Execute queries

You can define and execute your Dynatrace Query Language (DQL) queries in the query input section.

Query node behavior

When you create a DQL query or update the DQL query content, not just its format, a new node is created to the query tree. For example, adding comments or line breaks to your query won't create a new node; they only modify the format.

Revert query

If you modify a query and are unhappy with the result, you can revert it to the original state by selecting in the upper-right corner of the query input before executing it.

Run query in the same node

If you write a query and want to fix mistakes, test something specific, or simply to avoid creating too many nodes, you can execute the query without creating a new node by selecting Run and overwrite node in the menu next to Run.

Increase the number of returned records

By default, the limit for the returned records is 1,000. To increase the maximum number of records per query, go to App settings in the upper-right of Security Investigator and select one of the available options in Set max record limit. Your settings will persist in all of your subsequent queries until you change them again. As an alternative, you can use the limit command in your DQL query.

Specify timeframe

The query uses the timeframes you have defined for your DQL query or in the timeframe selector next to Run. If you don't specify any timeframe, the default (-2h) is used, which fetches logs from the last two hours. For details, see Define timeframes.

Combine functionalities

You can combine DQL query execution with other functionalities. For example, you can

Add fields to the query

You can add a field from the records details window to the query.