You can define and execute your Dynatrace Query Language (DQL) queries in the query input section.
When you create a DQL query or update the DQL query content, not just its format, a new node is created to the query tree. For example, adding comments or line breaks to your query won't create a new node; they only modify the format.
If you modify a query and are unhappy with the result, you can revert it to the original state by selecting in the upper-right corner of the query input before executing it.
If you write a query and want to fix mistakes, test something specific, or simply to avoid creating too many nodes, you can execute the query without creating a new node by selecting Run and overwrite node in the menu next to Run.
By default, the limit for the returned records is 1,000. To increase the maximum number of records per query, go to App settings in the upper-right of Security Investigator and select one of the available options in Set max record limit. Your settings will persist in all of your subsequent queries until you change them again. As an alternative, you can use the limit
command in your DQL query.
Changing the limit has an impact on your DDU consumption and query execution time.
The query uses the timeframes you have defined for your DQL query or in the timeframe selector next to Run. If you don't specify any timeframe, the default (-2h
) is used, which fetches logs from the last two hours. For details, see Define timeframes.
You can combine DQL query execution with other functionalities. For example, you can
Insert preset patterns from DPL Architect into your queries. For details, see Extract fields with DPL Architect.
Open a query in another app and continue your investigation from there. For details, see Collaborate with other apps.
Enhance DQL queries by adding filters directly from your query results or from the evidence lists. For details, see Filter logs.
You can add a field from the records details window to the query.
Double-click to open the record details window.
Hover over a field, then right-click and select Add field.
This modifies the current query and adds the fieldsAdd
command to the query input.
When dealing with complex types, you can extract new fields from complex objects like records from the record details window to the query.