Investigations

Latest Dynatrace
App

About the app

What you'll learn

Define and execute queries while combining functionalities.
Search for relevant log information.
Grasp structured information from log records.
Extract fields and get instant feedback on patterns.
Track your path, navigate to previous steps, view your investigation history.
Define the time range for your data queries.
Attach relevant findings as evidence, while preserving the investigation context.
Add reputation context to IP addresses with IP enrichment powered by third-party threat intelligence.
Collaborate with peers on investigations using controlled access.
Interact with compatible apps for further insights.
Create and use lookup tables to enrich investigations with contextual data.

Target audience

Investigations Investigations supports a wide range of evidence-driven investigations, empowering users to explore, analyze, and resolve complex scenarios — across security, operations, compliance, and fraud.

It's ideal for:

Incident response
Root cause analysis
Threat hunting
Fraud investigations
Data forensics

Investigations Investigations is designed for anyone who needs to investigate and act on data with precision and context — including security analysts, SREs, DevOps engineers, operations teams, internal auditors, and more.

Prerequisites

To investigate ingested logs, you need to set up log ingestion.
Permissions: For a list of permissions required, go to Hub, select Investigations, and display Technical information.
Basic knowledge of
- Dynatrace Query Language (DQL)
- Dynatrace Pattern Language (DPL)

Investigations Investigations is designed to streamline evidence-driven investigations on data in Grail — whether you're resolving incidents, analyzing root causes, or conducting threat or fraud investigations, by

Eliminating manual, repetitive tasks
Providing contextual enrichment without tool-switching
Offering fast, detailed access to your data
Enhancing user experience for quick issue identification

It features assisted functionalities and automations to expedite and support investigation resolution, leveraging logs, metrics, and traces ingested into Grail.

View your whole investigation flow as you go along with the ability to always jump back to the previous step of the investigation.

Detailed view of the record shows all record fields at once; you can drill down to the details of the field or move between records.

Use the data in results with the character precision: you can create new evidence of DQL filters by selecting a portion of the field.

Manipulate evidence and filter with multiple values at once: you can select the range of IPs and create a DQL filter based on the values.

1 of 4

To get started and create your first investigation scenario, open Investigations Investigations and select Investigation.

Try Investigations and share your feedback to help us improve.

Learning modules

01Execute queries

How-to guide
Run investigations using Dynatrace Query Language in Investigations.

02Filter logs

How-to guide
Narrow down data to relevant entries in Investigations.

03Extract fields with DPL Architect

How-to guide
Pull specific data points from logs in Investigations.

04Manage time

How-to guide
Adjust time ranges for data analysis and event correlation in Investigations.

05Manage results

How-to guide
Organize and interpret query outputs across investigations --- from performance analysis to threat detection.

06Manage the query tree

How-to guide
Visualize and structure complex queries in Investigations.

07Manage evidence

How-to guide
Collect and preserve investigation artifacts in Investigations.

08Manage investigations

How-to guide
Share, duplicate, and control access to investigations across teams in Dynatrace Investigations.

09Manage templates

How-to guide
Reuse common queries and workflows in Investigations.

10Accelerate root cause analysis

How-to guide
Identify causes faster and smarter in Investigations.

11Collaborate with other apps

How-to guide
Share insights and integrate Investigations with other Dynatrace apps and tools for deeper analysis.

Threat hunting and forensics

Search for indicators of compromise (IoC) and perform forensic investigations and threat hunting activities.

Threat hunting and forensics

Resolve incidents faster with templates

Speed up your log-related investigations with Investigations templates.

Resolve incidents faster with Investigations templates

Speed up incident response with reference time

Enhance your log-related investigations with Investigations's reference time.

Speed up incident response with Dynatrace Investigations reference time

Operationalize DQL query results

Build DQL queries from your query results faster and more conveniently with Investigations Investigations.

Operationalize DQL query results with Investigations

Analyze AWS CloudTrail logs

Analyze CloudTrail logs and find potential security issues with Investigations Investigations.

Analyze AWS CloudTrail logs with Investigations

Analyze Amazon API Gateway access logs

Monitor and identify errors in your Amazon API Gateway access logs with Investigations Investigations.

Analyze Amazon API Gateway access logs with Investigations

Detect threats against your AWS Secrets

Monitor and identify potential threats against your AWS Secrets with Investigations Investigations.

Detect threats against your AWS Secrets with Investigations

Browse through some of the most relevant topics to get you started with Investigations Investigations.

Videos

Blogs

Dynatrace University tutorials

Dynatrace Community articles

Dynatrace Investigations sneak peek:

Dynatrace Investigations
Observability forensics: Finding the unknown in logs, metrics, and traces:

Finding the Unknown in Logs, Metrics, and Traces
Insights into DPL Architect:

Additional insights into DPL Architect
Elevate security with Dynatrace Anomaly Detection:

Elevating Security with Dynatrace Anomaly Detection