Execute queries

You can define and execute your Dynatrace Query Language (DQL) queries in the query input section.

query input

Query node behavior

Once you execute a query, a query node is added to the query tree with its result. If you rerun the query without modifying it, the result is updated without creating a new node. For details, see Navigate the query tree.

Revert query

If you modify a query and are unhappy with the result, you can revert it to the original state by selecting in the upper-right corner of the query input before executing it.

Increase the number of returned records

By default, the limit for the returned records is 1,000. To increase the maximum number of records per query, go to App settings in the upper-right of Security Investigator and select one of the available options in Set max record limit. Your settings will persist in all of your subsequent queries until you change them again. As an alternative, you can use the limit command in your DQL query.

Changing the limit has an impact on your DDU consumption and query execution time.

Specify timeframe

The query uses the timeframes you have defined for your DQL query or in the timeframe selector next to Run. If you don't specify any timeframe, the default (-2h) is used, which fetches logs from the last two hours. For details, see Define timeframes.

Combine functionalities

You can combine DQL query execution with other functionalities. For example, you can

Add fields to the query

You can add a field from the records details window to the query.

  1. Double-click to open the record details window.

  2. Hover over a field, then right-click and select Add field.

    This modifies the current query and adds the fieldsAdd command to the query input.

Add field to query input

When dealing with complex types, you can extract new fields from complex objects like records from the record details window to the query.