Davis events represent different types of individual incidents, such as metric-threshold breaches, baseline degradations, or point-in-time events, such as process crashes. Dynatrace also detects and processes informational events such as new software deployments, configuration changes, and other event types.
A Davis problem may result from a single event or multiple events, which is often the case in complex environments. To prevent a flood of seemingly unrelated problem alerts for related events in such environments, the Dynatrace AI correlates all events that share the exact root cause into a single, trackable problem. This approach prevents event and alert spamming.
Problems have defined lifespans and are updated in real time with all incoming events and findings. Once a problem is detected, it's listed on your problems feed.
Davis event reports create, update, refresh, or close events within the Davis system. These reports are uniquely identified and linked through their event.name, event.type, and dt.source_entity. This linkage ensures that identical identifiers contribute to a singular event. A new event is generated in the absence of a matching existing event, while a matching event triggers an update to reflect the latest information.
Davis events are enriched with additional fields, as detailed in the Davis event model documentation.
Event reports can be created through various methods, including direct creation via the REST API. Additionally, features like metric events or log events autonomously generate these reports. These features also offer customization capabilities through event templates.
This section contains general event information that can be set on an event report or an event template.
dt.query
timeseries avg(dt.host.cpu.idle)
dt.source_entity
entity-id
HOST-E0D8F94D9065F24F
; PROCESS_GROUP_INSTANCE-E0D8F94D9065F24F
event.description
The current response time (11 s) exceeds the auto-detected baseline (767 ms) by 1,336 %
event.end
16481073970000
event.group_label
Availability
event.name
CPU saturation
; User action duration degradation
Value of this attribute will be based on one of dt.entity.<type>
attributes value. That means that both attributes dt.source_entity and corresponding dt.entity.<type>
will be set to the same ID.
This section contains Davis-specific fields that influence the Davis routine on an event report or an event template.
dt.davis.analysis_time_budget
dt.davis.analysis_trigger_delay
dt.davis.is_entity_remapping_allowed
dt.davis.is_frequent_issue_detection_allowed
dt.davis.is_merging_allowed
dt.davis.is_problem_suppressed
Every Davis event update is exported to Grail. This includes updates that only refresh the event, which is guaranteed to be at least 1 update every 6 hours.
Events are essential raw data that Davis (the Dynatrace AI engine) considers during automated root-cause analysis to understand the reasons underlying any problems that are detected in your environment. Out of the box, Davis detects more than 80 different built-in system event types, including process crashes, deployment configuration changes, and VM motion events. Using extension points, you can report custom events through OneAgent plugins or via the Dynatrace API.
Davis shows all system events in the context of your data center topology. So you can analyze events in relation to their parent topological components (for example, hosts, processes, or services) and see how they relate to one another.
Searches for all Davis events.
fetch dt.davis.events
This section contains general event information.
dt.query
timeseries avg(dt.host.cpu.idle)
dt.source_entity
entity-id
HOST-E0D8F94D9065F24F
; PROCESS_GROUP_INSTANCE-E0D8F94D9065F24F
dt.source_entity.type
host
; process_group_instance
; cloud:azure:resource_group
event.category
INFO
; AVAILABILITY
; ERROR
; SLOWDOWN
; RESOURCE_CONTENTION
; CUSTOM_ALERT
; MONITORING_UNAVAILABLE
event.description
The current response time (11 s) exceeds the auto-detected baseline (767 ms) by 1,336 %
event.end
16481073970000
Value of this attribute will be based on one of dt.entity.<type>
attributes value. That means that both attributes dt.source_entity and corresponding dt.entity.<type>
will be set to the same ID.
This section contains fields that influence the Davis routine.
dt.davis.analysis_time_budget
dt.davis.analysis_trigger_delay
dt.davis.is_entity_remapping_allowed
dt.davis.is_frequent_issue_detection_allowed
dt.davis.is_merging_allowed
dt.davis.is_problem_suppressed
This section contains fields that the Davis routine sets.
dt.davis.disable_merging_reason
Set by event reporter
; Monitored dimensions limit violated
dt.davis.entity_remapping_failure_info
No entity of type 'myPreferredEntityType' could be extracted from the provided event properties.
dt.davis.impact_level
Application
; Environment
; Infrastructure
; Services
dt.davis.is_frequent_event
dt.davis.mute.status
MUTED
dt.davis.mute.user
donald_duck@gmail.com
This section contains information on the main settings object that contributes to the event.
dt.settings.object_id
vu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQ
dt.settings.schema_id
builtin:problem.notifications
; app:dynatrace.jenkins:connection
dt.settings.scope_id
environment
; HOST-EFAB6D2FE7274823
This section contains information on entities.
affected_entity_ids
[HOST-1234567890ABCDEF]
affected_entity_types
[dt.entity.host, dt.entity.service]
entity_tags
[departmentA, department:A]
related_entity_ids
[HOST-1234567890ABCDEF]
This section contains synthetic event information.
dt.entity.synthetic_location
entity-id
SYNTHETIC_LOCATION-D140F3B85BCCBD1A
dt.synthetic.request.targets
127.0.0.1:22
dt.synthetic.violated_entity_ids
HTTP_CHECK-9349B98E1CD87352
; HTTP_CHECK_STEP-6349B98E1CD87352
Every Davis problem update is exported to Grail. This includes updates that only refresh the problem, which is guaranteed to be at least 1 update every 6 hours.
Problems in Dynatrace represent anomalies in normal behavior or state. Such anomalies can be, for example, a slow service response or user-login process. Whenever a problem is detected, Dynatrace raises a specific problem event indicating such an anomaly.
Raised problems provide insight into their underlying root causes. To identify the root causes of problems, Dynatrace follows a context-aware approach that detects interdependent events across time, processes, hosts, services, applications, and both vertical and horizontal topological monitoring perspectives. Only through such a context-aware approach is it possible to pinpoint the true root causes of problems. For this reason, newly detected anomalous events in your environment won't necessarily result in the immediate raising of a new problem.
Query davis problems.
fetch dt.davis.problems
Searches for all unique Davis problems and return status, title and the display id.
fetch dt.davis.problems| filter not(dt.davis.is_duplicate)| fields id=display_id, title=event.name, status=event.status
Searches for all currently active, unique Davis problems and return status, title and the display id.
fetch dt.davis.problems| filter not(dt.davis.is_duplicate)| filter event.status == "ACTIVE"| fields id=display_id, title=event.name, status=event.status
Search for details of a specific problem with a given display id.
fetch dt.davis.problems| filter not(dt.davis.is_duplicate)| filter display_id == "P-12345678"| fields id=display_id, title=event.name, status=event.status
Count the total number of active problems in the last hour.
fetch dt.davis.problems, from:-1h| filter not(dt.davis.is_duplicate)| filter event.status == "ACTIVE"| summarize active_problem_count = count()
Chart the number of currently active problems over the last 24 hours.
fetch dt.davis.problems, from:-24h| filter event.status == "ACTIVE"| makeTimeseries active_problems = count(), interval:1h, spread: timeframe(from:event.start, to:coalesce(event.end, now()))
Shows the logs of all entities affected by the problem 'P-12345678'.
fetch logs| filter dt.source_entity in [fetch dt.davis.problems| filter display_id == "P-12345678"| fields affected_entity_ids]
This section contains general event information.
event.category
AVAILABILITY
; ERROR
; SLOWDOWN
; RESOURCE_CONTENTION
; CUSTOM_ALERT
; MONITORING_UNAVAILABLE
event.description
The current response time (11 s) exceeds the auto-detected baseline (767 ms) by 1,336 %
event.end
16481073970000
event.id
5547782627070661074_1647601320000
event.kind
permission
DAVIS_PROBLEM
event.name
CPU saturation
; Multiple infrastructure problems
This section contains fields that the Davis routine sets.
display_id
P-2307288
dt.davis.affected_users_count
dt.davis.event_ids
[-2127669892157121805_1688396340000]
dt.davis.is_duplicate
dt.davis.last_reopen_timestamp
dt.davis.mute.status
MUTED
This section contains information on entities.
affected_entity_ids
[HOST-1234567890ABCDEF]
affected_entity_types
[dt.entity.host, dt.entity.service]
entity_tags
[departmentA, department:A]
related_entity_ids
[HOST-1234567890ABCDEF]
root_cause_entity_id
HOST-1234567890ABCDEF
root_cause_entity_name
Server 1.2.3.4