Use segments with Anomaly Detection custom alerts

  • Latest Dynatrace
  • How-to guide
  • 6-min read
  • Published Apr 17, 2026

Segments are a type of reusable, preconfigured DQL filters that allow you to narrow the scope of your query. When you use segments with Anomaly Detection - new Anomaly Detection custom alerts, you select a specific subset of your data to be alerted on (like clusters or regions), which helps you improve the accuracy, precision, and maintainability of your detectors.

Before you begin

Prior knowledge

Prerequisites

  • Dynatrace SaaS environment
  • storage:filter-segments:write and storage:filter-segments:read permissions. To learn how to set up the permissions, see Permissions in Grail.

Apply segments to a custom alert

  1. Go to Settings Settings > Environment segmentation >Segments Segments and verify whether the segment you want to use (for example, payments-eu or us-east-prod) already exists and includes the necessary filters.

    • If it doesn't exist, create your own segment: select Segments, and then select all the filters you need.

  2. Go to Anomaly Detection - new Anomaly Detection and select the existing detector to edit it and apply a segment, or create a new anomaly detector.

    • To create a new anomaly detector, select New alert > Create your own custom alert.

  3. Expand Set scope on the Simple or Advanced tab.

  4. In Segments, choose one or more segments you want to filter by.

  5. In Query, provide the DQL query to fetch your data.

    Don't duplicate filters that are already covered by segments you've selected. Segment filters are automatically applied to your query during execution.

  6. Expand Define alert condition, then select Preview to verify that the segments have been applied to your query.

Why use segments for custom alert

Using segments in custom alerts has the following benefits:

  • Reusability and simplified management: once you define a segment, you can apply it to multiple custom alerts and dashboards instead of repeatedly creating identical filters. In addition, managing common filters via segments reduces maintenance and helps to unify configuration across multiple anomaly detectors.

    For example, suppose you need to use the tag.owner = "payments" filter in multiple anomaly detectors. You can create a segment for the tag.owner filter and reuse it. If the ownership changes, you can edit the segment, and all alerts that use it will automatically reflect the change.

  • Clean query configuration: by using segments as a scope definition, you can keep your configuration query focused on timeseries and aggregation operations and avoid long and cluttered DQL. It also helps you to separate supplementary scope-defining operations from the main operations performed by your anomaly detector.

    For example, suppose you need to create an anomaly detector that calculates the error rate for a specific region. Instead of including region filters directly in your query, you can apply a US-EAST segment for region filtering. You can then reuse the same query for other regions by switching segments.

  • Reduced number of false alerts: by using segments, you can limit an anomaly detector's scope to a responsible team, region, or environment and reduce false positives while improving accuracy.

  • Optimized anomaly detectors performance: by using segments to dynamically filter across multiple log buckets, you can minimize scanned data and optimize the performance of your anomaly detectors.

Learn more

To learn additional methods of improving the accuracy and optimizing your anomaly detector configuration and segment usage, see the following guides:

Related topics

Related tags
Dynatrace PlatformAnomaly Detection - newAnomaly Detection