The following fields can be used in IAM policies that control read permissions of data stored in Grail, such as logs, metrics, spans, events and bizevents. See list of Grail read permissions.
| Attribute | Type | Description | Examples |
|---|---|---|---|
aws.account.id | string | resource stable The 12-digit number, such as 123456789012, that uniquely identifies an AWS account. Tags: permission primary-field | 123456789012 |
azure.resource.group | string | resource stable A resource group is a container that holds related resources for an Azure solution. Tags: permission primary-field | demo-backend-rg |
azure.subscription | string | resource stable An Azure subscription is a logical container used to provision resources in Azure. Tags: permission primary-field | 27e9b03f-04d2-2b69-b327-32f433f7ed21 |
dt.host_group.id | string | resource stable See Organize your environment using host groups. Note that host groups are identified by their name, not by the entity ID of the host group entity. For details on the entity ID, see dt.entity.host_group.Tags: permission primary-field | myHostGroup |
dt.security_context | string | resource stable The security context is used in access permissions to limit the visibility. Learn more about the Dynatrace permission model Tags: permission | |
event.kind | string | stable Gives high-level information about what kind of information the event contains without being specific about the contents of the event. It helps to determine the record type of a raw event. Tags: permission | INFRASTRUCTURE_EVENT; DAVIS_EVENT; BIZ_EVENT; RUM_EVENT; AUDIT_EVENT; BILLING_USAGE_EVENT |
event.provider | string | stable Source of the event, for example, the name of the component or system that generated the event. Tags: permission | OneAgent; K8S; Davis; VMWare; GCP; AWS; LIMA_USAGE_STREAM |
event.type | string | stable The unique type identifier of a given event. Tags: permission | ESXI_HOST_MEMORY_SATURATION; PROCESS_RESTART; CPU_SATURATION; MEMORY_SATURATION; Automation Workflow; AppEngine Functions - Small |
frontend.name | string | stable The frontend name determined at ingest. Tags: permission | my_frontend |
gcp.project.id | string | resource stable Identifier of the GCP project associated with this resource. Tags: permission primary-field | dynatrace-gcp-extension |
host.name | string | resource experimental The host name as determined on the data source (for instance, OneAgent, extensions or OpenTelemetry). Important: This is not the name of the host entity, which can be modified based on naming rules. Tags: permission | ip-10-178-54-32.ec2.internal |
k8s.cluster.name | string | resource stable The user-defined name of the cluster in Dynatrace. Doesn't need to be unique or immutable. Tags: permission primary-field | unguard-dev; acme-prod10 |
k8s.namespace.name | string | resource stable The name of the namespace that the pod is running in. Tags: permission primary-field | default; kube-system |
log.source | string | stable Human-readable attribute that identifies a log stream. Tags: permission | /var/log/messages; Windows Event Log; Docker Container Output; stdout |
metric.key | string | stable The identifier of a metric, grouping numeric measurements that share the same measurement semantics (i.e. were measured "the same way".) Tags: permission | dt.host.cpu.usage |