Events powered by Grail overview (DPS)

  • Latest Dynatrace
  • Overview
  • 5-min read

This page describes the different Events-related capabilities and the features that they provide with a DPS subscription.

For information about how usage of a specific capability translates to consumption of your DPS license commit, see

Dynatrace provides monitoring and reporting of

  • Built-in event types via OneAgent or cloud integrations.

  • Custom events and/or event-ingestion channels. These include

The following event kinds are always billable:

  • Business events

  • SDLC events

  • Custom events, including

    • Security events
    • Davis AI events
    • Kubernetes warning events
    • Generic custom events
    • Customer-defined custom events

The consumption of some built-in event kinds is included with the relevant rate card capability, as described in the table below.

Built-in event kind

Relevant capability

Ingest & Process

Retain1

Query

Davis AI problems and events

Full-Stack Monitoring

Included

First 15 months are included

Included

Kubernetes warning events

Kubernetes Platform Monitoring (KPM)

60 warning events per pod-hour are included

First 15 months are included

Queries generated from within Kubernetes (new) Kubernetes are included

Built-in security events

Runtime Vulnerability Analytics (RVA)

First 3 years are included

First 3 years are included

Queries generated from within Vulnerabilities Vulnerabilities are included

Synthetic events

Digital Experience Monitoring (DEM)

Included

First 35 days are limited included

Included (non-billable):

  • Queries originating from Synthetic apps are limited included for the default retention period of 35 days.
  • For queries originating from Dashboards Dashboards, Notebooks Notebooks, and Workflows Workflows, charges do not apply.
1

Retention beyond the included timeframe is billable as Events powered by Grail - Retain.

Events - Ingest & Process feature overview

Here's what's included with the Ingest & Process data-usage dimension:

Concept

Explanation

Data delivery

Delivery of events via OneAgent, RUM JavaScript, or Generic Event Ingestion API (via ActiveGate)

Topology enrichment

Enrichment of events with data source and topology metadata

Data transformation

  • Add, edit, or drop any business event attribute
  • Perform mathematical transformations on numerical values (for example, creating new attributes based on calculations of existing fields)
  • Extract business, infrastructure, application, or other data from raw business events. This can be a single character, string, number, array of values, or other. Extracted data can be turned into a new field, allowing additional querying, filtering, etc.
  • Mask sensitive data by replacing specific business attributes with a masked string

Data-retention control

Manage data retention periods of incoming events based on bucket assignment rules

Conversion to timeseries

Create metrics from event attributes (note that creating custom metrics generates additional consumption beyond the consumption for ingestion and processing.)

Events - Retain feature overview

Here's what's included with the Retain data-usage dimension:

Concept

Explanation

Data availability

Retained data is accessible for analysis and querying until the end of the retention period. Events retention is defined at the bucket level, ensuring tailored retention periods for specific events.

Retention periods

Choose a retention period

  • 10 days (10 days)
  • 2 weeks (15 days)
  • 1 month (35 days) (this is the default period)
  • 3 months (95 days)
  • 1 year (372 days)
  • 15 months (462 days)
  • 3 years (1,102 days)
  • 5 years (1,832 days)
  • 7 years (2,562 days)
  • 10 years (3,657 days)

Events - Query feature overview

Query data usage occurs when:

  • Submitting custom DQL queries in the Logs & Events viewer in advanced mode.
  • Business Observability Apps (Business Flow, Salesforce Insights, and Carbon Impact)
  • Executing DQL queries in Notebooks, Dashboards, Workflows, Custom apps, and via API.

Here's what's included with the Query data-usage dimension:

Concept

Explanation

On-read parsing

  • Use DQL to query historical events in storage and extract business, infrastructure, or other data across any timeframe, and use extracted data for follow-up analysis.
  • No upfront indexes or schema required for on-read parsing

Aggregation

Perform aggregation, summarization, or statistical analysis of data in events across specific timeframes or time patterns (for example, data occurrences in 30-second or 10-minute intervals), mathematical, or logical functions.

Reporting

Create reports or summaries with customized fields (columns) by adding, modifying, or dropping existing event attributes.

Context

Use DQL to analyze event data in context with relevant data on the Dynatrace platform, for example, user sessions or distributed traces.

Event kind
Ingest & Process
Retain
Query
Business events
Billable
Billable
Billable
Software development lifecycle (SDLC) events
Billable
Billable
Billable
Custom Davis AI and
Kubernetes events
Billable
Billable
Billable
Davis AI problems
and events
Included
(non-billable)
Limited included
(up to 15 months) 1
Included (non-billable)
Kubernetes warning events
Limited included 2
Limited included 2
Non-billable
for usage generated in Kubernetes (new) Kubernetes.
Security events 3
Billable
Billable
Billable
Synthetic events 4
Included
Limited included
Included (non-billable)
Custom generic events
Billable
Billable
Billable
1

If you extend the retention period beyond 15 months globally, Retain charges will apply as per your rate card.

2

Kubernetes warning events: A pod-hour includes 60 Kubernetes warning events per pod with a default retention period of 15 months. The Kubernetes warning events are pooled across all pods. The consumption is calculated in 15-minute intervals. Query usage generated from within the Kubernetes app is included. For queries originating from Dashboards Dashboards, Notebooks Notebooks, and Workflows Workflows, Query charges apply as per your rate card. For details, please refer to Kubernetes Platform Monitoring billing.

3

Security events: Generally, Ingest & Process, Retain, and Query are charged according to the price on your rate card for Events powered by Grail capabilities. In cases where security events are stored in the default_securityevents_builtin bucket, Ingest & Process and Retain are limited included for 3 years, and Query is included for usage generated in the Vulnerabilities app. For queries originating from Dashboards Dashboards, Notebooks Notebooks, and Workflows Workflows, Query charges apply as per your rate card. Note: The bucket above has been updated to align with the new Grail security events table. For the complete list of updates and actions needed to accomplish the migration, follow the steps in the Grail security table migration guide.

4

Synthetic events: Retain and Queries originating from Synthetic application are limited included for default retention period of 35 days. For queries originating from Dashboards Dashboards, Notebooks Notebooks, and Workflows Workflows, charges do not apply.

Custom generic or customer-defined events, which are ingested via API and are not listed in the table, or which are ingested and retained in custom buckets, are charged according to the price on your rate card for Events powered by Grail capabilities.

As of May 22, 2024, the Early Adopter release phase for custom Davis AI events on Grail ends, and the licensing of all event types within the product category Events powered by Grail will be harmonized under the platform pricing model described below. This means you'll be billed for ingesting, retaining, and querying event data via DQL, as is already the case for business events. In addition, with Davis AI problems & events, Kubernetes events, security events, and others to come, even more event types will be added to Events powered by Grail.

Related tags
Dynatrace Platform