Explore data

Latest Dynatrace

Dynatrace Dashboards and Notebooks offer the following options for exploring your data:

  • Use Davis CoPilot and natural language to access data stored in Grail.
  • Get started with our Explore interface for data types such as logs, metrics, and events.
  • Advance with DQL to leverage the full power of Grail.

Natural language questions

You can create a notebook section or dashboard tile using Davis CoPilot to translate your natural language questions into DQL queries.

Davis CoPilot in your dashboard

To create a dashboard tile using Davis CoPilot

  1. Go to Dashboards Dashboard and open or create a dashboard you can edit.

  2. Open the Add menu and select Davis CoPilot.

    • A new Davis CoPilot dashboard tile is created
    • A panel on the right displays:
      • An empty tile title field you can customize
      • A prompt box followed by some examples you can select to try
      • A Run button

  3. optional At the top of the prompt definition panel, enter a tile title.

  4. In the prompt box, type a prompt. Try average cpu usage percentage by host or see the examples displayed in the web UI for inspiration.

  5. optional If your prompt doesn't specify a timeframe, you can still specify it for the dashboard in your dashboard header (default is Last 2 hours) or the Custom timeframe settings (for a tile-specific timeframe).

  6. Select Run. Davis CoPilot generates and runs the query for you.

  7. Review the results.

    • To review the query, expand DQL under the prompt box.
    • optional You can't edit the query directly in CoPilot, but you have two options for reusing it:
      • Copy the query and paste it elsewhere manually.
      • Open the menu in the tile header and select Create DQL tile to create a DQL tile from this query.
    • You can edit your original prompt and run it to update the query and results.
      If you refresh your dashboard, the Dashboards app will first check if any prompts have been edited.
      • If a prompt has been edited, the DQL will first be regenerated and then run.
      • If no prompts have been edited, the existing generated DQL will simply be run.

  8. optional Select the Visual tab to change the visualization (refer to the visualization-specific documentation for more information).

Davis CoPilot in your notebook

To create a notebook section using Davis CoPilot

  1. Go to Notebooks Notebooks and open or create a notebook you can edit.

  2. Open the Add menu and select Davis CoPilot. A new Davis CoPilot notebook section is created with an empty prompt box.

  3. In the prompt box, type a prompt. Try average cpu usage percentage by host or see the examples displayed in the web UI for inspiration.

  4. optional If your prompt doesn't specify the timeframe, you can still specify it in your section header. The default is Last 2 hours.

  5. Select Run. Davis CoPilot generates and runs the query for you.

    optional If you want to see the generated query before running it, open the menu next to the Run button and select Generate DQL only.

  6. Review the results.

    • You can review the query by expanding DQL on the right.
    • optional You can't edit the query directly in CoPilot, but you have two options for reusing it:
      • Copy the query and paste it elsewhere manually.
      • Open the menu in the section header and select Create DQL section to create a DQL section from this query.
    • You can edit your original prompt, regenerate the query, and run it to update the results.
      If you select Rerun sections, the Notebooks app will first check if any prompts have been edited.
      • If a prompt has been edited, the DQL will first be regenerated and then run.
      • If no prompts have been edited, the existing generated DQL will simply be run.

  7. optional Select the Options in the section header to change the visualization (refer to the visualization-specific documentation for more information).

    To have Dynatrace automatically select a visualization for your query, turn on Auto select in the upper-right corner of your visualization settings pane.

    • If you manually select a different visualization, the Auto select switch will turn off.
    • To have Dynatrace once again automatically select a visualization, turn Auto select back on.

Get started with Explore sections and tiles

To explore logs, metrics, or business events with our point-and-click interface

  1. In your document, open the Add menu and select Logs, Metrics, or Business Events.

    The layouts differ slightly between Dashboards and Notebooks to suit the different contexts, but the functionality is the same.

  2. Use the displayed elements to define your exploration.

    In this example, we focus on Logs. By default, the filter field and a default limit of 20 is added.

    • Click into the filter field and, for example, select content as a field from the list of suggested fields.

    • Add an operator and a search string right after. Read more on how the filter field works in the dedicated documentation.

      Operator
      Description
      =
      The content equals the filter value you enter
      !=
      The content does not equal the filter value you enter
      in
      The content includes the filter value you enter
      not in
      The content does not include the filter value you enter

      Note: Combining = with a wildcard in before *, after, or both, before your search term will resolve to a starts with, ends with, or contains filter respectively.

    • The on the bottom of the definition opens a menu of additional commands you can add.

    • Select any remove filter in the definition to remove the element that comes before the remove filter. If you remove an element and then change your mind, you can use to select it from the menu and add it back to your definition.

  3. Select Run to test it and see your results.

    Default for logs

When you need to further advance with Grail to cover more complex use cases, you can create a DQL dashboard tile or notebook section from it. The result of this step is equivalent to opening the menu, selecting DQL, and writing a DQL query without this web UI assistance. Then you can edit the DQL directly as needed, and you're free to delete the exploration version if you no longer need it.

  • In Dashboards, open the menu and select Create DQL tile
  • In Notebooks, open the menu and select Create DQL section

Explore logs

This exploration functionality is the same in the Dashboards and Notebooks apps. We use Notebooks in this example.

  1. Open the Notebooks app and select Notebook in the app header to create a new document.

  2. In the empty document, open the Add menu and select Logs.

  3. Inspect the results (initially, results are automatically fetched).

    Done. You have fetched the first 20 log lines with just a few clicks.

    But with no filters set—no selections for content, status, or limit—it shows the first 20 log records (the default for Limit). To make your result more useful, you need to filter it.

    The default settings look like this:

Filter by log.source

Starting from the previous example, let's add a log.source filter to return only those logs where the log.source field contains a certain string.

To do this, we need to specify

  • A field, in this case log.source, in the filter
  • A desired operator, such as =
  • A filter value (a string that needs to occur somewhere in the log.source field)

  1. Insert your cursor in the filter field and start typing log.source, or search for it via the search at the top of the suggestions, and select it.

  2. Add = as an operator by either selecting it from the suggestions from the auto complete or by typing it.

  3. Enter the string you want to search for.

    For this example, enter oneagent to get all logs where the log.source field contains oneagent.

  4. Add * a wildcard before and after your filter term such that the results are restricted to logs where the log.source field contains oneagent instead of only considering exact matches.

  5. Select Run and inspect the results.

    Filter by log.source

Filter by content

Starting from the previous example, let's add a content filter to focus on logs where the content contains the string crash (and, because we are starting from the previous settings, where the log.source field contains oneagent).

  1. Insert your cursor in the filter field immediately after the previously added log.source filter and either select content from the suggested fields or type it in.

  2. Add = as an operator by either selecting it from the suggestions from the auto complete or by typing it.

  3. Enter the string you want to search for.

    If you are using Dashboards, you can also reference existing variables by entering a $ sign and selecting the desired variable. In this example, we are looking for logs that contain the string crash somewhere in the content, so enter crash.

  4. Add * a wildcard before and after your filter term such that the results are restricted to logs where the content field contains crash instead of only considering exact matches.

  5. Select Run and inspect the results.

    Now the results are restricted to logs where the log.source field contains oneagent and the content contains the string crash. If you want to search for all occurrences where either one or the other filter applies, add an OR between the two filters.

    Filter by content

Filter by status

Starting from the previous example, let's add a status filter to focus on logs that contain status strings (and, because we're building on the previous settings, where the log.source field contains oneagent and the content contains the string crash).

  1. Insert your cursor in the filter field immediately after the previously added content filter and either select status from the suggested fields or type it in.
  2. Add in as an operator by either selecting it from the suggestions or by typing it.
  3. Enter all statuses you want to filter by. Either use the value suggestions provided or type them in, separated by commas.
  4. Select Run and inspect the results.

Sort results

To sort your results

  1. Select and then select Sort from the Available commands.
  2. After you select sort, use the Sort by menu to select the field you want to sort by, and to choose whether you want the results in ascending or descending order.

Summarize results

To summarize your results

  1. Select and then select Summarize from the Available commands.
  2. After you select summarize, specify how you want to summarize the results.

Convert to timeseries

You can convert log-based events to a timeseries format appropriate to be visualized with graph visualizations. This is done by counting occurrences of fields specified for each timeslot.

To can convert log-based events to a timeseries format

  1. Select and then select Convert to timeseries from the Available commands.
  2. After you select Convert to timeseries, use the dropdown menu to select the field you want to count the occurences of the logs by. The time slots are automatically adjusted to the timeframe selected on top of the dashboard or for the respective section in a notebook.

Limit results

To change the limit of your results, change the value of Limit to the maximum number of records you want to return.

Explore metrics

Add

This exploration functionality is the same in the Dashboards and Notebooks apps. We use Notebooks in these examples.

  1. Open the Notebooks app and select Notebook in the app header to create a new notebook.

  2. In the empty notebook, open the Add menu and select Metrics.

  3. Use the metric selector to select the metric you want to explore.

    Select a metric initial state

    For example, if you want to explore a metric for Kubernetes workloads, you can search for the string or use the menu to find what you want.

    In this example, we searched for cpu usage and selected the best match.

    Search for a string and select a metric

    In this example, we used the menu to find All > Infrastructure > CPU and then selected the best match.

    Navigate the menu to select a metric

    Additional options are displayed after you select a metric.

    Additional options

  4. Select Run to see what we have so far.

    Without making any additional settings, we get this line chart of the metric average over time.

    Explore metrics - metric selected

  5. To add another metric, select and then Metric.

    Add metric

Hide or show

To hide a metric from the result, open the menu for that metric and select Hide. This removes the metric from the underlying DQL query.

Use this option when you still aren't finished and you want to keep the configurations for potential latter adjustments.

Duplicate

To make a copy of a metric that you have already added, open the menu for that metric and select Duplicate. Edit the copy as needed.

Delete

To remove a metric from your query, open the menu for that metric and select Delete.

Filter

Starting from the previous example, let's add a host.name filter to focus on specific hosts, where the host.name field contains a certain host name.

  1. Insert your cursor in the filter field and either select host.name from the suggested fields or type it in.

  2. Add = as an operator by either selecting it from the auto-complete suggestions or by typing it in.

  3. Enter a host name you want to filter by or use one of the value suggestions provided.

  4. Select Run and inspect the results.

    Filter by host

Note: As an alternative to using auto-enriched fields such as host.name or k8s.pod.name, names and tags are automatically offered as additional filter values for each entity contained in your data. For example, if your data contains the entity dt.entity.host, the two additional fields dt.entity.host.name and dt.entity.host.tags are offered in the field suggestions for you to use as a filter.

Aggregate

To see the same metric by host, we can aggregate on dt.entity.host and then select Run again. Now we get a separate line per host.

Split by host

Limit results

To focus our exploration, we can set a limit on the results returned.

  1. Select and then select Limit from the Available commands. This adds Limit to our available commands.

  2. Set Limit to the maximum number of records we want to return. In this case, we set the limit to 5, and then we ran it again to see the following results.

Compare to previous period

To shift the metric to a previous period and add it for comparison, select and then select Compare to previous period from the Available commands.

This adds a command where you can provide the relative time shift as a numerical value by seconds, minutes, hours, or days.

Default

To replace null values in your timeseries data, select and then select Default from the Available commands.

This adds a command to enter a positive or negative numerical integer value that is used to replace null values.

Rate

To visualize the rate at which a metric is changing, select and then select Rate from the Available commands.

This adds a command to set the rate of the metric to Per Second, Per Minute, Per Hour, or Per Day.

Reduce to single value

To make your results suitable for certain visualizations such as Single value, Table, or Categorical bar chart, select and then select Reduce to single value from the Available commands.

This reduces the timeseries data to a single value over the selected timeframe and adds this as a new column called value that can then be used to properly map the results to your visualization.

Expressions

Add expressions to apply arithmetic based on your selected metrics.

  1. Add the metrics you want to base your expression on.

    For example, to calculate the total capacity of all your disks, we can select:

    • dt.host.disk.used as our first metric, A
    • dt.host.disk.avail as our second metric, B.

  2. Select and then select Expression from the options.

  3. Define your expression by combining references from

    • Defined metrics such as A, B, and C
    • Supported mathematical and logical operators such as +, -, /, *, (, and )

    For example, to calculate the total disk capacity, we simply add both metrics together using A+B

  4. Select Run and inspect the results.

Metric expression

Explore events

This exploration functionality is the same as described for logs.

To start exploring events

  1. Open the Dashboards or Notebooks app and select in an empty notebook or the document header of a dashboard.
  2. Select Events to add a section or tile based on it.
  3. Inspect the results (initially, results are automatically fetched).

Done. You have fetched the first 20 business events with just a few clicks. But with no filters set—no selections for event.description, event.kind, event.name, event.type, or limit—it shows the first 20 events (the default for Limit). To make your result more useful, you need to filter it.

Explore events

Explore business events

This exploration functionality is the same as described for logs.

To start exploring business events

  1. Open the Dashboards or Notebooks app and select in an empty notebook or the document header of a dashboard.
  2. Select Business Events to add a section or tile based on it.
  3. Inspect the results (initially, results are automatically fetched).

Done. You have fetched the first 20 business events with just a few clicks. But with no filters set—no selections for event.provider, event.type, or limit—it shows the first 20 business events (the default for Limit). To make your result more useful, you need to filter it.

Explore Business Events

Filter by event.provider

Let's add an event.provider filter to return only those business events where the event.provider field contains a certain string.

To do this, we need to specify

  • The field you want to filter by
  • The operator that decides how the filter is applied
  • The filter value (a string that needs to occur somewhere in the event.provider field)
  1. Insert your cursor in the filter field and either select event.provider from the suggested fields or type it in.
  2. Add = as an operator by either selecting it from the suggestions or by typing it in.
  3. Enter an event provider you want to filter by.
  4. Select Run and inspect the results.

Now the results are restricted to logs where the event.provider field contains our filter value.

Filter by event.type

Now let's further refine exploration by specifying an event type.

  1. Insert your cursor in the filter field immediately after our previously added event.provider filter and either select event.type from the suggested fields or type it in.
  2. Add = as an operator by either selecting it from the suggestions or by typing it in.
  3. Enter the event type you want to filter by.
  4. Select Run and inspect the results.

Now the results are restricted to business events where the event.provider and event.type match our filter values.

Limit results

To change the limit of your results, change the value of Limit to the maximum number of records you want to return.

Advance with Grail

Whether you're exploring logs, metrics, or business events, you're automatically creating a DQL query that you can view, copy, and use as the basis of more complex queries.

Show DQL

To see the DQL that is created automatically during your exploration with the point-and-click interface, select DQL.

Show DQL for Explore section

Create a Grail query

When you're satisfied with the results but want to advance with more complex DQL commands, you can easily create a standard notebook section or dashboard tile based on it.

  1. Open the menu and select Create DQL section or Create DQL tile

  2. Edit the resulting query section or tile as needed.

  3. If you no longer need the UI-constructed version, you can delete it and just use the duplicate notebook section or dashboard tile with the DQL query.

The result of this step is equivalent to

  1. Open the menu and select DQL.
  2. Write a DQL query (without UI assistance) to do everything you did in the previous examples.

That's what makes this a great tool for beginners and experts.