Execute queries
You can define and execute your Dynatrace Query Language (DQL) queries in the query input section.
Query node behavior
Once you execute a query, a query node is added to the query tree with its result. If you rerun the query without modifying it, the result is updated without creating a new node. For details, see Navigate the query tree.
If you modify a query and are unhappy with the result, you can revert it to the original state by selecting in the upper-right corner of the query input before executing it.
Increase the number of returned records
By default, the limit for the returned records is 1,000. To increase the maximum number of records per query, go to App settings in the upper-right of Security Investigator and select one of the available options in Set max record limit. Your settings will persist in all of your subsequent queries until you change them again. As an alternative, you can use the limit
command in your DQL query.
Changing the limit has an impact on your DDU consumption and query execution time.
Specify timeframe
The query uses the timeframes you have defined for your DQL query or in the timeframe selector next to Run. If you don't specify any timeframe, the default (-2h
) is used, which fetches logs from the last two hours. For details, see Define timeframes.
Combine functionalities
You can combine DQL query execution with other functionalities. For example, you can
-
Insert preset patterns from DPL Architect into your queries. For details, see Extract fields with DPL Architect.
-
Open a query in another app and continue your investigation from there. For details, see Collaborate with other apps.
-
Enhance DQL queries by adding filters directly from your query results or from the evidence lists. For details, see Filter logs.
Add fields to the query
You can add a field from the records details window to the query.
-
Double-click to open the record details window.
-
Hover over a field, then right-click and select Add field.
This modifies the current query and adds the
fieldsAdd
command to the query input.
When dealing with complex types, you can extract new fields from complex objects like records from the record details window to the query.