Davis events represent different types of individual incidents, such as metric-threshold breaches, baseline degradations, or point-in-time events, such as process crashes. Dynatrace also detects and processes informational events such as new software deployments, configuration changes, and other event types.
A Davis problem may result from a single event or multiple events, which is often the case in complex environments. To prevent a flood of seemingly unrelated problem alerts for related events in such environments, the Dynatrace AI correlates all events that share the exact root cause into a single, trackable problem. This approach prevents event and alert spamming.
Problems have defined lifespans and are updated in real time with all incoming events and findings. Once a problem is detected, it's listed on your problems feed.
Davis event reports create, update, refresh, or close events within the Davis system. These reports are uniquely identified and linked through their event.name, event.type, and dt.source_entity. This linkage ensures that identical identifiers contribute to a singular event. A new event is generated in the absence of a matching existing event, while a matching event triggers an update to reflect the latest information.
Davis events are enriched with additional fields, as detailed in the Davis event model documentation.
Event reports can be created through various methods, including direct creation via the REST API. Additionally, features like metric events or log events autonomously generate these reports. These features also offer customization capabilities through event templates.
General event information that can be set on an event report or an event template.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| duration | experimentalA time duration that defines one end of the analysis window relative to |
|
| string | experimentalA DQL query associated with the event, see Dynatrace Query Language. If the query returns time series data, the time series is charted in the event details in the Problems app. |
|
| smartscapeId | resource stableA Smartscape ID that can be used to query entities from the Smartscape storage. |
|
| smartscapeId | resource experimentalThe ID of the entity considered the source of the signal. The string represents an entity ID of an entity that is stored in the Smartscape storage. 1Tags: |
|
| string | resource stableThe entity type of the entity whose identifier is held in dt.smartscape_source.id. |
|
| string | resource stableThe ID of the entity considered the source of the signal. The string represents an entity ID of an entity that is stored in the classic entity storage. 2Tags: |
|
| string | stableHuman-readable description of an event. |
|
| string | stableThe event end timestamp in UTC (given in Grail preferred Linux timestamp nano precision format). If not set, |
|
| string | experimentalGroup label of an event. |
|
| string | stableThe human readable display name of an event type. |
|
| long | experimentalIncident severity on a scale of 1 to 5 (1 = most severe, 5 = least severe), aligned with ITIL severity levels. |
|
| string | stableThe event start timestamp in UTC (given in Grail preferred Linux timestamp nano precision format). If not set, the current timestamp is used. For events created based on a sliding window with enough violating slots, |
|
| string | stableControls the event lifecycle: |
|
| string | stableThe unique type identifier of a given event. Must be one of: * |
|
The value of this field will be based on the value of one of the dt.smartscape.<type> fields. That means that the dt.smartscape_source.id and dt.smartscape.<type> fields will both be set to the same ID.
The value of this field will be based on the value of one of the dt.entity.<type> fields. This means that the dt.source_entity and dt.entity.<type> fields will both be set to the same ID.
Davis-specific fields that influence the Davis routine on an event report or an event template.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| duration | experimentalA time duration that defines one end of the analysis window relative to |
|
| long | stableThe time budget (in seconds) that the Davis® engine is granted before it must raise a problem. The analysis time budget can be set per event and controls the balance of sending out alerts early and granting the AI analysis enough time to finish its analysis. The trade-off of a short analysis budget is that the root cause and event merge analysis is limited or even skipped. For example, the time budget of 0 seconds means that the event raises a problem and sends the alert immediately, without any analysis. | |
| long | stableThe time delay (in seconds) before the trigger of Davis® analysis. For example, the delay of 0 seconds triggers a Davis® problem and the root cause analysis immediately. The trigger delay can be used to hold the analysis until all the relevant root cause data has arrived to Dynatrace. For example, it might be beneficial for cloud integrations or log integrations that report data in different schedules— you can delay the analysis until data from all sources is available. Note that while longer delays mean more data is available for root cause analysis, they also delay the delivery of alerts. Attention: When sent as an event report, the value is in seconds. In Grail, the value is represented in milliseconds. | |
| boolean | stableThis flag defines whether the remapping of the target entity is enabled (true) or disabled (false). If the remapping is enabled, Dynatrace can map the event to an entity extracted from the event metadata. If the remapping is disabled or the extraction is not possible, Dynatrace maps the event to the entity specified in the event configuration (for example, a specific host) or to the global environment entity. | |
| boolean | stableThe flag controls whether the Davis® engine should detect frequent issues. If the flag is set to true, events identified as frequent won't be triggered or merged into a problem. If the flag is set to false, frequent issues won't be detected and events will be triggered and merged as normal. | |
| boolean | stableThis flag controls whether the Davis® engine is allowed to merge this event into a larger problem (true) or if a new problem must be created (false). By default, merging is allowed, except for the event type | |
| boolean | stableThis flag controls whether the Davis® engine suppresses the problem from showing up in the web UI and sending notifications. | |
| boolean | stableThis flag controls whether the Davis® engine should include this event within the root cause analysis (true) or if it is not (false) relevant. | |
| string | stableThe preferred classic entity type for remapping. You can find possible values in the classic Dynatrace web UI under Settings > Topology model > Generic types. If the remapping (dt.event.allow_entity_remapping) is enabled, this property defines the entity type to which the event should be mapped. If no entity of the preferred type is extracted, no remapping is applied. |
|
| long | stableThe event timeout period (in minutes). If not set, 15 is used. The timeout will automatically be capped to a maximum of 360 minutes (6 hours). Various event sources use this event property to keep an event active by regularly refreshing an initial event. The timeout defines how fast the event source must refresh an event to keep it active. To keep the event active, the event source must send the refresh within the timeout period. If no refresh is sent, the event is automatically closed by Dynatrace after the timeout period. Note that metric sources use their own configurable de-alerting windows to close events. Setting the timeout shorter than the de-alerting window will force events to close and increase the risk of false-positive alerts. | |
| string | experimentalSet this tag to control which event reports connect together. This value is combined with internal system fields—such as event.name, dt.source_entity, and event.provider—to generate a unique correlation ID for event tracking. The final correlation ID that's used for connecting event reports is stored in dt.event.correlation_id. |
|
Every Davis event update is exported to Grail. This includes updates that only refresh the event, which is guaranteed to be at least 1 update every 6 hours.
Events are essential raw data that Davis (the Dynatrace AI engine) considers during automated root-cause analysis to understand the reasons underlying any problems that are detected in your environment. Out of the box, Davis detects more than 80 different built-in system event types, including process crashes, deployment configuration changes, and VM motion events. Using extension points, you can report custom events through OneAgent plugins or via the Dynatrace API.
Davis shows all system events in the context of your data center topology. So you can analyze events in relation to their parent topological components (for example, hosts, processes, or services) and see how they relate to one another.
Searches for all Davis events.
fetch dt.davis.events
General event information.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| string | experimentalA DQL query associated with the event, see Dynatrace Query Langauge. |
|
| smartscapeId | resource experimentalThe ID of the entity considered the source of the signal. The string represents an entity ID of an entity that is stored in the Smartscape storage. 1Tags: |
|
| string | resource stableThe entity type of the entity whose identifier is held in dt.smartscape_source.id. |
|
| string | resource stableThe ID of the entity considered the source of the signal. The string represents an entity ID of an entity that is stored in the classic entity storage. 2Tags: |
|
| string | resource stableThe entity type of the entity whose identifier is held in dt.source_entity. The value must be a valid entity type and consistent with |
|
| string | stableStandard categorization based on the significance of an event (similar to the severity level in the previous Dynatrace). |
|
| string | stableHuman-readable description of an event. |
|
| string | stableThe event end timestamp in UTC (given in Grail preferred Linux timestamp nano precision format). |
|
| string | experimentalGroup label of an event. |
|
| string | stableUnique identifier string of an event; is stable across multiple refreshes and updates. |
|
| string | stableGives high-level information about what kind of information the event contains without being specific about the contents of the event. It helps to determine the record type of a raw event.Tags: |
|
| string | stableThe human readable display name of an event type. |
|
| string | stableSource of the event, for example, the name of the component or system that generated the event.Tags: |
|
| long | experimentalIncident severity on a scale of 1 to 5 (1 = most severe, 5 = least severe), aligned with ITIL severity levels. |
|
| string | stableThe event start timestamp in UTC (given in Grail preferred Linux timestamp nano precision format). This is different from the timestamp even for the first record, as event sources require some time to analyze the underlying data, so the time when an event update is created ( |
|
| string | stableStatus of an event as being either Active or Closed. |
|
| string | experimentalAn enum that shows the transition of the above event state. |
|
| string | stableThe unique type identifier of a given event.Tags: |
|
| timestamp | stableThe time (UNIX Epoch time in nanoseconds) when the event originated, typically when the source created it. If no original timestamp is available, it will be populated at ingest time and required for all events. In the case of a correlated event (for example, ITIL events), this time could be different from the event.start time, as this time represents the actual timestamp when the "update" for the event was created. |
|
The value of this field will be based on the value of one of the dt.smartscape.<type> fields. That means that the dt.smartscape_source.id and dt.smartscape.<type> fields will both be set to the same ID.
The value of this field will be based on the value of one of the dt.entity.<type> fields. This means that the dt.source_entity and dt.entity.<type> fields will both be set to the same ID.
Fields that influence the Davis routine.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| duration | experimentalA time duration that defines one end of the analysis window relative to |
|
| long | stableThe time budget (in seconds) that the Davis® engine is granted before it must raise a problem. The analysis time budget can be set per event and controls the balance of sending out alerts early and granting the AI analysis enough time to finish its analysis. The trade-off of a short analysis budget is that the root cause and event merge analysis is limited or even skipped. For example, the time budget of 0 seconds means that the event raises a problem and sends the alert immediately, without any analysis. | |
| long | stableThe time delay (in milliseconds) before the trigger of Davis® analysis. For example, the delay of 0 seconds triggers a Davis® problem and the root cause analysis immediately. The trigger delay can be used to hold the analysis until all the relevant root cause data has arrived to Dynatrace. For example, it might be beneficial for cloud integrations or log integrations that report data in different schedules— you can delay the analysis until data from all sources is available. Note that while longer delays mean more data is available for root cause analysis, they also delay the delivery of alerts. Attention: When sent as an event report, the value is in seconds. In Grail, the value is represented in milliseconds. | |
| boolean | stableThis flag defines whether the remapping of the target entity is enabled (true) or disabled (false). If the remapping is enabled, Dynatrace can map the event to an entity extracted from the event metadata. If the remapping is disabled or the extraction is not possible, Dynatrace maps the event to the entity specified in the event configuration (for example, a specific host) or to the global environment entity. | |
| boolean | stableThe flag controls whether the Davis® engine should detect frequent issues. If the flag is set to true, events identified as frequent won't be triggered or merged into a problem. If the flag is set to false, frequent issues won't be detected and events will be triggered and merged as normal. | |
| boolean | stableThis flag controls whether the Davis® engine is allowed to merge this event into a larger problem (true) or if a new problem must be created (false). By default, merging is allowed, except for the event type | |
| boolean | stableThis flag controls whether the Davis® engine suppresses the problem from showing up in the web UI and sending notifications. | |
| boolean | stableThis flag controls whether the Davis® engine should include this event within the root cause analysis (true) or if it is not (false) relevant. | |
| string | stableThe preferred classic entity type for remapping. You can find possible values in the classic Dynatrace web UI under Settings > Topology model > Generic types. If the remapping (dt.event.allow_entity_remapping) is enabled, this property defines the entity type to which the event should be mapped. If no entity of the preferred type is extracted, no remapping is applied. |
|
| long | stableThe event timeout period (in minutes). If not set, 15 is used. The timeout will automatically be capped to a maximum of 360 minutes (6 hours). Various event sources use this event property to keep an event active by regularly refreshing an initial event. The timeout defines how fast the event source must refresh an event to keep it active. To keep the event active, the event source must send the refresh within the timeout period. If no refresh is sent, the event is automatically closed by Dynatrace after the timeout period. Note that metric sources use their own configurable de-alerting windows to close events. Setting the timeout shorter than the de-alerting window will force events to close and increase the risk of false-positive alerts. | |
| string | experimentalSet this tag to control which event reports connect together. This value is combined with internal system fields—such as event.name, dt.source_entity, and event.provider—to generate a unique correlation ID for event tracking. The final correlation ID that's used for connecting event reports is stored in dt.event.correlation_id. |
|
Fields that are Davis-specific and set by the Davis routine.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| string | stableShort explanation for why an event should not be merged with other events into the same problem. This is usually set when 'dt.davis.is_merging_allowed' is set to true. If merging is disallowed due to a custom configuration, this field contains the value "Set by event reporter". Additionally, there are scenarios where the Davis® engine may automatically disable merging, typically in cases of problem suppression. |
|
| string | stableProvides additional information in case remapping an event onto an entity that was extracted from the event metadata failed. |
|
| string | stableThe impact level of the event. |
|
| boolean | stableIndicates if the event was found to frequently happen. Can only be true if dt.davis.is_frequent_issue_detection_allowed is set to true. If events are frequent events, they will not trigger or merge into problems. To disable frequent issue detection, i.e., set the dt.davis.is_frequent_issue_detection_allowed field to false in an event template section of an event-raising config. Frequent issue detection can be disabled globally in the frequent issue detection settings. | |
| string | stableStatus describing if the event is muted. It is also set to muted when the event is part of a problem that is manually closed. |
|
| string | stableUser id of the user who muted the event. |
|
| string | stableA short description of the suppression reason. |
|
| uid | experimentalEvent reports with the same correlation ID will be grouped together into the same event. There is only one event active at the same time for the same correlation ID. Over time, there might be multiple events with different |
|
| boolean | stableIndicates if the event is within a maintenance window. |
Settings fields for Davis events. Describes the settings object that was the main contributor to the event.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| string | experimentalThe object ID of a settings value. This corresponds to the 'objectId' field/parameter in the Settings API. |
|
| string | experimentalThe schema ID of a settings schema, as used in the Settings APIs. |
|
| string | experimentalThe ID of the scope that a settings object is persisted on. This corresponds to the 'scope' field/parameter in the Settings API. |
|
Entity fields for Davis events.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| string[] | stableA list of all entities that are directly affected. Each element in the list represents a unique entity. |
|
| string[] | stableA distinct list of entity types corresponding to the entities listed in 'affected_entity_ids'. The order of elements in this list does not necessarily correspond to the order of entity ids. |
|
| smartscapeId | resource stableA Smartscape ID that can be used to query entities from the Smartscape storage. |
|
| string[] | stableA list of entity tags that were assigned to the affected entities at the time of event creation. |
|
| string[] | experimentalA list of all entities that are related to the affected entities. Each element in the list represents a unique entity. |
|
Smartscape fields for Davis events.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| record[] | experimentalA list of all Smartscape nodes that are directly affected. Each element in the list represents a unique Smartscape node and contains the node's Smartscape ID, type, and name. |
|
| record[] | experimentalA list of all Smartscape nodes that are related to the affected Smartscape nodes. Each element in the list represents a unique Smartscape node and contains the node's Smartscape ID, type, and name. |
|
Synthetic fields for Davis events.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| string | resource stableAn entity ID of an entity of type SYNTHETIC_LOCATION.Tags: |
|
| array | experimentalNames of missing Synthetic location capabilities. |
|
| array | experimentalRequest target addresses with DNS record type or TCP port number. |
|
| array | experimentalIDs of synthetic monitor or steps. |
|
Every Davis problem update is exported to Grail. This includes updates that only refresh the problem, which is guaranteed to be at least 1 update every 6 hours.
Problems in Dynatrace represent anomalies in normal behavior or state. Such anomalies can be, for example, a slow service response or user-login process. Whenever a problem is detected, Dynatrace raises a specific problem event indicating such an anomaly.
Raised problems provide insight into their underlying root causes. To identify the root causes of problems, Dynatrace follows a context-aware approach that detects interdependent events across time, processes, hosts, services, applications, and both vertical and horizontal topological monitoring perspectives. Only through such a context-aware approach is it possible to pinpoint the true root causes of problems. For this reason, newly detected anomalous events in your environment won't necessarily result in the immediate raising of a new problem.
Query davis problems.
fetch dt.davis.problems
Searches for all unique Davis problems and return status, title and the display id.
fetch dt.davis.problems| filter not(dt.davis.is_duplicate)| fields id=display_id, title=event.name, status=event.status
Searches for all currently active, unique Davis problems and return status, title and the display id.
fetch dt.davis.problems| filter not(dt.davis.is_duplicate)| filter event.status == "ACTIVE"| fields id=display_id, title=event.name, status=event.status
Search for details of a specific problem with a given display id.
fetch dt.davis.problems| filter not(dt.davis.is_duplicate)| filter display_id == "P-12345678"| fields id=display_id, title=event.name, status=event.status
Count the total number of active problems in the last hour.
fetch dt.davis.problems, from:-1h| filter not(dt.davis.is_duplicate)| filter event.status == "ACTIVE"| summarize active_problem_count = count()
Chart the number of currently active problems over the last 24 hours.
fetch dt.davis.problems, from:-24h| filter event.status == "ACTIVE"| makeTimeseries active_problems = count(), interval:1h, spread: timeframe(from:event.start, to:coalesce(event.end, now()))
Shows the logs of all entities affected by the problem 'P-12345678'.
fetch logs| filter dt.source_entity in [fetch dt.davis.problems| filter display_id == "P-12345678"| fields affected_entity_ids]
General event information.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| duration | experimentalA time duration that defines one end of the analysis window relative to |
|
| string | stableStandard categorization based on the significance of an event (similar to the severity level in the previous Dynatrace). |
|
| string | stableA description of the problem. The problem description contains the different event descriptions from the events of the problem. |
|
| string | stableThe problem end timestamp in UTC (given in Grail preferred Linux timestamp nano precision format). |
|
| string | stableUnique identifier string of a problem, is stable across refreshes and updates. |
|
| string | stableGives high-level information about what kind of information the event contains without being specific about the contents of the event. It helps to determine the record type of a raw event.Tags: |
|
| string | stableThe human readable display name of an event type. |
|
| long | experimentalProblem severity is the minimum value (maximum severity) across all events in the problem. |
|
| string | stableThe problem start timestamp in UTC (given in Grail preferred Linux timestamp nano precision format). This is different from the timestamp even for the first record, as event sources require some time to analyze the underlying data, so the time when a problem update is created (timestamp) differs from the time when the event started (event.start). The problem start time is set to the start time + analysis offset of the earliest event in the problem. For problems created based on a sliding window with enough violating slots, |
|
| string | stableStatus of an event as being either Active or Closed. |
|
| string | experimentalAn enum that shows the transition of the above event state. |
|
| timestamp | stableThe time (UNIX Epoch time in nanoseconds) when the event originated, typically when the source created it. If no original timestamp is available, it will be populated at ingest time and required for all events. In the case of a correlated event (for example, ITIL events), this time could be different from the event.start time, as this time represents the actual timestamp when the "update" for the event was created. |
|
Fields that the Davis routine sets.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| string | stableA pretty, mostly unique id for the problem. |
|
| boolean | experimentalIndicates whether problem analysis has progressed enough for follow‑up actions. When true, initial analysis results are available, and it is a suitable point to trigger actions like notifications, automation, or integrations. This is the exact moment when classic problem notifications start being sent. This property does not mean the problem will remain unchanged. Problem details may still evolve during the analysis's lifecycle. You can adjust the speed of analysis progresses by setting the | |
| long | experimentalThe estimated count of users affected by the problem for the application with the highest individual impact. | |
| string[] | stableA collection of Davis event ids that belong to the problem. |
|
| string | stableLists all impact levels observed in the events contributing to the problem. Identifies the affected system layers and helps estimate potential end‑user impact. For example, if a problem contains events with impact levels |
|
| boolean | stableIndicates if the problem has become a duplicate of another problem. Duplicates can be related by looking for event ids that are part of multiple problems. | |
| timestamp | stableTimestamp in UTC (given in Grail preferred Linux timestamp nano precision format) when the problem has reopened the last time. A reopen can occur when a problem has resolved, but is not yet closed. If Davis causal AI identified a new event that should be part of the problem, the problem reopens. The field is not set if the problem never reopened. | |
| string | stableStatus describing if the problem is muted. It is also set to muted when the problem is manually closed. |
|
| string | stableUser id of the user who muted the event. |
|
| duration | experimentalRepresents a stepped duration marker indicating how long a problem has been open. The value is one of the fixed thresholds: 5 min, 10 min, 15 min, 30 min, 60 min, 2 h, 4 h, 24 h, or 7 days. This field is only updated while the problem remains open and is calculated based on event.start. Note that if a backdated event is ingested, the marker may skip directly to a higher threshold value. |
|
| string[] | experimentalIDs of duplicate problems that were merged into this problem. |
|
| string[] | **deprecatedAlerting profiles, previously used to filter problems, have been deprecated. Use DQL to query problem properties directly, and simple workflows to handle notifications instead. To replicate event filtering without joins in DQL, configure problem field settings to propagate relevant event fields to problems.**A list of alerting profiles that match the problem at the current time. |
|
| boolean | stableIndicates if the problem is within a maintenance window. | |
| duration | stableFinal duration of the problem in nanoseconds after it was resolved. |
Information on entities.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| string[] | stableA list of all entities that are directly affected. Each element in the list represents a unique entity. |
|
| string[] | experimentalA list (in entity ID order) of the names of all entities that are directly affected. Each element in the list represents a unique entity. |
|
| string[] | stableA distinct list of entity types corresponding to the entities listed in 'affected_entity_ids'. The order of elements in this list does not necessarily correspond to the order of entity ids. |
|
| string[] | stableA combined list of all Davis event entity tags. |
|
| string[] | experimentalA list of all entities that are related to the affected entities. Each element in the list represents a unique entity. |
|
| string[] | experimentalA list (in entity ID order) of the names of all entities that are related to the affected entities. Each element in the list represents a unique entity. |
|
| string | stableThe problem root cause entity. |
|
| string | stableThe name of the problem root cause entity at the time when the problem snapshot was created. |
|
| Attribute | Type | Description | Examples |
|---|---|---|---|
smartscape.affected_entities | record[] | experimental A list of all Smartscape nodes that are directly affected. Each element in the list represents a unique Smartscape node and contains the node's Smartscape ID, type, and name. | [{'id': 'HOST-1234567890ABCDEF', 'type': 'host', 'name': 'host-worker-097801ab8728e690a'}] |
smartscape.affected_entity.ids | smartscapeId[] | **deprecated This field is deprecated and will be removed in the future. Instead, use 'smartscape.affected_entities', which provides more detailed information about the affected Smartscape nodes.** A distinct list of all Smartscape IDs that are directly affected. Each element in the list represents a unique Smartscape node. | ['HOST-1234567890ABCDEF'] |
smartscape.affected_entity.types | string[] | **deprecated This field is deprecated and will be removed in the future. Instead, use 'smartscape.affected_entities', which provides more detailed information about the affected Smartscape nodes.** A distinct list of Smartscape types corresponding to the Smartscape IDs listed in 'smartscape.affected_entity.ids'. The order of elements in this list does not necessarily correspond to the order of IDs. | ['host', 'service'] |
smartscape.related_entities | record[] | experimental A list of all Smartscape nodes that are related to the affected Smartscape nodes. Each element in the list represents a unique Smartscape node and contains the node's Smartscape ID, type, and name. | [{'id': 'HOST-1234567890ABCDEF', 'type': 'host', 'name': 'host-worker-097801ab8728e690a'}] |
smartscape.related_entity.ids | smartscapeId[] | **deprecated This field is deprecated and will be removed in the future. Instead, use 'smartscape.related_entities', which provides more detailed information about the affected Smartscape nodes.** A distinct list of all Smartscape IDs that are related to the affected Smartscape IDs. Each element in the list represents a unique Smartscape node. | ['HOST-1234567890ABCDEF'] |
smartscape.related_entity.types | string[] | **deprecated This field is deprecated and will be removed in the future. Instead, use 'smartscape.related_entities', which provides more detailed information about the affected Smartscape nodes.** A distinct list of Smartscape types corresponding to the Smartscape IDs listed in 'smartscape.related_entity.ids'. The order of elements in this list does not necessarily correspond to the order of IDs. | ['host', 'service'] |
smartscape.rootcause_entity | record | experimental The Smartscape node identified as the root cause of a problem. Contains the node's Smartscape ID, type, and name. | {'id': 'HOST-1234567890ABCDEF', 'type': 'host', 'name': 'host-worker-097801ab8728e690a'} |
Commenting on problems works via annotation events. They are persisted in Grail as point-in-time events (start equals end) of kind DAVIS_EVENT.
Comments support Markdown syntax and can have an optional annotation URL.
Search for problem comments for the specific problem 3417369641984270933_1773273960000V2.
fetch dt.davis.events.snapshots, from: "2026-03-12T10:17:53.560Z", to: now()| filter event.type == "CUSTOM_ANNOTATION" and in(annotation.problem_ids, "3417369641984270933_1773273960000V2")and isNotNull(annotation.id) and isNotNull(annotation.problem_ids) and isNotNull(annotation.source) and isNotNull(event.name)| fields annotation.id, annotation.problem_ids, annotation.user_id, event.name, event.start, event.description, annotation.source, annotation.url| dedup annotation.id, sort: { event.start desc }| filter isNotNull(event.description)| sort event.start desc
General event fields for problem comments.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| string | stableThe comment text in Markdown format. Up to 10,000 characters. A null value is considered as a deleted comment. |
|
| string | stableThis field must be set to DAVIS_EVENT for comments.Tags: |
|
| string | stableThe link label for the annotation.url. |
|
| string | stableThe comment timestamp in UTC (UNIX Epoch time in nanoseconds). If not set, the current timestamp is used. |
|
| string | stableThis field must be set to CUSTOM_ANNOTATION for comments.Tags: |
|
Specific annotation fields for problem comments.
| Attribute | Type | Description | Examples |
|---|---|---|---|
| string | experimentalThe unique ID of the comment (required). Can be any arbitrary string (like a UUID); the format does not matter. Only the latest comment for a given ID will be shown. To edit or delete, use the ID of an existing comment. |
|
| string[] | experimentalThe reference to one or more problems (required). |
|
| string | experimentalThe source of the comment (required). Must be set by the event provider. |
|
| string | experimentalThe external URL to a third-party integration (optional), for example, a link to a ticket in your issue tracker. The event.name will be used as the label for the URL. |
|
| string | experimentalThe UUID of the user writing the comment (optional). Automatically provided by the system. Will be discarded if provided by the source. |
|