs
cloud.providerstringresource experimental
Name of the cloud provider.		alibaba_cloud
cloud.regionstringresource stable
Identifier of the cloud vendor's data center geographic region.		us-east-1
cloud.resource_idstringresource stable
Cloud provider-specific native identifier of the monitored cloud resource (for example, an ARN on AWS, a fully qualified resource ID on Azure, or a complete resource name on GCP).		arn:aws:lambda:REGION:ACCOUNT_ID:function:my-function; //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID; /subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>
1

The prefix of the service matches the one specified in cloud.provider.

cloud.platform MUST be one of the following:

ValueDescription
alibaba_cloud_ecsAlibaba Cloud Elastic Compute Service
alibaba_cloud_fcAlibaba Cloud Function Compute
alibaba_cloud_openshiftRed Hat OpenShift on Alibaba Cloud
aws_app_runnerAWS App Runner
aws_ec2AWS Elastic Compute Cloud
aws_ecsAWS Elastic Container Service
aws_eksAWS Elastic Kubernetes Service
aws_elastic_beanstalkAWS Elastic Beanstalk
aws_lambdaAWS Lambda
aws_openshiftRed Hat OpenShift on AWS (ROSA)
azure_aksAzure Kubernetes Service
azure_app_serviceAzure App Service
azure_container_instancesAzure Container Instances
azure_functionsAzure Functions
azure_openshiftAzure Red Hat OpenShift
azure_vmAzure Virtual Machines
gcp_app_engineGoogle Cloud App Engine (GAE)
gcp_cloud_functionsGoogle Cloud Functions (GCF)
gcp_cloud_runGoogle Cloud Run
gcp_compute_engineGoogle Cloud Compute Engine (GCE)
gcp_kubernetes_engineGoogle Cloud Kubernetes Engine (GKE)
gcp_openshiftRed Hat OpenShift on Google Cloud
ibm_cloud_openshiftRed Hat OpenShift on IBM Cloud
tencent_cloud_cvmTencent Cloud Cloud Virtual Machine (CVM)
tencent_cloud_eksTencent Cloud Elastic Kubernetes Service (EKS)
tencent_cloud_scfTencent Cloud Serverless Cloud Function (SCF)

cloud.provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
alibaba_cloudAlibaba Cloud
awsAmazon Web Services
azureMicrosoft Azure
gcpGoogle Cloud Platform
herokuHeroku Platform as a Service
ibm_cloudIBM Cloud
tencent_cloudTencent Cloud

Span attributes

Fields related to operations related to a cloud.

The cloud.target namespace provides information on the entity targeted by outgoing requests.

AttributeTypeDescriptionExamples
cloud.target.account.idstringexperimental
The cloud account ID used to access a cloud resource.		111111111111; 984398786124
cloud.target.providerstringexperimental
Name of the cloud provider.		alibaba_cloud
cloud.target.regionstringexperimental
Identifier of the cloud vendor's data center geographic region.		us-east-1
cloud.target.resource_idstringexperimental
Cloud provider-specific native identifier of the accessed cloud resource (for example, an ARN on AWS, a fully qualified resource ID on Azure, or a complete resource name on GCP). If the value is not directly extractable for instrumentation, it can be constructed from its components.		arn:aws:lambda:REGION:ACCOUNT_ID:function:my-function; //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID; /subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>

cloud.target.provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
alibaba_cloudAlibaba Cloud
awsAmazon Web Services
azureMicrosoft Azure
gcpGoogle Cloud Platform
herokuHeroku Platform as a Service
ibm_cloudIBM Cloud
tencent_cloudTencent Cloud

The cloud.origin namespace provides information on the entity from which incoming requests originate.

AttributeTypeDescriptionExamples
cloud.origin.account.idstringexperimental
The cloud account ID used to access a cloud resource.		111111111111; 984398786124
cloud.origin.providerstringexperimental
Name of the cloud provider.		alibaba_cloud
cloud.origin.regionstringexperimental
Identifier of the cloud vendor's data center geographic region.		us-east-1
cloud.origin.resource_idstringexperimental
Cloud provider-specific native identifier of the accessed cloud resource (for example, an ARN on AWS, a fully qualified resource ID on Azure, or a complete resource name on GCP). If the value is not directly extractable for instrumentation, it can be constructed from its components.		arn:aws:lambda:REGION:ACCOUNT_ID:function:my-function; //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID; /subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>

cloud.origin.provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
alibaba_cloudAlibaba Cloud
awsAmazon Web Services
azureMicrosoft Azure
gcpGoogle Cloud Platform
herokuHeroku Platform as a Service
ibm_cloudIBM Cloud
tencent_cloudTencent Cloud

Cloudfoundry

Fields

AttributeTypeDescriptionExamples
cloudfoundry.application.idstringresource experimental
cloudfoundry.application.namestringresource experimental
cloudfoundry.instance.indexstringresource experimental
cloudfoundry.space.idstringresource experimental
cloudfoundry.space.namestringresource experimental

Code

Fields

AttributeTypeDescriptionExamples
code.call_stackstringexperimental
The call stack of the code.function. The call stack starts with the code.function, and the stack frames are separated by a line feed.		com.example.SampleClass.doProcessing(SampleClass.java) com.example.SampleClass.doSomeWork(SampleClass.java) com.example.SampleClass.main(SampleClass.java)
code.filepathstringexperimental
The source code file name that identifies the code unit as uniquely as possible.		/usr/local/MyApplication/content_root/app/index.php
code.functionstringexperimental
The method or function name, or equivalent (usually the rightmost part of the code unit's name). Represents the name of the function that is represented by this span.		serveRequest
code.invoked.filepathstringexperimental
Like code.filepath, only it represents the file path of the function that was active when a span has been started. Typically, it is the function that has been instrumented. It should only be set if it differs from code.filepath.		/usr/local/MyApplication/content_root/app/index.php
code.invoked.functionstringexperimental
Like code.function, only it represents the function that was active when a span has been started. Typically, it's the function that has been instrumented. The spans duration does not reflect the duration of this function execution. It should only be set if it differs from code.function.		invoke
code.invoked.namespacestringexperimental
Like code.namespace, only it represents the namespace of the function that was active when a span has been started. Typically, it's the function that has been instrumented. It should only be set if it differs from code.namespace.		com.sun.xml.ws.server.InvokerTube$2
code.line.numberlongexperimental
The line number within the source code file.		1337
code.namespacestringexperimental
The namespace within which code.function is defined. Usually, the qualified class or module name, such that code.namespace + some separator + code.function forms a unique identifier for the code unit.		com.example.MyHttpService

Coldfusion

Fields

AttributeTypeDescriptionExamples
coldfusion.jvm.config.filestringresource experimental
coldfusion.service.namestringresource experimental

Compilation Timings

For some technologies compilation of code might be a significant contributor to request execution time. Compilation timings provide insight into this, where available.

Fields

AttributeTypeDescriptionExamples
compilation_timings.compilation_countlongexperimental
The number of compilations contributing to compilation_timings.duration_sum.		7
compilation_timings.duration_sumdurationexperimental
The total duration in nanoseconds spent compiling.		6723
compilation_timings.top_compilationsrecordexperimental
The top N compilations contributing to compilation_timings.duration_sum, represented as map from compilation unit name to duration in nanoseconds spent.		{'/home/user/test/php/build/tmp/php-htdocs/memcached/memcachedCli.php': 1952, '/home/user/test/php/build/tmp/php-htdocs/curl_cli_uri_filtering.php': 1306}

Container

Fields

AttributeTypeDescriptionExamples
container.idstringresource experimental
Container ID. Usually a UUID, as for example used to identify Docker containers. The UUID might be abbreviated.		a3bf90e006b2
container.image.namestringresource experimental
Name of the image the container was built on.		gcr.io/opentelemetry/operator
container.image.versionstringresource experimental0.1
container.namestringresource experimental
Container name used by container runtime.		opentelemetry-autoconf

CICS Transaction Gateway

CTG (shorthand for "CICS Transaction Gateway") is a connector for enterprise modernization of CICS assets. It empowers various application platforms, such as Java servlets, to incorporate CICS programs.

CICS (shorthand for "Customer Information Control System") is a middleware to support rapid, high-volume online transaction processing on IBM mainframe systems on z/OS. CTG features a client and a server, which communicate via so-called GatewayRequests.

Fields

AttributeTypeDescriptionExamples
ctg.request.call_typelongexperimental
Integer representing the call type of the CTG GatewayRequest. The set of possible values varies per request type. 1		2
ctg.request.commarea_lengthlongexperimental
Length of the COMMAREA. Only set when the request type is ECI.		0
ctg.request.extend_modelongexperimental
Integer representing the extended mode of the CTG GatewayRequest. Only set when the request type is ECI. 2		11
ctg.request.flow_typelongexperimental
Integer representing the flow type of the CTG GatewayRequest. 3		5
ctg.request.gateway_urlstringexperimental
URL of the gateway. Only set on client-side spans.		tcp://1.2.3.4:5678/
ctg.request.object_namestringexperimental
Name of the request object. Only set when the request type is ADMIN.
ctg.request.server_idstringexperimental
ID of the server. Not set for all request types.		IPICTEST
ctg.request.term_idstringexperimental
Name of the terminal resource. Only set when the request type is EPI.		CN02
ctg.request.typestringexperimental
Type of the CTG GatewayRequest.		BASE
ctg.response.codelongexperimental
CTG response code. The set of possible values varies per request type. 4		-23
3

The values are defined in the IBM CTG API source code.

ctg.request.type MUST be one of the following:

ValueDescription
ADMINAdmin request.
AUTHAuthentication request.
BASEBase. A base GatewayRequest without a further subtype. 1
ECIExternal Call Interface. Enables a client application to call a CICS program synchronously or asynchronously. 2
EPIExternal Presentation Interface. Enables a user application to install a virtual IBM 3270 terminal into a CICS server. 3
ESIExternal Security Interface. Enables user applications to perform security-related tasks. 4
XACICS Request Exit. It can be used for request retry, dynamic server selection, and rejecting non-valid requests. 5

Custom Services

Fields

AttributeTypeDescriptionExamples
custom_service.methodstringexperimental
The service method of a custom service. This field only exists if a custom service was created via Dynatrace OneAgent SDK.		startTask; run; authenticate
custom_service.namestringexperimental
The name of a custom service. This field only exists if a custom service was created via Dynatrace OneAgent SDK.		MyCustomService; AuthenticationComponent

Database

Fields

AttributeTypeDescriptionExamples
db.affected_item_countlongexperimental
The number of items (rows, documents,…) affected.		32
db.collection.namestringstable
The name of a collection (table, container) within the database.		customers; public.users
db.connection_stringstringexperimental
The connection string for a database connection.
Tags: sensitive-spans		jdbc:dynamodb:Access Key=XXX;Secret Key=XXX;Domain=amazonaws.com;Region
db.cosmosdb.request_chargedoubleexperimental
The cost of the request in Azure Cosmos DB request units (RU).		4.95; 2.0
db.dynamodb.table_namesstring[]experimental
The list of tables the request targets.		[Cats, Dogs]
db.namespacestringstable
The name of the database, fully qualified within the server address and port.		customers; test.users
db.operation.namestringstable
The name of the operation or command executed, for example the MongoDB command name, SQL keyword, Redis command name,… 1		drop; findAndModify; SELECT; PREPARE; GetItem; set; LPUSH; mutateIn; ReadItems
db.query.parametersrecord[]experimental
The query parameters used in db.query.text represented as a key and value map. For database systems without named keys, the map key is the string representation of the index starting with 0. Several database requests may get aggregated into a single span. Each entry in the array holds the bind parameters for one database request.
Tags: sensitive-spans		[{'name': 'paul', 'age': '23'}, {'name': 'mary', 'age': '32'}]; [{'0': 'paul', '1': '23'}, {'0': 'mary', '1': '32'}]
db.query.textstringstable
The database query being executed. 2		SELECT * FROM wuser_table; SET mykey "WuValue"
db.result.duration_maxdurationexperimental
The maximum duration in nanoseconds used for fetching the result.		345
db.result.duration_mindurationexperimental
The minimum duration in nanoseconds used for fetching the result.		123
db.result.duration_sumdurationexperimental
The total duration in nanoseconds used for fetching the result.		234
db.result.exception_countlongexperimental
The number of exceptions encountered while fetching the result.		2
db.result.execution_countlongexperimental
The number of operations executed on the result (for example, fetches from SQL result set, MongoDB cursor operations).		12
db.result.roundtrip_countlongexperimental
The number of round-trips triggered by fetching the result.		2
db.systemstringexperimental
An identifier for the database management system (DBMS) product being used. See below for a list of well-known identifiers.		mongodb; mysql
1

Depending on the data provided on ingest, this attribute may be derived by e.g., parsing db.query.text. Parsing might fail, or the result might be inaccurate.

2

The value may be sanitized to exclude sensitive information.

db.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
adabasAdabas (Adaptable Database System)
cacheInterSystems Caché
cassandraApache Cassandra
clickhouseClickHouse
cloudscapeCloudscape
cockroachdbCockroachDB
coldfusionColdFusion IMQ
cosmosdbMicrosoft Azure Cosmos DB
couchbaseCouchbase
couchdbCouchDB
db2IBM Db2
derbyApache Derby
dl/iIBM DL/I
dynamodbAmazon DynamoDB
edbEnterpriseDB
elasticsearchElasticsearch
filemakerFileMaker
firebirdFirebird
firstsqlFirstSQL
geodeApache Geode
h2H2
hanadbSAP HANA
hbaseApache HBase
hiveApache Hive
hsqldbHyperSQL DataBase
informixInformix
ingresIngres
instantdbInstantDB
interbaseInterBase
mariadbMariaDB
maxdbSAP MaxDB
memcachedMemcached
mongodbMongoDB
mssqlMicrosoft SQL Server
mssqlcompactMicrosoft SQL Server Compact
mysqlMySQL
neo4jNeo4j
netezzaNetezza
opensearchOpenSearch
oracleOracle Database
other_sqlSome other SQL database. Fallback only. See notes.
pervasivePervasive PSQL
pointbasePointBase
postgresqlPostgreSQL
progressProgress Database
redisRedis
redshiftAmazon Redshift
spannerCloud Spanner
sqliteSQLite
sybaseSybase
teradataTeradata
verticaVertica

Deployment Attributes

Fields

AttributeTypeDescriptionExamples
deployment.release_build_versionstringresource experimental
The build version of the deployed product.		2021-03-24
deployment.release_productstringresource experimental
The name of the deployed product.		WoGo Main
deployment.release_stagestringresource experimental
The stage the product is deployed to.		production
deployment.release_versionstringresource experimental
The version of the deployed product.		0.4.1

Device

The device namespace contains information on the device running an application. This should only be used for end-user devices or devices outside of a private infrastructure. In line with the naming conventions and guidelines, we are in this case adhering to the emerging Open Telemetry convention around this, with some additions.

Fields

AttributeTypeDescriptionExamples
device.battery.levellongexperimental
The device's battery level in the range 0% (discharged) to 100% (fully charged).		100
device.orientationstringexperimental
The device orientation.		landscape

device.orientation MUST be one of the following:

ValueDescription
landscapeThe device was in landscape mode.
portraitThe device was in portrait mode.

Resource attributes

AttributeTypeDescriptionExamples
device.is_rootedbooleanresource experimental
If set to true, the device is rooted or jailbroken.		false
device.manufacturerstringresource experimental
The device manufacturer.		Apple
device.model.identifierstringresource experimental
The device model identifier.		iPhone3,4
device.screen.heightlongresource experimental
The device's screen height in its natural orientation.		1152
device.screen.widthlongresource experimental
The device's screen width in its natural orientation.		2048

Disk

Fields describing a disk.

Fields

Resource attributes

AttributeTypeDescriptionExamples
disk.all_mountpointsstring[]resource experimental
List of all mountpoints		[/mnt/storage, /home, /var/log]
disk.device_namestringresource experimental
Disk device name (Linux, AIX)		sda
disk.mountpointstringresource experimental
Primary mountpoint		/mnt/storage
disk.remote_disk_idlongresource stable
Unique identifier of remote disk		0; 16864135562327138441; 18446744073709551615

DL/I Database Attachment

Fields

AttributeTypeDescriptionExamples
db.dli.pcbstringexperimental
The name of the program communication block associated with this DL/I method.		3; MYPCBNAM
db.dli.pcb_typestringexperimental
The PCB type.		DC; DL/I; F/P
db.dli.processing_optionsstringexperimental
The PCB processing options.		GR
db.dli.segment_levelstringexperimental
The hierarchical level of the segment that was matched or returned.		3; 24
db.dli.segment_namestringexperimental
The name of the last segment that was matched or returned.		PARTROOT
db.dli.status_codestringexperimental
The DL/I status code.		QC
db.dli.terminal_namestringexperimental
The DL/I database or logical terminal name associated with this DL/I method.		HWSAM5ZD; 10505

db.dli.pcb_type MUST be one of the following:

ValueDescription
DCData communications.
DL/IDL/I db.
F/PFast Path.

Dotnet

Fields

AttributeTypeDescriptionExamples
dotnet.dll.filestringresource experimental
Filename of main dotnet assembly.
dotnet.dll.pathstringresource experimental
Filepath of main dotnet assembly.

Dynatrace ActiveGate

Metadata with ActiveGate realated information.

Fields

AttributeTypeDescriptionExamples
dt.active_gate.group.namestringresource experimental
The name of a group that the ActiveGate instance belongs to.		GdanskLab
dt.active_gate.idstringresource experimental
Hexadecimal identifier of the ActiveGate prefixed with 0x		0xef3d21c3
dt.active_gate.module_namestringresource experimental
The name of ActiveGate module		autoupdate
dt.active_gate.working_modestringresource experimental
Working mode of the ActiveGate		cluster

dt.active_gate.working_mode MUST be one of the following:

ValueDescription
clusterCluster ActiveGate
embeddedEmbedded ActiveGate
environmentEnvironment ActiveGate
multitenantMultitenant ActiveGate

API connector fields

AttributeTypeDescriptionExamples
dt.active_gate.api_connector.config_idstringresource experimental
Config long id of the endpoint configuration as a string.		123; 9276
dt.active_gate.api_connector.pipeline_identifierstringresource experimental
String identifier of an api connector pipeline		Kubernetes/Topology
dt.active_gate.api_connector.pipeline_statusstringresource experimental
Status of an api connector pipeline run		failed
dt.active_gate.api_connector.technology_idstringresource experimental
String identifier of an api connector technology		Kubernetes; CloudFoundry; AWS; Dynatrace Extension; Azure

dt.active_gate.api_connector.pipeline_status MUST be one of the following:

ValueDescription
failedPipeline execution failed
skippedPipeline execution skipped
succeededPipeline execution succeeded

Dynatrace OneAgent Metadata

Metadata of the OneAgent module that reported a signal. These attributes are what one would also see in OneAgent Health.

Fields

AttributeTypeDescriptionExamples
dt.agent.module.iduidresource stable
OneAgent module ID.		031f613871fab0b4; fc3cd1bb276f0bed
dt.agent.module.parent_iduidresource stable
OneAgent parent module ID, in case this is a so-called sub-agent		ea89eef5db8b85a9
dt.agent.module.typestringresource stable
OneAgent module type		apache
dt.agent.module.versionstringresource stable
OneAgent full module version		1.269.17.20221117-132428
dt.agent.module.version_shortstringresource experimental
OneAgent short module version, to be expected only on record types where dt.agent.module.version's cardinality would be a problem		1.269
dt.agent.monitoring_modestringresource experimental
Monitoring Mode in which given agent operates		DISCOVERY

dt.agent.module.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
apacheapache
dotnetdotnet
dumpprocdumpproc
extensionsextensions
gogo
iisiis
javajava
log_analyticslog_analytics
netnet
nettracernettracer
nginxnginx
nodejsnodejs
opentracingnativeopentracingnative
osos
phpphp
pluginplugin
processprocess
pythonpython
remote_pluginremote_plugin
rubyruby
sdksdk
supportsupport
updaterupdater
varnishvarnish
wsmbwsmb
zz_

dt.agent.monitoring_mode MUST be one of the following:

ValueDescription
DISCOVERYDiscovery monitoring mode provides basic metrics enabling you to discover your hosts and processes and learn the potential to extend your monitoring.
FULL_STACKFull stack monitoring mode includes application performance, user experience data, code-level visbility and PurePath insights, as well as everything that is included in Infrastructure monitoring mode.
INFRASTRUCTUREInfrastructure monitoring mode includes topology discovery, detailed health and performance monitoring of your host, and enables Network monitoring, Log monitoring and Extensions.

Dynatrace AutomationEngine fields

Fields defined in this namespace are used by Dynatrace to describe various aspects of events emitted by the AutomationEngine.

Fields

AttributeTypeDescriptionExamples
dt.automation_engine.action.appstringexperimental
The app id of the app containing the executed action.		dynatrace.workflows
dt.automation_engine.action.functionstringexperimental
Name of the function implementing the action.		task_1
dt.automation_engine.action_execution.idstringexperimental
The unique identifier of a action execution as UUID.		23e7b55a-884f-4497-8ad6-8d49d52b4348
dt.automation_engine.action_execution.loop.indexlongexperimental
Loop index of the action execution.
dt.automation_engine.action_execution.retry.countlongexperimental
Retry count of the action execution.
dt.automation_engine.is_draftbooleanexperimental
Indicates whether the triggered workflow execution is based on a workflow draft.		true; false
dt.automation_engine.root_workflow.idstringexperimental
The unique identifier of the root workflow.		e6388e3a-9db2-4226-9327-2ba86eaf12f7
dt.automation_engine.root_workflow_execution.idstringexperimental
The unique identifier of the execution of the root workflow.		a641fb59-4627-44cd-abaf-b68d86455a5b
dt.automation_engine.statestringexperimental
The state of an execution. Values depend on type of execution (workflow-, task-, or action execution).		IDLE; RUNNING; WAITING; SUCCESS; ERROR; CANCELLED
dt.automation_engine.state.is_finalbooleanexperimental
Indicates if dt.automation_engine.state is a final and immutable state or if further processing will happen.		true; false
dt.automation_engine.state_infostringexperimental
Additional info about current state of execution. Typically holds error details.		ERROR
dt.automation_engine.task.namestringexperimental
The identifier of a task within a workflow.		task_1
dt.automation_engine.task_execution.idstringexperimental
The unique identifier of a task execution as UUID.		6580d4af-6b1f-4e54-92fa-f47e94507acd
dt.automation_engine.throttle.limitlongexperimental
The workflow execution per hour limit that has been reached.		1000
dt.automation_engine.workflow.idstringexperimental
The unique identifier of a workflow as UUID.		26c0334e-a3e1-4585-8cd8-2d72742fe141
dt.automation_engine.workflow.last_execution_state_flipbooleanexperimental
Indicates if the workflow execution state has changed since the last execution, ignoring draft executions. Always false for draft executions.		true; false
dt.automation_engine.workflow.titlestringexperimental
The title of the workflow.		My Workflow
dt.automation_engine.workflow.typestringexperimental
Workflow type, either SIMPLE or STANDARD, where SIMPLE comes with restrictions.		SIMPLE; STANDARD
dt.automation_engine.workflow_execution.idstringexperimental
The unique identifier of a workflow execution as UUID.		737a248b-d1cb-49a4-bf08-7d4c37dbfb1e
dt.automation_engine.workflow_execution.trigger.typestringexperimental
The identifier that describes the trigger of the workflow.		Schedule; Event; Workflow; Manual
dt.automation_engine.workflow_execution.trigger.user.idstringexperimental
The unique identifier of the user who triggered the workflow execution manually/via API.		dad18fa7-3c11-40a1-b760-1d8281bb5dcc
dt.automation_engine.workflow_execution.trigger.workflow_execution.idstringexperimental
The unique identifier of the workflow that triggered the workflow execution.		737a248b-d1cb-49a4-bf08-7d4c37dbfb1e

Dynatrace Data Acquisition

Attributes defined in this namespace are used by Dynatrace to describe different aspects of the ingested data.

Fields

AttributeTypeDescriptionExamples
dt.da.aws.data_firehose.arnstringexperimental
ARN of AWS Data Firehose signal is originating from.		arn:aws:firehose:us-east-1:111110000111:deliverystream/tenantId-http-endpoint-direct-firehose-stream
dt.da.aws.log_groupstringexperimental
Name of the source Amazon CloudWatch Log group		/aws/lambda/a-SomeFumction-1AWHD6W1QC5DH
dt.da.aws.log_streamstringexperimental
Name of the source Amazon CloudWatch Log stream		2025/02/18/[$LATEST]12312312313123123123123123123123
dt.da.aws.s3.bucket.namestringexperimental
Name of S3 bucket name signal is originating from		aws-cloudtrail-logs
dt.da.aws.s3.key.namestringexperimental
Name of S3 bucket name signal is originating from		AWSLogs/111110000111/CloudTrail/us-east-1/2025/02/18/111110000111_CloudTrail_us-east-1_20250218T0000Z.json.gz
dt.da.azure.event_hub.locationstringexperimental
The location of the Event Hub that the signal is originating from		polandcentral
dt.da.azure.event_hub.namestringexperimental
The name of the Event Hub that the signal is originating from		logs-ingest-eventHub/logs-ingest
dt.da.sourcestringexperimental
Dynatrace source of signal ingestion		aws-log-ingest

dt.da.source has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
aws-log-ingestaws-log-ingest
aws-metric-polleraws-metric-poller
aws-metrics-ingestaws-metrics-ingest

Davis metadata

Some attributes are used in the context of the Davis engine.

Fields

Configuration fields

These fields can be set in events to influence the Davis engine behavior.

AttributeTypeDescriptionExamples
dt.davis.analysis_time_budgetlongstable
The time budget (in seconds) that the Davis® engine is granted before it must raise a problem. The analysis time budget can be set per event and controls the balance of sending out alerts early and granting the AI analysis enough time to finish its analysis. The trade-off of a short analysis budget is that the root cause and event merge analysis is limited or even skipped. For example, the time budget of 0 seconds means that the event raises a problem and sends the alert immediately, without any analysis.
dt.davis.analysis_trigger_delaylongstable
The time delay (in seconds) before the trigger of Davis® analysis. For example, the delay of 0 seconds triggers a Davis® problem and the root cause analysis immediately. The trigger delay can be used to hold the analysis until all the relevant root cause data has arrived to Dynatrace. For example, it might be beneficial for cloud integrations or log integrations that report data in different schedules - you can delay the analysis until data from all sources is available. Note that while longer delays means more data is available for root cause analysis, it also delays alerts delivery.
dt.davis.is_entity_remapping_allowedbooleanstable
This flag defines whether the remapping of the target entity is enabled (true) or disabled (false). If the remapping is enabled, Dynatrace can map the event to an entity extracted from the event metadata. If the remapping is disabled or the extraction is not possible, Dynatrace maps the event to the entity specified in the event configuration (for example, a specific host) or to the global environment entity.
dt.davis.is_frequent_issue_detection_allowedbooleanstable
The flag controls whether the Davis® engine should detect frequent issues. If the flag is set to true, events identified as frequent won't be triggered or merged into a problem. If the flag is set to false, frequent issues won't be detected and events will be triggered and merged as normal.
dt.davis.is_merging_allowedbooleanstable
This flag controls whether the Davis® engine is allowed to merge this event into a larger problem (true) or if a new problem must be created (false).
dt.davis.is_problem_suppressedbooleanstable
This flag controls whether the Davis® engine suppresses the problem from showing up in the UI and sending notifications.
dt.davis.is_rootcause_relevantbooleanstable
This flag controls whether the Davis® engine should include this event within the root cause analysis (true) or if it is not (false) relevant.
dt.davis.preferred_entity_typestringstable
The preferred entity type for remapping. You can find possible values in Dynatrace UI under Settings > Topology model > Generic types. If the remapping (dt.event.allow_entity_remapping) is enabled, this property defines the entity type to which the event should be mapped. If no entity of the preferred type is extracted, no remapping is applied.		my.custom.entity.type
dt.davis.timeoutlongstable
The event timeout period (in minutes). Various event sources use this event property to keep an event active by regularly refreshing an initial event. The timeout defines how fast the event source must refresh an event to keep it active. To keep the event active, the event source must send the refresh within the timeout period. If no refresh is sent, the event is automatically closed by Dynatrace after the timeout period. Note that metric sources use their own configurable de-alerting windows to close events. Setting the timeout shorter than the de-alerting window will force events to close and increase the risk of false-positive alerts.
dt.event.correlation_tagstringexperimental
Set this tag to control which event reports connect together. This value is combined with internal system fields, such as event.name, dt.source_entity and event.provider, to generate a unique correlation id for event tracking. The final correlation id that is used for connecting event reports is stored in dt.event.correlation_id.		custom correlation tags

System fields

These fields can be set by Davis routines.

AttributeTypeDescriptionExamples
dt.davis.anomaly_detection.alertlongstable
Boolean time series of 0 and 1 showing whether a single timespan was alerted due to continuous violations.
dt.davis.anomaly_detection.anomalylongstable
Boolean timeseries of 0 and 1 showing whether a single timespan is outside the normal value range and therefore considered as abnormal.
dt.davis.anomaly_detection.lowerlongstable
The lower value range limit where any value below this point is considered abnormal.
dt.davis.anomaly_detection.upperlongstable
The upper value range limit where any value above this point is considered abnormal.
dt.davis.forecast.lowerlongstable
The lower bound of the prediction interval of a given metric forecast.
dt.davis.forecast.pointlongstable
The point value of a metric forecast.
dt.davis.forecast.upperlongstable
The upper bound of the prediction interval of a given metric forecast.

Endpoint Detection

Fields that can be expected on a Dynatrace span where endpoint detection was applied.

AttributeTypeDescriptionExamples
dt.endpoint_detection.rule_iduidexperimental
The ID of the endpoint detection rule that was applied to that span.		4d76194c11a9426197a9062548f9e66e

Enrichment

The dt.enrichment namespace contains fields related to Dynatrace Apps and App-Functions that are used for security intelligence enrichment execution.

AttributeTypeDescriptionExamples
dt.enrichment.durationdurationexperimental
The duration of the enrichment execution in nanoseconds.		4000000000
dt.enrichment.integration.connection.idstringexperimental
The identifier of the connection settings object used to execute the enrichment. The connection settings object ID refers to the connection in the settings section of the integration app.		vu9U3hXa3q0AAAABACNhcHA6ZHluYXRyYWNlLmFidXNlaXBkYjpjb25uZWN0aW9ucwAGdGVuYW50AAZ0ZW5hbnQAJDA0NzY2OTJhLTIzMDItMzdhOS05MTk5LTc1ZWI3M2MzNjYwMr7vVN4V2t6t
dt.enrichment.integration.idstringexperimental
The unique application identifier of the integration app that provided the enrichment functionality. Dynatrace apps are prefixed with 'dynatrace.', custom apps are prefixed with 'my.'.		dynatrace.abuseipdb; dynatrace.virustotal
dt.enrichment.integration.method.idstringexperimental
The integration method ID of the integration app used to execute the enrichment.		check-ip; enrich-observable
dt.enrichment.result.is_cachedbooleanexperimental
Indicates whether the enrichment execution result was retrieved from the cache.		true; false

Dynatrace Entity IDs

The Dynatrace OneAgent associates monitoring data with a so called Monitored Entity ID (ME ID). On OneAgent monitored environments, whenever ME IDs are accessible within the monitored system they should be used to enrich monitoring data to facilitate correlations with data primarily addressed through ME IDs coming from other channels.

The structure for keys that signify entity IDs is dt.entity.{type of entity}. The value associated with such a key must be valid Dynatrace entity identifier (see Monitored entities API).

To allow linking Entity IDs across various different monitoring artifacts (logs, metrics, etc.), all string representations of Entity IDs are required to follow a canonical form, which for all current entities is defined as PREFIX-0123456789ABCDEF.

Consumers should treat the token as an opaque value and must not infer any semantics on the ID itself. Producers need to match the Entity ID that is being returned by Dynatrace Entity API verbatim.

Producers of string representation must treat the string as if it was parsed case-sensitively, even though some parts of the product may be more lenient. The structure of the entity ID is currently as follows: <ID-NAMESPACE>-<16-digit-hex-string>. The <ID-NAMESPACE> is type specific but cannot be used to determine the actual entity type reliably, especially in cases of CUSTOM_DEVICE. The <16-digit-hex-string> needs to be zero-padded (prefix) to a length of 16 digits and must use upper case letters A-F.

Current entity IDs in cannonical form can be represented structurally with the following regular expression: [A-Z][A-Z_]*-[0-9A-F]{16}.

Additional characters or changes in the format may happen in the future but will not invalidate existing IDs or ID generation rules.

When adding a name to an entity ID via the Grail function entityName, by default, the name of the respective entity will be represented as dt.entity.{type of entity}.name. Similarly, further entity attributes can be added via the Grail function entityAttr, resulting in additional field(s) following the naming convention dt.entity.{type of entity}.{name of attribute}.

Fields

AttributeTypeDescriptionExamples
dt.entity.applicationstringresource stable
The ME ID of a web application.
Tags: entity-id		APPLICATION-DC92E74A7A844E6E
dt.entity.aws_availability_zonestringresource stable
An entity ID of an entity of type AWS_AVAILABILITY_ZONE
Tags: entity-id		AWS_AVAILABILITY_ZONE-6000A4E2BD2AB971
dt.entity.azure_regionstringresource stable
An entity ID of an entity of type AZURE_REGION
Tags: entity-id		AZURE_REGION-0DD5C79E4034F0AA
dt.entity.azure_vmstringresource stable
An entity ID of an entity of type AZURE_VM
Tags: entity-id		AZURE_VM-326478B733D6CFB0
dt.entity.cloud_applicationstringresource stable
An entity ID of an entity of type CLOUD_APPLICATION.
Tags: entity-id		CLOUD_APPLICATION-3AB5BBF3E09A7942
dt.entity.cloud_application_instancestringresource stable
An entity ID of an entity of type CLOUD_APPLICATION_INSTANCE.
Tags: entity-id		CLOUD_APPLICATION_INSTANCE-E0D8F94D9065F24F
dt.entity.cloud_application_namespacestringresource stable
An entity ID of an entity of type CLOUD_APPLICATION_NAMESPACE. A CLOUD_APPLICATION_NAMESPACE is a Kubernetes namespace.
Tags: entity-id		CLOUD_APPLICATION_NAMESPACE-C61324AA70F57BCB
dt.entity.container_groupstringresource stable
An entity ID of an entity of type CONTAINER_GROUP.
Tags: entity-id		CONTAINER_GROUP-7C2B1C24FFB288CB
dt.entity.container_group_instancestringresource stable
An entity ID of an entity of type CONTAINER_GROUP_INSTANCE.
Tags: entity-id		CONTAINER_GROUP_INSTANCE-F4A1347110826781
dt.entity.custom_applicationstringresource stable
The ME ID of a custom application.
Tags: entity-id		CUSTOM_APPLICATION-343A92501A51F286
dt.entity.custom_devicestringresource stable
An entity ID of an entity of type CUSTOM_DEVICE.
Tags: entity-id		CUSTOM_DEVICE-E0D8F94D9065F24F
dt.entity.diskstringresource stable
An entity ID of an entity of type DISK
Tags: entity-id		DISK-5472CBC1ED0981D6
dt.entity.ec2_instancestringresource stable
An entity ID of an entity of type EC2_INSTANCE
Tags: entity-id		EC2_INSTANCE-0004DD30F142D18C
dt.entity.external_synthetic_teststringresource stable
An entity ID of an entity of type EXTERNAL_SYNTHETIC_TEST.
Tags: entity-id		EXTERNAL_SYNTHETIC_TEST-A140F3B85BCCBD1A
dt.entity.external_synthetic_test_stepstringresource stable
An entity ID of an entity of type EXTERNAL_SYNTHETIC_TEST_STEP.
Tags: entity-id		EXTERNAL_SYNTHETIC_TEST_STEP-A140F3B85BCCBD1A
dt.entity.gcp_zonestringresource stable
An entity ID of an entity of type GCP_ZONE
Tags: entity-id		GCP_ZONE-3699CB75E19C8505
dt.entity.hoststringresource stable
An entity ID of an entity of type HOST.
Tags: entity-id		HOST-E0D8F94D9065F24F
dt.entity.host_groupstringresource stable
An entity ID of an entity of type HOST_GROUP.
Tags: entity-id		HOST_GROUP-E7FBBCF7B1467174
dt.entity.http_checkstringresource stable
An entity ID of an entity of type HTTP_CHECK.
Tags: entity-id		HTTP_CHECK-A140F3B85BCCBD1A
dt.entity.http_check_stepstringresource stable
An entity ID of an entity of type HTTP_CHECK_STEP.
Tags: entity-id		HTTP_CHECK_STEP-A140F3B85BCCBD1A
dt.entity.kubernetes_clusterstringresource stable
An entity ID of an entity of type KUBERNETES_CLUSTER.
Tags: entity-id		KUBERNETES_CLUSTER-E0D8F94D9065F24F
dt.entity.kubernetes_nodestringresource stable
An entity ID of an entity of type KUBERNETES_NODE.
Tags: entity-id		KUBERNETES_NODE-874C66B68CE15070
dt.entity.kubernetes_servicestringresource stable
An entity ID of an entity of type KUBERNETES_SERVICE.
Tags: entity-id		KUBERNETES_SERVICE-FE6E75BB9DF02347
dt.entity.mobile_applicationstringresource stable
The ME ID of a mobile application.
Tags: entity-id		MOBILE_APPLICATION-E8A8751A60D5BCE8
dt.entity.multiprotocol_monitorstringresource stable
An entity ID of an entity of type MULTIPROTOCOL_MONITOR.
Tags: entity-id		MULTIPROTOCOL_MONITOR-A140F3B85BCCBD1A
dt.entity.network_interfacestringresource stable
An entity ID of an entity of type NETWORK_INTERFACE
Tags: entity-id		NETWORK_INTERFACE-FC7B4A5937FC125C
dt.entity.process_groupstringresource stable
An entity ID of an entity of type PROCESS_GROUP.
Tags: entity-id		PROCESS_GROUP-E0D8F94D9065F24F
dt.entity.process_group_instancestringresource stable
An entity ID of an entity of type PROCESS_GROUP_INSTANCE.
Tags: entity-id		PROCESS_GROUP_INSTANCE-E0D8F94D9065F24F
dt.entity.servicestringresource stable
An entity ID of an entity of type SERVICE.
Tags: entity-id		SERVICE-57EC3CFC1FE72449
dt.entity.service_methodstringresource stable
An entity ID of an entity of type SERVICE_METHOD.
Tags: entity-id		SERVICE_METHOD-659B35CA9AAC96C1
dt.entity.service_method_groupstringresource stable
An entity ID of an entity of type SERVICE_METHOD_GROUP.
Tags: entity-id		SERVICE_METHOD_GROUP-02000E1DB1CDAF9F
dt.entity.synthetic_locationstringresource stable
An entity ID of an entity of type SYNTHETIC_LOCATION.
Tags: entity-id		SYNTHETIC_LOCATION-D140F3B85BCCBD1A
dt.entity.synthetic_teststringresource stable
An entity ID of an entity of type SYNTHETIC_TEST.
Tags: entity-id		SYNTHETIC_TEST-A140F3B85BCCBD1A
dt.entity.synthetic_test_stepstringresource stable
An entity ID of an entity of type SYNTHETIC_TEST_STEP.
Tags: entity-id		SYNTHETIC_TEST_STEP-A140F3B85BCCBD1A

Dynatrace Extensions

Additional extension information sent via self-monitoring.

Fields

AttributeTypeDescriptionExamples
dt.extension.config.idstringresource experimental
Extension's monitoring configuration identifier.		vu9U3hXa3q0AAAABAAtleHQ6ZXh0LTA0MAAIYWdfZ3JvdXAAA0FHMQAkMjY2YTIyM2YtZDgxYi0zNTNjLThlYzctYzk2YzliZjg4OGQ3vu9U3hXa3q0
dt.extension.dsstringresource experimental
Name of the data source.		SNMPTrap
dt.extension.endpoint.hintsstring[]resource experimental
Hints to provide for the cluster in order to find proper endpoint in task registry.		[nat-test.lab.dynatrace.org, 1521, orc]
dt.extension.namestringresource experimental
Name of the extension.		com.snmptrap.generic
dt.extension.statusstringresource experimental
The status of the component reporting a self-monitoring event.		AUTHENTICATION_ERROR

dt.extension.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
AUTHENTICATION_ERRORUnable to connect to EEC
DEVICE_CONNECTION_ERRORFailed to establish connection with the device
EEC_CONNECTION_ERRORUnable to connect to EEC
GENERIC_ERRORGeneric status used to communicate job failed
INVALID_ARGS_ERRORInvalid arguments
INVALID_CONFIG_ERRORConfig provided by EEC is invalid
OKExtension works fine
UNKNOWN_ERRORUninitialized/unknown error

Process Grouping Fields

Attributes used for Process Group enrichment in extensions.

Dynatrace ingest fields

Attributes defined in this namespace are used by Dynatrace to describe different aspects of the ingested data.

Fields

AttributeTypeDescriptionExamples
dt.ingest.debug_messagesstring[]experimental
An array of strings that represent debug messages that provide a detailed debugging information. That could include even variable parts, like which attribute was modified, or which processing rules were applied.		[MyATTribute mapped to myAttribute]
dt.ingest.formatstringexperimental
The format of the data ingested in Dynatrace via the various ingest channels. E.g., Generic log ingest, OTLP logs ingest		dtapi/json; otlp/protobuf
dt.ingest.sizelongstable
The size of the ingested data point in bytes.		2005
dt.ingest.warningsstring[]experimental
An array of strings representing markers of unexpected situations that might affect the correctness or completeness of incoming data points. It might be, for instance, limits applied or a processing rule failing. It should not be a detailed log of what happened, just the high-level class of the issue that occurred.		[attr_count_trimmed, content_trimmed]

dt.ingest.format MUST be one of the following:

ValueDescription
dtapi/jsonJSON data ingested via the Dynatrace APIs or via EEC (Extension Execution Controller)
dtapi/plaintext(deprecated: use "plaintext") Plain text data ingested via the Dynatrace API
journaldJournald data ingested via OneAgent
otlp/jsonOpenTelemetry Protocol (OTLP) JSON data ingested via the Dynatrace APIs
otlp/protobufOpenTelemetry Protocol (OTLP) Protobuf data ingested via the Dynatrace APIs or via EEC (Extension Execution Controller)
plaintextPlain text data ingested via the Dynatrace APIs, EEC (Extension Execution Controller) or OneAgent
syslogSyslog data ingested via OneAgent
unknownThe data format was not recognized (only for metrics dimension)
windowseventlogWindows event log data ingested via OneAgent

dt.ingest.warnings MUST contain only values from the following list:

ValueDescription
content_trimmedThe content was trimmed, right after receiving it by Cluster/ActiveGate, because it exceeded the event content max byte size limit.
content_trimmed_pipeThe content was trimmed in post-processing (after applying processing rules) because it exceeded the event content max byte size limit
attr_count_trimmedThe number of attributes was trimmed, right after receiving it by Cluster/ActiveGate, because it exceeded the max number of attributes limit.
attr_count_trimmed_pipeThe number of attributes was trimmed in post-processing (after applying processing rules) because it exceeded the max number of attributes limit.
attr_key_case_mismatchThe attribute key is detected that matches the custom attribute key or the semantic attribute key, but there is the attribute key case mismatch.
attr_key_trimmedThe attribute key was trimmed, right after receiving it by Cluster/ActiveGate, because it exceeded the max key length limit.
attr_val_count_trimmedAt least one multi-value attribute had values number trimmed, right after receiving it by Cluster/ActiveGate, because it exceeded the max number of attributes limit.
attr_val_count_trimmed_pipeAfter applying processing rules, at least one multi-value attribute had its values number trimmed (after using processing rules) because it exceeded the maximum number of attributes limit.
attr_val_size_trimmedAt least one attribute had its value size trimmed, right after receiving it by Cluster/ActiveGate, because it exceeded the max value size in bytes limit.
attr_val_size_trimmed_pipeAt least one attribute had its value size trimmed (after applying processing rules) because it exceeded the max value size in bytes limit.
timestamp_correctedTimestamp was too far in the future and was corrected to current time.
common_attr_correctedSTATUS, LOG_LEVEL or EVENT_TYPE attribute was corrected.
processing_batch_timeoutBatch timeout occurred during processing pipeline.
processing_transformer_timeoutExecution timeout in one of processing transformers occurred during processing pipeline.
processing_transformer_errorExecution error in one of processing transformers occurred during processing pipeline.
processing_transformer_throttledExecution throttled in one of processing transformers during processing pipeline.
processing_output_record_conversion_errorOutput conversion error occurred for some record during processing pipeline.
processing_prepare_input_errorPrepare input error occurred in one of enabled processing pipeline rules.

Dynatrace

Fields

AttributeTypeDescriptionExamples
dt.cost.costcenterstringresource stable
Can be used to assign usage to a Cost Center.		Team A
dt.cost.productstringresource stable
Can be used to assign usage to a Product or Application ID.		Product A
dt.host_group.idstringresource stable
see Organize your environment using host groups. Note that host groups are identified by their name. This is not the entity ID of Host Group Entity, for which see dt.entity.host_group
Tags: permission primary-field		myHostGroup
dt.metrics.sourcestringresource experimental
The source from which metrics are ingested. 1		telegraf; com.dynatrace.extension.sql-oracle
dt.network_zone.idstringresource experimental
The ID of the network zone. See Dynatrace Documentation 		vpc-123
dt.pg_detection.cluster.idstringresource experimental
DT_CLUSTER_ID environment variable; also see Process group detection
dt.pg_detection.custom_entrystringresource experimental
also see Define metadata via environment variables
dt.pg_detection.declarative.idstringresource experimental
dt.pg_detection.environment.idstringresource experimental
DT_ENVIRONMENT_ID environment variable
dt.pg_detection.node.idstringresource experimental
DT_NODE_ID environment variable; also see Process group detection
dt.process_group.detected_namestringresource stable
The name of the process group as it was detect by the agent.		Apache Web Server httpd; Redis unguard-redis-* redis
dt.security_contextstringresource stable
The security context is used in access permissions to limit the visibility. Learn more about the Dynatrace permission model
Tags: permission
dt.smartscape_source.idstringresource experimental
The ID of the entity considered the source of the signal. The string represents an entity ID of an entity that is stored in the Smartscape storage. 2
Tags: smartscape-id		K8S_CLUSTER-E0D8F94D9065F24F; AWS_LAMBDA_FUNCTION-E0D8F94D9065F24F
dt.smartscape_source.typestringresource stable
The entity type of the entity whose identifier is held in dt.smartscape_source.id.		K8S_CLUSTER; AWS_LAMBDA_FUNCTION
dt.source_entitystringresource stable
The ID of the entity considered the source of the signal. The string represents an entity ID of an entity that is stored in the classic entity storage. 3
Tags: entity-id		HOST-E0D8F94D9065F24F; PROCESS_GROUP_INSTANCE-E0D8F94D9065F24F
dt.source_entity.typestringresource stable
The entity type of the entity whose identifier is held in dt.source_entity. The value must be a valid entity type and consistent with dt.source_entity. Note, however, that the type identifiers are expected to be lowercased in alignment with suffixes of dt.entity.* keys.		host; process_group_instance; cloud:azure:resource_group
1

This is the framework used for capturing, processing and forwarding metrics, not the emitting monitored entity. Exemplary custom value: name of an extension sending metrics.

2

The value of this field will be based on one of dt.smartscape.<type> fields value. That means that both fields dt.smartscape_source.id and dt.smartscape.<type> will be set to the same ID.

3

The value of this field will be based on one of the dt.entity.<type> fields value. This means that both dt.source_entity and dt.entity.<type> fields will be set to the same ID.

dt.metrics.source has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
dynatrace_codemoduledynatrace_codemodule
dynatrace_ingestdynatrace_ingest
dynatrace_osagentOsAgent
micrometerMicrometer
oneagent_metric_apiOneAgentMetricAPI
opentelemetryOpenTelemetry
statsdStatsD
telegrafTelegraf
AttributeTypeDescriptionExamples
dt.maintenance_window_idsarrayexperimental
UUIDs of maintenance windows.		c715d677-eb1b-3e1b-8dbc-db06cad5b8eb
dt.querystringexperimental
A query in the DQL format, see Dynatrace Query Langauge.		timeseries avg(dt.host.cpu.idle); fetch logs
dt.raw_datastringexperimental
The complete content of the record as it was originally accepted by Dynatrace, stored as a string in JSON format. This field captures the unaltered data for reference, debugging, or auditing purposes		{"content": "example record content"}

Dynatrace OpenPipeline fields

Fields defined in this namespace are used by Dynatrace to describe various aspects of the data ingested through OpenPipeline, providing detailed insights into the ingestion process.

Fields

AttributeTypeDescriptionExamples
dt.openpipeline.pipelinesstring[]resource experimental
Collects the identifiers of all pipelines through which a record has passed during the ingestion process in OpenPipeline, providing a complete trace of its journey.		[[logs:default], [logs:pipeline_haproxy_2656, bizevents:default]]
dt.openpipeline.sourcestringresource experimental
Identifies the source (such as API endpoints or OneAgent) used for ingesting the record into OpenPipeline.		/platform/ingest/v1/events; oneagent
dt.openpipeline.source_typestringresource experimental
Identifies the source type used to ingest data in Dynatrace, for example, from OTLP and OneAgent.		otlp; oneagent

dt.openpipeline.source_type MUST be one of the following:

ValueDescription
apiLogs ingested via one of the ActiveGate APIs
aws_firehoseLogs ingested via Amazon Data Firehose
extensionLogs ingested via the EEC running on host
oneagentLogs ingested via OneAgent
otlpLogs ingested via the OpenTelemetry Protocol (OTLP)
unknownThe source type was not recognized (only for metrics dimension)

Dynatrace RUM

The dt.rum namespace contains Dynatrace RUM specific fields.

Fields

AttributeTypeDescriptionExamples
dt.rum.application.entitystringexperimental
An entity ID of an entity of type APPLICATION or MOBILE_APPLICATION.
Tags: entity-id		APPLICATION-DC92E74A7A844E6E; MOBILE_APPLICATION-E8A8751A60D5BCE8
dt.rum.application.idstringstable
The Dynatrace RUM application ID. For mobile applications, a UUID is used. For web applications, an 8-byte HEX string is used.		ea7c4b59f27d43eb; 89b1a1e7-fe89-4151-81e9-410fa0235f0d
dt.rum.browser.session_idstringexperimental
The browser session ID, taken from the dtCookie value. Not applicable for OneAgent for Mobile.		4D3133F359A76AB05AAF39691696858A
dt.rum.session.idstringstable
A unique ID that represents the user session.		HOPCPWKILUKHFHWRRQGBHHPAFLUJUOSH-0; 23626166142035610_1-0
dt.rum.user_tagstringexperimental
The user tag.		john.doe@dynatrace.com

Resource attributes

AttributeTypeDescriptionExamples
dt.rum.agent.typestringresource experimental
The Dynatrace RUM agent type.		android
dt.rum.agent.versionstringresource experimental
The version of the Dynatrace RUM agent. It is provided in the format major.minor.patch.build. The build number is optional.		8.263.1; 9.293.2.1; 1.313.0.20250402-172634
dt.rum.event.source.typestringresource experimental
The Dynatrace RUM source technology that produced this event. Only used by cross-platform implementations, otherwise the field is omitted.		flutter
dt.rum.instance.idstringresource stable
The RUM application instance ID. (This was formerly called the "Visitor id", "internal user ID", and "rxVisitor cookie value".)		3735928559; 1742973444821E7E6Q3E3SG28ATQPAGTT6T8HU92VFRFQ
dt.rum.schema_versionstringresource stable
The Dynatrace RUM enrichment version.		0.1
dt.rum.user_typestringresource experimental
The RUM user type.		real_user

dt.rum.agent.type MUST be one of the following:

ValueDescription
androidOneAgent for Android
iosOneAgent for iOS
javascriptRUM JavaScript

dt.rum.event.source.type MUST be one of the following:

ValueDescription
flutterFlutter
react_nativeReact Native auto-instrumentation

dt.rum.user_type MUST be one of the following:

ValueDescription
real_userThe user event was produced by a real user.
robotThe user event was produced by a bot user.
syntheticThe user event was produced by a synthetic test.

Invalid fields

The dt.rum.invalid namespace is used for fields that are removed because of user event ingest validation. For example, if the calculated web_vitals.largest_contentful_paint value would be less than 0, the value is copied over to dt.rum.invalid.web_vitals.largest_contentful_paint and web_vitals.largest_contentful_paint is removed.

Settings

Fields for referencing Settings 2.0 objects, schemas and scopes.

Considerations on which fields to use

Although the dt.settings.object_id is enough to identify a specific settings value within a dynatrace environment, adding explicit information about the schema, scope and/or scope type can be useful nonetheless. If your use-case will only ever involve a single schema, scope type and/or scope, documenting this is good enough - if multiple schemas, scope types and/or scopes can be involved, filling the corresponding fields is strongly recommended.

dt.settings.references can be used if multiple settings objects need to be referenced. In that case, each entry in the array can hold a reference to a single settings object.

Top level fields

The top level fields contain generally relevant information for all monitoring data.

AttributeTypeDescriptionExamples
dt.settings.object_idstringexperimental
The object ID of a settings value. This corresponds to the 'objectId' field/parameter in the Settings API.		vu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQ
dt.settings.object_summarystringexperimental
The human-readable summary or name of a single value of a multi-value settings schema. This corresponds to the 'summary' field in the Settings API.		Journey Service all errors; Really, this can be anything; My alerting rule
dt.settings.referencesrecord[]experimental
A collection of references to settings objects. Each entry in the array holds a reference to a single settings object.		[{'dt.settings.object_id': 'vu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQ', 'dt.settings.relationship': 'matched_rule'}, {'dt.settings.object_id': 'vu9U3hXa3q0AAAABAB9idWlsdGluOmRhdmlzLmFub21hbHktZGV0ZWN0b3JzAAZ0ZW5hbnQABnRlbmFudAAkMzM2NTc3MTgtYWNjYi0zOGY1LTlmOGUtMTg5NTBiYmNjNmRhvu9U3hXa3q0', 'dt.settings.relationship': 'triggered_alert'}]
dt.settings.relationshipstringexperimental
The type of relationship to the referenced settings object. You can use arbitrary values (in snake_case) here that describe the relationship for your use-case.		matched_rule; triggered_alert
dt.settings.schema_idstringexperimental
The schema ID of a settings schema, as used in the Settings APIs.		builtin:problem.notifications; app:dynatrace.jenkins:connection
dt.settings.schema_versionstringexperimental
The version of the schema referenced by dt.settings.schema_id, as declared by the schema itself. Typically a semantic version number.		1.0.0; 1.2.3
dt.settings.scope_idstringexperimental
The ID of the scope that a settings object is persisted on. This corresponds to the 'scope' field/parameter in the Settings API.		environment; HOST-EFAB6D2FE7274823
dt.settings.scope_namestringexperimental
The human-readable name of the scope that a settings object is persisted on.		deb-10-k3s-oi-01.lab.dynatrace.org
dt.settings.scope_typestringexperimental
The type of the scope that a settings object is persisted on.		environment; host_group; host

Smartscape 2.0 IDs

Entities stored in the Grail based Smartscape storage will coexist with classic entities. To ensure we can distinguish between classic IDs and Smartscape IDs, we use the dt.smartscape.* namespace to enrich entity IDs in signal data.

Fields

AttributeTypeDescriptionExamples
dt.smartscape.__type__stringresource stable
A Smartscape ID that can be used to query entities from the Smartscape storage. __type__ is a placeholder for any Smartscape type.
Tags: smartscape-id		K8S_CLUSTER-E0D8F94D9065F24F

Support

Additional information about the attributes of a data point.

Support fields for user event

Dynatrace Synthetic

The dt.synthetic namespace contains Dynatrace synthetic specific fields.

Fields

AttributeTypeDescriptionExamples
dt.synthetic.batch.idlongexperimental
The identifier of the batch (defined for on-demand executions only).
dt.synthetic.location.missing_capabilitiesarrayexperimental
Names of missing Synthetic location capabilities.		BROWSER; ICMP
dt.synthetic.monitor.idstringexperimental
The identifier of the monitor.		HTTP_CHECK-6349B98E1CD87352
dt.synthetic.monitored_entity_idsarrayexperimental
IDs of monitored entities.		APPLICATION-EA7C4B59F27D43EB
dt.synthetic.request.targetsarrayexperimental
Request target addresses with DNS record type or TCP port number.		127.0.0.1:22
dt.synthetic.violated_entity_idsarrayexperimental
IDs of synthetic monitor or steps.		HTTP_CHECK-9349B98E1CD87352; HTTP_CHECK_STEP-6349B98E1CD87352

Dynatrace system fields

The namespace dt.system is reserved for Grail. These fields cannot be ingested but instead will be set by Grail directly. Every record that is fetched from Grail provides these fields, but by default they are hidden. You can display them by using the fieldsAdd command.

Example query:

// display the bucket for each log record
fetch logs
| fieldsAdd dt.system.bucket

Fields

AttributeTypeDescriptionExamples
dt.system.bucketstringstable
The Grail bucket that the record is stored in.		default_logs; default_spans; default_bizevents
dt.system.environmentstringstable
The Dynatrace environment that the record belongs to.		wkf10640
dt.system.monitoring_sourcestringstable
Identifies the license under which the source is running.		fullstack_host; infrastructure
dt.system.sampling_ratiolongstable
The selected sampling ratio.		1
dt.system.segment_idstringstable
The segment that the record belongs to.		5d97c09e-7337-443e-bab5-2f0474804687
dt.system.storage_intervalstringstable
Identifies the timeframe represented by individual data structures stored under a metric key.		1 min
dt.system.tablestringstable
The table that the record belongs to.		logs; bizevents

dt.system.monitoring_source MUST be one of the following:

ValueDescription
discoveryThe source is running under the discovery license.
fullstack_containerThe source is running under the full-stack container license.
fullstack_hostThe source is running under the full-stack host license.
infrastructureThe source is running under the infrastructure license.
mainframeThe source is running under the mainframe license.

dt.system.storage_interval MUST be one of the following:

ValueDescription
1 minThe timeframe represented by individual measurements of a metrics record in storage.

Dynatrace specific tracing fields

Fields defined in this namespace are used by Dynatrace to describe different aspects of the context propagation between spans.

Fields

AttributeTypeDescriptionExamples
dt.tracing.custom_link.iduidexperimental
The custom link ID to identify spans calling each other. The ID is derived from the custom link bytes.		736bd2684696c4a8
dt.tracing.custom_link.original_bytesbinaryexperimental
The original binary data of the custom link.		ycXlxUBAQEDee9lm8pBcA8nF5cVAQEBA3nvZZvKQXAPee9lm8s4SAQ==
dt.tracing.custom_link.transformed_bytesbinaryexperimental
The transformed binary data of the custom link. Only available if a mapping was applied.		ycXlxUBAQEDee9lm8pBcA8nF5cVAQEBA3nvZZvKQXAPee9lm8s4SAQ==
dt.tracing.custom_link.typestringexperimental
The type of the custom link defines if a mapping of the dt.tracing.custom_link.original_bytes to the dt.tracing.custom_link.transformed_bytes was applied.		generic
dt.tracing.foreign_link.bytesbinaryexperimental
An incoming foreign link (cross-environment or cross-product).		00000004000000010000000200000003000000040000002300000001
dt.tracing.foreign_link.textstringexperimental
An incoming foreign link (cross-environment or cross-product).		FW4;129;12;-2023406815;4539717;0;17;66;c511;2h02;3h12345678;4h676767; FW1;129;4711;59959450;-1859959450;3;17;0
dt.tracing.link.directionstringexperimental
The direction of the span link to define the correct order between spans.		outgoing
dt.tracing.link.iduidexperimental
Unique identifier for a Dynatrace link.
dt.tracing.link.is_syncbooleanexperimental
true indicates that the caller waits on the response. Only available on span links with dt.tracing.link.direction set to outgoing.
dt.tracing.response.headersrecordexperimental
A collection of key-value pairs containing received response headers related to tracing from an outgoing call. There may be multiple values for each header. Used for cross-environment linking.		{'traceresponse': ['00-7b9e3e4068167838398f50017bfad358-d4ffc7e33530967a-01'], 'x-dt-tracestate': ['9651e1a8-19506b7c@dt']}

dt.tracing.custom_link.type MUST be one of the following:

ValueDescription
genericThe dt.tracing.custom_link.original_bytes have no special meaning.
ibm_mqThe dt.tracing.custom_link.original_bytes are an IBM MQ custom link.
ibm_mq_ignore_qnameThe dt.tracing.custom_link.original_bytes are an IBM MQ custom link, but the qname part should be ignored in mapping.

dt.tracing.link.direction MUST be one of the following:

ValueDescription
incomingIndicates that the link represents an incoming call (the child in a parent-child relationship).
outgoingIndicates that the link represents an outgoing call (the parent in a parent-child relationship).

Elasticsearch

Fields

AttributeTypeDescriptionExamples
elasticsearch.cluster.namestringresource experimental
elasticsearch.node.namestringresource experimental

Endpoint

Endpoints define the public interface of services.

Fields

AttributeTypeDescriptionExamples
endpoint.namestringstable
The endpoint name is derived from endpoint detection rules and uniquely identifies one endpoint of a particular service. Endpoint names are usually technology-specific and should be defined by attributes with low cardinality, like http.route or rpc.method. Endpoints are exclusively detected on request root spans.		GET /; PUT /users/:userID?; GET /productpage; Reviews.GetReviews

Equinox

Fields

AttributeTypeDescriptionExamples
equinox.config.pathstringresource experimental

Error

The error namespace contains general information on errors.

Fields

AttributeTypeDescriptionExamples
error.codelongexperimental
The code of the error. Set for iOS (NSError and Swift Error) and custom errors for C-based languages.		-1; 3072
error.csp_violation_countlongexperimental
The number of CSP rule violations.		1
error.display_namestringexperimental
A human-readable version of error.id.		500: foo.bar/path/file; path/file:1:5
error.dropped_exception_countlongexperimental
The number of exceptions that are observed, but which are not captured due to error capture limits.		1
error.exception_countlongexperimental
The total number of exceptions that are observed, including exceptions that are not captured.		1
error.http_4xx_countlongexperimental
The number of HTTP request errors with a http.response.status_code of 400 - 499.		1
error.http_5xx_countlongexperimental
The number of HTTP request errors with a http.response.status_code of 500 - 599.		1
error.http_other_countlongexperimental
The number of HTTP request errors with a http.response.status_code of 0-99 or 600+ (undefined errors).		1
error.iduidexperimental
A unique identifier for error grouping. The error.id is a 16-byte ID and hex-encoded if shown as a string.		357bf70f3c617cb34584b31bd4616af8
error.is_fatalbooleanexperimental
If set to true, the error resulted in a fatal exit (for example, an unhandled exception). Otherwise this attribute should be omitted.		true
error.reasonstringexperimental
The error reason. RUM JavaScript reports a pre-defined set of values.		no network
error.sourcestringexperimental
The error source.		fetch; console
error.typestringexperimental
The main error type. This information is determined by Dynatrace RUM error grouping.		request

error.reason has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
abortThe request was aborted by the user.
cspThe request failed due to a Content Security Policy (CSP) violation.
no_networkThe request failed because of no connectivity.
timeoutThe request timed out.

error.source has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
consoleconsole
document_requestdocument_request
exceptionexception
fetchfetch
promise_rejectionpromise_rejection
xhrxhr

error.type MUST be one of the following:

ValueDescription
anrApplication Not Responding (ANR)
crashCrash
cspContent Security Policy (CSP) violation
exceptionException
reportedCustom reported error
requestFailed request

ESB

Fields

AttributeTypeDescriptionExamples
esb.application.namestringresource experimental
The name of the application that holds the workflows of the business logic.		myBusinessApp; YourServiceApp; any_work
esb.library.namestringresource experimental
The name of the library that hosts commonly used workflows to be reused in applications.		myWebServicesLib; YourMessagingLibrary; any_tools
esb.vendorstringresource experimental
The name of the vendor of the ESB technology of the current workflow.		ibm; tibco
esb.workflow.namestringresource experimental
The name of the workflow (the message flow for the IBM ESB).		myMessageFlow; YourBusinessWorkflow; any_flow

Event

The event namespace contains common identification, categorization and context on events in Dynatrace.

Fields

AttributeTypeDescriptionExamples
event.categorystringstable
Standard categorization based on the significance of an event (similar to the severity level in the previous Dynatrace).		Availability
event.descriptionstringstable
Human-readable description of an event.		The current response time (11 s) exceeds the auto-detected baseline (767 ms) by 1,336 %
event.endstringstable
The event end timestamp in UTC (given in Grail preferred Linux timestamp nano precision format).		16481073970000
event.group_labelstringexperimental
Group label of an event.		Availability
event.idstringstable
Unique identifier string of an event; is stable across multiple refreshes and updates.		5547782627070661074_1647601320000
event.kindstringstable
Gives high-level information about what kind of information the event contains without being specific about the contents of the event. It helps to determine the record type of a raw event.
Tags: permission		INFRASTRUCTURE_EVENT; DAVIS_EVENT; BIZ_EVENT; RUM_EVENT; AUDIT_EVENT; BILLING_USAGE_EVENT
event.namestringstable
The human readable display name of an event type.		Process crashed; CPU Saturation
event.original_contentstringexperimental
The original raw data of the event as received from the source.		{"severity_id": 3,"state_id": 1,"time": "2024-06-26T07:15:06.139000Z","state": "New","type_uid": 200101}
event.outcomestringstable
Denotes whether the event represents a success or a failure from the perspective of the entity that produced the event (for example an HTTP response code).		200; success; failure
event.parent_idstringexperimental
Unique identifier string of a parent event to link parent and child events.		5547782627070661074_1647601319999
event.providerstringstable
Source of the event, for example, the name of the component or system that generated the event.
Tags: permission		OneAgent; K8S; Davis; VMWare; GCP; AWS; LIMA_USAGE_STREAM
event.reasonstringstable
Describes why a certain event.outcome was set. Typically, this is some form of error description in the case of a failure.		user is missing permission "logs.read"
event.startstringstable
The event start timestamp in UTC (given in Grail preferred Linux timestamp nano precision format).		16481073970000
event.statusstringstable
Status of an event as being either Active or Closed.		Active
event.status_transitionstringexperimental
An enum that shows the transition of the above event state.		Recovered
event.typestringstable
The unique type identifier of a given event.
Tags: permission		ESXI_HOST_MEMORY_SATURATION; PROCESS_RESTART; CPU_SATURATION; MEMORY_SATURATION; Automation Workflow; AppEngine Functions - Small
event.versionstringstable
Describes the version of the event.		1.0.0

Values

Values are either in title-case or screaming snake case.

event.category SHOULD be one of the following:

ValueDescription
Availabilityavailability
Errorerror
Slowdownslowdown
Resource contentionresource_contention
Warningwarning
Infoinfo
Vulnerability managementvulnerability_management

event.status SHOULD be one of the following:

ValueDescription
Activeactive
Closedclosed

event.status_transition SHOULD be one of the following:

ValueDescription
Createdcreated
Updatedupdated
Refreshedrefreshed
Resolvedresolved
Recoveredrecovered
Closedclosed
Timed outtimed out
Reopenedreopened

Event Properties

Event properties are custom-defined key-value pairs. Dynatrace RUM captures event properties as part of each of your users' journeys to enrich user events.

Fields

AttributeTypeDescriptionExamples
event_properties.__property_name__recordexperimental
Contains the value for the event property named __property_name__ defined by the event and session property configuration. The data type of the value depends on the definition; default is data type string.		42; value

Exception

Fields

AttributeTypeDescriptionExamples
exception.caused_by_iduidstable
The exception.id of the exception the current exception was caused by.
exception.column_numberlongexperimental
The column number where the exception happened.		12304
exception.escapedbooleanstable
true indicates that the exception was recorded at a point where it is known that the exception escaped the scope of the span.
exception.file.domainstringexperimental
The URI domain component. This is extracted from exception.file.full.		www.foo.bar
exception.file.fullstringexperimental
The full file location when the exception happened. This is either an absolute URL or a filename.		https://www.foo.bar/path/main.js; main.js
exception.file.pathstringexperimental
The URI path component. This is extracted from exception.file.full.		/path/main.js
exception.iduidstable
The identifier of an exception. It should be unique within a list of exceptions of a span. The identifier is used to reference the exception.
exception.is_caused_by_rootbooleanstable
Is set to true if the exception is the first exception caused by the chain.
exception.line_numberlongexperimental
The line number where the exception happened.		1401
exception.messagestringstable
A message that describes the exception.		Division by zero
exception.stack_tracestringexperimental
The stack trace of the exception. The format depends on the technology and source. While OneAgent formats stack traces to unify them across technologies, stack traces from an OpenTelemetry source are in the format they were sent to Dynatrace.		@https://www.foo.bar/path/main.js:59:26 e@https://www.foo.bar/path/lib/1.1/lib.js:2:30315
exception.typestringstable
The type of the exception, for example its fully-qualified class name.		java.net.ConnectException; OSError

Function as a Service (FaaS)

Fields that can be expected from serverless functions or Function as a Service (FaaS) on various cloud platforms.

Fields

Resource attributes

AttributeTypeDescriptionExamples
faas.max_memorylongresource experimental
The amount of memory available to the serverless function in Bytes.
faas.namestringresource experimental
The name of the single function that this runtime instance executes. 1		my-function; myazurefunctionapp/some-function-name; test_function
faas.versionstringresource experimental
The immutable version of the function being executed. 2		14; 254
1

This is the name of the function as configured/deployed on the FaaS platform and is usually different from the name of the callback function (which may be stored in the code.namespace/code.function span attributes).

2

Value of the field depends on a cloud provider. This field is not set for Azure.

Span attributes

AttributeTypeDescriptionExamples
faas.coldstartbooleanexperimental
A boolean that is true if the serverless function is executed for the first time (aka cold-start).
faas.document.collectionstringexperimental
The table/collection name on which the operation above was executed. 1		my-coll-name
faas.document.namestringexperimental
The identifier for the specific item that changed after executing the operation above. 2		my-file.jpg; 63eeb6e7d418cd98afb1c1d7
faas.document.operationstringexperimental
Relevant only for "datasource" trigger. The operation type which triggered the function invocation.		delete
faas.document.timestringexperimental
The UTC ISO-8601 timestamp of the operation above. 3		2020-03-08T00:30:12.456Z
faas.event.__key__stringstable
Faas event attribute, the __key__ attribute in a Faas event represents the precise attribute name as received in the event. For example, it might be "faas.event.StackId" for the "StackId" attribute in an AWS CloudFormation event or "faas.event.IdentityPoolId" for the "IdentityPoolId" attribute in an AWS Cognito event. The value of this attribute is identical to the value received in the event.		arn:aws:cloudformation:us-west-2:123456789012:stack/MyStack/1a2b3c4d-5678-90ab-cdef-EXAMPLE11111; eu-west-1:12345678-1234-1234-1234-123456789012
faas.event_namestringexperimental
The API action that triggered the faas event. 4		ObjectCreated:Put (aws:s3); INSERT (aws:dynamodb)
faas.event_sourcestringexperimental
The cloud service that originated the event.		aws:cloudwatch; aws:cloudformation
faas.invoked_namestringexperimental
The name of the invoked function.		my-function
faas.invoked_providerstringexperimental
The cloud provider of the invoked function. Will be equal to the invoked function's cloud.provider resource attribute.		alibaba_cloud
faas.invoked_regionstringexperimental
The cloud region of the invoked function. 5		eu-central-1
faas.triggerstringexperimental
Type of the trigger which caused this function invocation.		datasource
1

Relevant only for faas.trigger=datasource trigger

2

Relevant only for faas.trigger=datasource trigger

3

Relevant only for faas.trigger=datasource trigger

4

The value of this attribute is specific to the service that generated the event.

5

Will be equal to the invoked function's cloud.region resource attribute.

faas.document.operation has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
deletedelete
editedit
insertinsert

faas.invoked_provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
alibaba_cloudAlibaba Cloud
awsAmazon Web Services
azureMicrosoft Azure
gcpGoogle Cloud Platform
tencent_cloudTencent Cloud

faas.trigger has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
datasourceA response to some data source operation such as a database or filesystem read/write.
httpTo provide an answer to an inbound HTTP request
otherIf none of the others apply
pubsubA function is set to be executed when messages are sent to a messaging system.
timerA function is scheduled to be executed regularly.

Failure Detection

Fields that can be expected for a failure detection on a Dynatrace span. For more details and how failure detection is embedded in a span, see Dynatrace Span model.

Fields

AttributeTypeDescriptionExamples
dt.failure_detection.general_parameters_iduidexperimental
The id of the failure detection general parameters (failure detection v1) that were applied to that span (uid128).		4d76194c11a9426197a9062548f9e66f
dt.failure_detection.global_parameters_iduidexperimental
The id of the global failure detection parameters (failure detection v1) that were applied to that span (uid128).
This is always used in conjunction with the dt.failure_detection.global_rule_id.		4d76194c11a9426197a9062548f9e66c
dt.failure_detection.global_rule_iduidexperimental
The id of the global failure detection rule (failure detection v1) that was applied to that span (uid128).
This is always used in conjunction with the dt.failure_detection.global_parameters_id.		4d76194c11a9426197a9062548f9e66b
dt.failure_detection.http_parameters_iduidexperimental
The id of the failure detection HTTP parameters (failure detection v1) that were applied to that span (uid128).		4d76194c11a9426197a9062548f9e66a
dt.failure_detection.resultsrecord[]experimental
A collection of individual failure detection reasons and verdicts for each applied matching rule. If no entries exist, no rules matched, and the attribute does not exist.
dt.failure_detection.ruleset_iduidexperimental
The id of the failure detection rule set (failure detection v2) that was applied to that span (uid128).		4d76194c11a9426197a9062548f9e66e

Feature Flag

The event name MUST be feature_flag.evaluation.

AttributeTypeDescriptionExamples
feature_flag.context.idstringexperimental
The unique identifier for the flag evaluation context. For example, the targeting key.		5157782b-2203-4c80-a857-dbbd5e7761db
feature_flag.keystringexperimental
The unique identifier of the feature flag.		logo-color
feature_flag.provider.namestringexperimental
The name of the service provider that performs the flag evaluation.		Flag Manager
feature_flag.result.reasonstringexperimental
The reason code, which shows how a feature flag value was determined.		static; targeting_match; error; default
feature_flag.result.variantstringexperimental
A semantic identifier for an evaluated flag value. 1		red; true; on
feature_flag.set.idstringexperimental
The identifier of the flag set to that the feature flag belongs.		proj-1; ab98sgs; service1/dev
feature_flag.versionstringexperimental
The version of the ruleset used during the evaluation. This can be any stable value that uniquely identifies the ruleset.		1; 01ABCDEF
1

A semantic identifier, commonly referred to as a variant, provides a means for referring to a value without including the value itself. This can provide additional context for understanding the meaning behind a value. For example, the variant red maybe be used for the value #c05543.

feature_flag.result.reason MUST be one of the following:

ValueDescription
cachedThe resolved value was retrieved from cache.
defaultThe resolved value fell back to a pre-configured value (no dynamic evaluation occurred or dynamic evaluation yielded no result).
disabledThe resolved value was the result of the flag being disabled in the management system.
errorThe resolved value was the result of an error.
splitThe resolved value was the result of pseudorandom assignment.
staleThe resolved value is non-authoritative or possibly out of date.
staticThe resolved value is static (no dynamic evaluation).
targeting_matchThe resolved value was the result of a dynamic evaluation, such as a rule or specific user-targeting.
unknownThe reason for the resolved value could not be determined.

Google Cloud Platform

Fields

AttributeTypeDescriptionExamples
gcp.app_engine.instancestringresource experimental
gcp.app_engine.servicestringresource experimental
gcp.cloud_run.servicestringresource experimental
gcp.instance.idstringresource experimental
A permanent identifier that is unique within your Google Cloud project.		6639848141313102286
gcp.instance.namestringresource experimental
The name to display for the instance in the Cloud Console.		single-vm-test
gcp.locationstringresource stable
Region or zone the instance of the GCP resource is running on.		europe-west3-c
gcp.organization.idstringresource experimental
Unique, immutable identifier assigned to an organization resource.		123456789012
gcp.organization.namestringresource experimental
Name assigned to the GCP organization.		dynatrace.com
gcp.project.idstringresource stable
The identifier of the GCP project associated with this resource.
Tags: permission primary-field		dynatrace-gcp-extension
gcp.regionstringresource experimental
A region is a specific geographical location where you can host your resources.
Tags: primary-field		europe-west3
gcp.resource.namestringresource experimental
The globally unique resource name in Google Cloud Platform convention.		//cloudfunctions.googleapis.com/projects/gcp-example-project/locations/us-central1/functions/examplefunction
gcp.resource.typestringresource experimental
The name of a resource type.		cloudsql_database
gcp.zonestringresource experimental
A zone is a subset of a region. Each region has three or more zones.		europe-west3-c

Generative AI

Fields

Span attributes

AttributeTypeDescriptionExamples
gen_ai.guardrail.idstringexperimental
Identifier of the guardrail that has been activated for the request.		sensitive_data_guardrail
gen_ai.guardrail.versionstringexperimental
Version of the guardrail that has been activated.		DRAFT; 5; 12345678
gen_ai.operation.namestringexperimental
Name of operation being performed.		chat; generate_content; text_completion
gen_ai.prompt_cachingstringexperimental
Indicates how prompt cache has been used when handling the request.		read; write
gen_ai.provider.namestringexperimental
Name of GenAI product being used.		aws_bedrock; openai
gen_ai.request.frequency_penaltydoubleexperimental
Frequency penalty setting for GenAI request.		0.4
gen_ai.request.max_tokenslongexperimental
Maximum number of tokens that the model can generate for a request.		50
gen_ai.request.modelstringexperimental
Model chosen to handle the request.		amazon.nova-micro-v1:0; anthropic.claude-3-7-sonnet-20250219-v1:0
gen_ai.request.presence_penaltydoubleexperimental
Presence penalty setting for GenAI request.		0.4
gen_ai.request.stop_sequencesstring[]experimental
List of sequences that will stop the model from generating further tokens.		[forest, lived]
gen_ai.request.temperaturedoubleexperimental
Temperature setting for GenAI request.		0.8
gen_ai.request.top_klongexperimental
Temperature setting for GenAI request.		300
gen_ai.request.top_pdoubleexperimental
Temperature setting for GenAI request.		0.6
gen_ai.response.finish_reasonsstring[]experimental
List of reasons why the model stopped generating tokens, corresponding to each generation received.		[["stop_sequence"], ["stop_sequence", "max_tokens"]]
gen_ai.response.modelstringexperimental
Model that handled the request.		amazon.nova-micro-v1:0; anthropic.claude-3-7-sonnet-20250219-v1:0
gen_ai.usage.input_tokenslongexperimental
Number of tokens sent to the model in the request.		42
gen_ai.usage.output_tokenslongexperimental
Number of tokens generated by the model while handling the request.		42

gen_ai.prompt_caching has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
readCache hit. Reading from cache.
writeCache miss. Creating cache checkpoint.

Geolocation

The geo namespace contains geo location information. This section only holds all currently agreed upon fields in the Dynatrace Semantic Dictionary. Aligned closely to the ECS, with some adaptions around field groupings

Fields

AttributeTypeDescriptionExamples
geo.city.namestringresource stable
English name of the city.		Montreal
geo.continent.namestringresource stable
English name of the continent.		North America
geo.country.iso_codestringresource experimental
The two-letter country code. The format complies with ISO 3316-1 alpha-2.		CA; GB
geo.country.namestringresource stable
English name of the country.		Canada
geo.location.latitudedoubleresource experimental
The approximate latitude. The format complies with WGS 84.		45.505918
geo.location.longitudedoubleresource experimental
The approximate longitude. The format complies with WGS 84.		-73.61483
geo.region.namestringresource stable
English name of the region.		Quebec

Glassfish

Fields

AttributeTypeDescriptionExamples
glassfish.domain.namestringresource experimental
The name of the domain this instance belongs to.
glassfish.instance.namestringresource experimental
The instance's name.

Go

Fields

AttributeTypeDescriptionExamples
go.linkagestringresource experimental

Host

Fields describing a host.

Host naming

Dynatrace aims to use the best fitting name for the field host.name. See below, how Dynatrace determines the host name in an ordered by precedence fashion:

1. Customized host name

Dynatrace supports customizing the host.name property. A custom set host name takes precedence over the auto detection mechanisms described further down.

  • Place a configuration file containing the desired name in a specific directory as described in this Documentation
  • Alternatively, the oneagentctl tool can be used to set a custom host name. See Documentation for details.

2. Kubernetes node name

If no customized name is set locally, the OneAgent attempts to determine if we're deployed by Dynatrace Operator in Kubernetes or OpenShift and sets host.name to the name of the Node.

3. Cloud vendor metadata

If the Kubernetes isn't present, the OneAgent attempts to determine the host.name value by accessing cloud metadata where applicable.

4a. Linux & AIX

  • The result of the system call to the standard C library's gethostname() if it can be interpreted as a fully qualified domain name (FQDN) and doesn't contain "localhost".
  • Otherwise, a system call to getaddrinfo() for port 80 is issued, again sanity checking whether the returned name is an FQDN and doesn't contain "localhost".
  • If a correct hostname still hasn't been identified, but the system call to gethostname() was successful, and the returned string is not empty and doesn't contain "localhost", then it's used.
  • Defaults to the string EmptyHostName if neither property can be resolved.

4b. Windows

  • On Windows, the system call GetComputerNameExA is used to determine a host's name. In particular, the resulting name is composed of <hostname>.<domainname> with the following details
    • hostname = ComputerNameDnsHostname retrieved by GetComputerNameEx
    • domainname = ComputerNameDnsDomain retrieved by GetComputerNameEx
  • The result of the system call GetComputerNameExA is used when it can be interpreted as a fully qualified domain name (FQDN).
  • Otherwise, the result of the system call GetComputerNameExA is used when it's not empty.
  • Defaults to the string EmptyHostName if neither property can be resolved.

Fields

AttributeTypeDescriptionExamples
host.fqdnstring[]resource experimental
A list of FQDNs of this host.		[ec2-43-213-176-3.compute-1.amazonaws.com, localhost.example.com]
host.ipipAddress[]resource experimental
A list of IP adresses (IPv4 or IPv6) of this host.		[194.232.104.141, 2a01:468:1000:9::140]
host.logical.cpu.coreslongresource experimental
Logical CPU cores on the monitored host.		8
host.logical.cpuslongresource experimental
Logical CPUs on the monitored host. Applies to AIX LPARs.		8
host.macarrayresource experimental
A list of MAC adresses associated with this host.		4C:03:4F:5B:E8:89; 00:15:5D:2F:1C:2A
host.namestringresource experimental
The host name as determined on the data source (for instance, OneAgent, extensions or OpenTelemetry).
Important: This is not the name of the host entity, which can be modified based on naming rules.
Tags: permission		ip-10-178-54-32.ec2.internal
host.physical.memorylongresource experimental
Physical memory of the monitored host, expressed in bytes. The value might be different than the total available memory, if features such as Active Memory Expansion are used.		8141684736
host.simultaneous.multithreadinglongresource experimental
Number of threads for AIX Simultaneous Multithreading feature.		4
host.virtual.cpuslongresource experimental
Number of virtual CPUs for AIX LPAR.		2

HTTP

AttributeTypeDescriptionExamples
http.request.body.sizelongstable
The size of the request payload body in bytes. This is the number of bytes transferred excluding headers and is often, but not always, present as the Content-Length header. For requests using transport encoding, this should be the compressed size.		3495
http.request.header.__key__stringstable
HTTP request headers, __key__ being the lowercase HTTP header name, for example "http.request.header.accept-encoding". The value is a string. If multiple headers have the same name or multiple header values, the values will be comma-separated into a single string.
Tags: sensitive-spans		https://www.foo.bar/; gzip, deflate, br; 1.2.3.4, 1.2.3.5
http.request.idstringexperimental
String that uniquely identifies a request.		SOX4xwn4XV6Q4rgb7XiVGOHms_BGlTAC4KyHmureZmBNrjGdRLiNIQ==; k6WGMNkEzR5BEM_SaF47gjtX9zBDO2m349OY2an0QPEaUum1ZOLrow==
http.request.methodstringstable
HTTP request method.		GET; POST; HEAD
http.request.parameter.__key__stringstable
HTTP request parameters, __key__ for example, "http.request.parameter.username". The value is a string. If there are multiple parameters with the same name or multiple parameter values, the values will be a single, comma-separated string.		admin; premium
http.request.sizelongexperimental
The total size of the request in bytes. This value should be the total number of bytes sent over the wire, including the request line (HTTP/1.1), framing (HTTP/2 and HTTP/3), headers, and request body if any.		114; 702
http.response.body.sizelongstable
The size of the response payload body in bytes. This is the number of bytes transferred excluding headers and is often, but not always, present as the Content-Length header. For requests using transport encoding, this should be the compressed size.		3495
http.response.header.__key__stringstable
HTTP response headers, __key__ being the lowercase HTTP header name, for example, "http.response.header.content-type". The value is a string. If multiple headers have the same name or multiple header values, the values will be comma-separated into a single string.		909; text/html; charset=utf-8; abc, def
http.response.range_end_valuelongexperimental
When the response contains the HTTP Content-Range header, this field contains the range end value.		499; 1999
http.response.range_start_valuelongexperimental
When the response contains the HTTP Content-Range header, this field contains the range start value.		0; 1000
http.response.reason_phrasestringexperimental
The HTTP reason phrase (HTTP1 only).		Not found
http.response.sizelongexperimental
The total size of the response in bytes. This value should be the total number of bytes sent over the wire, including the status line (HTTP/1.1), framing (HTTP/2 and HTTP/3), headers, and response body and trailers if any.		251; 608
http.response.status_codelongstable
HTTP response status code.		200
http.response.time_to_first_bytedoubleexperimental
Time between the browser requesting a page and when it receives the first byte of information from the server.		0.022; 0.071
http.routestringstable
The matched route (path template in the format used by the respective server framework).		/users/:userID?; Home/Index/{id?}
AttributeTypeDescriptionExamples
http.server_namestringresource experimental
The server name as configured by the webserver if available. If no such name exists, this is the local hostname and bound port. In Kubernetes, the base pod name is used.		MyServer; localhost:8000

Hybris

Fields

AttributeTypeDescriptionExamples
hybris.bin.dirstringresource experimental/opt/hybris-60/hybris/bin
hybris.config.dirstringresource experimental/opt/hybris-60/hybris/config
hybris.data.dirstringresource experimental/opt/hybris-60/hybris/data

Reference

IBM

Fields

AttributeTypeDescriptionExamples
ibm.ace.integration_node.namestringresource experimental
The name of the integration node (broker) that manages one or more integration servers.		myIntegrationNode; YourBroker; the_management_instance
ibm.ace.integration_server.namestringresource experimental
The name of the broker-managed or standalone integration server (formerly known as execution group or dataflow engine).		myIntegrationServer; YourExecutionGroup; dataflow_engine
ibm.cics.aorstringresource experimental
ibm.cics.programstringresource experimental
The name of the CICS program.		EDUCHAN
ibm.cics.regionstringresource experimental
ibm.cics.torstringresource experimental
ibm.ctg.namestringresource experimental
ibm.ims.connectstringresource experimental
ibm.ims.controlstringresource experimental
ibm.ims.mprstringresource experimental
ibm.ims.soap_gw.namestringresource experimental

Iis

Fields

AttributeTypeDescriptionExamples
iis.app_pool.namestringresource experimental
iis.role.namestringresource experimental

Java

Fields

AttributeTypeDescriptionExamples
java.jar.filestringresource experimental
java.jar.pathstringresource experimental
java.main.classstringresource experimental
java.main.modulestringresource experimental

JBoss

Fields

AttributeTypeDescriptionExamples
jboss.homestringresource experimental
The instance's home directory.
jboss.modestringresource experimental
The instance's operating mode.		org.jboss.as.standalone; org.jboss.as.server
jboss.server.namestringresource experimental
The instance's server name.

JDBC

Fields

AttributeTypeDescriptionExamples
jdbc.connection.pool.namestringstable
The name of the JDBC connection pool.		jdbc/db2

Journald

Fields

AttributeTypeDescriptionExamples
journald.unitstringexperimental
A unit is a systemd object that performs or controls a particular task or action; concerns unix-based systems		cron.service; oneagent.service; kubepods.slice

Kubernetes

Fields

AttributeTypeDescriptionExamples
k8s.cluster.namestringresource stable
(Optional) The user-defined name of the cluster in Dynatrace. Doesn't need to be unique or immutable.
Tags: permission primary-field		unguard-dev; acme-prod10
k8s.cluster.uidstringresource stable
A pseudo-ID for the cluster, by default set to the UID of the kube-system namespace.		1c7a24c7-ff51-46e0-bcc9-c52637ceec57
k8s.configmap.namestringresource experimental
Name of the ConfigMap.		my-configmap
k8s.container.namestringresource stable
The name of the container from the pod specification; must be unique within a pod. Container runtime usually uses different globally unique name (container.name).		redis
k8s.cronjob.namestringresource experimental
Name of the CronJob.		my-cronjob
k8s.customresourcedefinition.namestringresource experimental
Name of the CustomResourceDefinition.		dynakubes.dynatrace.com
k8s.daemonset.namestringresource experimental
Name of the DaemonSet.		my-daemonset
k8s.deployment.namestringresource experimental
Name of the Deployment.		my-deployment
k8s.deploymentconfig.namestringresource experimental
Name of the DeploymentConfig.		my-deploymentconfig
k8s.dynakube.namestringresource experimental
Name of the DynaKube.		my-dynakube
k8s.edgeconnect.namestringresource experimental
Name of the EdgeConnect.		my-edgeconnect
k8s.ingress.namestringresource experimental
Name of the Ingress.		my-ingress
k8s.job.namestringresource experimental
Name of the Job.		my-job
k8s.namespace.namestringresource stable
The name of the namespace that the pod is running in.
Tags: permission primary-field		default; kube-system
k8s.namespace.uidstringresource experimental
The UID of the namespace.		bfb1ba44-3bcb-467d-a2dc-188fd74d1db5
k8s.networkpolicy.namestringresource experimental
Name of the NetworkPolicy.		my-networkpolicy
k8s.node.namestringresource stable
Name of the node.		cluster-pool-1-c3c7423d-azth
k8s.persistentvolume.namestringresource experimental
Name of the PersistentVolume.		my-persistentvolume
k8s.persistentvolumeclaim.namestringresource experimental
Name of the PersistentVolumeClaim.		my-persistentvolumeclaim
k8s.pod.namestringresource stable
The name of the pod.		checkoutservice-7895755b94-mzs5m
k8s.pod.uidstringresource stable
The UID of the pod.		275ecb36-5aa8-4c2a-9c47-d8bb681b9aff
k8s.replicaset.namestringresource experimental
Name of the ReplicaSet.		my-replicaset
k8s.replicationcontroller.namestringresource experimental
Name of the ReplicationController.		my-replicationcontroller
k8s.secret.namestringresource experimental
Name of the Secret.		my-secret
k8s.service.namestringresource stable
The name of the Kubernetes service.		my-service
k8s.statefulset.namestringresource experimental
Name of the StatefulSet.		my-statefulset
k8s.workload.kindstringresource stable
The type of the workload. The value is the Kubernetes object kind of the workload in lowercase.		deployment; statefulset; cronjob; job; daemonset; replicaset
k8s.workload.namestringresource stable
The name of the workload.		checkoutservice
k8s.workload.uidstringresource experimental
The UID of the workload.		786a41e4-e673-44bb-bb30-18888f797a2b
AttributeTypeDescriptionExamples
k8s.namespace.annotation.__attribute_name__stringresource experimental
Kubernetes namespace annotation that should be enriched on ingest signals and service metrics. The attribute_name is a placeholder that can freely be chosen.		k8s.namespace.annotation.team=a_team
k8s.namespace.label.__attribute_name__stringresource experimental
Kubernetes namespace label that should be enriched on ingest signals and service metrics. The attribute_name is a placeholder that can freely be chosen.		k8s.namespace.label.env=dev
k8s.pod.annotation.__attribute_name__stringresource experimental
Kubernetes pod annotation that should be enriched on ingest signals and service metrics. The attribute_name is a placeholder that can freely be chosen.		k8s.pod.annotation.team=a_team
k8s.pod.label.__attribute_name__stringresource experimental
Kubernetes pod label that should be enriched on ingest signals and service metrics. The attribute_name is a placeholder that can freely be chosen.		k8s.pod.label.env=dev
k8s.workload.annotation.__attribute_name__stringresource experimental
Kubernetes workload annotation that should be enriched on ingest signals and service metrics. The attribute_name is a placeholder that can freely be chosen.		k8s.workload.annotation.team=a_team
k8s.workload.label.__attribute_name__stringresource experimental
Kubernetes workload label that should be enriched on ingest signals and service metrics. The attribute_name is a placeholder that can freely be chosen.		k8s.workload.label.env=dev

Standard fields used for log events

Fields relevant for log events

Fields

AttributeTypeDescriptionExamples
log.file.namestringexperimental
The basename of the file.		messages; agent.log
log.file.pathstringexperimental
The full path to the file.		/var/log/messages; /var/log/dynatrace/agent.log
log.iostreamstringstable
The I/O stream to which the log was emitted.		stdout; stderr
log.loggerstringexperimental
The name of the logger inside an application. This name is usually the name of the class that initialized the logger, but it can be a custom name.		main.logger; kafka.server.KafkaServer
log.raw_levelstringexperimental
The original severity level of the log entry as recorded by the source, before standardization into the log.level format. 1		silly; verbose
log.sourcestringstable
Human-readable attribute that identifies a log stream. 2
Tags: permission		/var/log/messages; Windows Event Log; Docker Container Output; stdout
log.source.originstringstable
The log source origin indicates where the log derives from.		CUSTOM; IIS_LOG_DETECTOR
loglevelstringstable
The log event severity level.		ERROR; INFO; TRACE
1

The log.raw_level can vary in type depending on the log entry. It may be represented as a string in some cases or as an integer (for example, 30, 40, 50) in others.

2

Can contain, for example, a file path, standard output, or an URI etc., depending on the log stream type. The value should be stable for one logical source (for example, not affected by log file rotation digits).

log.iostream MUST be one of the following:

ValueDescription
stderrstd_err
stdoutstd_out

log.source.origin MUST be one of the following:

ValueDescription
CONTAINER_LOG_DETECTORContainer log detector.
CUSTOM_LOGCustom log source configuration.
IIS_LOG_DETECTORIIS log detector.
JOURNALD_LOG_DETECTORJournald log detector.
OPEN_LOG_DETECTOROpen log file detector.
SYSTEM_LOG_DETECTORSystem log detector.

loglevel MUST be one of the following:

ValueDescription
ALERTalert
CRITICALcritical
DEBUGdebug
EMERGENCYemergency
ERRORerror
FATALfatal
INFOinfo
NONEnone
NOTICEnotice
SEVEREsevere
TRACEtrace
WARNwarn

Messaging

Fields

AttributeTypeDescriptionExamples
messaging.batch.failed_countlongexperimental
The number of messages in the batch for which publishing failed.		1; 3; 15
messaging.batch.failure_codesstring[]experimental
The vendor-provided error codes explaining why an operation on the message broker failed. To limit attribute size, not all error codes might be included.		[['MalformedDetail', 'InvalidArgument']]
messaging.batch.message_countlongexperimental
The number of messages sent, received, or processed in the scope of the batching operation.		1; 2; 3
messaging.client.idstringexperimental
A unique identifier for the client that consumes or produces a message.		aclient; myhost@68d46b89c9-c29qc
messaging.consumer.group.namestringexperimental
The name of the consumer group with which a consumer is associated.		my-group; indexer
messaging.destination.kindstringdeprecated
The kind of message destination		queue; topic
messaging.destination.manager_namestringexperimental
The destination's manager name 1		MyBroker
messaging.destination.namestringexperimental
The message destination name 2		MyQueue; MyTopic
messaging.destination.partition.idstringexperimental
String representation of the partition ID the message is sent to or received from.		1
messaging.destination.temporarybooleanexperimental
A boolean that is true if the message destination is temporary and might not exist anymore after messages are processed.
messaging.message.body.sizelongexperimental
The (uncompressed) size of the message payload in bytes.		2738
messaging.message.conversation_idstringexperimental
The conversation ID identifying the conversation to which the message belongs, represented as a string. Sometimes called "Correlation ID".		MyConversationId
messaging.message.header.__key__recordexperimental
The message headers, __key__ being the message header/attribute name, for example, "messaging.message.header.ExtendedPayloadSize". The data type of the value depends on the attribute.		1024, "my-eu-bucket-3", ["a", "b"]
messaging.message.idstringexperimental
A value used by the messaging system as an identifier for the message, represented as a string.		452a7c7c7c7048c2f887f61572b18fc2
messaging.operation.typestringexperimental
A string identifying the kind of messaging operation.		peek
messaging.source.kindstringdeprecated
The kind of message source		queue; topic
messaging.source.manager_namestringdeprecated
Replaced by messaging.destination.manager_name.
The source's manager name 3		MyBroker
messaging.source.namestringdeprecated
Replaced by messaging.destination.name.
The message source name 4		MyQueue; MyTopic
messaging.source.temporarybooleandeprecated
Replaced by messaging.destination.temporary.
A boolean that is true if the message source is temporary and might not exist anymore after messages are processed.
messaging.systemstringexperimental
An identifier for the messaging system. See below for a list of well-known identifiers.		kafka; rabbitmq
1

Manager name uniquely identifies the broker.

2

Destination name uniquely identifies a specific queue, topic or other entity within the broker.

3

Manager name uniquely identifies the broker.

4

Source name uniquely identifies a specific queue, topic, or other entity within the broker.

messaging.destination.kind MUST be one of the following:

ValueDescription
queueA message sent to or received from a queue
topicA message sent to or received from a topic

messaging.operation.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
peekA message is received from a destination by a message consumer/server, but left there (span.kind is "consumer").
processA message previously received from a destination is processed by a message consumer (span.kind is "consumer").
publishA message is sent to a destination by a message producer (span.kind is "producer").
receiveA message is received from a destination by a message consumer (span.kind is "consumer").

messaging.source.kind MUST be one of the following:

ValueDescription
queueA message received from a queue
topicA message received from a topic

messaging.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
activemqActiveMQ
artemisActiveMQ Artemis
aws_eventbridgeAmazon EventBridge
aws_snsAmazon Simple Notification Service (SNS)
aws_sqsAmazon Simple Queue Service (SQS)
azure_eventgridAzure Event Grid
azure_eventhubsAzure Event Hubs
azure_servicebusAzure Service Bus
gcp_pubsubGoogle Cloud Pub/Sub
hornetqHornetQ
jmsJava Message Service
kafkaApache Kafka
mqseriesIBM MQ
msmqMSMQ
rabbitmqRabbitMQ
rocketmqApache RocketMQ
sag_webmethods_isSoftware AG, webMethods Integration Server
tibco_emsTibco EMS
weblogicOracle WebLogic
websphereIBM WebSphere Application Server

Akka Messaging

AttributeTypeDescriptionExamples
messaging.akka.actor.kindstringexperimental
Name of the top-level actor. See The Akka actor hierarchy		system; user
messaging.akka.actor.pathstringexperimental
Path to actor inside actor system.		/system/log1-Logging$DefaultLogger; /remote/akka.tcp/RequesterSystem@localhost:52133/user/requestActor/$a
messaging.akka.actor.systemstringexperimental
Name of the actor system.		RequesterSystem; ResponseSystem
messaging.akka.actor.typestringexperimental
Fully qualified type name of actor.		com.acme.RespondingActor
messaging.akka.message.typestringexperimental
Fully qualified type name of the message.		java.lang.String; akka.event.Logging$Info2; com.acme.twosuds.ResponseActor$RequestMessage

Kafka Messaging

AttributeTypeDescriptionExamples
messaging.kafka.message.keystringexperimental
The key property of the message.		mykey
messaging.kafka.message.tombstonebooleanexperimental
A boolean that is true if the message is a tombstone. 1		true
messaging.kafka.offsetlongexperimental
The offset of the message.		42
1

If the message is a tombstone, the value is true. When missing, the value is assumed to be false.

Module Insights

In webserver technologies a multitude of modules might be contributing to handling a single web request. Module insights provides timings for these, where available.

Fields

AttributeTypeDescriptionExamples
module_insights.modulesrecordexperimental
Modules executed as part of this web request, represented as map from module name to duration in nanoseconds spent.		{'HttpRedirectionModule': 10299, 'BasicAuthenticationModule': 4665}

Network

These attributes may be used for any network related operation.

Fields

AttributeTypeDescriptionExamples
network.carrier.namestringexperimental
The mobile carrier name.		Magenta; AT&T
network.connection.subtypestringexperimental
Further details that specify network.connection.type, such as the cellular or WI-FI technology.		lte; 802.11x
network.connection.typestringexperimental
The internet connection type.		cell; wifi
network.protocol.namestringstable
OSI Application Layer or non-OSI equivalent.		amqp; http; mqtt
network.protocol.versionstringexperimental
Version of the application layer protocol used.		1.1; 3.1.1
network.transportstringstable
OSI Transport Layer or Inter-process Communication method		tcp; udp
network.typestringstable
OSI Network Layer or non-OSI equivalent.		ipv4; ipv6

network.connection.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
cellcell
unavailableunavailable
unknownunknown
wifiwifi
wiredwired

network.transport has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
inprocIn-process communication. 1
otherSomething else (non-IP-based).
pipeNamed or anonymous pipe.
tcpTCP
udpUDP
unixUnix domain socket.
1

Signals that there is only in-process communication not using a "real" network protocol in cases where network attributes would typically be expected. Usually, all other network attributes can be left out.

network.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
ipv4IPv4
ipv6IPv6

Network device

Fields that are used in extensions to describe network devices.

Fields

AttributeTypeDescriptionExamples
devicestringresource deprecated
Used in Extension Framework 2.0
Address (IP address with port) used by a monitored device to communicate with an extension.		10.102.0.45:161
device.addressipAddressresource deprecated
Used in Extension Framework 2.0
IP address used by a monitored device to communicate with an extension.		10.102.0.45
device.namestringresource deprecated
Used in Extension Framework 2.0
Name of a device monitored by an extension.		AT1i-WLC-TestingLab.dynatrace.org
device.portstringresource deprecated
Used in Extension Framework 2.0
Port used by a monitored device to communicate with an extension.		161

Standard fields used for network flows

Fields relevant for network flows

Fields

AttributeTypeDescriptionExamples
network_flow.bytes.rxlongexperimental
Number of received bytes (octets).
network_flow.bytes.txlongexperimental
Number of transmitted bytes (octets).
network_flow.destination.addressstringexperimental
Destination IP address		192.33.1.2; 2001:0db8:85a3:0000:0000:8a2e:0370:7334
network_flow.destination.portstringexperimental
Flow destination port.		22; 8080
network_flow.directionstringexperimental
IP source address is TCP client or server.		SrcIsClient
network_flow.network.transportstringexperimental
Protocol		TCP; other; UDP
network_flow.network.typestringexperimental
IP protocol version.		IPV4
network_flow.packets.retransmitted.base.rxlongexperimental
Number of packets sent from the destination to the source used as the base for retransmission rate.
network_flow.packets.retransmitted.base.txlongexperimental
Number of packets sent from the source to the destination used as the base for retransmission rate.
network_flow.packets.retransmitted.rxlongexperimental
Number of retransmitted packets sent from the destination to the source.
network_flow.packets.retransmitted.txlongexperimental
Number of retransmitted packets from source to destination.
network_flow.packets.rxlongexperimental
Number of received packets.
network_flow.packets.txlongexperimental
Number of transmitted packets.
network_flow.source.addressstringexperimental
Source IP address		192.33.1.2; 2001:0db8:85a3:0000:0000:8a2e:0370:7334
network_flow.tcp.rttlongexperimental
Mean RTT value.
network_flow.tcp.rtt.acklongexperimental
Mean RTT ack value.
network_flow.tcp.sessions.newlongexperimental
Number of new TCP sessions in the flow.
network_flow.tcp.sessions.resetlongexperimental
Number of reset (rejected) TCP sessions in the flow.
network_flow.tcp.sessions.timeoutlongexperimental
Number of timed out TCP sessions in flow.

network_flow.direction has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
SrcIsClientIP source is TCP client
SrcIsServerIP source is TCP server
UNKNOWNTCP session initializer is unknown

network_flow.network.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
IPV4ipv4
IPV6ipv6

Nodejs

Fields

AttributeTypeDescriptionExamples
nodejs.app.base.dirstringresource experimental
nodejs.app.namestringresource experimental
nodejs.script.namestringresource experimental

OpenStack

Fields that can come from applications running on OpenStack.

Fields

Resource attributes

AttributeTypeDescriptionExamples
openstack.availability_zonestringresource experimental
A specific availability zone in the given OpenStack region.		us-east-1a
openstack.instance_uuidstringresource experimental
UUID of specific OpenStack instance.		6790cb48-f8e9-4773-bcea-001469de0599

Origin

The origin of a request associated with this event.

AttributeTypeDescriptionExamples
origin.addressstringexperimental
Source IP address of the request associated with this event. Must be set if origin.type is 'REST', must not be set otherwise.		10.11.12.13
origin.sessionstringexperimental
The ID of the browser session (if present) associated with the event.		node0hfznc
origin.typestringexperimental
Origin type of the request associated with this event.		REST; LOCAL
origin.x_forwarded_forstringexperimental
The verbatim value of the X-Forwarded-For HTTP request header (if present) of the request associated with the event.		1.2.3.4

origin.type MUST be one of the following:

ValueDescription
LOCALThe event provider issued the request locally.
RECOVERYThe event provider issued the request locally as part of disaster recovery.
RESTThe event provider received an external REST API call.

OS

The os namespace contains information on the operating system running an application.

Fields

AttributeTypeDescriptionExamples
os.architecturestringresource experimental
Architecture of the CPU, discovered from the operating system.		X86
os.namestringresource stable
The OS name in a short, human-readable format.		iOS
os.typestringresource experimental
Type of discovered operating system.		LINUX; WINDOWS
os.versionstringresource stable
The complete OS version, including patch, build, and other information.		15.3.1; Ubuntu 16.04.7 LTS (Xenial Xerus) (kernel 4.15.0-206-generic); Windows Server 2022 Datacenter 21H2 2009, ver. 10.0.20348

OpenTelemetry scope

Fields

AttributeTypeDescriptionExamples
otel.scope.namestringexperimental
The name of the instrumentation scope - (InstrumentationScope.Name in OTLP).		io.opentelemetry.contrib.mongodb
otel.scope.versionstringexperimental
The version of the instrumentation scope - (InstrumentationScope.Version in OTLP).		1.0.0

Page

The page namespace contains information on the web page of an event.

Fields

AttributeTypeDescriptionExamples
page.background_timedurationexperimental
The aggregated time that the page was in the background.		0
page.detected_namestringexperimental
The name RUM JavaScript detected for the page. The value is based on page.url.full.		#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e
page.foreground_timedurationexperimental
The aggregated time that the page was in the foreground.		900000000
page.iduidexperimental
A random ID that is generated every time a user navigates to a new page. The page.id is an 8-byte ID and hex-encoded if shown as a string.		f76281848bd8288c
page.namestringexperimental
An identifier for grouping pages. The value is automatically calculated by Dynatrace from page.detected_name.		#dashboard;id=<uuid>
page.prerender_timedurationexperimental
The aggregated time that the page was prerendering.		0
page.source.url.domainstringexperimental
The URI host component of the source page URL. This is extracted from page.source.url.full.		www.foo.bar
page.source.url.fragmentstringexperimental
The URI fragment component of the source page URL. This is extracted from page.source.url.full.		#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2h
page.source.url.fullstringexperimental
The page URL of the previous page, provided in the format scheme://host[:port]/path[?query][#fragment]. This value is captured using document.referrer and may be missing or incomplete.		https://www.foo.bar/path?q=value#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2h
page.source.url.pathstringexperimental
The URI path component of the source page URL. This is extracted from page.source.url.full.		/path
page.source.url.querystringexperimental
The URI query component of the source page URL. This is extracted from page.source.url.full.		q=value
page.source.url.schemestringexperimental
The URI scheme component of the source page URL. This is extracted from page.source.url.full.		https; http
page.titlestringexperimental
The HTML DOM document.title property.		FooBar - Title
page.url.domainstringexperimental
The URI host component of the page URL. This is extracted from page.url.full.		www.foo.bar
page.url.fragmentstringexperimental
The URI fragment component of the page URL. This is extracted from page.url.full.		dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2h
page.url.fullstringexperimental
The page URL, provided in the format scheme://host[:port]/path[?query][#fragment].		https://www.foo.bar/path?q=value#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2h
page.url.pathstringexperimental
The URI path component of the page URL. This is extracted from page.url.full.		/path
page.url.querystringexperimental
The URI query component of the page URL. This is extracted from page.url.full.		q=value
page.url.schemestringexperimental
The URI scheme component of the page URL. This is extracted from page.url.full.		https; http

Php

Fields

AttributeTypeDescriptionExamples
php.cli.script.pathstringresource experimental
php.cli.working.dirstringresource experimental
php.drupal.application.namestringresource experimental
php.fpm.pool.namestringresource experimental
php.symfony.application.namestringresource experimental
php.wordpress.blog.namestringresource experimental
also see https://developer.wordpress.org/reference/functions/get_bloginfo/

PostgreSQL

Fields

AttributeTypeDescriptionExamples
postgresql.session.idstringexperimental
A unique ID to identify a PostgreSQL database session.		00112233-4455-6677-8899-aabbccddeeff

Primary Grail Tags

Primary Grail tags are a small set of important, customer-selected tags—such as Kubernetes labels, AWS/Azure tags, or key organizational attributes—that Dynatrace automatically attaches to all raw telemetry data at ingest, using the primary_tags.* prefix. This enrichment enables fast, consistent filtering, grouping, and permission management across all data, without complex joins or proprietary tagging rules. Primary Grail tags are centrally configured and ensure that cloud-native and business-relevant metadata is always available for queries, dashboards, and access control.

Fields

AttributeTypeDescriptionExamples
primary_tags.__key__stringresource experimental
Primary Grail tags are used to tag a resource in a meaningful way. __key__ is populated with the tag name, for example, primary_tags.ownership. In case of single-value tags, the value is a string. In case of multi-value tags, the value is an array of strings.		team-alpha; team-bravo

Process

Fields

AttributeTypeDescriptionExamples
process.bitnessstringresource experimental
The architecture of the monitored entity in terms of how many bits compose a basic value.		64
process.containerizedbooleanresource experimental
True if given process is running inside container.
process.executable.namestringresource experimental
The name of the process executable. On Linux based systems, can be set to the Name in proc/[pid]/status. On Windows, can be set to the base name of GetProcessImageFileNameW.		otelcol
process.executable.pathstringresource experimental
The full path to the process executable. On Linux-based systems, can be set to the target of proc/[pid]/exe. On Windows, can be set to the result of GetProcessImageFileNameW.		/usr/bin/cmd/otelcol
process.listen_portsarrayresource experimental
An array of open listen ports.		50000; 50001; 50002; 50003
process.metadatarecordresource experimental
It contains a diagnostic collection of input parameters that were used or could have been used in assigning processes to the process entity.		NODE_JS_APP_BASE_DIRECTORY:C:/home/site/wwwroot
process.pidlongresource experimental
Process Identifier (PID) as observed by the monitored process.		1234

RabbitMQ

Fields

AttributeTypeDescriptionExamples
rabbitmq.function.aritylongexperimental
The number of arguments the rabbitmq.function.name takes.		2; 5
rabbitmq.function.namestringexperimental
The name of the RabbitMQ function within the rabbitmq.module.name that generated the log entry.		start_it; main
rabbitmq.module.namestringexperimental
The name of the RabbitMQ module that generated the log entry.		rabbit; my_module
rabbitmq.pidstringexperimental
ID of the Erlang process.		0.58.0; 1.20.4

React Native

The react_native namespace contains information on React Native details of an event.

Fields

AttributeTypeDescriptionExamples
react_native.bundle.namestringresource experimental
The name of the React Native bundle.		RNBundleName
react_native.bundle.versionstringresource experimental
The version of the React Native bundle.		0.0.1

Redis

Fields

AttributeTypeDescriptionExamples
redis.rolestringexperimental
The role of the Redis process (for example, 'M' for Master or 'X' for sentinel).		C

redis.role MUST be one of the following:

ValueDescription
CChild process for persistence (RDB/AOF).
MMaster Redis process.
RReplica Redis process.
XSentinel monitoring process.

Request

Fields

AttributeTypeDescriptionExamples
request.is_failedbooleanexperimental
Indicates that the request is considered failed according to the failure detection rules. Only present on the request root span.
request.is_root_spanbooleanexperimental
Marks the root of a request. It's the first span and starts the request within a service.

Request Attributes

Request scoped attributes (e.g. method parameters, return values, class names, …) captured by the OneAgent based on a request attribute definition. The actual name of the attribute is the prefix "request_attribute" plus the "request attribute name" defined in the request attributes configuration. Request attributes are built based on captured attributes and other attributes like HTTP header values or "normal" span attributes, on which the aggregations (first/last value, distinct values, ...), type conversion and normalizations defined in the request attribute configuration are performed. They are evaluated for an entire request (possibly consisting of multiple spans) and are stored only on the request root node.

Fields

AttributeTypeDescriptionExamples
request_attribute.__attribute_name__arraystable
Contains the request scoped reconciled values of the attribute named __attribute_name__ defined by the request attribute configuration. The data type of the value depends on the request attribute definition.
Tags: sensitive-spans		42; Platinum; ['Product A', 'Product B']; ['Special Offer', '1702']

Remote Procedure Calls

Fields

AttributeTypeDescriptionExamples
rpc.methodstringexperimental
The name of the (logical) method being called 1		exampleMethod
rpc.namespacestringexperimental
The namespace of the method being called. In SOAP, it would be the XML namespace.		tempuri.org
rpc.servicestringexperimental
The full (logical) name of the service being called, including its package name, if applicable. 2		myservice.EchoService
rpc.systemstringexperimental
A string identifying the remoting system or framework. See below for a list of well-known identifiers.		apache_cxf; dotnet_wcf; grpc; jax_ws
1

This is the logical name of the method from the RPC interface perspective, which can be different from the name of any implementing method/function. The code.function attribute may be used to store the latter (e.g., method executing the call on the server side, RPC client stub method on the client side).

2

This is the logical name of the service from the RPC interface perspective, which can be different from the name of any implementing class. The code.namespace attribute may be used to store the latter (despite the attribute name, it may include a class name, e.g., class with method executing actually executing the call on the server side, RPC client stub class on the client side).

rpc.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
apache_axisApache Axis
apache_cxfApache CXF
apache_winkApache Wink
aws_apiAWS API
dotnet_remoting.NET Remoting
dotnet_wcf.NET WCF
grpcgRPC
java_rmiJava RMI
jax_wsJAX-WS
jbossJBoss
jerseyJersey
openedgeProgress OpenEdge
resteasyJBoss RESTEasy
restletRestlet
spring_wsSpring Web Services
tibco_wsTibco Web Services
weblogic_wsWebLogic Web Services
webmethodsWebmethods
AttributeTypeDescriptionExamples
rpc.grpc.status_codelongexperimental
The numeric status code of the gRPC request.

Server

The server namespace contains information on the responder of a network connection.

Fields

AttributeTypeDescriptionExamples
server.addressstringstable
Logical server hostname, matches server FQDN if available, and IP or socket address if FQDN is not known.		example.com
server.portlongstable
Logical server port number.		65123; 80
server.resolved_ipsipAddress[]stable
A list of IP addresses that are the result of DNS resolution of server.address.		[194.232.104.141, 2a01:468:1000:9::140]

Service

Fields

AttributeTypeDescriptionExamples
service.namestringresource stable
The logical name of the service.		shoppingcart

Servlet

Fields

AttributeTypeDescriptionExamples
servlet.context.namestringresource experimental
also see https://docs.oracle.com/javaee/6/api/javax/servlet/ServletContext.html#getServletContextName
servlet.context.pathstringresource experimental
also see https://docs.oracle.com/javaee/6/api/javax/servlet/ServletContext.html#getContextPath

Session Properties

Session properties are custom-defined key-value pairs. Dynatrace RUM captures session properties as part of each of your users' journeys to enrich user sessions.

Fields

AttributeTypeDescriptionExamples
session_properties.__property_name__recordexperimental
Contains the value for the session property named __property_name__ defined by the event and session property configuration. The data type of the value depends on the definition; default is data type string.		42; value

SNMP

Fields that are used in SNMP extensions.

Fields

AttributeTypeDescriptionExamples
trap_oidstringresource deprecated
Used in Extension Framework 2.0
The trap OID of a given event.		SNMPv2-MIB::coldStart
versionstringresource deprecated
Used in Extension Framework 2.0
The SNMP version.		SNMPv3

Softwareag

Fields

AttributeTypeDescriptionExamples
softwareag.install.rootstringresource experimental
softwareag.product.prop.namestringresource experimental

Span

Fields

AttributeTypeDescriptionExamples
span.alternate_parent_iduidexperimental
The alternative span.id of this span's parent span. If a trace is monitored by more tracing systems (for example, OneAgent and OpenTelemetry), there might be two parent spans. If the two parent spans differ, span.parent_id holds the ID of the parent span originating from same tenant of the span while span.alternate_parent_id holds the other parent span ID. The span.alternate_parent_id is an 8-byte ID and hex-encoded if shown as a string.		f76281848bd8288c
span.eventsrecord[]stable
A collection of events. An event is an optional time-stamped annotation of the span and consists of a name and key-value pairs.
span.exit_by_exception_iduidstable
The exception.id of the exception the its span.events with the current span exited. The referenced exception has set the attribute exception.escaped to true.
span.iduidstable
A unique identifier for a span within a trace. The span.id is an 8-byte ID and hex-encoded if shown as a string.		f76281848bd8288c
span.is_exit_by_exceptionbooleanstable
Set to true if an exception exited the span. If set to false, the span has exception events, but none exited the span.
span.is_subroutinebooleanexperimental
If set to true, it indicates that this span is a subroutine of its parent span. The spans represent functions running on the same thread on the same call stack.
span.kindstringstable
Distinguishes between spans generated in a particular context.		server
span.linksrecord[]stable
A collection of links. A link is a reference from this span to a whole trace or a span in the same or different trace.
span.namestringstable
The span name identifies the work represented by the span, for example, the route in an HTTP controller, an RPC method name, a function name, or the name of a subtask or stage within a larger computation.		prepareOrderItemsAndShippingQuoteFromCart; org.example.CheckoutService/PlaceOrder; orders process; GET /products/{product_id}; HTTP POST
span.parent_iduidstable
The span.id of this span's parent span. The span.parent_id is an 8-byte ID and hex-encoded if shown as a string.		f76281848bd8288c
span.status_codestringstable
Defines the status of a span, predominantly used to indicate a processing error. This field is absent if the reported span status is unset.		error
span.status_messagestringexperimental
An optional text that can provide a descriptive error message in case the span.status_code is error.		Connection closed before message completed; Error sending request for url
span.timing.cpudurationstable
The overall CPU time spent executing the span, including the CPU times of child spans that are running on the same thread on the same call stack.
span.timing.cpu_selfdurationstable
The CPU time spent exclusively on executing this span, not including the CPU times of any children.

span.kind MUST be one of the following:

ValueDescription
clientIndicates that the span describes a request to some remote service.
consumerIndicates that a span describes a child of an asynchronous producer request.
internalDefault Value. Indicates that the span represents an internal operation.
linkIndicates that the span describes a Dynatrace link node.
producerIndicates that the span describes the initiator of an asynchronous request.
serverIndicates that the span covers server-side handling of a synchronous RPC or other remote request.

span.status_code MUST be one of the following:

ValueDescription
errorAn error happened while processing the span.
okThe span was explicitly validated as having completed successfully, despite maybe even containing information about an error.

Span Event

Fields

AttributeTypeDescriptionExamples
span_event.namestringstable
Some span events have a defined semantics based on the name of the span event.		exception

span_event.name has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
bizeventIndicates that the span event represents a business event
exceptionIndicates that the span event represents an exception
feature_flagIndicates that the span event represents a feature flag

Reference

Language Independent Interface Types For OpenTelemetry

Spring

Fields

AttributeTypeDescriptionExamples
spring.application.groupstringresource experimental
Also see Common Application Properties
spring.application.namestringresource experimental
Also see Common Application Properties
spring.profile.namestringresource experimental
The active profile (last value of spring.profiles.active)
spring.startup.classstringresource experimental

Disk extension

Fields

Disk

AttributeTypeDescriptionExamples
storage.disk.encryptedbooleanresource stable
Is encrypted disk.
storage.disk.fstypestringresource stable
Type of file system on the disk.		ext4; btrfs
storage.disk.knamestringresource stable
Kernel name of the disk device. It's also the disk ID in relation to other devices.		sda
storage.disk.modelstringresource stable
Disk model.		baracuda
storage.disk.mountpointstringresource stable
Primary mount point.		/mnt/disk1
storage.disk.other-mountpointsstring[]resource stable
List of other mount points of the disk		[/home/user1/mydisk, /opt/volume1]
storage.disk.pathstringresource stable
Path to the disk.		/dev/sda
storage.disk.read-onlybooleanresource stable
Is read-only disk.
storage.disk.removablebooleanresource stable
Is removable disk.
storage.disk.serialstringresource stable
Disk serial number.		1234-56789
storage.disk.typestringresource stable
Disk device type.		disk; hardware raid
storage.disk.vendorstringresource stable
Vendor of the disk.		seagate

Partition

AttributeTypeDescriptionExamples
storage.partition.encryptedbooleanresource stable
Is encrypted partition.
storage.partition.fstypestringresource stable
Type of file system on the partition.		ext4; btrfs
storage.partition.knamestringresource stable
Kernel name of the partition device. It's also the partition ID in relation to other devices.		sda1
storage.partition.mountpointstringresource stable
Primary mount point.		/mnt/diskA
storage.partition.other-mountpointsstring[]resource stable
List of other mount points of the partition.		[/home/user1/mydiskA, /opt/volumeA]
storage.partition.pathstringresource stable
Path to the partition.		/dev/sda1
storage.partition.read-onlybooleanresource stable
Is read-only partition.
storage.partition.removablebooleanresource stable
Is removable partition (true when disk is removable).
storage.partition.typestringresource stable
Partition device type.		partition

Volume

AttributeTypeDescriptionExamples
storage.volume.display-namestringresource stable
Name of the volume device.		vg0-lv1; vg1-lv2; my-volume
storage.volume.fstypestringresource stable
Type of file system on the volume.		ext4; btrfs
storage.volume.knamestringresource stable
Kernel name of the volume device. It's also the volume ID in relation to other devices.		dm-1; dm-2; dm-5
storage.volume.mountpointstringresource stable
Primary mount point.		/mnt/diskA
storage.volume.other-mountpointsstring[]resource stable
List of other mount points of the software RAID.		[/home/user1/mydiskA, /opt/volumeA]
storage.volume.pathstringresource stable
Path to the volume device.		/dev/mapper/vg0-lv1
storage.volume.read-onlybooleanresource stable
Is read-only volume.
storage.volume.removablebooleanresource stable
Is removable volume.
storage.volume.typestringresource stable
Volume device type.		lvm

Software RAID

AttributeTypeDescriptionExamples
storage.software-raid.encryptedbooleanresource stable
Is encrypted software RAID.
storage.software-raid.fstypestringresource stable
Type of file system on the software RAID,		ext4; btrfs
storage.software-raid.knamestringresource stable
Kernel name of the software RAID device. It's also the software RAID ID in relation to other devices.		md0; md1; md3
storage.software-raid.mountpointstringresource stable
Primary mount point.		/mnt/diskA
storage.software-raid.other-mountpointsstring[]resource stable
List of other mount points of the software RAID.		[/home/user1/mydiskA, /opt/volumeA]
storage.software-raid.parentstringresource stable
ID of parent software RAID in which this software RAID is nested.		md0
storage.software-raid.pathstringresource stable
Path to the software RAID device.		/dev/md0
storage.software-raid.read-onlybooleanresource stable
Is read-only software RAID.
storage.software-raid.removablebooleanresource stable
Is removable software RAID.
storage.software-raid.typestringresource stable
Software RAID device type.		raid0, raid10

Subtrace

Fields

AttributeTypeDescriptionExamples
subtrace.iduidexperimental
Present on every span of a subtrace. All spans within one subtrace share the same identifier. The ID is a hex-encoded numerical value and not globally unique, but guaranteed to be unique within one particular trace.		95efd70fcdb5b7b3; 96835e1d65490b48
subtrace.is_root_spanbooleanexperimental
Marks the root of a subtrace. This is typically the first span of a request within a service. Endpoints detection rules are evaluated on subtrace root spans.

Supportability

Additional information about the attributes of a data point.

Fields

AttributeTypeDescriptionExamples
supportability.alr_sampling_ratiolongexperimental
The denominator of the sampling ratio of the Dynatrace cluster, the attribute is only set if Adaptive Load Redution (ALR) is active on the Dynatrace cluster. A numerator is not specified, as it's always 1. If, for example, the Dynatrace cluster samples with a probability of 1/8 (12,5%), the value of supportability.alr_sampling_ratio would be 8 and the numerator is 1.		8
supportability.atm_sampling_ratiolongexperimental
The denominator of the sampling ratio of an Adaptive Traffic Management (ATM) aware sampler. The attribute is always present if an ATM-aware sampler is active (this applies, for example, to Dynatrace OneAgent). A numerator is not specified, as it is always 1. If, for example, Dynatrace OneAgent samples with a probability of 1/16 (6,25%), the value of supportability.atm_sampling_ratio would be 16 and the numerator is 1.		16
supportability.custom_service.rule_iduidexperimental
The ID of a custom service configuration rule. This field is only present if a custom service was configured as an automatic instrumentation rule in Dynatrace.		4d76194c11a9426197a9062548f9e66e
supportability.dropped_attributes_countlongexperimental
The number of attributes that were discarded on the source. Attributes can be discarded because their keys are too long or because there are too many attributes.		1
supportability.dropped_events_countlongexperimental
The number of span events that were discarded on the source.		1
supportability.dropped_http_request_headers_countlongexperimental
Number of http.request.header.__key__ that were discarded.		1
supportability.dropped_http_request_parameters_countlongexperimental
Number of http.request.parameter.__key__ that were discarded.		1
supportability.dropped_links_countlongexperimental
The number of span links that were discarded on the source.		1
supportability.flawsstring[]experimental
A string array of one or multiple error codes indicating issues in the assembly of a trace in Dynatrace. Typically, issues come from erroneous (3rd party) instrumentations (e.g. not sending a required field), data loss due to network connectivity (e.g. missing parent span) or conditions implied by the nature of the trace (e.g. trace exceeding the depth limit). The attribute is only present in case an assembly issue was detected (the list will not be empty). For more information and details about specific error codes, please reach out to Dynatrace support.		[C4, S3, A2]
supportability.latency_before_openpipelinedurationexperimental
The difference between the Dynatrace cluster node time and the end_time before the span is forwarded to OpenPipeline. Only available on subtrace root spans sent from the OneAgent.		500000000000
supportability.non_persisted_attribute_keysstring[]experimental
A string array of attribute keys that were not stored as they were not allow-listed or were removed during the pipeline steps.		["my_span_attribute", "db.name"]
supportability.original_start_timetimestampexperimental
The original start time of the span. Only available if the value of the start_time attribute was truncated. Truncating the start time is technically required for long running spans that have a start time older than three days in the past.		1649822520123123123
supportability.serverid.addresseelongexperimental
The id of the Dynatrace cluster node this span was addressed to. This is only available if it differs from the value of supportability.serverid.processing.		5
supportability.serverid.processinglongexperimental
The id of the Dynatrace cluster node that received and processed this span.		5

OT span rule configuration

Span sensor rules used during ingestion of OpenTelemetry/OpenTracing spans by instrumentation of the OpenTelemetry/OpenTracing Apis are applied at span start time. Therefore these rules can only operate on span attributes given at span start time.

The value at span start time of attributes captured by this instrumentation is preserved to allow proper rule configuration.

AttributeTypeDescriptionExamples
supportability.span_start.__key__recordexperimental
Span attributes set at span start time in case it changed later. The value at span start is relevant for span rule evaluation done by OpenTelemetry/OpenTracing instrumentation. __key__ is a placeholder for the actual attribute name. The data type of the value depends on the attribute.		5, "initial", ["a", "b"]
supportability.span_start.attribute_namesarrayexperimental
List of attribute names set at span start invocation time.
supportability.span_start.span.namestringexperimental
The span name at span start time in case it changed later. The value at span start is relevant for span rule evaluation done by OpenTelemetry/OpenTracing instrumentation.		GET

Telemetry

The telemetry.sdk.* fields are used to describe the telemetry SDK in OpenTelemetry or ODIN ingest. It can be considered the closest equivalent of ODIN/OTel data to dt.agent.module.*.

The telemetry.exporter.* fields are used to define the exporter that exports telemetry data and is expected to be different for each exporter in case when multiple exporters co-exist.

Fields

AttributeTypeDescriptionExamples
telemetry.exporter.namestringresource experimental
The exporter name.		odin
telemetry.exporter.package_versionstringresource experimental
The version as exposed to the package manager (for example, npm).		1.285.1
telemetry.exporter.versionstringresource experimental
The full agent/exporter version.		1.285.1.20240101-256988
telemetry.sdk.languagestringresource stable
The programming language/tech of the telemetry SDK.		nodejs; python; java
telemetry.sdk.namestringresource stable
The name of the telemetry SDK.		odin; opentelemetry
telemetry.sdk.versionstringresource stable
The version string of the telemetry SDK.		1.20.0

Thread

Fields

AttributeTypeDescriptionExamples
thread.idlongstable
Current "managed" thread id (as opposed to OS thread id).		42
thread.namestringstable
Current thread name.		main
thread.pool.namestringstable
The name of the thread pool.		WorkerThreadPool

TIBCO Business Works

Fields

AttributeTypeDescriptionExamples
tibco.businessworks.app.node.namestringresource experimental
tibco.businessworks.app.space.namestringresource experimental
tibco.businessworks.domain.namestringresource experimental
tibco.businessworks.homestringresource experimental
tibco.businessworks.property.file.namestringresource experimental
tibco.businessworks.property.file.pathstringresource experimental
tibco.businessworks_ce.app.namestringresource experimental
tibco.businessworks_ce.versionstringresource experimental

Time correction

The time_correction namespace contains information on time corrections applied to the timestamps of an event, for example, start_time, timestamp or event.end. Time corrections may be necessary if events are reported with timestamps that are completely off compared to cluster time. For example, Dynatrace RUM reported data can be off depending on client time.

Fields

AttributeTypeDescriptionExamples
time_correction.is_appliedbooleanexperimental
If set to true, time correction has been applied to the event's timestamps.		false
time_correction.offsetlongexperimental
The offset (in nanoseconds) that is applied to all timestamp fields. The value may be negative.		127927969312

Tls

Fields

AttributeTypeDescriptionExamples
tls.cipherstringexperimental
String indicating the cipher used during the current connection.		TLS_RSA_WITH_3DES_EDE_CBC_SHA; TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
tls.protocol.namestringexperimental
Normalized lowercase protocol name parsed from the original string of the negotiated SSL/TLS protocol version.		ssl; tls
tls.protocol.versionstringexperimental
The numeric part of the version parsed from the original string of the negotiated SSL/TLS protocol version.		1.2; 3

Trace

Fields

AttributeTypeDescriptionExamples
trace.alternate_iduidexperimental
The preserved trace ID when OneAgent and other tracing systems monitor the same process and the trace ID from the other tracing system was replaced by the OneAgent trace ID. The trace.alternate_id is a 16-byte ID and hex-encoded if shown as a string.		357bf70f3c617cb34584b31bd4616af8
trace.capture.reasonsstring[]experimental
Explains why this trace was captured, multiple reasons can apply simultaneously. Note: 'atm' and 'fixed' are mutually exclusive sampling approaches, though 'fixed' may appear with other capture triggers. Values: 'atm' (Dynatrace's intelligent sampling automatically adjusted trace capture based on traffic volume and system load), 'fixed' (trace captured due to configured percentage rules - either global settings or specific endpoint rules), 'custom' (trace captured because of custom correlation headers propagated between services or systems), 'mainframe' (trace originated from or includes IBM mainframe/z/OS components), 'serverless' (trace captured from serverless functions like AWS Lambda, Azure Functions, or similar platforms), 'rum' (trace initiated by user interactions in web browsers or mobile apps monitored by Dynatrace RUM agents).		[['atm'], ['fixed'], ['fixed', 'custom'], ['fixed', 'rum']]
trace.iduidstable
A unique identifier for a trace. The trace.id is a 16-byte ID and hex-encoded if shown as a string.		357bf70f3c617cb34584b31bd4616af8
trace.is_sampledbooleanexperimental
Flag indicating whether the trace was sampled out. If set to true, the trace is recorded. If set to false, the trace is ignored.		true; false
trace.statestringexperimental
The trace state in the w3c-trace-context format.		f4fe05b2-bd92206c@dt=fw4;3;abf102d9;c4592;0;0;0;2ee;5607;2h01;3habf102d9;4h0c4592;5h01;6h5f9a543f1184a52b1b744e383038911c;7h6564df6f55bd6eae,apmvendor=boo,foo=bar

URL

The url namespace contains semantic conventions for URL and its components.

Fields

AttributeTypeDescriptionExamples
url.domainstringexperimental
The URI domain component.		www.foo.bar; google.com; wikipedia.org
url.fragmentstringstable
The URI fragment component.		SemConv
url.fullstringstable
Absolute URL describing a network resource according to RFC3986.
Tags: sensitive-spans		https://www.foo.bar/docs/search?q=OpenTelemetry#SemConv
url.pathstringstable
The URI path component.		/docs/search
url.portlongexperimental
The URI port component.		443; 80
url.providerstringexperimental
The provider type for the host name of url.full. This information is determined by Dynatrace RUM resource detection.		third_party
url.querystringstable
The URI query component.
Tags: sensitive-spans		q=OpenTelemetry
url.schemestringstable
The URI scheme component identifying the used protocol.		https; ftp; telnet
url.truncated_pathstringexperimental
Truncated URI path component for endpoint detection of certain technologies that do not provide a http.route. The truncation logic depends on the technology and is a best effort to provide a stable value. Example Adobe Experience Manager (AEM): First two parts of url.path. Truncated value of /content/wknd/us/en/ is /content/wknd.		/docs

url.provider MUST be one of the following:

ValueDescription
cdnCDN (content delivery network).
first_partyFirst-party provider.
third_partyThird-party provider.

User

Representation of a physical or logical user.

AttributeTypeDescriptionExamples
user.emailstringstable
Email of the user.		user@mail.com
user.idstringstable
Unique UUID of a human user. If the system itself has to be represented, the constant 'system' is used.		35ba9499-f87c-4047-962c-14dc32e255e5; system
user.namestringexperimental
Full name of the user. If the system itself has to be represented, the constant 'System' is used.		Wolfgang Amadeus Mozart; System
user.organizationstringexperimental
Organization the user belongs to.		DYNATRACE; CUSTOMER; PARTNER

user.organization MUST be one of the following:

ValueDescription
CUSTOMERCustomer organization
DYNATRACEDynatrace organization
PARTNERDynatrace partner organization

user.organization MUST be one of the following:

ValueDescription
DYNATRACEDynatrace organization
CUSTOMERCustomer organization
PARTNERDynatrace partner organization

VCS Repository

The vcs namespace contains information about Version Control Systems.

Fields

AttributeTypeDescriptionExamples
vcs.change.idstringexperimental
The identifier of the change, for example, pull request ID or merge request ID. It is typically unique per repository and generated by the version control system itself.		1234
vcs.change.statestringexperimental
The state of the change, for example, the state of a pull request or merge request.		wip; open; reopened; closed; merged
vcs.change.titlestringexperimental
The human-readable title of the change, for example, pull request title or merge request title.		CA-1234: Fix some stuff; [chore] update dependency
vcs.change.url.fullstringexperimental
The full URL to the change, for example, the full URL to the pull request or merge request.		https://github.com/dynatrace-oss/terraform-provider-dynatrace/pull/20
vcs.line_change.typestringexperimental
The type of line change being measured on a branch or change.		added; removed
vcs.ref.base.namestringexperimental
The name of the reference in the repository. This can be a branch name or a tag name. 1		my-branch-name
vcs.ref.base.revisionstringexperimental
The revision in the repository. For Git this is a synonym for a commit hash, whereas in SVN it is a revision number. 2		d4322ab6cba38d21ad83c9de304a6a214ecf2cdc; main; 1337
vcs.ref.base.typestringexperimental
The reference type in the repository. 3		branch; tag
vcs.ref.head.namestringexperimental
The name of the reference in the repository. This can be a branch name or a tag name. 4		my-branch-name
vcs.ref.head.revisionstringexperimental
The revision in the repository. For Git, this is a synonym for a commit hash, whereas in SVN, it is a revision number. 5		d4322ab6cba38d21ad83c9de304a6a214ecf2cdc; main; 1337
vcs.ref.head.typestringexperimental
The reference type in the repository. 6		branch; tag
vcs.ref.typestringexperimental
The reference type in the repository.		branch; tag
vcs.repository.namestringexperimental
The human-readable name of the repository. It should not include any additional identifiers like GitLab group or GitHub organization. 7		dynatrace-configuration-as-code
vcs.repository.url.fullstringexperimental
The repository's full URL. 8		https://github.com/dynatrace-oss/terraform-provider-dynatrace
vcs.revision_delta.directionstringexperimental
The type of revision comparison.		ahead; behind
1

The base name refers to the starting point of a change. For example, if a feature branch was created from main, main is the base reference of type branch.

2

The base revision refers to the starting revision of a change. For example, if a branch was created from a certain commit, this commit is the base revision.

3

The base type refers to the reference type of the starting point of a change. For example, if a feature branch was created from the main branch, branch is the base reference's type.

4

The head name refers to the current reference's name. For example, if main is currently checked out, the head name is main.

5

The head revision refers to the currently referenced revision.

6

The head type refers to the currently referenced type in the repository. For example, if the main branch is currently checked out, the head reference is of type branch.

7

Be aware that the repository name might clash with forked repositories.

8

For Git VCS, this should not include the .git URL suffix.

vcs.change.state has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
closedThe change was closed without being merged into the target code base.
mergedThe change has successfully been merged into the target code base.
openThe change is open and ready for review or currently under review. It has not been merged yet, and changes are still possible.
reopenedThe change was re-opened after being closed and is ready for review again.
wipThe change is still a work in progress and not yet ready for review.

vcs.line_change.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
addedHow many lines were added.
removedHow many lines were removed.

vcs.ref.base.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
branchThe base reference type is a branch.
tagThe base reference type is a tag.

vcs.ref.head.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
branchThe head reference type is a branch.
tagThe head reference type is a tag.

vcs.ref.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
branchThe reference type is a branch.
tagThe reference type is a tag.

vcs.revision_delta.direction has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
aheadHow many revisions the change is ahead of the target ref.
behindHow many revisions the change is behind of the target ref.

View

The view namespace contains information on the view of a user event.

Fields

AttributeTypeDescriptionExamples
view.background_timedurationexperimental
Aggregated time that the view was in the background.		0
view.detected_namestringexperimental
The name RUM JavaScript detected for the view. The value is based on view.url.full. Not applicable for OneAgent for Mobile.		#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e
view.foreground_timedurationexperimental
Aggregated time that the view was in the foreground.		900000000
view.iduidexperimental
A random ID that is generated every time a user navigates to a new view. The view.id is an 8-byte ID and hex-encoded if shown as a string.		f76281848bd8288c
view.namestringexperimental
An identifier for grouping views. The value can be reported via the Dynatrace API. If not reported via the Dynatrace API, the value is automatically calculated from view.detected_name for user events reported by RUM JavaScript.		#dashboard;id=<uuid>; LoginActivity
view.prerender_timedurationexperimental
Aggregated time that the view was prerendering.		0
view.sequence_numberlongexperimental
The number of views throughout the page's entire lifespan.		1
view.source.detected_namestringexperimental
The view.detected_name value of the previous view. Not applicable for OneAgent for Mobile.		#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e
view.source.iduidexperimental
The ID of the previous view. Not supported by OneAgent for Mobile.		f76281848bd8288c
view.source.namestringexperimental
The view.name value of the previous view. Not supported by OneAgent for Mobile.		#dashboard;id=<uuid>
view.source.url.domainstringexperimental
The URI host component of the source view URL. This is extracted from view.source.url.full.		www.foo.bar
view.source.url.fragmentstringexperimental
The URI fragment component of the source view URL. This is extracted from view.source.url.full.		#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2h
view.source.url.fullstringexperimental
The location.href of the previous view. This is the full URL provided in the format scheme://host[:port]/path[?query][#fragment]. Not applicable for OneAgent for Mobile.		https://www.foo.bar/path?q=value#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2h
view.source.url.pathstringexperimental
The URI path component of the source view URL. This is extracted from view.source.url.full.		/path
view.source.url.querystringexperimental
The URI query component of the source view URL. This is extracted from view.source.url.full.		q=value
view.source.url.schemestringexperimental
The URI scheme component of the source view URL. This is extracted from view.source.url.full.		https; http
view.url.domainstringexperimental
The URI host component of the view URL. This is extracted from view.url.full.		www.foo.bar
view.url.fragmentstringexperimental
The URI fragment component of the view URL. This is extracted from view.url.full.		dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2h
view.url.fullstringexperimental
The location.href at the time of the event. This is the full URL provided in the format scheme://host[:port]/path[?query][#fragment]. Not applicable for OneAgent for Mobile.		https://www.foo.bar/path?q=value#dashboard;id=cff3752c-890d-4795-9955-3e1108fe3f6e;gf=all;gtf=-2h
view.url.pathstringexperimental
The URI path component of the view URL. This is extracted from view.url.full.		/path
view.url.querystringexperimental
The URI query component of the view URL. This is extracted from view.url.full.		q=value
view.url.schemestringexperimental
The URI scheme component of the view URL. This is extracted from view.url.full.		https; http

VMware

Fields that can come from applications running on VMware.

Fields

Resource attributes

AttributeTypeDescriptionExamples
vmware.datacenter.namestringresource experimental
The name of the data center in which the hypervisor is running.		srvwasapp1Cell01
vmware.disk.namestringresource experimental
ESXi host disk.		srvwasapp1Cell01
vmware.hypervisor.namestringresource experimental
ESXi host.		my-hypervisor.lab.dynatrace.org
vmware.nic.namestringresource experimental
ESXi host network interface.		vmnic0; vmnic1; vmnic2
vmware.vcenter.namestringresource experimental
Name of the VMware vCenter server managing the multi-hypervisor environment.		my-vcenter.lab.dynatrace.org
vmware.vm.namestringresource experimental
The name of the virtual machine.		easytravel-demo

Vulnerability

Fields

AttributeTypeDescriptionExamples
vulnerability.code_location.namestringstable
Name of the code location where the code-level vulnerability was detected.		org.dynatrace.profileservice.BioController.markdownToHtml(String):80
vulnerability.cvss.base_scoredoublestable
Vulnerability's CVSS base score provided by NVD.		8.1
vulnerability.cvss.versionstringstable
Vulnerability's CVSS score version.		3.1; 4.0
vulnerability.davis_assessment.assessment_modestringstable
Availability of the information based on which the vulnerability assessment has been done.		FULL; NOT_AVAILABLE; REDUCED
vulnerability.davis_assessment.assessment_mode_reasonsstring[]experimental
Reasons for the assessment mode.		[LIMITED_BY_CONFIGURATION, LIMITED_AGENT_SUPPORT]
vulnerability.davis_assessment.data_assets_statusstringstable
Vulnerability's reachability of related data assets by affected entities.		NOT_AVAILABLE; NOT_DETECTED; REACHABLE
vulnerability.davis_assessment.exploit_statusstringstable
Vulnerability's public exploits status.		AVAILABLE; NOT_AVAILABLE
vulnerability.davis_assessment.exposure_statusstringstable
Vulnerability's internet exposure status.		NOT_AVAILABLE; NOT_DETECTED; PUBLIC_NETWORK; ADJACENT_NETWORK
vulnerability.davis_assessment.levelstringstable
Vulnerability's risk level based on Davis Security Score.		LOW; MEDIUM; HIGH; CRITICAL; NONE
vulnerability.davis_assessment.scoredoublestable
Vulnerability's Davis Security Score (1-10) calculated by Dynatrace.		8.1
vulnerability.davis_assessment.vulnerable_function_statusstringstable
Usage status of the vulnerable functions causing the vulnerability.		IN_USE; NOT_AVAILABLE; NOT_IN_USE
vulnerability.descriptionstringstable
Description of the vulnerability.		More detailed description about improper input validation vulnerability.
vulnerability.display_idstringstable
Dynatrace user-readable identifier for the vulnerability.		S-1234
vulnerability.exploit.statusstringexperimental
Whether there is a known exploit for the vulnerability.		AVAILABLE; NOT_AVAILABLE
vulnerability.external_idstringstable
External provider's unique identifier for the vulnerability.		SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646
vulnerability.external_urlstringstable
External provider's URL to the details page of the vulnerability.		https://example.com
vulnerability.first_seentimestampstable
Timestamp of when the vulnerability was first detected.		2023-03-22T13:19:36.945Z
vulnerability.idstringstable
Dynatrace unique identifier for the vulnerability.		2039861408676243188
vulnerability.is_fix_availablebooleanexperimental
Indicates if a vulnerability fix is available.
vulnerability.mute.change_datetimestampstable
Timestamp of the vulnerability's last muted or unmuted action.		2023-03-22T13:19:36.945Z
vulnerability.mute.commentstringexperimental
Comment when muting or unmuting the vulnerability.		Muted because it's a false positive.
vulnerability.mute.reasonstringstable
Reason for muting or unmuting the vulnerability.		FALSE_POSITIVE; IGNORE; AFFECTED; CONFIGURATION_NOT_AFFECTED; OTHER
vulnerability.mute.statusstringstable
Vulnerability's mute status.		MUTED; NOT_MUTED
vulnerability.mute.userstringstable
User who last changed the vulnerability's mute status.		user@example.com
vulnerability.parent.davis_assessment.assessment_modestringstable
Availability of the information based on which the vulnerability assessment has been done.		FULL; NOT_AVAILABLE; REDUCED
vulnerability.parent.davis_assessment.data_assets_statusstringstable
Vulnerability's reachability of related data assets by affected entities.		NOT_AVAILABLE; NOT_DETECTED; REACHABLE
vulnerability.parent.davis_assessment.exposure_statusstringstable
Vulnerability's internet exposure status.		NOT_AVAILABLE; NOT_DETECTED; PUBLIC_NETWORK; ADJACENT_NETWORK
vulnerability.parent.davis_assessment.levelstringstable
Vulnerability's Davis Security Score level.		LOW; MEDIUM; HIGH; CRITICAL; NONE
vulnerability.parent.davis_assessment.scoredoublestable
Vulnerability's Davis Security Score (1-10) calculated by Dynatrace.		8.1
vulnerability.parent.davis_assessment.vulnerable_function_statusstringstable
Usage status of vulnerable functions causing the vulnerability. Status is IN_USE when there's at least one vulnerable function in use by an application.		IN_USE; NOT_AVAILABLE; NOT_IN_USE
vulnerability.parent.first_seenstringstable
Timestamp of when the vulnerability was first detected.		2023-03-22T13:19:36.945Z
vulnerability.parent.mute.change_datetimestampstable
Timestamp of the last mute or unmute action of the vulnerability.		2023-03-22T13:19:36.945Z
vulnerability.parent.mute.reasonstringstable
Reason for muting or unmuting the vulnerability.		FALSE_POSITIVE; IGNORE; AFFECTED; CONFIGURATION_NOT_AFFECTED; OTHER
vulnerability.parent.mute.statusstringstable
Vulnerability's mute status.		MUTED; NOT_MUTED
vulnerability.parent.mute.userstringstable
User who last changed the vulnerability's mute status.		user@example.com
vulnerability.parent.resolution.change_datestringstable
Timestamp of the vulnerability's last resolution status change.		2023-03-22T13:19:37.466Z
vulnerability.parent.resolution.statusstringstable
Current status of the vulnerability.		OPEN; RESOLVED
vulnerability.parent.risk.levelstringstable
Vulnerability's risk score level defined by the provider. For Dynatrace, the Davis Security Score level.		LOW; MEDIUM; HIGH; CRITICAL; NONE
vulnerability.parent.risk.scoredoublestable
Vulnerability's risk score defined by the provider. For Dynatrace, Davis Security Score.		8.1
vulnerability.previous.cvss.base_scoredoublestable
Vulnerability's previous CVSS base score (in case the CVSS base score has changed).		8.1
vulnerability.previous.davis_assessment.data_assets_statusstringstable
Vulnerability's previous reachability of related data assets by affected entities (in case the reachability has changed).		NOT_AVAILABLE; NOT_DETECTED; REACHABLE
vulnerability.previous.davis_assessment.exploit_statusstringstable
Vulnerability's previous public exploit status (in case the public exploit status has changed).		AVAILABLE; NOT_AVAILABLE
vulnerability.previous.davis_assessment.exposure_statusstringstable
Vulnerability's previous internet exposure status (in case the internet exposure status has changed).		NOT_AVAILABLE; NOT_DETECTED; PUBLIC_NETWORK; ADJACENT_NETWORK
vulnerability.previous.davis_assessment.levelstringstable
Vulnerability's previous risk level (in case the risk level has changed).		LOW; MEDIUM; HIGH; CRITICAL; NONE
vulnerability.previous.davis_assessment.scoredoublestable
Vulnerability's previous Davis Security Score (in case Davis Security Score has changed).		8.1
vulnerability.previous.davis_assessment.vulnerable_function_statusstringstable
Vulnerability's previous vulnerable function status (in case the vulnerable function status has changed).		IN_USE; NOT_AVAILABLE; NOT_IN_USE
vulnerability.previous.mute.change_datestringstable
Timestamp of the vulnerability's previous mute status (in case the mute status has changed).		2023-03-22T13:19:36.945Z
vulnerability.previous.mute.commentstringexperimental
Comment of the vulnerability's previous mute status.		Muted because it's a false positive.
vulnerability.previous.mute.reasonstringstable
Reason for last muting or unmuting the vulnerability (in case the reason for muting or unmuting the vulnerability has changed).		Muted: False positive
vulnerability.previous.mute.statusstringstable
Vulnerability's previous mute status (in case the mute status has changed).		MUTED; NOT_MUTED
vulnerability.previous.mute.userstringstable
User who last changed the vulnerability's mute status (in case the mute status was last changed by a different user).		user@example.com
vulnerability.previous.resolution.statusstringstable
Vulnerability's previous resolution status (in case the resolution status has changed).		OPEN; RESOLVED
vulnerability.previous.risk.levelstringstable
Vulnerability's previous risk score level (in case the risk score level has changed).		LOW; MEDIUM; HIGH; CRITICAL
vulnerability.previous.risk.scoredoublestable
Vulnerability's previous risk score (in case the risk score has changed).		8.1
vulnerability.references.cvestring[]stable
List of the vulnerability's CVE IDs.		[CVE-2021-41079]
vulnerability.references.cwestring[]stable
List of the vulnerability's CWE IDs.		[CWE-20]
vulnerability.references.owaspstring[]stable
List of vulnerability's OWASP IDs.		[2021:A3]
vulnerability.remediation.descriptionstringexperimental
Description of the vulnerability's remediation advice.		Upgrade component to version 1.2.3 or higher
vulnerability.remediation.statusstringexperimental
Indicates whether a fix for the vulnerability is available.		AVAILABLE; NOT_AVAILABLE
vulnerability.resolution.change_datetimestampstable
Timestamp of the vulnerability's last resolution status change.		2023-03-22T13:19:37.466Z
vulnerability.resolution.statusstringstable
Vulnerability's resolution status.		OPEN; RESOLVED
vulnerability.risk.levelstringstable
Vulnerability's risk score level defined by the provider. For Dynatrace, the Davis Security Score level.		LOW; MEDIUM; HIGH; CRITICAL; NONE
vulnerability.risk.scalestringstable
Scale by which the vulnerability's risk score and risk score level defined by the provider are measured.		Davis Security Score
vulnerability.risk.scoredoublestable
Vulnerability's risk score defined by the provider. For Dynatrace, Davis Security Score.		8.1
vulnerability.stackstringexperimental
Level of the vulnerable component in the technological stack.		CODE; CODE_LIBRARY; SOFTWARE; CONTAINER_ORCHESTRATION
vulnerability.technologystringstable
Technology of the vulnerable component.		JAVA; DOTNET; GO; PHP; NODE_JS
vulnerability.titlestringstable
Title of the vulnerability.		Improper Input Validation
vulnerability.typestringstable
Classification of the vulnerability based on commonly accepted enums, such as CWE.		Improper Input Validation
vulnerability.urlstringstable
Dynatrace URL to the details page of the vulnerability. |		https://example.com

vulnerability.davis_assessment.assessment_mode has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
FULLfull
NOT_AVAILABLEnot_available
REDUCEDreduced

vulnerability.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
NOT_AVAILABLEnot_available
NOT_DETECTEDnot_detected
REACHABLEreachable

vulnerability.davis_assessment.exploit_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
AVAILABLEavailable
NOT_AVAILABLEnot_available

vulnerability.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
ADJACENT_NETWORKadjacent_network
NOT_AVAILABLEnot_available
NOT_DETECTEDnot_detected
PUBLIC_NETWORKpublic_network

vulnerability.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
CRITICALcritical
HIGHhigh
LOWlow
MEDIUMmedium
NONEnone

vulnerability.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
IN_USEin_use
NOT_AVAILABLEnot_available
NOT_IN_USEnot_in_use

vulnerability.mute.reason has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
AFFECTEDaffected
CONFIGURATION_NOT_AFFECTEDconfiguration_not_affected
FALSE_POSITIVEfalse_positive
IGNOREignore
OTHERother

vulnerability.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
MUTEDmuted
NOT_MUTEDnot_muted

vulnerability.parent.davis_assessment.assessment_mode has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
FULLfull
NOT_AVAILABLEnot_available
REDUCEDreduced

vulnerability.parent.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
NOT_AVAILABLEnot_available
NOT_DETECTEDnot_detected
REACHABLEreachable

vulnerability.parent.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
ADJACENT_NETWORKadjacent_network
NOT_AVAILABLEnot_available
NOT_DETECTEDnot_detected
PUBLIC_NETWORKpublic_network

vulnerability.parent.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
CRITICALcritical
HIGHhigh
LOWlow
MEDIUMmedium
NONEnone

vulnerability.parent.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
IN_USEin_use
NOT_AVAILABLEnot_available
NOT_IN_USEnot_in_use

vulnerability.parent.mute.reason has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
AFFECTEDaffected
CONFIGURATION_NOT_AFFECTEDconfiguration_not_affected
FALSE_POSITIVEfalse_positive
IGNOREignore
OTHERother

vulnerability.parent.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
MUTEDmuted
NOT_MUTEDnot_muted

vulnerability.parent.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
OPENopen
RESOLVEDresolved

vulnerability.parent.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
CRITICALcritical
HIGHhigh
LOWlow
MEDIUMmedium
NONEnone

vulnerability.previous.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
NOT_AVAILABLEnot_available
NOT_DETECTEDnot_detected
REACHABLEreachable

vulnerability.previous.davis_assessment.exploit_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
AVAILABLEavailable
NOT_AVAILABLEnot_available

vulnerability.previous.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
ADJACENT_NETWORKadjacent_network
NOT_AVAILABLEnot_available
NOT_DETECTEDnot_detected
PUBLIC_NETWORKpublic_network

vulnerability.previous.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
CRITICALcritical
HIGHhigh
LOWlow
MEDIUMmedium
NONEnone

vulnerability.previous.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
IN_USEin_use
NOT_AVAILABLEnot_available
NOT_IN_USEnot_in_use

vulnerability.previous.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
MUTEDmuted
NOT_MUTEDnot_muted

vulnerability.previous.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
OPENopen
RESOLVEDresolved

vulnerability.previous.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
CRITICALcritical
HIGHhigh
LOWlow
MEDIUMmedium
NONEnone

vulnerability.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
OPENopen
RESOLVEDresolved

vulnerability.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
CRITICALcritical
HIGHhigh
LOWlow
MEDIUMmedium
NONEnone

vulnerability.stack has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
CODEcode
CODE_LIBRARYcode_library
CONTAINER_ORCHESTRATIONcontainer_orchestration
SOFTWAREsoftware

vulnerability.technology has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
DOTNETdotnet
GOgo
JAVAjava
NODE_JSnode_js
PHPphp

Web vitals

The web vitals namespace contains the web vitals attributes captured by Dynatrace RUM.

Fields

AttributeTypeDescriptionExamples
web_vitals.cumulative_layout_shiftdoubleexperimental
The Cumulative Layout Shift (CLS) value.		0.1279
web_vitals.first_contentful_paintdurationexperimental
The First Contentful Paint (FCP) value.		92000000
web_vitals.first_inputdurationexperimental
The First Input value.		6000000
web_vitals.first_input_delaydurationexperimental
The First Input Delay (FID) value.		6000000
web_vitals.first_paintdurationexperimental
The First Paint value.		92451200
web_vitals.interaction_to_next_paintdurationexperimental
The Interaction to Next Paint (INP) value.		190000000
web_vitals.largest_contentful_paintdurationexperimental
The Largest Contentful Paint (LCP) value.		880000000
web_vitals.time_to_first_bytedurationexperimental
The Time to First Byte value.		92000000

WebLogic

Fields

AttributeTypeDescriptionExamples
weblogic.cluster.namestringresource experimental
The name of the cluster this instance belongs to.		OrderManagement2
weblogic.domain.namestringresource experimental
The name of the domain this instance belongs to.		CustomerManagementFulfillmentSvc
weblogic.homestringresource experimental
The instance's home directory.		/apps/infra/wls/bin/10.3.6_64/wlserver_10.3/server
weblogic.server.namestringresource experimental
The instance's server name.		OrderManagement2Srv1

WebSphere

Fields

AttributeTypeDescriptionExamples
websphere.cell.namestringresource experimental
The name of the cell this instance belongs to.		srvwasapp1Cell01
websphere.cluster.namestringresource experimental
The name of the cluster this instance belongs to.		CluApp1
websphere.node.namestringresource experimental
Name of the node to which this instance belongs.		nodeSrvApp2
websphere.server.namestringresource experimental
The instance's server name.		SrvApp2

WebSphere Liberty

Fields

AttributeTypeDescriptionExamples
websphere_liberty.server.namestringresource experimental
The instance's server name.		defaultServer

Winlog

Fields

AttributeTypeDescriptionExamples
winlog.eventidlongexperimental
Event ID is a unique identifier assigned to each event logged by the system. Each event ID corresponds to a specific type of event, such as an error, warning, or informational message. (4624 -> successful logon, 1000 -> application error)		4624; 1000
winlog.keywordsstringexperimental
Keywords are used to categorize and group events. This categorization allows to quickly identify and focus on specific types of events that are relevant to your troubleshooting or monitoring needs.		Classic; Started
winlog.levelstringexperimental
Level of an event indicates its severity or importance		Critical; Error; Warrning
winlog.opcodestringexperimental
Opcode is a value that identifies a specific activity or a point within an activity that the application was performing when it raised the event. This helps in understanding the context of the event more precisely.		Info; Download
winlog.providerstringexperimental
Provider is a component or service that generates events. Providers are responsible for writing specific types of events to the event logs, such as application errors, security events, or system warnings.		Avecto Service; Security-SPP
winlog.tasklongexperimental
Task refers to the specific operation or activity that an event is associated with. Each event is categorized under a task, which helps in identifying what the system or application was doing when the event was logged. This can be particularly useful for troubleshooting and understanding the context of the event. (5 -> HTTP Configuration Property Trace Task, 12804 -> Other Object Access Events)		5; 12804
winlog.usernamestringexperimental
Username refers to the account name associated with specific events, such as logon or logoff activities. This is particularly useful for tracking user activity and identifying who was logged into the system at a given time.		SYSTEM; N/A

z/OS

Fields zos resource attributes

AttributeTypeDescriptionExamples
cics.transaction.system_idstringresource experimental
The system ID of the CICS region that this transaction executed on.		C259; CICS
zos.address_space_idlongresource experimental
The address space identifier (ASID) of the z/OS address space.		1; 296
zos.job_idstringresource experimental
The job ID of the z/OS address space.		JOB12345
zos.job_namestringresource experimental
The jobname of the z/OS address space.		CICSAOR0; CTGATM00; IMSCR15
zos.job_step_idstringresource experimental
The step ID within the job within the z/OS address space.		00000001; 00000002
zos.lpar_namestringresource experimental
The name of the LPAR that the z/OS address space executes within.		S0W1; ABCD
zos.sys_idstringresource experimental
The system ID of the CICS/IMS address space.		C259; CICS; IMSF
zos.transaction.job_namestringresource experimental
The jobname of the z/OS address space that the transaction executed in.		CICSAOR0; CTGATM00; IMSCR15
zos.transaction.lpar_namestringresource experimental
The name of the LPAR that the transaction executed on.		S0W1; ABCD

Fields zos transactions general

AttributeTypeDescriptionExamples
zos.transaction.call_typestringexperimental
The type of transaction call that was invoked.		CTG
zos.transaction.idstringexperimental
The ID of this transaction.		CEMT; DTAX; IVTNO
zos.transaction.program_typestringexperimental
The type of transaction that was executed.		DLI_DB; DLI_DC; MQ; DB2

zos.transaction.call_type MUST be one of the following:

ValueDescription
CTGA CTG request triggered this transaction.
DPLA CICS DPL request triggered this transaction.
HTTPAn HTTP or HTTPS request triggered this transaction.
IMS_CONNECTAn IMS Connect request triggered this transaction.
IMS_CONNECT_APIAn IMS Connect API request triggered this transaction.
IMS_TRANS_EXECThe application program being scheduled and running to handle this transaction.
ITRAAn IMS TM Resource Adapter request triggered this transaction.
MQAn MQ operation triggered this transaction.
MSCAn IMS MSC request triggered this transaction.
PGM_SWITCHAn IMS Program Switch request triggered this transaction.
SDKAn SDK call triggered this transaction.
SHARED_QUEUEAn IMS Shared Queue request triggered this transaction.
SOAPA SOAP request triggered this transaction.
STARTAn EXEC CICS START triggered this transaction.
TTXA green screen terminal transaction code triggered this transaction.
TXA CICS or IMS transaction code triggered this transaction.
ZOS_CONNECTA z/OS Connect request triggered this transaction.

zos.transaction.program_type MUST be one of the following:

ValueDescription
DB2The transaction performs DB2 database actions.
DLI_DBThe transaction performs DLI database actions.
DLI_DCThe transaction performs DLI data communications actions.
MQThe transaction performs MQ Queue actions.

Fields cics transactions

AttributeTypeDescriptionExamples
cics.transaction.class_namestringexperimental
The name of the transaction class of this transaction.		null; DFHTCL00
cics.transaction.client.ipipAddressexperimental
IP address of the client (IPv4 or IPv6) that made the request that triggered the transaction.		194.232.104.141; 2a01:468:1000:9::140
cics.transaction.client.portlongexperimental
Port number of the client that made the request that triggered the transaction.		65123; 80
cics.transaction.path.namestringexperimental
The path name, only applicable for web requests.		/dtrouter
cics.transaction.task_idlongexperimental
The CICS task ID of this transaction.		1234
cics.transaction.transaction_group_idstringexperimental
The transaction group ID assigned at transaction attach time.		160dd5c5e3c44bc8e5c5c1c3f4f4f9df9fa2d8b049cb800000000000
cics.transaction.unit_of_work_idlongexperimental
The unit of work ID for this transaction, which is normally represented as a hex value.		15977055984148641282; 15977055491352760323
cics.transaction.user_idstringexperimental
The user ID of the user who triggered this transaction.		USER1; anon
cics.transaction.wlm.reporting_service_class_namestringexperimental
The name of the z/OS Workload Manager (WLM) reporting service class of this transaction.		null; BAT_ATM; RC_CICS
cics.transaction.wlm.service_class_namestringexperimental
The name of the z/OS Workload Manager (WLM) service class of this transaction.		null; SYSSTC; VEL15I5

Fields cics files

AttributeTypeDescriptionExamples
cics.file.defining_region_namestringexperimental
The system ID of the CICS region that is defined on the request.		C259; CICS
cics.file.is_localbooleanexperimental
A boolean that is true if the file is defined within the CICS region that it executed in.		true
cics.file_namestringexperimental
The logical name of the file, as defined in CEDA.		EXMPCAT; CICSFILE

Fields ims transactions

AttributeTypeDescriptionExamples
ims.message.transaction.message.segment_countlongexperimental
The number of segments in the message.		1; 5
ims.message.transaction.message.sizelongexperimental
The size of the message.		10; 421
ims.message.transaction.terminal_namestringexperimental
The terminal name that this IMS transaction executed on.		HWSAM5ZD; 10505
ims.message.transaction.unit_of_work_idlongexperimental
The unit of work ID for this transaction, which is normally represented as a hex value.		5981228500318430862871015129591113287966852300630664295044916520394057871645605888; 5981112713529734741010744557477214433959078921583025076794253743298954785382793216
ims.message.transaction.user_idstringexperimental
The user ID of the user who triggered this transaction.		USER1; anon

Fields ims execution transactions

AttributeTypeDescriptionExamples
ims.execution.transaction.commit_countlongexperimental
The commit count for this transaction.		4; 5
ims.execution.transaction.current_prioritylongexperimental
The current priority of this transaction.		1; 5
ims.execution.transaction.execution_classlongexperimental
The execution class of this transaction.		45; 66
ims.execution.transaction.psb_namestringexperimental
The PSB name that this IMS transaction executed on.		HWSAM5ZD; 10505
ims.execution.transaction.schedule_countlongexperimental
The schedule count for this transaction.		346613; 421
ims.execution.transaction.unit_of_work_idlongexperimental
The unit of work ID for this transaction, which is normally represented as a hex value.		5981228500318430862871015129591113287966852300630664295044916520394057871645605888; 5981112713529734741010744557477214433959078921583025076794253743298954785382793216

Fields ims connect transactions

AttributeTypeDescriptionExamples
ims.connect.transaction.client.ipipAddressexperimental
IP address of the client (IPv4 or IPv6) that made the request that triggered the transaction.		194.232.104.141; 2a01:468:1000:9::140
ims.connect.transaction.server.portlongexperimental
Port number on the IMS Connect server that received the request for this transaction		65123; 80
ims.connect.transaction.user_idstringexperimental
The user ID of the user who triggered this transaction.		USER1; anon

Fields ims tm resource adapter (ITRA) transactions

AttributeTypeDescriptionExamples
ims.tm.resource.adapter.semantic_detection_versionstringexperimental
The detection version for this transaction.		1
ims.tm.resource.adapter.transaction.client.ipipAddressexperimental
IP address of the client (IPv4 or IPv6) that made the request that triggered the transaction.		194.232.104.141; 2a01:468:1000:9::140
ims.tm.resource.adapter.transaction.client.portlongexperimental
Port number of the client that made the request that triggered the transaction.		65123; 80
ims.tm.resource.adapter.transaction.commit_modelongexperimental
The commit mode of the transaction.		0
ims.tm.resource.adapter.transaction.datastore_namestringexperimental
The datastore name used by this transaction.		IMS1500
ims.tm.resource.adapter.transaction.interaction_verblongexperimental
The interaction verb that triggered the transaction.		0
ims.tm.resource.adapter.transaction.lpar_namestringexperimental
The name of the LPAR that the transaction executed on.		S0W1; ABCD
ims.tm.resource.adapter.transaction.sync_levellongexperimental
Indicates the synchronization level of the transaction. This only applies when the interaction verb is set to "SYNC_SEND_RECEIVE", "SYNC_SEND", or "SYNC_RECEIVE_CALLOUT". This attribute applies to both conversational and non-conversational applications. It is used in conjuction with the ims.transaction.request.transaction.commit_mode attribute.		0

ims.tm.resource.adapter.transaction.commit_mode MUST be one of the following:

ValueDescription
0The commit happens before sending the response.
1The commit is deferred until the response has been sent and acknowledged.

ims.tm.resource.adapter.transaction.interaction_verb MUST be one of the following:

ValueDescription
0SYNC_SEND
1SYNC_SEND_RECEIVE
3SYNC_END_CONVERSATION
4SYNC_RECEIVE_ASYNCOUTPUT
5SYNC_RECEIVE_ASYNCOUTPUT_SINGLE_NOWAIT
6SYNC_RECEIVE_ASYNCOUTPUT_SINGLE_WAIT
7SYNC_RECEIVE_CALLOUT

ims.tm.resource.adapter.transaction.sync_level MUST be one of the following:

ValueDescription
0There will be no synchronization.
1Synchronization will be confirmed.

z/OS Connect

Fields

AttributeTypeDescriptionExamples
zosconnect.api.descriptionstringexperimental
The z/OS Connect API description.		The API for the CICS catalog manager sample application.
zosconnect.api.namestringexperimental
The z/OS Connect API name.		catalog
zosconnect.api.versionstringexperimental
The z/OS Connect API version.		1.0.0
zosconnect.request.body.sizelongexperimental
The size of the request payload in bytes.		234
zosconnect.request.idlongexperimental
The z/OS Connect request ID.		2215
zosconnect.request.typestringexperimental
The type of the REST request. 1		ADMIN
zosconnect.response.body.sizelongexperimental
The size of the response payload in bytes.		125
zosconnect.service.descriptionstringexperimental
The z/OS Connect service description.		EDUCHAN service using the CICS Service Provider
zosconnect.service.namestringexperimental
The z/OS Connect service name.		placeOrder
zosconnect.service.provider.namestringexperimental
The service provider name.		CICS-1.0
zosconnect.service.versionstringexperimental
The z/OS Connect service version.		2.0
zosconnect.sor.identifierstringexperimental
The system of record identifier. The format differs depending on the SOR type. 2		localhost:8080
zosconnect.sor.referencestringexperimental
The system of record reference.		cicsConn
zosconnect.sor.resourcestringexperimental
Identifier for the resource invoked on the system of record. The format differs depending on the SOR type. 3		01,DFH0XCMN
zosconnect.sor.typestringexperimental
The system of record type.		CICS

zosconnect.request.type MUST be one of the following:

ValueDescription
ADMINadmin
APIapi
SERVICEservice
UNKNOWNunknown

zosconnect.sor.type MUST be one of the following:

ValueDescription
CICScics
IMSims
MQmq
RESTrest
WOLAwola