Global field reference
The following reference contains a list of global fields that have a well defined semantic meaning in Dynatrace and can be used across different monitoring types. The fields are organized in namespaces that are separated with dots.
Top level fields
The top level fields contain generally relevant information for all monitoring data
Attribute
Type
Description
Examples
timestamptimestamp
stable
The time (UNIX Epoch time in nanoseconds) when the event originated, typically when it was created by the source. If no original timestamp is available, it will be populated at ingest time. Required for all events. In case of a correlated event (e.g. ITIL events) this time could be different from the event.start time, as this time represents the actual timestamp when the "update" for the event was created.
The time (UNIX Epoch time in nanoseconds) when the event originated, typically when it was created by the source. If no original timestamp is available, it will be populated at ingest time. Required for all events. In case of a correlated event (e.g. ITIL events) this time could be different from the event.start time, as this time represents the actual timestamp when the "update" for the event was created.
1649822520123123123timeframerecord[]
stable
The timeframe represented by a timeseries record.
The timeframe represented by a timeseries record.
start_timetimestamp
stable
Start time of a data point. Value is an UNIX Epoch time in nanoseconds and less or equal the
Start time of a data point. Value is an UNIX Epoch time in nanoseconds and less or equal the
end_time.1649822520123123123end_timetimestamp
stable
End time of a data point. Value is an UNIX Epoch time in nanoseconds and greater or equal the
End time of a data point. Value is an UNIX Epoch time in nanoseconds and greater or equal the
start_time.1649822520123123165durationduration
stable
The difference of
The difference of
start_time and end_time in nanoseconds.42intervalstring
stable
Denotes the timeframe of represented by individual timeseries measurements returned by a timeseries record.
Denotes the timeframe of represented by individual timeseries measurements returned by a timeseries record.
1 minAdobe
Fields
Attribute
Type
Description
Examples
adobe.em.env_typestring
experimental
Adobe Experience Manager (AEM) environment type.
Adobe Experience Manager (AEM) environment type.
dev; stage; prodadobe.em.programstring
experimental
Adobe Experience Manager (AEM) service. Contains the customer defined name of the AEM environment.
Adobe Experience Manager (AEM) service. Contains the customer defined name of the AEM environment.
adobe.em.servicestring
experimental
Adobe Experience Manager (AEM) service. Contains the program and environment IDs the customer is exposed to.
Adobe Experience Manager (AEM) service. Contains the program and environment IDs the customer is exposed to.
adobe.em.tierstring
experimental
Adobe Experience Manager (AEM) tier.
Adobe Experience Manager (AEM) tier.
author; publish; previewAggregation
OneAgent might aggregate spans having the same parent span into a single one. The aggregated span contains attributes to indicated that aggregation happened and to allow to reconstruct details.
For aggregated spans the start_time holds the earliest start_time, end_time holds the latest end_time of all aggregated spans.
Fields
Attribute
Type
Description
Examples
aggregation.countlong
experimental
The number of spans aggregated into the this span. This means this span represents multiple spans therefore value is >1.
The number of spans aggregated into the this span. This means this span represents multiple spans therefore value is >1.
3aggregation.exception_countlong
experimental
The number of aggregated spans which included an exception.
The number of aggregated spans which included an exception.
0; 6aggregation.duration_sumduration
experimental
The duration sum in nanoseconds for all aggregated spans.
The duration sum in nanoseconds for all aggregated spans.
123aggregation.duration_minduration
experimental
The duration in nanoseconds for shortest aggregated span.
The duration in nanoseconds for shortest aggregated span.
42aggregation.duration_maxduration
experimental
The duration in nanoseconds for longest aggregated span.
The duration in nanoseconds for longest aggregated span.
482aggregation.parallel_executionboolean
experimental
true indicates that aggregated spans may have been executed in parallel. Therefore start_time + duration_sum may exceed end_time.aggregation.duration_samplesduration[]
experimental
Array of reservoir sampled span durations of the aggregated spans. The duration samples can be used to estimate a more accurate duration distribution of aggregated spans rather then using the average value.
Array of reservoir sampled span durations of the aggregated spans. The duration samples can be used to estimate a more accurate duration distribution of aggregated spans rather then using the average value.
[42, 482, 301]Apache HTTP Server
Fields
Attribute
Type
Description
Examples
apache.httpd.config.pathstring
experimental
Apache Spark
Fields
Attribute
Type
Description
Examples
apache.spark.master.ipstring
experimental
Apache Tomcat
Fields
Attribute
Type
Description
Examples
apache.tomcat.basestring
experimental
The server's base directory. This is what usually is referred to as CATALINA_BASE.
The server's base directory. This is what usually is referred to as CATALINA_BASE.
/usr/share/tomcat6apache.tomcat.homestring
experimental
The server's home directory. This is what usually is referred to as CATALINA_HOME.
The server's home directory. This is what usually is referred to as CATALINA_HOME.
/usr/share/tomcat6App
The app namespace contains information on the application sending the event.
Fields
Attribute
Type
Description
Examples
app.bundlestring
stable
Name of the bundle or package.
Name of the bundle or package.
com.example.easytravelapp.versionstring
stable
Full version of the application. This can include more verbose information, such as the build number.
Full version of the application. This can include more verbose information, such as the build number.
5.23.15789; 143542app.short_versionstring
stable
Human readable version of the application, usually major & minor version.
Human readable version of the application, usually major & minor version.
5.23app.idstring
stable
The unique application identifier. Dynatrace apps are prefixed with 'dynatrace.', custom apps are prefixed with 'my.'
The unique application identifier. Dynatrace apps are prefixed with 'dynatrace.', custom apps are prefixed with 'my.'
dynatrace.notebooks; my.awesome.appASP.NET Core
Fields
Attribute
Type
Description
Examples
aspnetcore.appl.pathstring
experimental
Authentication
Authentication type and method used to login to a Dynatrace system.
Fields
Attribute
Type
Description
Examples
authentication.typestring
experimental
The method of authentication.
The method of authentication.
OAUTH2authentication.grant.typestring
experimental
The grant type used during OAuth2 authentication.
The grant type used during OAuth2 authentication.
AUTHORIZATION_CODE; CLIENT_CREDENTIALSauthentication.client.idstring
experimental
The OAuth2 client id if of type 'CLIENT_CREDENTIALS'.
The OAuth2 client id if of type 'CLIENT_CREDENTIALS'.
dt0s02.UZCK6ENL.2YQ2A3DZUEISRJSUU5544J3SC3TMPXSEEMNA5HK7RW54SJ6XKLYGMWJNKL7B2DNHauthentication.tokenstring
experimental
The public token identifier of authentication.type 'TOKEN'.
The public token identifier of authentication.type 'TOKEN'.
dt0c01.AM4SEYKIBROBEJ2N3HAXZ4IXauthentication.type MUST be one of the following:
Value
Description
DEVOPSTOKENAuthenticated via DevOps token
NONENot authenticated (authentication not necessary)
TOKENAuthenticated via API access token or personal access token
authentication.grant.type MUST be one of the following:
Value
Description
AUTHORIZATION_CODECLIENT_CREDENTIALSauthentication.client.id and authentication.token MUST follow the Dynatrace token format definition.
Specifically, authentication.client.id MUST be prefixed with dt0s02.
Availability
Information about entity availability. Sample usage is reporting hosts and PGI-s availability by OS Agent. Value of availability.state can be used for calculating aggregate availability (dividing count of "successful" requests by count of all requests). With constant frequency of requests it can be treated as a time-base availability, showing percentage of time that the monitored entity was available.
Fields
Attribute
Type
Description
Examples
availability.statestring
stable
State of entity (host or PGI) availability.
State of entity (host or PGI) availability.
upavailability.state has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
available[PGI] PGI is available and reported.
no_data[HOST] Host is working, agent active but no data are sent.
no_data_agent_inactive[HOST] Host is working, agent inactive (disabled manually in configuration). No data are sent.
shutdown_host[HOST] Host has been shut down.
unavailable[PGI] PGI is unavailable and not reported.
unimportant[PGI] PGI is available but not reported because it became unimportant.
unmonitored_agent_stopped[HOST] Host is unmonitored because agent stopped.
unmonitored_agent_uninstalled[HOST] Host is unmonitored because agent has been uninstalled.
unmonitored_agent_upgrade[HOST] Host is unmonitored because agent is upgrading.
up[HOST] Host is working, agent active and sending data.
Amazon Web Services (AWS)
Fields that can come from applications running on AWS.
Fields
Resource attributes
Attribute
Type
Description
Examples
aws.ecr.account.idstring
experimental
aws.ecr.regionstring
experimental
aws.ecs.clusterstring
experimental
aws.ecs.container.namestring
experimental
aws.ecs.familystring
experimental
aws.ecs.revisionstring
experimental
aws.ecs.task.arnstring
experimental
The full Amazon Resource Name (ARN) of the task to which the container belongs.
The full Amazon Resource Name (ARN) of the task to which the container belongs.
arn:aws:ecs:us-west-2:111122223333:task/default/cd189a933e5849daa93386466019ab50aws.ecs.docker.namestring
experimental
The name of the container supplied to Docker.
The name of the container supplied to Docker.
curl-imageaws.ecs.container.arnstring
experimental
The full Amazon Resource Name (ARN) of the container.
The full Amazon Resource Name (ARN) of the container.
arn:aws:ecs:us-west-2:111122223333:container/05966557-f16c-49cb-9352-24b3a0dcd0e1aws.ecs.docker.idstring
experimental
The Docker ID for the container.
The Docker ID for the container.
cd189a933e5849daa93386466019ab50-2495160603aws.lambda.function.namestring
experimental
aws.lambda.initialization_typestring
experimental
The AWS Lambda initialization type. Same string value as available in AWS_LAMBDA_INITIALIZATION_TYPE.
The AWS Lambda initialization type. Same string value as available in AWS_LAMBDA_INITIALIZATION_TYPE.
snap_startaws.regionstring
experimental
A specific geographical AWS Cloud location.
A specific geographical AWS Cloud location.
us-east-1aws.account.idstring
experimental
A 12-digit number, such as 123456789012, that uniquely identifies an AWS account.
Tags:
A 12-digit number, such as 123456789012, that uniquely identifies an AWS account.
Tags:
permission123456789012aws.availability_zonestring
experimental
A specific availability zone in given AWS region.
A specific availability zone in given AWS region.
us‑east‑1a; us‑east‑1baws.log_groupstring
experimental
Amazon CloudWatch group of log streams that share the same retention, monitoring, and access control settings.
Amazon CloudWatch group of log streams that share the same retention, monitoring, and access control settings.
/aws/lambda/a-SomeFumction-1AWHD6W1QC5DHaws.log_streamstring
experimental
A sequence of log events that share the same source.
A sequence of log events that share the same source.
2021/01/04/[$LATEST]b2e34f11da04232cb9f9d3d5799a5c12aws.servicestring
experimental
The service that identifies the AWS product.
The service that identifies the AWS product.
s3aws.resource.typestring
experimental
The name of a resource type
The name of a resource type
group; cluster; instanceaws.resource.idstring
experimental
The unique identifier of the resource
The unique identifier of the resource
i-0922cda4579db3a45aws.resource.namestring
experimental
The name of the resource - value of Name tag in AWS
The name of the resource - value of Name tag in AWS
my-ec2-instanceaws.arnstring
experimental
Amazon Resource Name (ARN)
Amazon Resource Name (ARN)
arn:aws:lambda:us-east-1:478983378254:function:acceptanceWeatherBackendaws.alb.namestring
experimental
Application load balancer name that instance is behind
Application load balancer name that instance is behind
my-albaws.lambda.initialization_type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
on-demandOn demand
provisioned-concurrencyProvisioned concurrency
snap-startSnapStart
Span attributes
Attribute
Type
Description
Examples
aws.x_amzn_trace_idstring
Root=1-63441c4a-abcdef012345678912345678; Self=1-63441c4a-12456789abcdef012345678;Root=1-67891233-abcdef012345678912345678aws.x_amzn_request_idstring
experimental
Contains the value of the AWS 'X-Amzn-RequestId' HTTP header.
Contains the value of the AWS 'X-Amzn-RequestId' HTTP header.
123344566aws.lambda.invoked_arnstring
experimental
The full invoked ARN as provided on the
The full invoked ARN as provided on the
Context passed to the function (Lambda-Runtime-Invoked-Function-Arn response header from the request to /runtime/invocation/next).arn:aws:lambda:us-east-1:123456789012:function:acceptanceWeatherBackend:productionAzure
Fields that can come from applications running on Azure.
Fields
Resource attributes
Attribute
Type
Description
Examples
azure.subscriptionstring
experimental
An Azure subscription is a logical container used to provision resources in Azure.
Tags:
An Azure subscription is a logical container used to provision resources in Azure.
Tags:
permission27e9b03f-04d2-2b69-b327-32f433f7ed21azure.resource.groupstring
experimental
A resource group is a container that holds related resources for an Azure solution.
Tags:
A resource group is a container that holds related resources for an Azure solution.
Tags:
permissiondemo-backend-rgazure.resource.typestring
experimental
The name of a resource type in the format: {resource-provider}/{resource-type}.
The name of a resource type in the format: {resource-provider}/{resource-type}.
Microsoft.ContainerService/managedClustersazure.resource.idstring
experimental
A unique, immutable, identifier assigned to each Azure cloud resource.
A unique, immutable, identifier assigned to each Azure cloud resource.
/subscriptions/27e9b03f-04d2-2b69-b327-32f433f7ed21/resourceGroups/demo-backend-rg/providers/Microsoft.ContainerService/managedClusters/demo-aksazure.resource.namestring
experimental
User provided name of Azure cloud resource.
User provided name of Azure cloud resource.
demo-aksazure.locationstring
experimental
A specific geographical location of Azure Cloud resource.
A specific geographical location of Azure Cloud resource.
East USazure.management_groupstring
experimental
A group of Azure subscriptions used for governance use cases.
A group of Azure subscriptions used for governance use cases.
Tenant Root Group; My Custom Groupazure.event_hub_namespace.namestring
experimental
Azure Event Hub Namespace name.
Azure Event Hub Namespace name.
my-event-hubazure.service_bus_namespace.namestring
experimental
Azure Service Bus name.
Azure Service Bus name.
my-service-busazure.sql_server.namestring
experimental
Azure SQL Server name.
Azure SQL Server name.
contoso-sql-serverazure.sql_elastic_pool.namestring
experimental
Azure SQL Server Elastic Pool name.
Azure SQL Server Elastic Pool name.
contoso-elastic-poolazure.vm.namestring
experimental
Azure Virtual Machine name.
Azure Virtual Machine name.
my-virtual-machineazure.vm_scale_set.namestring
experimental
Azure Virtual Machine Scale Set name.
Azure Virtual Machine Scale Set name.
my-vmssazure.vmidstring
experimental
Azure Virtual Machine unique 128bits identifier
Azure Virtual Machine unique 128bits identifier
090556DA-D4FA-764F-A9F1-63614EDA019Aazure.site_namestring
experimental
Globally unique deployment information about an Azure function.
Globally unique deployment information about an Azure function.
dt-function-scriptedazure.class_namestring
experimental
The full qualified name of the class executing an Azure function.
The full qualified name of the class executing an Azure function.
Host.FunctionsBOSH
Fields that are integral to applications managed by BOSH.
Fields
Resource attributes
Attribute
Type
Description
Examples
bosh.namestring
experimental
A unique identifier to a deployment or instance.
A unique identifier to a deployment or instance.
isolated_diego_cell_devimabosh.instance_idstring
experimental
A unique identifier assigned to each deployed instance.
A unique identifier assigned to each deployed instance.
af318409-9e9d-4a18-aca4-0fb52bbdc526bosh.availability_zonestring
experimental
A specific geographical BOSH location.
A specific geographical BOSH location.
us-east-1aBrowser
The browser namespace contains information on the browser running an application.
Fields
Attribute
Type
Description
Examples
browser.user_agentstring
stable
Full user agent string as provided by the browser.
Full user agent string as provided by the browser.
Mozilla/5.0 (Windows NT 10.0; Win64; x64)browser.namestring
stable
Browser name
Browser name
Mozillabrowser.versionstring
stable
Browser version
Browser version
5.0browser.typestring
stable
Type of browser
Type of browser
desktop; mobile; tablet; robot; otherCaptured Attributes
Span scoped attributes (e.g. method parameters, return values, class names, …) captured by the OneAgent based on a request attribute rule. The actual name of the attribute is the prefix "captured_attribute" plus the "request attribute name" defined in the request attributes configuration. In contrast to request attributes, captured attributes contain the raw values reported by the OneAgent at the location (i.e. on the active span) where they appeared. No aggregation (first/last value, distinct values, ...), type conversion or normalization is performed on them. They are the basis for request attributes.
Fields
Attribute
Type
Description
Examples
captured_attribute.__attribute_name__array
experimental
Contains the span scoped raw values that were captured under the name
Contains the span scoped raw values that were captured under the name
__attribute_name__ defined by the request attribute configuration. The values are always mapped as array according to the type of the captured attributes, so either boolean, double, long or string. If the captured attributes have mixed types (e.g. long and string, or double and long, etc.), all attributes are converted to string and stored as string array.[42]; ['Platinum']; [32, 16, 8]; ['Special Offer', '1702']; ['18.35', '16']Cassandra
Fields
Attribute
Type
Description
Examples
cassandra.cluster.namestring
experimental
Client
The client namespace contains information on the initiator of a network connection.
Fields
Attribute
Type
Description
Examples
client.ipipAddress
experimental
IP address of the client (IPv4 or IPv6) making the request.
Tags:
IP address of the client (IPv4 or IPv6) making the request.
Tags:
sensitive-spans194.232.104.141; 2a01:468:1000:9::140client.portlong
experimental
Client port number.
Client port number.
65123; 80client.ispstring
experimental
The name of the Internet Service Provider (ISP) associated with the IP address of the client.
The name of the Internet Service Provider (ISP) associated with the IP address of the client.
Internet Service Provider Nameclient.ip.is_publicboolean
experimental
Indicates whether IP is a public IP.
Indicates whether IP is a public IP.
TrueCloud
Fields related to cloud deployments that can be used across different providers.
Fields
Attribute
Type
Description
Examples
cloud.availability_zonestring
stable
Identifier referring to the availability zone within a cloud vendor's region.
Identifier referring to the availability zone within a cloud vendor's region.
us-east-1acloud.regionstring
stable
Identifier referring to a geographic region of a cloud vendor's datacenter.
Identifier referring to a geographic region of a cloud vendor's datacenter.
us-east-1cloud.resource_idstring
stable
Cloud provider-specific native identifier of the monitored cloud resource (e.g. an ARN on AWS, a fully qualified resource ID on Azure, a full resource name on GCP).
Cloud provider-specific native identifier of the monitored cloud resource (e.g. an ARN on AWS, a fully qualified resource ID on Azure, a full resource name on GCP).
arn:aws:lambda:REGION:ACCOUNT_ID:function:my-function; //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID; /subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>cloud.providerstring
experimental
Name of the cloud provider.
Name of the cloud provider.
alibaba_cloudcloud.account.idstring
stable
The cloud account ID the resource is assigned to.
The cloud account ID the resource is assigned to.
111111111111; opentelemetry1
The prefix of the service matches the one specified in cloud.provider.
cloud.provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
alibaba_cloudAlibaba Cloud
awsAmazon Web Services
azureMicrosoft Azure
gcpGoogle Cloud Platform
herokuHeroku Platform as a Service
ibm_cloudIBM Cloud
tencent_cloudTencent Cloud
cloud.platform MUST be one of the following:
Value
Description
alibaba_cloud_ecsAlibaba Cloud Elastic Compute Service
alibaba_cloud_fcAlibaba Cloud Function Compute
alibaba_cloud_openshiftRed Hat OpenShift on Alibaba Cloud
aws_app_runnerAWS App Runner
aws_ec2AWS Elastic Compute Cloud
aws_ecsAWS Elastic Container Service
aws_eksAWS Elastic Kubernetes Service
aws_elastic_beanstalkAWS Elastic Beanstalk
aws_lambdaAWS Lambda
aws_openshiftRed Hat OpenShift on AWS (ROSA)
azure_aksAzure Kubernetes Service
azure_app_serviceAzure App Service
azure_container_instancesAzure Container Instances
azure_functionsAzure Functions
azure_openshiftAzure Red Hat OpenShift
azure_vmAzure Virtual Machines
gcp_app_engineGoogle Cloud App Engine (GAE)
gcp_cloud_functionsGoogle Cloud Functions (GCF)
gcp_cloud_runGoogle Cloud Run
gcp_compute_engineGoogle Cloud Compute Engine (GCE)
gcp_kubernetes_engineGoogle Cloud Kubernetes Engine (GKE)
gcp_openshiftRed Hat OpenShift on Google Cloud
ibm_cloud_openshiftRed Hat OpenShift on IBM Cloud
tencent_cloud_cvmTencent Cloud Cloud Virtual Machine (CVM)
tencent_cloud_eksTencent Cloud Elastic Kubernetes Service (EKS)
tencent_cloud_scfTencent Cloud Serverless Cloud Function (SCF)
Cloudfoundry
Fields
Attribute
Type
Description
Examples
cloudfoundry.application.idstring
experimental
cloudfoundry.application.namestring
experimental
cloudfoundry.instance.indexstring
experimental
cloudfoundry.space.idstring
experimental
cloudfoundry.space.namestring
experimental
Code
Fields
Attribute
Type
Description
Examples
code.functionstring
experimental
The method or function name, or equivalent (usually rightmost part of the code unit's name). Represents the name of the function, that is represented by this span.
The method or function name, or equivalent (usually rightmost part of the code unit's name). Represents the name of the function, that is represented by this span.
serveRequestcode.namespacestring
experimental
The "namespace" within which
The "namespace" within which
code.function is defined. Usually the qualified class or module name, such that code.namespace + some separator + code.function form a unique identifier for the code unit.com.example.MyHttpServicecode.filepathstring
experimental
The source code file name that identifies the code unit as uniquely as possible.
The source code file name that identifies the code unit as uniquely as possible.
/usr/local/MyApplication/content_root/app/index.phpcode.invoked.functionstring
experimental
Like
Like
code.function, only it represents the function that was active when a span has been started. Typically it is the function that has been instrumented. The spans duration does not reflect the duration of this function execution. Should only be set if it differs from code.function.invokecode.invoked.namespacestring
experimental
Like
Like
code.namespace, only it represents the namespace of the function that was active when a span has been started. Typically it is the function that has been instrumented. Should only be set if it differs from code.namespace.com.sun.xml.ws.server.InvokerTube$2code.invoked.filepathstring
experimental
Like
Like
code.filepath, only it represents the file path of the function that was active when a span has been started. Typically it is the function that has been instrumented. Should only be set if it differs from code.filepath./usr/local/MyApplication/content_root/app/index.phpcode.call_stackstring
experimental
The call stack of the
The call stack of the
code.function. The call stack starts with the code.function and the stack frames are separated by a line feed.com.example.SampleClass.doProcessing(SampleClass.java) com.example.SampleClass.doSomeWork(SampleClass.java) com.example.SampleClass.main(SampleClass.java)Coldfusion
Fields
Attribute
Type
Description
Examples
coldfusion.jvm.config.filestring
experimental
coldfusion.service.namestring
experimental
Compilation Timings
For some technologies compilation of code might be a significant contributor to request execution time. Compilation timings provide insight into this, where available.
Fields
Attribute
Type
Description
Examples
compilation_timings.duration_sumduration
experimental
The total duration in nanoseconds spent compiling.
The total duration in nanoseconds spent compiling.
6723compilation_timings.compilation_countlong
experimental
The number of compilations contributing to
The number of compilations contributing to
compilation_timings.duration_sum.7compilation_timings.top_compilationsrecord
experimental
The top N compilations contributing to
The top N compilations contributing to
compilation_timings.duration_sum, represented as map from compilation unit name to duration in nanoseconds spent.{'/home/user/test/php/build/tmp/php-htdocs/memcached/memcachedCli.php': 1952, '/home/user/test/php/build/tmp/php-htdocs/curl_cli_uri_filtering.php': 1306}Container
Fields
Attribute
Type
Description
Examples
container.idstring
experimental
Container ID. Usually a UUID, as for example used to identify Docker containers. The UUID might be abbreviated.
Container ID. Usually a UUID, as for example used to identify Docker containers. The UUID might be abbreviated.
a3bf90e006b2container.image.namestring
experimental
Name of the image the container was built on.
Name of the image the container was built on.
gcr.io/opentelemetry/operatorcontainer.image.versionstring
experimental
0.1container.namestring
experimental
Container name used by container runtime.
Container name used by container runtime.
opentelemetry-autoconfCICS Transaction Gateway
CTG (shorthand for "CICS Transaction Gateway") is a connector for enterprise modernization of CICS assets. It empowers various application platforms, such as Java servlets, to incorporate CICS programs.
CICS (shorthand for "Customer Information Control System") is a middleware to support rapid, high-volume online transaction processing on IBM mainframe systems on z/OS. CTG features a client and a server, which communicate via so-called GatewayRequests.
Fields
Attribute
Type
Description
Examples
ctg.request.gateway_urlstring
experimental
URL of the gateway. Only set on client-side spans.
URL of the gateway. Only set on client-side spans.
tcp://1.2.3.4:5678/ctg.request.typestring
experimental
Type of the CTG GatewayRequest.
Type of the CTG GatewayRequest.
BASEctg.request.call_typelong
experimental
Integer representing the call type of the CTG GatewayRequest. The set of possible values varies per request type. 1
Integer representing the call type of the CTG GatewayRequest. The set of possible values varies per request type. 1
2ctg.request.flow_typelong
5ctg.request.server_idstring
experimental
ID of the server. Not set for all request types.
ID of the server. Not set for all request types.
IPICTESTctg.request.commarea_lengthlong
experimental
Length of the COMMAREA. Only set when request type is ECI.
Length of the COMMAREA. Only set when request type is ECI.
0ctg.request.term_idstring
experimental
Name of the terminal resource. Only set when request type is EPI.
Name of the terminal resource. Only set when request type is EPI.
CN02ctg.request.object_namestring
experimental
Name of the request object. Only set when request type is ADMIN.
Name of the request object. Only set when request type is ADMIN.
``
ctg.request.extend_modelong
experimental
Integer representing the extend mode of the CTG GatewayRequest. Only set when request type is ECI. 3
Integer representing the extend mode of the CTG GatewayRequest. Only set when request type is ECI. 3
11ctg.response.codelong
-232
The values are defined in the IBM CTG API source code.
ctg.request.type MUST be one of the following:
Value
Description
ADMINAdmin request.
AUTHAuthentication request.
BASEBase. A base GatewayRequest without a further subtype. 1
ECIExternal Call Interface. Enables a client application to call a CICS program synchronously or asynchronously. 2
EPIExternal Presentation Interface. Enables a user application to install a virtual IBM 3270 terminal into a CICS server. 3
ESIExternal Security Interface. Enables user applications to perform security-related tasks. 4
XACICS Request Exit. Can be used for request retry, dynamic server selection and for rejecting non-valid requests. 5
4
Custom Services
Fields
Attribute
Type
Description
Examples
custom_service.namestring
experimental
The name of a custom service. This field is only present if a custom service was directly created via Dynatrace OneAgent SDK.
The name of a custom service. This field is only present if a custom service was directly created via Dynatrace OneAgent SDK.
MyCustomService; AuthenticationComponentcustom_service.methodstring
experimental
The service method of a custom service. This field is only present if a custom service was directly created via Dynatrace OneAgent SDK.
The service method of a custom service. This field is only present if a custom service was directly created via Dynatrace OneAgent SDK.
startTask; run; authenticateDatabase
Fields
Attribute
Type
Description
Examples
db.systemstring
experimental
An identifier for the database management system (DBMS) product being used. See below for a list of well-known identifiers.
An identifier for the database management system (DBMS) product being used. See below for a list of well-known identifiers.
mongodb; mysqldb.namespacestring
experimental
The name of the database, fully qualified within the server address and port.
The name of the database, fully qualified within the server address and port.
customers; test.usersdb.query.textstring
SELECT * FROM wuser_table; SET mykey "WuValue"db.query.parametersrecord[]
experimental
The query parameters used in db.query.text represented as a key and value map. For database systems which do not have named keys the map key is the string representation of the index starting with 0. Several database requests may get aggregated into a single span. Each entry in the array holds the bind parameters for one database request.
Tags:
The query parameters used in db.query.text represented as a key and value map. For database systems which do not have named keys the map key is the string representation of the index starting with 0. Several database requests may get aggregated into a single span. Each entry in the array holds the bind parameters for one database request.
Tags:
sensitive-spans[{'name': 'paul', 'age': '23'}, {'name': 'mary', 'age': '32'}]; [{'0': 'paul', '1': '23'}, {'0': 'mary', '1': '32'}]db.affected_item_countlong
experimental
The number of items (rows, documents,…) affected.
The number of items (rows, documents,…) affected.
32db.collection.namestring
experimental
The name of a collection (table, container) within the database.
The name of a collection (table, container) within the database.
customers; public.usersdb.operation.namestring
experimental
The name of the operation or command executed, e.g. the MongoDB command name, SQL keyword, Redis command name,… 2
The name of the operation or command executed, e.g. the MongoDB command name, SQL keyword, Redis command name,… 2
drop; findAndModify; SELECT; PREPARE; GetItem; set; LPUSH; mutateIn; ReadItemsdb.result.execution_countlong
experimental
The number of operations executed on the result (e.g. fetches from SQL result set, MongoDB cursor operations).
The number of operations executed on the result (e.g. fetches from SQL result set, MongoDB cursor operations).
12db.result.exception_countlong
experimental
The number of exceptions encountered while fetching the result.
The number of exceptions encountered while fetching the result.
2db.result.duration_sumduration
experimental
The total duration in nanoseconds used for fetching the result.
The total duration in nanoseconds used for fetching the result.
234db.result.duration_minduration
experimental
The minimum duration in nanoseconds used for fetching the result.
The minimum duration in nanoseconds used for fetching the result.
123db.result.duration_maxduration
experimental
The maximum duration in nanoseconds used for fetching the result.
The maximum duration in nanoseconds used for fetching the result.
345db.result.roundtrip_countlong
experimental
The number of round-trips triggered by fetching the result.
The number of round-trips triggered by fetching the result.
2db.dynamodb.regionstring
experimental
The region of the dynamodb (see also
The region of the dynamodb (see also
cloud.region).us-east-1db.dynamodb.table_namesstring[]
experimental
The list of tables the request targets.
The list of tables the request targets.
[Cats, Dogs]db.connection_stringstring
experimental
The connection string for a database connection.
Tags:
The connection string for a database connection.
Tags:
sensitive-spansjdbc:dynamodb:Access Key=XXX;Secret Key=XXX;Domain=amazonaws.com;Regiondb.cosmosdb.request_chargedouble
4.95; 2.01
The value may be sanitized to exclude sensitive information.
2
Depending on the data provided on ingest this attribute may be derived by e.g. parse of db.statement. Parsing might fail or result might be inaccurate.
db.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
adabasAdabas (Adaptable Database System)
cacheInterSystems Caché
cassandraApache Cassandra
clickhouseClickHouse
cloudscapeCloudscape
cockroachdbCockroachDB
coldfusionColdFusion IMQ
cosmosdbMicrosoft Azure Cosmos DB
couchbaseCouchbase
couchdbCouchDB
db2IBM Db2
derbyApache Derby
dl/iIBM DL/I
dynamodbAmazon DynamoDB
edbEnterpriseDB
elasticsearchElasticsearch
filemakerFileMaker
firebirdFirebird
firstsqlFirstSQL
geodeApache Geode
h2H2
hanadbSAP HANA
hbaseApache HBase
hiveApache Hive
hsqldbHyperSQL DataBase
informixInformix
ingresIngres
instantdbInstantDB
interbaseInterBase
mariadbMariaDB
maxdbSAP MaxDB
memcachedMemcached
mongodbMongoDB
mssqlMicrosoft SQL Server
mssqlcompactMicrosoft SQL Server Compact
mysqlMySQL
neo4jNeo4j
netezzaNetezza
opensearchOpenSearch
oracleOracle Database
other_sqlSome other SQL database. Fallback only. See notes.
pervasivePervasive PSQL
pointbasePointBase
postgresqlPostgreSQL
progressProgress Database
redisRedis
redshiftAmazon Redshift
spannerCloud Spanner
sqliteSQLite
sybaseSybase
teradataTeradata
verticaVertica
Deployment Attributes
Fields
Attribute
Type
Description
Examples
deployment.release_productstring
experimental
The name of the deployed product.
The name of the deployed product.
WoGo Maindeployment.release_stagestring
experimental
The stage the product is deployed to.
The stage the product is deployed to.
productiondeployment.release_versionstring
experimental
The version of the deployed product.
The version of the deployed product.
0.4.1deployment.release_build_versionstring
experimental
The build version of the deployed product.
The build version of the deployed product.
2021-03-24Device
The device namespace contains information on the device running an application. This should only be used for end-user devices or devices outside of a private infrastructure. In line with the naming conventions and guidelines, we are in this case adhering to the emerging Open Telemetry convention around this, with some additions.
Fields
Attribute
Type
Description
Examples
device.manufacturerstring
experimental
The manufacturer of the device.
The manufacturer of the device.
Appledevice.model.identifierstring
experimental
The model identifier of the device.
The model identifier of the device.
iPhone3,4device.is_rootedboolean
experimental
Indicates if a rooted device was detected.
Indicates if a rooted device was detected.
device.screen.widthlong
experimental
Screen size width.
Screen size width.
2048device.screen.heightlong
experimental
Screen size height.
Screen size height.
1152device.battery.levellong
experimental
The battery level of the device.
The battery level of the device.
100device.orientationstring
experimental
The orientation of the device.
The orientation of the device.
landscapeDisk
Fields describing a disk.
Fields
Resource attributes
Attribute
Type
Description
Examples
disk.device_namestring
experimental
Disk device name (Linux, AIX)
Disk device name (Linux, AIX)
sdadisk.mountpointstring
experimental
Primary mountpoint
Primary mountpoint
/mnt/storagedisk.all_mountpointsstring[]
experimental
List of all mountpoints
List of all mountpoints
[/mnt/storage, /home, /var/log]DL/I Database Attachment
Fields
Attribute
Type
Description
Examples
db.dli.pcbstring
experimental
The name of the program communication block associated with this DL/I method.
The name of the program communication block associated with this DL/I method.
3; MYPCBNAMdb.dli.segment_namestring
experimental
The name of the last segment that was matched or returned.
The name of the last segment that was matched or returned.
PARTROOTdb.dli.segment_levelstring
experimental
The hierarchical level of the segment that was matched or returned.
The hierarchical level of the segment that was matched or returned.
3; 24db.dli.processing_optionsstring
experimental
The PCB processing options.
The PCB processing options.
GRdb.dli.terminal_namestring
experimental
The DL/I database or logical terminal name associated with this DL/I method.
The DL/I database or logical terminal name associated with this DL/I method.
HWSAM5ZD; 10505db.dli.status_codestring
experimental
The DL/I status code.
The DL/I status code.
QCdb.dli.pcb_typestring
experimental
The PCB type.
The PCB type.
DC; DL/I; F/Pdb.dli.pcb_type MUST be one of the following:
Value
Description
DCData communications.
DL/IDL/I db.
F/PFast Path.
Dotnet
Fields
Attribute
Type
Description
Examples
dotnet.dll.filestring
experimental
Filename of main dotnet assembly.
Filename of main dotnet assembly.
dotnet.dll.pathstring
experimental
Filepath of main dotnet assembly.
Filepath of main dotnet assembly.
Dynatrace ActiveGate
Metadata with ActiveGate realated information.
Fields
Attribute
Type
Description
Examples
dt.active_gate.idstring
experimental
Hexadecimal identifier of the ActiveGate prefixed with
Hexadecimal identifier of the ActiveGate prefixed with
0x0xef3d21c3dt.active_gate.group.namestring
experimental
The name of group ActiveGate instance belongs to
The name of group ActiveGate instance belongs to
GdanskLabdt.active_gate.working_modestring
experimental
Working mode of the ActiveGate
Working mode of the ActiveGate
clusterdt.active_gate.working_mode MUST be one of the following:
Value
Description
clusterCluster ActiveGate
embeddedEmbedded ActiveGate
environmentEnvironment ActiveGate
multitenantMultitenant ActiveGate
API connector fields
Attribute
Type
Description
Examples
dt.active_gate.api_connector.config_idstring
experimental
Config long id of the endpoint configuration as a string.
Config long id of the endpoint configuration as a string.
123; 9276dt.active_gate.api_connector.pipeline_identifierstring
experimental
String identifier of an api connector pipeline
String identifier of an api connector pipeline
Kubernetes/Topologydt.active_gate.api_connector.pipeline_statusstring
experimental
Status of an api connector pipeline run
Status of an api connector pipeline run
faileddt.active_gate.api_connector.technology_idstring
experimental
String identifier of an api connector technology
String identifier of an api connector technology
Kubernetes; CloudFoundry; AWS; Dynatrace Extension; Azuredt.active_gate.api_connector.pipeline_status MUST be one of the following:
Value
Description
failedPipeline execution failed
skippedPipeline execution skipped
succeededPipeline execution succeeded
Dynatrace OneAgent Metadata
Metadata of the OneAgent module that reported a signal. These attributes are what one would also see in OneAgent Health.
Fields
Attribute
Type
Description
Examples
dt.agent.module.typestring
experimental
OneAgent module type
OneAgent module type
apachedt.agent.module.versionstring
experimental
OneAgent full module version
OneAgent full module version
1.269.17.20221117-132428dt.agent.module.version_shortstring
experimental
OneAgent short module version, to be expected only on record types where
OneAgent short module version, to be expected only on record types where
dt.agent.module.version's cardinality would be a problem1.269dt.agent.module.iduid
experimental
OneAgent module ID.
OneAgent module ID.
031f613871fab0b4; fc3cd1bb276f0beddt.agent.module.parent_iduid
experimental
OneAgent parent module ID, in case this is a so-called sub-agent
OneAgent parent module ID, in case this is a so-called sub-agent
ea89eef5db8b85a9dt.agent.module.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
apacheapache
dotnetdotnet
dumpprocdumpproc
extensionsextensions
gogo
iisiis
javajava
log_analyticslog_analytics
netnet
nettracernettracer
nginxnginx
nodejsnodejs
opentracingnativeopentracingnative
osos
phpphp
pluginplugin
processprocess
pythonpython
remote_pluginremote_plugin
rubyruby
sdksdk
supportsupport
updaterupdater
varnishvarnish
wsmbwsmb
zz_
Davis metadata
Some attributes are used in the context of the Davis engine.
Fields
Configuration fields
These fields can be set in events to influence the Davis engine behavior.
Attribute
Type
Description
Examples
dt.davis.timeoutlong
stable
The event timeout period (in minutes). Various event sources use this event property to keep an event active by regularly refreshing an initial event. The timeout defines how fast the event source must refresh an event to keep it active. To keep the event active, the event source must send the refresh within the timeout period. If no refresh is sent, the event is automatically closed by Dynatrace after the timeout period. Note that metric sources use their own configurable de-alerting windows to close events. Setting the timeout shorter than the de-alerting window will force events to close and increase the risk of false-positive alerts.
The event timeout period (in minutes). Various event sources use this event property to keep an event active by regularly refreshing an initial event. The timeout defines how fast the event source must refresh an event to keep it active. To keep the event active, the event source must send the refresh within the timeout period. If no refresh is sent, the event is automatically closed by Dynatrace after the timeout period. Note that metric sources use their own configurable de-alerting windows to close events. Setting the timeout shorter than the de-alerting window will force events to close and increase the risk of false-positive alerts.
dt.davis.is_frequent_issue_detection_allowedboolean
stable
The flag controls whether the Davis® engine should consider suppressing frequent events (true) or bypassing frequent issues check (false).
The flag controls whether the Davis® engine should consider suppressing frequent events (true) or bypassing frequent issues check (false).
dt.davis.analysis_time_budgetlong
stable
The time budget (in seconds) that the Davis® engine is granted before it must raise a problem. The analysis time budget can be set per event and controls the balance of sending out alerts early and granting the AI analysis enough time to finish its analysis. The trade-off of a short analysis budget is that the root cause and event merge analysis is limited or even skipped. For example, the time budget of 0 seconds means that the event raises a problem and sends the alert immediately, without any analysis.
The time budget (in seconds) that the Davis® engine is granted before it must raise a problem. The analysis time budget can be set per event and controls the balance of sending out alerts early and granting the AI analysis enough time to finish its analysis. The trade-off of a short analysis budget is that the root cause and event merge analysis is limited or even skipped. For example, the time budget of 0 seconds means that the event raises a problem and sends the alert immediately, without any analysis.
dt.davis.analysis_trigger_delaylong
stable
The time delay (in seconds) before the trigger of Davis® analysis. For example, the delay of 0 seconds triggers a Davis® problem and the root cause analysis immediately. The trigger delay can be used to hold the analysis until all the relevant root cause data has arrived to Dynatrace. For example, it might be beneficial for cloud integrations or log integrations that report data in different schedules - you can delay the analysis until data from all sources is available. Note that while longer delays means more data is available for root cause analysis, it also delays alerts delivery.
The time delay (in seconds) before the trigger of Davis® analysis. For example, the delay of 0 seconds triggers a Davis® problem and the root cause analysis immediately. The trigger delay can be used to hold the analysis until all the relevant root cause data has arrived to Dynatrace. For example, it might be beneficial for cloud integrations or log integrations that report data in different schedules - you can delay the analysis until data from all sources is available. Note that while longer delays means more data is available for root cause analysis, it also delays alerts delivery.
dt.davis.is_merging_allowedboolean
stable
This flag controls whether the Davis® engine is allowed to merge this event into a larger problem (true) or if a new problem must be created (false).
This flag controls whether the Davis® engine is allowed to merge this event into a larger problem (true) or if a new problem must be created (false).
dt.davis.is_rootcause_relevantboolean
stable
This flag controls whether the Davis® engine should include this event within the root cause analysis (true) or if it is not (false) relevant.
This flag controls whether the Davis® engine should include this event within the root cause analysis (true) or if it is not (false) relevant.
dt.davis.is_problem_suppressedboolean
stable
This flag controls whether the Davis® engine suppresses the problem from showing up in the UI and sending notifications.
This flag controls whether the Davis® engine suppresses the problem from showing up in the UI and sending notifications.
dt.davis.is_entity_remapping_allowedboolean
stable
This flag defines whether the remapping of the target entity is enabled (true) or disabled (false). If the remapping is enabled, Dynatrace can map the event to an entity extracted from the event metadata. If the remapping is disabled or the extraction is not possible, Dynatrace maps the event to the entity specified in the event configuration (for example, a specific host) or to the global environment entity.
This flag defines whether the remapping of the target entity is enabled (true) or disabled (false). If the remapping is enabled, Dynatrace can map the event to an entity extracted from the event metadata. If the remapping is disabled or the extraction is not possible, Dynatrace maps the event to the entity specified in the event configuration (for example, a specific host) or to the global environment entity.
dt.davis.preferred_entity_typestring
stable
The preferred entity type for remapping. You can find possible values in Dynatrace UI under Settings > Topology model > Generic types. If the remapping (dt.event.allow_entity_remapping) is enabled, this property defines the entity type to which the event should be mapped. If no entity of the preferred type is extracted, no remapping is applied.
The preferred entity type for remapping. You can find possible values in Dynatrace UI under Settings > Topology model > Generic types. If the remapping (dt.event.allow_entity_remapping) is enabled, this property defines the entity type to which the event should be mapped. If no entity of the preferred type is extracted, no remapping is applied.
my.custom.entity.typeSystem fields
These fields can be set by Davis routines.
Attribute
Type
Description
Examples
dt.davis.forecast.upperlong
stable
The upper bound of the prediction interval of a given metric forecast.
The upper bound of the prediction interval of a given metric forecast.
dt.davis.forecast.pointlong
stable
The point value of a metric forecast.
The point value of a metric forecast.
dt.davis.forecast.lowerlong
stable
The lower bound of the prediction interval of a given metric forecast.
The lower bound of the prediction interval of a given metric forecast.
dt.davis.anomaly_detection.upperlong
stable
The upper value range limit where any value above this point is considered abnormal.
The upper value range limit where any value above this point is considered abnormal.
dt.davis.anomaly_detection.lowerlong
stable
The lower value range limit where any value below this point is considered abnormal.
The lower value range limit where any value below this point is considered abnormal.
dt.davis.anomaly_detection.anomalylong
stable
Boolean timeseries of 0 and 1 showing whether a single timespan is outside the normal value range and therefore considered as abnormal.
Boolean timeseries of 0 and 1 showing whether a single timespan is outside the normal value range and therefore considered as abnormal.
dt.davis.anomaly_detection.alertlong
stable
Boolean time series of 0 and 1 showing whether a single timespan was alerted due to continuous violations.
Boolean time series of 0 and 1 showing whether a single timespan was alerted due to continuous violations.
Dynatrace Entity IDs
The Dynatrace OneAgent associates monitoring data with a so called Monitored Entity ID (ME ID). On OneAgent monitored environments, whenever ME IDs are accessible within the monitored system they should be used to enrich monitoring data to facilitate correlations with data primarily addressed through ME IDs coming from other channels.
The structure for keys that signify entity IDs is dt.entity.{type of entity}.
The value associated with such a key must be valid Dynatrace entity identifier
(see Topology and Smartscape API).
To allow linking Entity IDs across various different monitoring artifacts (logs, metrics, etc.), all string representations of Entity IDs are required to follow a canonical form, which for all current entities is defined as PREFIX-0123456789ABCDEF.
Consumers should treat the token as an opaque value and must not infer any semantics on the ID itself. Producers need to match the Entity ID that is being returned by Dynatrace Entity API verbatim.
Producers of string representation must treat the string as if it was parsed case-sensitively, even though some parts of the product may be more lenient.
The structure of the entity ID is currently as follows: <ID-NAMESPACE>-<16-digit-hex-string>. The <ID-NAMESPACE> is type specific but cannot be used to determine the actual entity type reliably, especially in cases of CUSTOM_DEVICE. The <16-digit-hex-string> needs to be zero-padded (prefix) to a length of 16 digits and must use upper case letters A-F.
Current entity IDs in cannonical form can be represented structurally with the following regular expression: [A-Z][A-Z_]*-[0-9A-F]{16}.
Additional characters or changes in the format may happen in the future but will not invalidate existing IDs or ID generation rules.
When adding a name to an entity ID via the Grail function entityName, by default, the name of the respective entity will be represented as dt.entity.{type of entity}.name. Similarly, further entity attributes can be added via the Grail function entityAttr, resulting in additional field(s) following the naming convention dt.entity.{type of entity}.{name of attribute}.
Fields
Attribute
Type
Description
Examples
dt.entity.hoststring
stable
An entity ID of an entity of type HOST.
Tags:
An entity ID of an entity of type HOST.
Tags:
entity-idHOST-E0D8F94D9065F24Fdt.entity.host_groupstring
stable
An entity ID of an entity of type HOST_GROUP.
Tags:
An entity ID of an entity of type HOST_GROUP.
Tags:
entity-idHOST_GROUP-E7FBBCF7B1467174dt.entity.process_groupstring
stable
An entity ID of an entity of type PROCESS_GROUP.
Tags:
An entity ID of an entity of type PROCESS_GROUP.
Tags:
entity-idPROCESS_GROUP-E0D8F94D9065F24Fdt.entity.process_group_instancestring
stable
An entity ID of an entity of type PROCESS_GROUP_INSTANCE.
Tags:
An entity ID of an entity of type PROCESS_GROUP_INSTANCE.
Tags:
entity-idPROCESS_GROUP_INSTANCE-E0D8F94D9065F24Fdt.entity.custom_devicestring
stable
An entity ID of an entity of type CUSTOM_DEVICE.
Tags:
An entity ID of an entity of type CUSTOM_DEVICE.
Tags:
entity-idCUSTOM_DEVICE-E0D8F94D9065F24Fdt.entity.cloud_application_instancestring
stable
An entity ID of an entity of type CLOUD_APPLICATION_INSTANCE.
Tags:
An entity ID of an entity of type CLOUD_APPLICATION_INSTANCE.
Tags:
entity-idCLOUD_APPLICATION_INSTANCE-E0D8F94D9065F24Fdt.entity.cloud_applicationstring
stable
An entity ID of an entity of type CLOUD_APPLICATION.
Tags:
An entity ID of an entity of type CLOUD_APPLICATION.
Tags:
entity-idCLOUD_APPLICATION-3AB5BBF3E09A7942dt.entity.cloud_application_namespacestring
stable
An entity ID of an entity of type CLOUD_APPLICATION_NAMESPACE.
Tags:
An entity ID of an entity of type CLOUD_APPLICATION_NAMESPACE.
Tags:
entity-idCLOUD_APPLICATION_NAMESPACE-C61324AA70F57BCBdt.entity.kubernetes_nodestring
stable
An entity ID of an entity of type KUBERNETES_NODE.
Tags:
An entity ID of an entity of type KUBERNETES_NODE.
Tags:
entity-idKUBERNETES_NODE-874C66B68CE15070dt.entity.kubernetes_clusterstring
stable
An entity ID of an entity of type KUBERNETES_CLUSTER.
Tags:
An entity ID of an entity of type KUBERNETES_CLUSTER.
Tags:
entity-idKUBERNETES_CLUSTER-E0D8F94D9065F24Fdt.entity.kubernetes_servicestring
stable
An entity ID of an entity of type KUBERNETES_SERVICE.
Tags:
An entity ID of an entity of type KUBERNETES_SERVICE.
Tags:
entity-idKUBERNETES_SERVICE-FE6E75BB9DF02347dt.entity.container_groupstring
stable
An entity ID of an entity of type CONTAINER_GROUP.
Tags:
An entity ID of an entity of type CONTAINER_GROUP.
Tags:
entity-idCONTAINER_GROUP-7C2B1C24FFB288CBdt.entity.container_group_instancestring
stable
An entity ID of an entity of type CONTAINER_GROUP_INSTANCE.
Tags:
An entity ID of an entity of type CONTAINER_GROUP_INSTANCE.
Tags:
entity-idCONTAINER_GROUP_INSTANCE-F4A1347110826781dt.entity.synthetic_locationstring
stable
An entity ID of an entity of type SYNTHETIC_LOCATION.
Tags:
An entity ID of an entity of type SYNTHETIC_LOCATION.
Tags:
entity-idSYNTHETIC_LOCATION-D140F3B85BCCBD1Adt.entity.servicestring
stable
An entity ID of an entity of type SERVICE.
Tags:
An entity ID of an entity of type SERVICE.
Tags:
entity-idSERVICE-57EC3CFC1FE72449dt.entity.service_methodstring
stable
An entity ID of an entity of type SERVICE_METHOD.
Tags:
An entity ID of an entity of type SERVICE_METHOD.
Tags:
entity-idSERVICE_METHOD-659B35CA9AAC96C1dt.entity.service_method_groupstring
stable
An entity ID of an entity of type SERVICE_METHOD_GROUP.
Tags:
An entity ID of an entity of type SERVICE_METHOD_GROUP.
Tags:
entity-idSERVICE_METHOD_GROUP-02000E1DB1CDAF9Fdt.entity.applicationstring
stable
The ME ID of a web application.
Tags:
The ME ID of a web application.
Tags:
entity-idAPPLICATION-DC92E74A7A844E6Edt.entity.mobile_applicationstring
stable
The ME ID of a mobile application.
Tags:
The ME ID of a mobile application.
Tags:
entity-idMOBILE_APPLICATION-E8A8751A60D5BCE8dt.entity.custom_applicationstring
stable
The ME ID of a custom application.
Tags:
The ME ID of a custom application.
Tags:
entity-idCUSTOM_APPLICATION-343A92501A51F286dt.entity.diskstring
stable
An entity ID of an entity of type DISK
Tags:
An entity ID of an entity of type DISK
Tags:
entity-idDISK-5472CBC1ED0981D6dt.entity.network_interfacestring
stable
An entity ID of an entity of type NETWORK_INTERFACE
Tags:
An entity ID of an entity of type NETWORK_INTERFACE
Tags:
entity-idNETWORK_INTERFACE-FC7B4A5937FC125Cdt.entity.ec2_instancestring
stable
An entity ID of an entity of type EC2_INSTANCE
Tags:
An entity ID of an entity of type EC2_INSTANCE
Tags:
entity-idEC2_INSTANCE-0004DD30F142D18Cdt.entity.aws_availability_zonestring
stable
An entity ID of an entity of type AWS_AVAILABILITY_ZONE
Tags:
An entity ID of an entity of type AWS_AVAILABILITY_ZONE
Tags:
entity-idAWS_AVAILABILITY_ZONE-6000A4E2BD2AB971dt.entity.gcp_zonestring
stable
An entity ID of an entity of type GCP_ZONE
Tags:
An entity ID of an entity of type GCP_ZONE
Tags:
entity-idGCP_ZONE-3699CB75E19C8505dt.entity.azure_vmstring
stable
An entity ID of an entity of type AZURE_VM
Tags:
An entity ID of an entity of type AZURE_VM
Tags:
entity-idAZURE_VM-326478B733D6CFB0dt.entity.azure_regionstring
stable
An entity ID of an entity of type AZURE_REGION
Tags:
An entity ID of an entity of type AZURE_REGION
Tags:
entity-idAZURE_REGION-0DD5C79E4034F0AADynatrace Extensions
Additional extension information sent via self-monitoring.
Fields
Attribute
Type
Description
Examples
dt.extension.dsstring
experimental
Name of the data source.
Name of the data source.
SNMPTrapdt.extension.namestring
experimental
Name of the extension.
Name of the extension.
com.snmptrap.genericdt.extension.config.idstring
experimental
Extension's monitoring configuration identifier.
Extension's monitoring configuration identifier.
vu9U3hXa3q0AAAABAAtleHQ6ZXh0LTA0MAAIYWdfZ3JvdXAAA0FHMQAkMjY2YTIyM2YtZDgxYi0zNTNjLThlYzctYzk2YzliZjg4OGQ3vu9U3hXa3q0dt.extension.statusstring
experimental
The status of the component reporting SFM event
The status of the component reporting SFM event
AUTHENTICATION_ERRORdt.extension.endpoint.hintsstring[]
experimental
Hints to provide for the cluster in order to find proper endpoint in task registry.
Hints to provide for the cluster in order to find proper endpoint in task registry.
[nat-test.lab.dynatrace.org, 1521, orc]dt.extension.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
AUTHENTICATION_ERRORUnable to connect to EEC
DEVICE_CONNECTION_ERRORFailed to establish connection with the device
EEC_CONNECTION_ERRORUnable to connect to EEC
GENERIC_ERRORGeneric status used to communicate job failed
INVALID_ARGS_ERRORInvalid arguments
INVALID_CONFIG_ERRORConfig provided by EEC is invalid
OKExtension works fine
UNKNOWN_ERRORUninitialized/unknown error
Process Grouping Fields
Attributes used for Process Group enrichment in extensions.
Dynatrace ingest fields
Attributes defined in this namespace are used by Dynatrace to describe different aspects of the ingested data.
Fields
Attribute
Type
Description
Examples
dt.ingest.formatstring
experimental
The format of the data ingested in Dynatrace via the various ingest channels. E.g., Generic log ingest, OTLP logs ingest
The format of the data ingested in Dynatrace via the various ingest channels. E.g., Generic log ingest, OTLP logs ingest
dtapi/json; otlp/protobufdt.ingest.warningsstring[]
experimental
An array of strings that represent markers on not-expected situations that might affect correctness or completness of incomming data point. It may be for instance limits applied or processing rule failing. It should not be detailed log with what happened, just high-level class of issue that occured.
An array of strings that represent markers on not-expected situations that might affect correctness or completness of incomming data point. It may be for instance limits applied or processing rule failing. It should not be detailed log with what happened, just high-level class of issue that occured.
[attr_count_trimmed, content_trimmed]dt.ingest.debug_messagesstring[]
experimental
An array of strings that represent debug messages that provide a detailed debugging information. That could include even variable parts, like which attribute was modified, or which processing rules were applied.
An array of strings that represent debug messages that provide a detailed debugging information. That could include even variable parts, like which attribute was modified, or which processing rules were applied.
[MyATTribute mapped to myAttribute]dt.ingest.format MUST be one of the following:
Value
Description
dtapi/jsonJSON data ingested via the Dynatrace APIs
dtapi/plaintextPlain text data ingested via the Dynatrace APIs
otlp/jsonOpenTelemetry Protocol (OTLP) JSON data ingested via the Dynatrace APIs
otlp/protobufOpenTelemetry Protocol (OTLP) Protobuf data ingested via the Dynatrace APIs
dt.ingest.warnings MUST contain only values from the following list:
Value
Description
content_trimmedThe content was trimmed, right after receiving it by Cluster/ActiveGate, because it exceeded the event content max byte size limit.
content_trimmed_pipeThe content was trimmed in post-processing (after applying processing rules) because it exceeded the event content max byte size limit
attr_count_trimmedThe number of attributes was trimmed, right after receiving it by Cluster/ActiveGate, because it exceeded the max number of attributes limit.
attr_count_trimmed_pipeThe number of attributes was trimmed in post-processing (after applying processing rules) because it exceeded the max number of attributes limit.
attr_key_case_mismatchThe attribute key is detected that matches the custom attribute key or the semantic attribute key, but there is the attribute key case mismatch.
attr_val_count_trimmedAt least one multi-value attribute had values number trimmed, right after receiving it by Cluster/ActiveGate, because it exceeded the max number of attributes limit.
attr_val_count_trimmed_pipeAfter applying processing rules, at least one multi-value attribute had its values number trimmed (after using processing rules) because it exceeded the maximum number of attributes limit.
attr_val_size_trimmedAt least one attribute had its value size trimmed, right after receiving it by Cluster/ActiveGate, because it exceeded the max value size in bytes limit.
attr_val_size_trimmed_pipeAt least one attribute had its value size trimmed (after applying processing rules) because it exceeded the max value size in bytes limit.
timestamp_correctedTimestamp was too far in the future and was corrected to current time.
common_attr_correctedSTATUS, LOG_LEVEL or EVENT_TYPE attribute was corrected.
processing_batch_timeoutBatch timeout occurred during processing pipeline.
processing_transformer_timeoutExecution timeout in one of processing transformers occurred during processing pipeline.
processing_transformer_errorExecution error in one of processing transformers occurred during processing pipeline.
processing_transformer_throttledExecution throttled in one of processing transformers during processing pipeline.
processing_output_record_conversion_errorOutput conversion error occurred for some record during processing pipeline.
processing_prepare_input_errorPrepare input error occurred in one of enabled processing pipeline rules.
Dynatrace
Fields
Attribute
Type
Description
Examples
dt.host_group.idstring
experimental
see Organize your environment using host groups. Note that host groups are identified by their name. This is not the entity ID of Host Group Entity, for which see dt.entity.host_group
Tags:
see Organize your environment using host groups. Note that host groups are identified by their name. This is not the entity ID of Host Group Entity, for which see dt.entity.host_group
Tags:
permissionmyHostGroupdt.pg_detection.cluster.idstring
dt.pg_detection.declarative.idstring
experimental
dt.pg_detection.environment.idstring
experimental
DT_ENVIRONMENT_ID environment variable dt.pg_detection.node.idstring
dt.process_group.detected_namestring
experimental
The name of the process group as it was detect by the agent.
The name of the process group as it was detect by the agent.
Apache Web Server httpd; Redis unguard-redis-* redisdt.security_contextstring
experimental
The security context is used in access permissions to limit the visibility. Learn more about the Dynatrace permission modelhere
Tags:
The security context is used in access permissions to limit the visibility. Learn more about the Dynatrace permission modelhere
Tags:
permission dt.source_entitystring
experimental
The ID of the entity considered the source of the measurement. The string needs to be in the format of any MONITORED_ENTITY type. 1
Tags:
The ID of the entity considered the source of the measurement. The string needs to be in the format of any MONITORED_ENTITY type. 1
Tags:
entity-idHOST-E0D8F94D9065F24F; PROCESS_GROUP_INSTANCE-E0D8F94D9065F24Fdt.source_entity.typestring
stable
The entity type of the entity whose identifier is held in dt.source_entity. The value must be a valid entity type and consistent with dt.source_entity. Note, though, that the type identifiers are expected to be lower cased in alignment with suffixes of dt.entity.* keys.
The entity type of the entity whose identifier is held in dt.source_entity. The value must be a valid entity type and consistent with dt.source_entity. Note, though, that the type identifiers are expected to be lower cased in alignment with suffixes of dt.entity.* keys.
host; process_group_instance; cloud:azure:resource_groupdt.cost.costcenterstring
stable
Can be used to assign usage to a Cost Center.
Can be used to assign usage to a Cost Center.
Team Adt.cost.productstring
stable
Can be used to assign usage to a Product or Application ID.
Can be used to assign usage to a Product or Application ID.
Product Adt.metrics.sourcestring
telegraf; com.dynatrace.extension.sql-oracledt.querystring
timeseries avg(dt.host.cpu.idle); fetch logs1
Value of this attribute will be based on one of dt.entity.<type> attributes value. That means that both attributes dt.source_entity and corresponding dt.entity.<type> will be set to the same ID.
2
This is the framework used for capturing, processing and forwarding metrics, not the emitting monitored entity. Exemplary custom value: name of an extension sending metrics.
dt.metrics.source has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
dynatrace_codemoduledynatrace_codemodule
dynatrace_ingestdynatrace_ingest
dynatrace_osagentOsAgent
micrometerMicrometer
oneagent_metric_apiOneAgentMetricAPI
opentelemetryOpenTelemetry
statsdStatsD
telegrafTelegraf
Dynatrace OpenPipeline fields
Fields defined in this namespace are used by Dynatrace to describe various aspects of the data ingested through OpenPipeline, providing detailed insights into the ingestion process.
Fields
Attribute
Type
Description
Examples
dt.openpipeline.pipelinesstring[]
experimental
Collects the identifiers of all pipelines through which a record has passed during the ingestion process in OpenPipeline, providing a complete trace of its journey.
Collects the identifiers of all pipelines through which a record has passed during the ingestion process in OpenPipeline, providing a complete trace of its journey.
[[logs:default], [logs:pipeline_haproxy_2656, bizevents:default]]dt.openpipeline.sourcestring
experimental
Identifies the source (such as API endpoints or OneAgent) used for ingesting the record into OpenPipeline.
Identifies the source (such as API endpoints or OneAgent) used for ingesting the record into OpenPipeline.
/platform/ingest/v1/events; oneagentDynatrace RUM
The dt.rum namespace contains Dynatrace RUM specific fields.
Fields
Attribute
Type
Description
Examples
dt.rum.schema_versionstring
stable
The Dynatrace RUM enrichment version.
The Dynatrace RUM enrichment version.
0.1dt.rum.application.idstring
stable
The Dynatrace RUM application ID (UUID for Mobile, MEid for Web)
The Dynatrace RUM application ID (UUID for Mobile, MEid for Web)
ea7c4b59f27d43ebdt.rum.session.idstring
stable
The user session id.
The user session id.
HOPCPWKILUKHFHWRRQGBHHPAFLUJUOSH-0; 23626166142035610_1-0dt.rum.instance.idstring
stable
The RUM application instance id. (Formerly known as visitor id, the internal user id, the rxVisitor cookie value.)
The RUM application instance id. (Formerly known as visitor id, the internal user id, the rxVisitor cookie value.)
3735928559Settings
Fields for referencing Settings 2.0 objects, schemas and scopes.
Considerations on which fields to use
Although the dt.settings.object_id is enough to identify a specific settings value within a dynatrace environment, adding explicit information about the schema, scope and/or scope type can be useful nonetheless. If your use-case will only ever involve a single schema, scope type and/or scope, documenting this is good enough - if multiple schemas, scope types and/or scopes can be involved, filling the corresponding fields is strongly recommended.
dt.settings.references can be used if multiple settings objects need to be referenced. In that case, each entry in the array can hold a reference to a single settings object.
Top level fields
The top level fields contain generally relevant information for all monitoring data.
Attribute
Type
Description
Examples
dt.settings.object_idstring
experimental
The object ID of a settings value. This corresponds to the 'objectId' field/parameter in the Settings API.
The object ID of a settings value. This corresponds to the 'objectId' field/parameter in the Settings API.
vu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQdt.settings.object_summarystring
experimental
The human-readable summary or name of a single value of a multi-value settings schema. This corresponds to the 'summary' field in the Settings API.
The human-readable summary or name of a single value of a multi-value settings schema. This corresponds to the 'summary' field in the Settings API.
Journey Service all errors; Really, this can be anything; My alerting ruledt.settings.schema_idstring
experimental
The schema ID of a settings schema, as used in the Settings APIs.
The schema ID of a settings schema, as used in the Settings APIs.
builtin:problem.notifications; app:dynatrace.jenkins:connectiondt.settings.schema_versionstring
experimental
The version of the schema referenced by dt.settings.schema_id, as declared by the schema itself. Typically a semantic version number.
The version of the schema referenced by dt.settings.schema_id, as declared by the schema itself. Typically a semantic version number.
1.0.0; 1.2.3dt.settings.scope_typestring
experimental
The type of the scope that a settings object is persisted on.
The type of the scope that a settings object is persisted on.
environment; host_group; hostdt.settings.scope_idstring
experimental
The ID of the scope that a settings object is persisted on. This corresponds to the 'scope' field/parameter in the Settings API.
The ID of the scope that a settings object is persisted on. This corresponds to the 'scope' field/parameter in the Settings API.
environment; HOST-EFAB6D2FE7274823dt.settings.scope_namestring
experimental
The human-readable name of the scope that a settings object is persisted on.
The human-readable name of the scope that a settings object is persisted on.
deb-10-k3s-oi-01.lab.dynatrace.orgdt.settings.relationshipstring
experimental
The type of relationship to the referenced settings object. You can use arbitrary values (in
The type of relationship to the referenced settings object. You can use arbitrary values (in
snake_case) here that describe the relationship for your use-case.matched_rule; triggered_alertdt.settings.referencesrecord[]
experimental
A collection of references to settings objects. Each entry in the array holds a reference to a single settings object.
A collection of references to settings objects. Each entry in the array holds a reference to a single settings object.
[{'dt.settings.object_id': 'vu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQ', 'dt.settings.relationship': 'matched_rule'}, {'dt.settings.object_id': 'vu9U3hXa3q0AAAABAB9idWlsdGluOmRhdmlzLmFub21hbHktZGV0ZWN0b3JzAAZ0ZW5hbnQABnRlbmFudAAkMzM2NTc3MTgtYWNjYi0zOGY1LTlmOGUtMTg5NTBiYmNjNmRhvu9U3hXa3q0', 'dt.settings.relationship': 'triggered_alert'}]Dynatrace Synthetic
The dt.synthetic namespace contains Dynatrace synthetic specific fields.
Fields
Attribute
Type
Description
Examples
dt.synthetic.step.idstring
experimental
The identifier of the step.
The identifier of the step.
HTTP_CHECK_STEP-6349B98E1CD87352dt.synthetic.batch.idlong
experimental
The identifier of the batch (defined for on-demand executions only).
The identifier of the batch (defined for on-demand executions only).
dt.synthetic.monitor.idstring
experimental
The identifier of the monitor.
The identifier of the monitor.
HTTP_CHECK-6349B98E1CD87352dt.synthetic.location.idstring
experimental
The identifier of the location from where the monitor was executed.
The identifier of the location from where the monitor was executed.
SYNTHETIC_LOCATION-9BB04DAEBA71B8CAdt.synthetic.execution.idlong
experimental
The identifier of the execution.
The identifier of the execution.
100681465183dt.synthetic.execution.end_timestamptimestamp
experimental
The timestamp when execution was finished, in UTC milliseconds.
The timestamp when execution was finished, in UTC milliseconds.
1629891695487dt.synthetic.execution.typestring
experimental
The type of the execution.
The type of the execution.
on-demanddt.synthetic.failed_execution.execution.idlong
experimental
The identifier of the execution.
The identifier of the execution.
dt.synthetic.failed_execution.execution.stagestring
experimental
The stage of the execution.
The stage of the execution.
Data retrieveddt.synthetic.failed_execution.execution.timestamptimestamp
experimental
The timestamp when execution was finished, in UTC milliseconds.
The timestamp when execution was finished, in UTC milliseconds.
1629891693487dt.synthetic.failed_execution.status.codelong
experimental
Numeric representation of the status.
Numeric representation of the status.
599dt.synthetic.failed_execution.status.messagestring
experimental
The message returned by an execution or a status message.
The message returned by an execution or a status message.
TIMEOUTdt.synthetic.failed_execution.status.detailsstring
experimental
Status details.
Status details.
connection timed out after 5000 ms: google.comdt.synthetic.failed_execution.status.on_demand.messagestring
experimental
The on-demand status message.
The on-demand status message.
Successdt.synthetic.failed_execution.status.on_demand.detailsstring
experimental
The details of the status.
The details of the status.
PERFORMANCE_THRESHOLD_VIOLATIONdt.synthetic.failed_execution.monitor.idstring
experimental
The identifier of the monitor.
The identifier of the monitor.
HTTP_CHECK-6349B98E1CD87352dt.synthetic.failed_execution.location.idstring
experimental
The identifier of the location from where the monitor was executed.
The identifier of the location from where the monitor was executed.
SYNTHETIC_LOCATION-9BB04DAEBA71B8CAdt.synthetic.triggering_problem.execution.idlong
experimental
The identifier of the execution.
The identifier of the execution.
dt.synthetic.triggering_problem.entity.idstring
experimental
The identifier of the entity.
The identifier of the entity.
HTTP_CHECK-6349B98E1CD87352dt.synthetic.triggering_problem.location.idstring
experimental
The identifier of the location from where the monitor was executed.
The identifier of the location from where the monitor was executed.
SYNTHETIC_LOCATION-9BB04DAEBA71B8CAdt.synthetic.triggering_problem.detailsstring
experimental
The details of triggering problem.
The details of triggering problem.
Throttling on the location. Minimum duration between successive executions for a single user is 60 secdt.synthetic.triggering_problem.causestring
experimental
The cause of not triggering entity.
The cause of not triggering entity.
Location not founddt.synthetic.custom_log.timestamptimestamp
experimental
The custom log timestamp.
The custom log timestamp.
1629891695487dt.synthetic.custom_log.loglevelstring
experimental
The log event severity level.
The log event severity level.
infodt.synthetic.custom_log.messagestring
experimental
The custom log message.
The custom log message.
log messagedt.synthetic.result.statistics.durationduration
experimental
The duration of the step/sum of all step.
The duration of the step/sum of all step.
456dt.synthetic.result.statistics.start_timestamptimestamp
experimental
The start timestamp of the execution.
The start timestamp of the execution.
dt.synthetic.failed_execution.execution.stage MUST be one of the following:
Value
Description
Data retrievedData retrieved
ExecutedExecuted
Not triggeredNot triggered
Timed outNot triggered
TriggeredTriggered
WaitingWaiting
Dynatrace system fields
The namespace dt.system is reserved for Grail. These fields cannot be ingested but instead will be set by Grail directly. Every record that is fetched from Grail provides these fields, but by default they are hidden. You can display them by using the fieldsAdd command.
Example query:
// display the bucket for each log recordfetch logs| fieldsAdd dt.system.bucket
Fields
Attribute
Type
Description
Examples
dt.system.bucketstring
stable
The Grail bucket that the record is stored in.
The Grail bucket that the record is stored in.
default_logs; default_spans; default_bizeventsdt.system.monitoring_sourcestring
stable
Identifies the license under which the source is running.
Identifies the license under which the source is running.
fullstack_host; infrastructuredt.system.storage_intervalstring
stable
Identifies the timeframe represented by individual data structures stored under a metric key.
Identifies the timeframe represented by individual data structures stored under a metric key.
1 mindt.system.tablestring
stable
The table that the record belongs to.
The table that the record belongs to.
logs; bizeventsdt.system.environmentstring
stable
The Dynatrace environment that the record belongs to.
The Dynatrace environment that the record belongs to.
wkf10640dt.system.segment_idstring
stable
The segment that the record belongs to.
The segment that the record belongs to.
5d97c09e-7337-443e-bab5-2f0474804687dt.system.sampling_ratiolong
stable
The selected sampling ratio.
The selected sampling ratio.
1dt.system.monitoring_source MUST be one of the following:
Value
Description
discoveryThe source is running under the discovery license.
fullstack_containerThe source is running under the full-stack container license.
fullstack_hostThe source is running under the full-stack host license.
infrastructureThe source is running under the infrastructure license.
mainframeThe source is running under the mainframe license.
dt.system.storage_interval MUST be one of the following:
Value
Description
1 minThe timeframe represented by individual measurements of a metrics record in storage.
Dynatrace specific tracing fields
Fields defined in this namespace are used by Dynatrace to describe different aspects of the context propagation between spans.
Fields
Attribute
Type
Description
Examples
dt.tracing.custom_link.iduid
experimental
The custom link id to identify spans calling each other. The id is derived from the custom link bytes.
The custom link id to identify spans calling each other. The id is derived from the custom link bytes.
736bd2684696c4a8dt.tracing.custom_link.typestring
experimental
The type of the custom link defines if a mapping of the
The type of the custom link defines if a mapping of the
dt.tracing.custom_link.original_bytes to the dt.tracing.custom_link.transformed_bytes was applied.genericdt.tracing.custom_link.original_bytesbinary
experimental
The original binary data of the custom link.
The original binary data of the custom link.
ycXlxUBAQEDee9lm8pBcA8nF5cVAQEBA3nvZZvKQXAPee9lm8s4SAQ==dt.tracing.custom_link.transformed_bytesbinary
experimental
The transformed binary data of the custom link, only available if a mapping was applied.
The transformed binary data of the custom link, only available if a mapping was applied.
ycXlxUBAQEDee9lm8pBcA8nF5cVAQEBA3nvZZvKQXAPee9lm8s4SAQ==dt.tracing.link.iduid
experimental
Unique identifier for a dynatrace link.
Unique identifier for a dynatrace link.
dt.tracing.link.is_syncboolean
experimental
true indicates that caller waits on the response. Only available on span links with dt.tracing.link.direction set to outgoing.dt.tracing.foreign_link.textstring
experimental
An incoming foreign link (could be cross-environment, or cross-product).
An incoming foreign link (could be cross-environment, or cross-product).
FW4;129;12;-2023406815;4539717;0;17;66;c511;2h02;3h12345678;4h676767; FW1;129;4711;59959450;-1859959450;3;17;0dt.tracing.foreign_link.bytesbinary
experimental
An incoming foreign link (could be cross-environment, or cross-product).
An incoming foreign link (could be cross-environment, or cross-product).
00000004000000010000000200000003000000040000002300000001dt.tracing.response.headersrecord
experimental
A collection of key-value pairs containing received response headers related to tracing from an outgoing call. There may be multiple values for each header. Used for cross-environment linking.
A collection of key-value pairs containing received response headers related to tracing from an outgoing call. There may be multiple values for each header. Used for cross-environment linking.
{'traceresponse': ['00-7b9e3e4068167838398f50017bfad358-d4ffc7e33530967a-01'], 'x-dt-tracestate': ['9651e1a8-19506b7c@dt']}dt.tracing.link.directionstring
experimental
The direction of the span link to define the correct order between spans.
The direction of the span link to define the correct order between spans.
outgoingdt.tracing.custom_link.type MUST be one of the following:
Value
Description
genericThe
dt.tracing.custom_link.original_bytes have no special meaning.ibm_mqThe
dt.tracing.custom_link.original_bytes are an IBM MQ custom link.ibm_mq_ignore_qnameThe
dt.tracing.custom_link.original_bytes are an IBM MQ custom link, but the qname part should be ignored in mapping.dt.tracing.link.direction MUST be one of the following:
Value
Description
incomingIndicates that the link represents an incoming call (the child in a parent-child relationship).
outgoingIndicates that the link represents an outgoing call (the parent in a parent-child relationship).
Elasticsearch
Fields
Attribute
Type
Description
Examples
elasticsearch.cluster.namestring
experimental
elasticsearch.node.namestring
experimental
Endpoint
Endpoints define the public interface of services.
Fields
Attribute
Type
Description
Examples
endpoint.namestring
stable
The endpoint name is derived from endpoint detection rules and uniquely identifies one endpoint of a particular service. Endpoint names are usually technology specific and should be defined by attributes with low cardinality like http.route or rpc.method. Endpoints are exclusively detected on request root spans.
The endpoint name is derived from endpoint detection rules and uniquely identifies one endpoint of a particular service. Endpoint names are usually technology specific and should be defined by attributes with low cardinality like http.route or rpc.method. Endpoints are exclusively detected on request root spans.
/; /get-cart; /productpage; Reviews.GetReviewsEntity fields
Fields that describe entities.
Attribute
Type
Description
Examples
entity.conditional_namestring
stable
The entity name as defined by conditional naming rules. This name will be calculated based on a rules on the cluster side.
The entity name as defined by conditional naming rules. This name will be calculated based on a rules on the cluster side.
Cl-Prod1 Ser-1entity.customized_namestring
stable
The entity name as defined in the entity settings screen. This name is statically defined by the user for a particular entity.
The entity name as defined in the entity settings screen. This name is statically defined by the user for a particular entity.
Host 1234entity.detected_namestring
stable
The entity name as detected by Dynatrace or defined by the data source of the entity. Depending on the entity type this can involve different heuristics.
The entity name as detected by Dynatrace or defined by the data source of the entity. Depending on the entity type this can involve different heuristics.
ip-10-100-200-5.eu-west-1.compute.internalentity.namestring
stable
All entities have an entity.name field. The following fields will be considered in order to determine the value:
All entities have an entity.name field. The following fields will be considered in order to determine the value:
entity.customized_name, entity.conditional_name, entity.detected_name.easyTravelentity.typestring
stable
The entity type
The entity type
host; serviceEquinox
Fields
Attribute
Type
Description
Examples
equinox.config.pathstring
experimental
ESB
Fields
Attribute
Type
Description
Examples
esb.workflow.namestring
experimental
The name of the workflow, aka. the message flow for the IBM ESB.
The name of the workflow, aka. the message flow for the IBM ESB.
myMessageFlow; YourBusinessWorkflow; any_flowesb.application.namestring
experimental
The name of the application that holds the workflows of the business logic.
The name of the application that holds the workflows of the business logic.
myBusinessApp; YourServiceApp; any_workesb.library.namestring
experimental
The name of the library that hosts commonly used workflows to be re-used in applications.
The name of the library that hosts commonly used workflows to be re-used in applications.
myWebServicesLib; YourMessagingLibrary; any_toolsesb.vendorstring
experimental
The vendor of the ESB technology used.
The vendor of the ESB technology used.
ibm; tibcoEvent
The event namespace contains common identification, categorization and context on events in Dynatrace.
Fields
Attribute
Type
Description
Examples
event.idstring
stable
Unique identifier string of an event, is stable across multiple refreshes and updates.
Unique identifier string of an event, is stable across multiple refreshes and updates.
5547782627070661074_1647601320000event.parent_idstring
experimental
Unique identifier string of a parent event to link parent and child events.
Unique identifier string of a parent event to link parent and child events.
5547782627070661074_1647601319999event.kindstring
stable
Gives high-level information about what kind of information the event contains, without being specific to the contents of the event. Helps to determine the record type of a raw event.
Tags:
Gives high-level information about what kind of information the event contains, without being specific to the contents of the event. Helps to determine the record type of a raw event.
Tags:
permissionINFRASTRUCTURE_EVENT; DAVIS_EVENT; BIZ_EVENT; RUM_EVENT; AUDIT_EVENT; BILLING_USAGE_EVENTevent.categorystring
stable
Standard categorization based on the significance of an event (similar to the severity level in the previous Dynatrace).
Standard categorization based on the significance of an event (similar to the severity level in the previous Dynatrace).
Availabilityevent.typestring
stable
The unique type identifier of a given event.
Tags:
The unique type identifier of a given event.
Tags:
permissionESXI_HOST_MEMORY_SATURATION; PROCESS_RESTART; CPU_SATURATION; MEMORY_SATURATION; Automation Workflow; AppEngine Functions - Smallevent.providerstring
stable
Source of the event, for example the name of the component or system that generated the event.
Tags:
Source of the event, for example the name of the component or system that generated the event.
Tags:
permissionOneAgent; K8S; Davis; VMWare; GCP; AWS; LIMA_USAGE_STREAMevent.namestring
stable
The human readable display name of an event type.
The human readable display name of an event type.
Process crashed; CPU Saturationevent.descriptionstring
stable
Human-readable description of an event.
Human-readable description of an event.
The current response time (11 s) exceeds the auto-detected baseline (767 ms) by 1,336 %event.startstring
stable
The event start timestamp in UTC (given in Grail preferred Linux timestamp nano precision format).
The event start timestamp in UTC (given in Grail preferred Linux timestamp nano precision format).
16481073970000event.endstring
stable
The event end timestamp in UTC (given in Grail preferred Linux timestamp nano precision format).
The event end timestamp in UTC (given in Grail preferred Linux timestamp nano precision format).
16481073970000event.statusstring
stable
Status of an event as being either Active or Closed.
Status of an event as being either Active or Closed.
Activeevent.status_transitionstring
experimental
An enum that shows the transition of the above event state.
An enum that shows the transition of the above event state.
Recoveredevent.group_labelstring
experimental
Group label of an event.
Group label of an event.
Availabilityevent.outcomestring
stable
Denotes whether the event represents a success or a failure from the perspective of the entity that produced the event (e.g. an HTTP response code).
Denotes whether the event represents a success or a failure from the perspective of the entity that produced the event (e.g. an HTTP response code).
200; success; failureevent.versionstring
stable
Describes the version of the event.
Describes the version of the event.
1.0.0Values
Values are either in title-case or screaming snake case.
event.category SHOULD be one of the following:
Value
Description
Availabilityavailability
Errorerror
Slowdownslowdown
Resource contentionresource_contention
Warningwarning
Infoinfo
Vulnerability managementvulnerability_management
event.status SHOULD be one of the following:
Value
Description
Activeactive
Closedclosed
event.status_transition SHOULD be one of the following:
Value
Description
Createdcreated
Updatedupdated
Refreshedrefreshed
Resolvedresolved
Recoveredrecovered
Closedclosed
Timed outtimed out
Reopenedreopened
Exception
Fields
Attribute
Type
Description
Examples
exception.typestring
experimental
The type of the exception (its fully-qualified class name, if applicable).
The type of the exception (its fully-qualified class name, if applicable).
java.net.ConnectException; OSErrorexception.messagestring
experimental
The exception message.
The exception message.
Division by zeroexception.file.fullstring
experimental
The full file location available when the exception happened. Can be an absolute URL or just the name of the file.
The full file location available when the exception happened. Can be an absolute URL or just the name of the file.
https://www.foo.bar/path/main.js; main.jsexception.file.domainstring
experimental
The URI domain component extracted out of
The URI domain component extracted out of
exception.file.full.www.foo.barexception.file.pathstring
experimental
The URI path component extracted out of
The URI path component extracted out of
exception.file.full./path/main.jsexception.line_numberlong
experimental
The line number where the exception happened.
The line number where the exception happened.
1401exception.column_numberlong
experimental
The column number where the exception happened.
The column number where the exception happened.
12304exception.stack_tracestring
experimental
The stack trace of the exception. The format depends on the technology and source. While OneAgent formats stack traces to unify them across technologies, are stack traces from an OpenTelemetry source in the format they were sent to Dynatrace.
The stack trace of the exception. The format depends on the technology and source. While OneAgent formats stack traces to unify them across technologies, are stack traces from an OpenTelemetry source in the format they were sent to Dynatrace.
@https://www.foo.bar/path/main.js:59:26 e@https://www.foo.bar/path/lib/1.1/lib.js:2:30315exception.escapedboolean
experimental
true indicates that the exception was recorded at a point where it is known that the exception escaped the scope of the span.exception.iduid
experimental
The identifier of an exception, it should be unique within a list of exceptions. The identifier is used to reference the exception.
The identifier of an exception, it should be unique within a list of exceptions. The identifier is used to reference the exception.
exception.caused_by_iduid
experimental
The
The
exception.id of the exception the current exception was caused by.exception.is_caused_by_rootboolean
experimental
Is set to
Is set to
true if the exception is first exception of a caused by chain.Function as a Service (FaaS)
Fields that can be expected from serverless functions or Function as a Service (FaaS) on various cloud platforms.
Fields
Resource attributes
Attribute
Type
Description
Examples
faas.namestring
my-function; myazurefunctionapp/some-function-name; test_functionfaas.max_memorylong
experimental
The amount of memory available to the serverless function in Bytes.
The amount of memory available to the serverless function in Bytes.
1
This is the name of the function as configured/deployed on the FaaS
platform and is usually different from the name of the callback
function (which may be stored in the code.namespace/code.function span attributes).
2
Value of the field depends on a cloud provider. This field is not set for Azure.
Span attributes
Attribute
Type
Description
Examples
faas.invoked_providerstring
experimental
The cloud provider of the invoked function. Will be equal to the
The cloud provider of the invoked function. Will be equal to the
cloud.provider resource attribute of the invoked function.alibaba_cloudfaas.invoked_namestring
experimental
The name of the invoked function.
The name of the invoked function.
my-functionfaas.coldstartboolean
experimental
A boolean that is true if the serverless function is executed for the first time (aka cold-start).
A boolean that is true if the serverless function is executed for the first time (aka cold-start).
faas.triggerstring
experimental
Type of the trigger which caused this function invocation.
Type of the trigger which caused this function invocation.
datasource1
Will be equal to the cloud.region resource attribute of the invoked function.
faas.invoked_provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
alibaba_cloudAlibaba Cloud
awsAmazon Web Services
azureMicrosoft Azure
gcpGoogle Cloud Platform
tencent_cloudTencent Cloud
faas.trigger MUST be one of the following:
Value
Description
datasourceA response to some data source operation such as a database or filesystem read/write.
httpTo provide an answer to an inbound HTTP request
otherIf none of the others apply
pubsubA function is set to be executed when messages are sent to a messaging system.
timerA function is scheduled to be executed regularly.
Feature Flag
Attribute
Type
Description
Examples
feature_flag.keystring
experimental
The unique identifier of the feature flag.
The unique identifier of the feature flag.
logo-colorfeature_flag.provider_namestring
experimental
The name of the service provider that performs the flag evaluation.
The name of the service provider that performs the flag evaluation.
Flag Managerfeature_flag.variantstring
experimental
SHOULD be a semantic identifier for a value. If one is unavailable, a stringified version of the value can be used. 1
SHOULD be a semantic identifier for a value. If one is unavailable, a stringified version of the value can be used. 1
red; true; on1
A semantic identifier, commonly referred to as a variant, provides a means
for referring to a value without including the value itself. This can
provide additional context for understanding the meaning behind a value.
For example, the variant red maybe be used for the value #c05543.
A stringified version of the value can be used in situations where a semantic identifier is unavailable. String representation of the value should be determined by the implementer.
Google Cloud Platform
Fields
Attribute
Type
Description
Examples
gcp.app_engine.instancestring
experimental
gcp.app_engine.servicestring
experimental
gcp.cloud_run.servicestring
experimental
gcp.instance.idstring
experimental
A permanent identifier that is unique within your Google Cloud project.
A permanent identifier that is unique within your Google Cloud project.
6639848141313102286gcp.regionstring
experimental
A region is a specific geographical location where you can host your resources.
A region is a specific geographical location where you can host your resources.
europe-west3gcp.zonestring
experimental
A zone is a subset of a region. Each region has three or more zones.
A zone is a subset of a region. Each region has three or more zones.
europe-west3-cgcp.locationstring
experimental
Region or zone the instance of the GCP resource is running on.
Region or zone the instance of the GCP resource is running on.
europe-west3-cgcp.project.idstring
experimental
The identifier of the GCP project associated with this resource.
Tags:
The identifier of the GCP project associated with this resource.
Tags:
permissiondynatrace-gcp-extensiongcp.instance.namestring
experimental
The name to display for the instance in the Cloud Console.
The name to display for the instance in the Cloud Console.
single-vm-testgcp.resource.typestring
experimental
The name of a resource type.
The name of a resource type.
cloudsql_databasegcp.resource.namestring
experimental
The globally unique resource name in Google Cloud Platform convention
The globally unique resource name in Google Cloud Platform convention
//cloudfunctions.googleapis.com/projects/gcp-example-project/locations/us-central1/functions/examplefunctionGeolocation
The geo namespace contains geo location information. This section only holds all currently agreed upon fields in the Dynatrace Semantic Dictionary. Aligned closely to the ECS, with some adaptions around field groupings
Fields
Attribute
Type
Description
Examples
geo.continent.namestring
stable
English name of the continent.
English name of the continent.
North Americageo.country.namestring
stable
English name of the country.
English name of the country.
Canadageo.region.namestring
stable
English name of the region.
English name of the region.
Quebecgeo.city.namestring
stable
English name of the city.
English name of the city.
MontrealGlassfish
Fields
Attribute
Type
Description
Examples
glassfish.domain.namestring
experimental
The name of the domain this instance belongs to.
The name of the domain this instance belongs to.
glassfish.instance.namestring
experimental
The instance's name.
The instance's name.
Go
Fields
Attribute
Type
Description
Examples
go.linkagestring
experimental
Host
Fields describing a host.
Host naming
Dynatrace aims to use the best fitting name for the field host.name. See below, how Dynatrace determines the host name in an ordered by precedence fashion:
1. Customized host name
Dynatrace supports customizing the host.name property. A custom set host name takes precedence over the auto detection mechanisms described further down.
- Place a configuration file containing the desired name in a specific directory as described in this Documentation
- Alternatively, the
oneagentctltool can be used to set a custom host name. See Documentation for details.
2. Cloud vendor metadata
If no customized name is set locally, the OneAgent attempts to determine the host.name value by accessing cloud metadata where applicable.
- AWS EC2:
- If access to EC2 tags was granted (see AWS Documentation) and a tag with a key
name(case insensitive) is found, the tag's value is used as thehost.name. - If tags can not be accessed, the EC2 instance's
instance-idproperty is used.
- If access to EC2 tags was granted (see AWS Documentation) and a tag with a key
- Azure VM:
- The VM's
name(case insensitive) instance metadata property is used. See Microsoft Azure documentation
- The VM's
- Google Compute Engine:
- The VM's
hostnameinstance metadata property is used. See Google Cloud documentation.
- The VM's
3a. Linux & AIX
- The result of the system call to the standard C library's
gethostname()if it can be interpreted as a fully qualified domain name (FQDN) and doesn't contain "localhost". - Otherwise, a system call to
getaddrinfo()for port 80 is issued, again sanity checking whether the returned name is an FQDN and doesn't contain "localhost".
3b. Windows
- On Windows, the system call
GetComputerNameExAis used to determine a host's name. In particular, the resulting name is composed of<hostname>.<domainname>with the following detailshostname= ComputerNameDnsHostname retrieved by GetComputerNameExdomainname= ComputerNameDnsDomain retrieved by GetComputerNameEx
- Defaults to the string
EmptyHostNameif neither property can be resolved.
Fields
Attribute
Type
Description
Examples
host.namestring
experimental
The host name as determined on the data source (e.g. OneAgent, extensions, OpenTelemetry, …).
Important: This is not the name of the host entity, which can be modified based on naming rules.
Tags:
The host name as determined on the data source (e.g. OneAgent, extensions, OpenTelemetry, …).
Important: This is not the name of the host entity, which can be modified based on naming rules.
Tags:
permissionip-10-178-54-32.ec2.internalhost.ipipAddress[]
experimental
A list of IP adresses (IPv4 or IPv6) of this host.
A list of IP adresses (IPv4 or IPv6) of this host.
[194.232.104.141, 2a01:468:1000:9::140]HTTP
Attribute
Type
Description
Examples
http.request.methodstring
experimental
HTTP request method.
HTTP request method.
GET; POST; HEADhttp.response.reason_phrasestring
experimental
The HTTP reason phrase (HTTP1 only).
The HTTP reason phrase (HTTP1 only).
Not foundhttp.request.body.sizelong
experimental
The size of the request payload body in bytes. This is the number of bytes transferred excluding headers and is often, but not always, present as the Content-Length header. For requests using transport encoding, this should be the compressed size.
The size of the request payload body in bytes. This is the number of bytes transferred excluding headers and is often, but not always, present as the Content-Length header. For requests using transport encoding, this should be the compressed size.
3495http.response.body.sizelong
experimental
The size of the response payload body in bytes. This is the number of bytes transferred excluding headers and is often, but not always, present as the Content-Length header. For requests using transport encoding, this should be the compressed size.
The size of the response payload body in bytes. This is the number of bytes transferred excluding headers and is often, but not always, present as the Content-Length header. For requests using transport encoding, this should be the compressed size.
3495http.request.header.__key__string
experimental
HTTP request headers,
Tags:
HTTP request headers,
__key__ being the lowercase HTTP header name, e.g. "http.request.header.accept-encoding". The value is a string. If there are multiple headers with the same name or multiple header values, the values will be comma separated into a single string.Tags:
sensitive-spanshttps://www.foo.bar/; gzip, deflate, br; 1.2.3.4, 1.2.3.5http.response.header.__key__string
experimental
HTTP response headers,
HTTP response headers,
__key__ being the lowercase HTTP header name, e.g. "http.response.header.content-type". The value is a string. If there are multiple headers with the same name or multiple header values, the values will be comma separated into a single string.909; text/html; charset=utf-8; abc, defhttp.routestring
experimental
The matched route (path template in the format used by the respective server framework).
The matched route (path template in the format used by the respective server framework).
/users/:userID?; Home/Index/{id?}Attribute
Type
Description
Examples
http.server_namestring
experimental
The server name as configured by the webserver if available. If no such name exists the local hostname and bound port. In Kubernetes the base pod name is used.
The server name as configured by the webserver if available. If no such name exists the local hostname and bound port. In Kubernetes the base pod name is used.
MyServer; localhost:8000Hybris
Fields
Attribute
Type
Description
Examples
hybris.bin.dirstring
experimental
/opt/hybris-60/hybris/binhybris.config.dirstring
experimental
/opt/hybris-60/hybris/confighybris.data.dirstring
experimental
/opt/hybris-60/hybris/dataReference
IBM
Fields
Attribute
Type
Description
Examples
ibm.ace.integration_node.namestring
experimental
The name of the integration node (aka. broker) that manages one or more integration server.
The name of the integration node (aka. broker) that manages one or more integration server.
myIntegrationNode; YourBroker; the_management_instanceibm.ace.integration_server.namestring
experimental
The name of the either broker-managed or standalone integration server (formerly known as execution group or dataflow engine).
The name of the either broker-managed or standalone integration server (formerly known as execution group or dataflow engine).
myIntegrationServer; YourExecutionGroup; dataflow_engineibm.cics.aorstring
experimental
ibm.cics.regionstring
experimental
ibm.cics.programstring
experimental
The name of the CICS program.
The name of the CICS program.
EDUCHANibm.cics.torstring
experimental
ibm.ctg.namestring
experimental
ibm.ims.connectstring
experimental
ibm.ims.controlstring
experimental
ibm.ims.mprstring
experimental
ibm.ims.soap_gw.namestring
experimental
Iis
Fields
Attribute
Type
Description
Examples
iis.app_pool.namestring
experimental
iis.role.namestring
experimental
Java
Fields
Attribute
Type
Description
Examples
java.jar.filestring
experimental
java.jar.pathstring
experimental
java.main.classstring
experimental
java.main.modulestring
experimental
JBoss
Fields
Attribute
Type
Description
Examples
jboss.homestring
experimental
The instance's home directory.
The instance's home directory.
jboss.modestring
experimental
The instance's operating mode.
The instance's operating mode.
org.jboss.as.standalone; org.jboss.as.serverjboss.server.namestring
experimental
The instance's server name.
The instance's server name.
JDBC
Fields
Attribute
Type
Description
Examples
jdbc.connection.pool.namestring
stable
The name of the JDBC connection pool.
The name of the JDBC connection pool.
jdbc/db2Kubernetes
Fields
Attribute
Type
Description
Examples
k8s.cluster.namestring
stable
(Optional) The name of the cluster in Dynatrace. Doesn't need to be unique, nor immutable.
Tags:
(Optional) The name of the cluster in Dynatrace. Doesn't need to be unique, nor immutable.
Tags:
permissionunguard-dev; k3s-oneagentk8s.cluster.uidstring
stable
A pseudo-ID for the cluster, set to the UID of the kube-system namespace.
A pseudo-ID for the cluster, set to the UID of the kube-system namespace.
1c7a24c7-ff51-46e0-bcc9-c52637ceec57k8s.node.namestring
stable
The name of the Node.
The name of the Node.
cluster-pool-1-c3c7423d-azthk8s.container.namestring
stable
The name of the Container from Pod specification, must be unique within a Pod. Container runtime usually uses different globally unique name (
The name of the Container from Pod specification, must be unique within a Pod. Container runtime usually uses different globally unique name (
container.name).redisk8s.namespace.namestring
stable
The name of the namespace that the pod is running in.
Tags:
The name of the namespace that the pod is running in.
Tags:
permissiondefaultk8s.pod.namestring
stable
The name of the Pod.
The name of the Pod.
opentelemetry-pod-autoconfk8s.pod.uidstring
stable
The UID of the Pod.
The UID of the Pod.
275ecb36-5aa8-4c2a-9c47-d8bb681b9affk8s.workload.namestring
stable
The name of the Workload.
The name of the Workload.
checkoutservicek8s.workload.kindstring
stable
The type of the Workload.
The type of the Workload.
deployment; statefulset; cronjob; job; daemonset; replicasetk8s.service.namestring
stable
The name of the Kubernetes Service.
The name of the Kubernetes Service.
my-serviceStandard fields used for log events
Fields relevant for log events
Fields
Attribute
Type
Description
Examples
loglevelstring
stable
The log event severity level.
The log event severity level.
ERROR; INFO; TRACElog.sourcestring
/var/log/messages; Windows Event Log; Docker Container Output; stdoutlog.source.originstring
stable
The log source origin indicates where the log derives from.
The log source origin indicates where the log derives from.
CUSTOM; IIS_LOG_DETECTORlog.iostreamstring
stable
The I/O stream to which the log was emitted.
The I/O stream to which the log was emitted.
stdout; stderrlog.file.pathstring
experimental
The full path to the file.
The full path to the file.
/var/log/messages; /var/log/dynatrace/agent.loglog.file.namestring
experimental
The basename of the file.
The basename of the file.
messages; agent.log1
Can contain e.g. a file path, standard output, an URI etc., depending on log stream type. The value should be stable for one logical source, so e.g. not affected by log file rotation digits.
loglevel MUST be one of the following:
Value
Description
ALERTalert
CRITICALcritical
DEBUGdebug
EMERGENCYemergency
ERRORerror
FATALfatal
INFOinfo
NONEnone
NOTICEnotice
SEVEREsevere
TRACEtrace
WARNwarn
log.source.origin MUST be one of the following:
Value
Description
CONTAINER_LOG_DETECTORContainer log detector.
CUSTOM_LOGCustom log source configuration.
IIS_LOG_DETECTORIIS log detector.
OPEN_LOG_DETECTOROpen log file detector.
SYSTEM_LOG_DETECTORSystem log detector.
log.iostream MUST be one of the following:
Value
Description
stderrstd_err
stdoutstd_out
Messaging
Fields
Attribute
Type
Description
Examples
messaging.systemstring
experimental
An identifier for the messaging system. See below for a list of well-known identifiers.
An identifier for the messaging system. See below for a list of well-known identifiers.
kafka; rabbitmqmessaging.operation.typestring
peekmessaging.message.idstring
experimental
A value used by the messaging system as an identifier for the message, represented as a string.
A value used by the messaging system as an identifier for the message, represented as a string.
452a7c7c7c7048c2f887f61572b18fc2messaging.message.conversation_idstring
experimental
The conversation ID identifying the conversation to which the message belongs, represented as a string. Sometimes called "Correlation ID".
The conversation ID identifying the conversation to which the message belongs, represented as a string. Sometimes called "Correlation ID".
MyConversationIdmessaging.message.body.sizelong
experimental
The (uncompressed) size of the message payload in bytes.
The (uncompressed) size of the message payload in bytes.
2738messaging.destination.kindstring
experimental
The kind of message destination
The kind of message destination
queue; topicmessaging.destination.temporaryboolean
experimental
A boolean that is true if the message destination is temporary and might not exist anymore after messages are processed.
A boolean that is true if the message destination is temporary and might not exist anymore after messages are processed.
messaging.source.kindstring
experimental
The kind of message source
The kind of message source
queue; topicmessaging.source.temporaryboolean
experimental
A boolean that is true if the message source is temporary and might not exist anymore after messages are processed.
A boolean that is true if the message source is temporary and might not exist anymore after messages are processed.
1
If a custom value is used for messaging.operation.type, it MUST be of low cardinality.
2
Destination name SHOULD uniquely identify a specific queue, topic or other entity within the broker.
3
Manager name SHOULD uniquely identify the broker.
4
Source name SHOULD uniquely identify a specific queue, topic, or other entity within the broker.
5
Manager name SHOULD uniquely identify the broker.
messaging.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
activemqActiveMQ
artemisActiveMQ Artemis
aws_snsAmazon Simple Notification Service (SNS)
aws_sqsAmazon Simple Queue Service (SQS)
azure_eventgridAzure Event Grid
azure_eventhubsAzure Event Hubs
azure_servicebusAzure Service Bus
gcp_pubsubGoogle Cloud Pub/Sub
hornetqHornetQ
jmsJava Message Service
kafkaApache Kafka
mqseriesIBM MQ
msmqMSMQ
rabbitmqRabbitMQ
rocketmqApache RocketMQ
sag_webmethods_isSoftware AG, webMethods Integration Server
tibco_emsTibco EMS
weblogicOracle WebLogic
websphereIBM WebSphere Application Server
messaging.operation.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
peekA message is received from a destination by a message consumer/server, but left there.
processA message that was previously received from a destination is processed by a message consumer/server.
publishA message is sent to a destination by a message producer/client.
receiveA message is received from a destination by a message consumer/server.
messaging.destination.kind MUST be one of the following:
Value
Description
queueA message sent to a queue
topicA message sent to a topic
messaging.source.kind MUST be one of the following:
Value
Description
queueA message received from a queue
topicA message received from a topic
Akka Messaging
Attribute
Type
Description
Examples
messaging.akka.actor.systemstring
experimental
Name of the actor system.
Name of the actor system.
RequesterSystem; ResponseSystemmessaging.akka.actor.pathstring
experimental
Path to actor inside actor system.
Path to actor inside actor system.
/system/log1-Logging$DefaultLogger; /remote/akka.tcp/RequesterSystem@localhost:52133/user/requestActor/$amessaging.akka.actor.kindstring
system; usermessaging.akka.actor.typestring
experimental
Fully qualified type name of actor.
Fully qualified type name of actor.
com.acme.RespondingActormessaging.akka.message.typestring
experimental
Fully qualified type name of the message.
Fully qualified type name of the message.
java.lang.String; akka.event.Logging$Info2; com.acme.twosuds.ResponseActor$RequestMessageModule Insights
In webserver technologies a multitude of modules might be contributing to handling a single web request. Module insights provides timings for these, where available.
Fields
Attribute
Type
Description
Examples
module_insights.modulesrecord
experimental
Modules executed as part of this web request, represented as map from module name to duration in nanoseconds spent.
Modules executed as part of this web request, represented as map from module name to duration in nanoseconds spent.
{'HttpRedirectionModule': 10299, 'BasicAuthenticationModule': 4665}Network
These attributes may be used for any network related operation.
Fields
Attribute
Type
Description
Examples
network.transportstring
tcp; udpnetwork.protocol.namestring
amqp; http; mqttnetwork.protocol.versionstring
experimental
Version of the application layer protocol used.
Version of the application layer protocol used.
1.1; 3.1.1network.carrier.namestring
experimental
Name of the mobile carrier.
Name of the mobile carrier.
Magenta; AT&Tnetwork.connection.typestring
experimental
Internet connection type.
Internet connection type.
cellular; wifinetwork.connection.subtypestring
experimental
Details connection.type, like cellular or wifi technology.
Details connection.type, like cellular or wifi technology.
lte; 802.11xnetwork.transport has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
inprocIn-process communication. 1
otherSomething else (non IP-based).
pipeNamed or anonymous pipe.
tcpTCP
udpUDP
unixUnix domain socket.
1
Signals that there is only in-process communication not using a "real" network protocol in cases where network attributes would normally be expected. Usually all other network attributes can be left out in that case.
network.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
ipv4IPv4
ipv6IPv6
Network device
Fields that are used in extensions to describe network devices.
Fields
Attribute
Type
Description
Examples
devicestring
deprecated
Used in Extension Framework 2.0
Address (IP address with port) used by a monitored device to communicate with an extension.
Used in Extension Framework 2.0
Address (IP address with port) used by a monitored device to communicate with an extension.
10.102.0.45:161device.addressipAddress
deprecated
Used in Extension Framework 2.0
IP address used by a monitored device to communicate with an extension.
Used in Extension Framework 2.0
IP address used by a monitored device to communicate with an extension.
10.102.0.45device.portstring
deprecated
Used in Extension Framework 2.0
Port used by a monitored device to communicate with an extension.
Used in Extension Framework 2.0
Port used by a monitored device to communicate with an extension.
161device.namestring
deprecated
Used in Extension Framework 2.0
Name of a device monitored by an extension.
Used in Extension Framework 2.0
Name of a device monitored by an extension.
AT1i-WLC-TestingLab.dynatrace.orgNodejs
Fields
Attribute
Type
Description
Examples
nodejs.app.base.dirstring
experimental
nodejs.app.namestring
experimental
nodejs.script.namestring
experimental
Openstack
Fields that can come from applications running on Openstack.
Fields
Resource attributes
Attribute
Type
Description
Examples
openstack.availability_zonestring
experimental
A specific availability zone in given openstack region.
A specific availability zone in given openstack region.
us-east-1aopenstack.instance_uuidstring
experimental
UUID of specific openstack instance.
UUID of specific openstack instance.
6790cb48-f8e9-4773-bcea-001469de0599Origin
The origin of a request associated with this event.
Attribute
Type
Description
Examples
origin.typestring
experimental
Origin type of the request associated with this event.
Origin type of the request associated with this event.
REST; LOCALorigin.addressstring
experimental
Source IP address of the request associated with this event if not of 'LOCAL' type.
Source IP address of the request associated with this event if not of 'LOCAL' type.
10.11.12.13origin.x_forwarded_forstring
experimental
The verbatim value of the X-Forwarded-For HTTP request header (if present) of the request associated with the event.
The verbatim value of the X-Forwarded-For HTTP request header (if present) of the request associated with the event.
1.2.3.4origin.sessionstring
experimental
The id of the browser session (if present) associated with the event.
The id of the browser session (if present) associated with the event.
node0hfzncorigin.type MUST be one of the following:
Value
Description
LOCALThe event provider issued the request locally.
RESTThe event provider received an external REST API call.
OS
The os namespace contains information on the operating system running an application.
Fields
Attribute
Type
Description
Examples
os.namestring
stable
Human readable operating system name.
Human readable operating system name.
iOSos.versionstring
stable
Version of the operating system.
Version of the operating system.
15.3.1OpenTelemetry scope
Fields
Attribute
Type
Description
Examples
otel.scope.namestring
experimental
The name of the instrumentation scope - (
The name of the instrumentation scope - (
InstrumentationScope.Name in OTLP).io.opentelemetry.contrib.mongodbotel.scope.versionstring
experimental
The version of the instrumentation scope - (
The version of the instrumentation scope - (
InstrumentationScope.Version in OTLP).1.0.0Php
Fields
Attribute
Type
Description
Examples
php.cli.script.pathstring
experimental
php.cli.working.dirstring
experimental
php.drupal.application.namestring
experimental
php.fpm.pool.namestring
experimental
php.symfony.application.namestring
experimental
php.wordpress.blog.namestring
Process
Fields
Attribute
Type
Description
Examples
process.executable.namestring
experimental
The name of the process executable. On Linux based systems, can be set to the
The name of the process executable. On Linux based systems, can be set to the
Name in proc/[pid]/status. On Windows, can be set to the base name of GetProcessImageFileNameW.otelcolprocess.executable.pathstring
experimental
The full path to the process executable. On Linux based systems, can be set to the target of
The full path to the process executable. On Linux based systems, can be set to the target of
proc/[pid]/exe. On Windows, can be set to the result of GetProcessImageFileNameW./usr/bin/cmd/otelcolprocess.pidlong
experimental
Process Identifier (PID) as observed by the monitored process.
Process Identifier (PID) as observed by the monitored process.
1234Request
Fields
Attribute
Type
Description
Examples
request.iduid
experimental
Present on every span of a request. All spans within one request share the same identifier. The ID is a hex-encoded numerical value and not globally unique, but guaranteed to be unique within one particular trace.
Present on every span of a request. All spans within one request share the same identifier. The ID is a hex-encoded numerical value and not globally unique, but guaranteed to be unique within one particular trace.
95efd70fcdb5b7b3; 96835e1d65490b48request.is_root_spanboolean
experimental
Marks the root of a request. This means the first span that is the start of the request within a service.
Marks the root of a request. This means the first span that is the start of the request within a service.
request.is_failedboolean
experimental
Indicates that the request is considered failed according to the failure detection rules. Only present on the request root span.
Indicates that the request is considered failed according to the failure detection rules. Only present on the request root span.
Request Attributes
Request scoped attributes (e.g. method parameters, return values, class names, …) captured by the OneAgent based on a request attribute definition. The actual name of the attribute is the prefix "request_attribute" plus the "request attribute name" defined in the request attributes configuration. Request attributes are built based on captured attributes and other attributes like HTTP header values or "normal" span attributes, on which the aggregations (first/last value, distinct values, ...), type conversion and normalizations defined in the request attribute configuration are performed. They are evaluated for an entire request (possibly consisting of multiple spans) and are stored only on the request root node.
Fields
Attribute
Type
Description
Examples
request_attribute.__attribute_name__array
experimental
Contains the request scoped reconciled values of the attribute named
Tags:
Contains the request scoped reconciled values of the attribute named
__attribute_name__ defined by the request attribute configuration. The data type of the value depends on the request attribute definition.Tags:
sensitive-spans42; Platinum; ['Product A', 'Product B']; ['Special Offer', '1702']Remote Procedure Calls
Fields
Attribute
Type
Description
Examples
rpc.systemstring
experimental
A string identifying the remoting system or framework. See below for a list of well-known identifiers.
A string identifying the remoting system or framework. See below for a list of well-known identifiers.
apache_cxf; dotnet_wcf; grpc; jax_wsrpc.servicestring
experimental
The full (logical) name of the service being called, including its package name, if applicable. 1
The full (logical) name of the service being called, including its package name, if applicable. 1
myservice.EchoServicerpc.namespacestring
experimental
The namespace of the method being called. In SOAP, it would be the XML namespace.
The namespace of the method being called. In SOAP, it would be the XML namespace.
tempuri.org1
This is the logical name of the service from the RPC interface perspective, which can be different from the name of any implementing class. The code.namespace attribute may be used to store the latter (despite the attribute name, it may include a class name; e.g., class with method actually executing the call on the server side, RPC client stub class on the client side).
2
This is the logical name of the method from the RPC interface perspective, which can be different from the name of any implementing method/function. The code.function attribute may be used to store the latter (e.g., method actually executing the call on the server side, RPC client stub method on the client side).
rpc.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
apache_axisApache Axis
apache_cxfApache CXF
apache_winkApache Wink
dotnet_remoting.NET Remoting
dotnet_wcf.NET WCF
grpcgRPC
java_rmiJava RMI
jax_wsJAX-WS
jbossJBoss
jerseyJersey
openedgeProgress OpenEdge
resteasyJBoss RESTEasy
restletRestlet
spring_wsSpring Web Services
tibco_wsTibco Web Services
weblogic_wsWebLogic Web Services
webmethodsWebmethods
Attribute
Type
Description
Examples
Server
The server namespace contains information on the responder of a network connection.
Fields
Attribute
Type
Description
Examples
server.addressstring
experimental
Logical server hostname, matches server FQDN if available, and IP or socket address if FQDN is not known.
Logical server hostname, matches server FQDN if available, and IP or socket address if FQDN is not known.
example.comserver.resolved_ipsipAddress[]
experimental
A list of IP adresses that are the result of DNS resolution of
A list of IP adresses that are the result of DNS resolution of
server.address.[194.232.104.141, 2a01:468:1000:9::140]server.portlong
experimental
Logical server port number.
Logical server port number.
65123; 80Service
Fields
Attribute
Type
Description
Examples
service.namestring
stable
The logical name of the service.
The logical name of the service.
shoppingcartServlet
Fields
Attribute
Type
Description
Examples
servlet.context.namestring
experimental
also see https://docs.oracle.com/javaee/6/api/javax/servlet/ServletContext.html#getServletContextName
also see https://docs.oracle.com/javaee/6/api/javax/servlet/ServletContext.html#getServletContextName
servlet.context.pathstring
experimental
also see https://docs.oracle.com/javaee/6/api/javax/servlet/ServletContext.html#getContextPath
also see https://docs.oracle.com/javaee/6/api/javax/servlet/ServletContext.html#getContextPath
SNMP
Fields that are used in SNMP extensions.
Fields
Attribute
Type
Description
Examples
versionstring
deprecated
Used in Extension Framework 2.0
The SNMP version.
Used in Extension Framework 2.0
The SNMP version.
SNMPv3trap_oidstring
deprecated
Used in Extension Framework 2.0
The trap OID of a given event.
Used in Extension Framework 2.0
The trap OID of a given event.
SNMPv2-MIB::coldStartSoftwareag
Fields
Attribute
Type
Description
Examples
softwareag.install.rootstring
experimental
softwareag.product.prop.namestring
experimental
Span
Fields
Attribute
Type
Description
Examples
span.iduid
stable
A unique identifier for a span within a trace. The
A unique identifier for a span within a trace. The
span.id is a 8-byte id and hex-encoded if shown as a string.f76281848bd8288cspan.parent_iduid
stable
The
The
span.id of this span's parent span. The span.parent_id is a 8-byte id and hex-encoded if shown as a string.f76281848bd8288cspan.alternate_parent_iduid
experimental
The alternative
The alternative
span.id of this span's parent span. In case a trace is monitored by more tracing systems (e.g. OneAgent + OpenTelemetry) there might be two potential parent spans. If these two spans differ, span.parent_id holds the span.id of the parent which is known to originate from same tenant and this attribute shows the other. The span.alternate_parent_id is a 8-byte id and hex-encoded if shown as a string.f76281848bd8288cspan.is_subroutineboolean
experimental
true indicates that this span is a subroutine of its parent span. The spans represent functions running on the same thread on the same call stack.span.kindstring
stable
Distinguishes between spans generated in a particular context.
Distinguishes between spans generated in a particular context.
serverspan.eventsrecord[]
experimental
A collection of events. An event is an optional time-stamped annotation of the span, consisting of a name and key-value pairs.
A collection of events. An event is an optional time-stamped annotation of the span, consisting of a name and key-value pairs.
span.linksrecord[]
experimental
A collection of links. A link is a reference from this span to a whole trace or a span in the same or different trace.
A collection of links. A link is a reference from this span to a whole trace or a span in the same or different trace.
span.is_exit_by_exceptionboolean
experimental
Set to
Set to
true if the span was exited by an exception. If set to false the span has exception events but the span was not exited by one of them.span.exit_by_exception_iduid
experimental
The
The
exception.id of the exception the its span.events with the current span exited. The referenced exception has set the attribute exception.escaped to true.span.timing.cpuduration
experimental
The overall CPU time spent executing the span including the CPU times of child spans which are running on the same thread on the same call stack.
The overall CPU time spent executing the span including the CPU times of child spans which are running on the same thread on the same call stack.
span.timing.cpu_selfduration
experimental
The CPU time spent exclusively on executing this span not including the CPU times of any children.
The CPU time spent exclusively on executing this span not including the CPU times of any children.
span.status_codestring
experimental
Defines the status of a span, predominantly used to indicate a processing error. This field is not present if the reported span status is
Defines the status of a span, predominantly used to indicate a processing error. This field is not present if the reported span status is
unset.errorspan.status_messagestring
experimental
An optional text that can provide a descriptive error message in case the
An optional text that can provide a descriptive error message in case the
span.status_code is error.Connection closed before message completed; Error sending request for urlspan.namestring
experimental
The span name identifies the work represented by the span, for example, the route in an HTTP controller, an RPC method name, a function name, or the name of a subtask or stage within a larger computation.
The span name identifies the work represented by the span, for example, the route in an HTTP controller, an RPC method name, a function name, or the name of a subtask or stage within a larger computation.
prepareOrderItemsAndShippingQuoteFromCart; org.example.CheckoutService/PlaceOrder; orders process; GET /products/{product_id}; HTTP POSTspan.kind MUST be one of the following:
Value
Description
clientIndicates that the span describes a request to some remote service.
consumerIndicates that a span describes a child of an asynchronous
producer request.internalDefault Value. Indicates that the span represents an internal operation.
linkIndicates that the span describes a Dynatrace link node.
producerIndicates that the span describes the initiator of an asynchronous request.
serverIndicates that the span covers server-side handling of a synchronous RPC or other remote request.
span.status_code MUST be one of the following:
Value
Description
errorAn error happened while processing the span.
okThe span was explicitly validated as having completed successfully, despite maybe even containing information about an error.
Span Event
Fields
Attribute
Type
Description
Examples
span_event.namestring
experimental
Some span events have a defined semantics based on the name of the span event.
Some span events have a defined semantics based on the name of the span event.
exceptionspan_event.name has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
bizeventIndicates that the span event represents a business event
exceptionIndicates that the span event represents an exception
feature_flagIndicates that the span event represents a feature flag
Reference
Language Independent Interface Types For OpenTelemetry
Spring
Fields
Attribute
Type
Description
Examples
spring.application.namestring
experimental
also see https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html#application-properties.core.spring.application.name
also see https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html#application-properties.core.spring.application.name
spring.profile.namestring
experimental
the active profile (last value of spring.profiles.active)
the active profile (last value of spring.profiles.active)
spring.startup.classstring
experimental
Supportability
Additional information about the attributes of a data point.
Fields
Attribute
Type
Description
Examples
supportability.non_persisted_attribute_keysstring[]
experimental
A string array of attributes keys which where not stored as they where not allow-listed or where removed during the pipeline steps.
A string array of attributes keys which where not stored as they where not allow-listed or where removed during the pipeline steps.
["my_span_attribute", "db.name"]supportability.dropped_attributes_countlong
experimental
The number of attributes that were discarded on the source. Attributes can be discarded because their keys are too long or because there are too many attributes.
The number of attributes that were discarded on the source. Attributes can be discarded because their keys are too long or because there are too many attributes.
1supportability.dropped_events_countlong
experimental
The number of span events that were discarded on the source.
The number of span events that were discarded on the source.
1supportability.dropped_links_countlong
experimental
The number of span links that were discarded on the source.
The number of span links that were discarded on the source.
1supportability.endpoint_name_rulestring
experimental
Name of the pipeline rule that generated the unified service
Name of the pipeline rule that generated the unified service
endpoint.name.http.route; rpc.methodsupportability.flawsstring[]
experimental
A string array of one or multiple error codes indicating issues in the assembly of a trace in Dynatrace. Typically, issues come from erroneous (3rd party) instrumentations (e.g. not sending a required field), data loss due to network connectivity (e.g. missing parent span) or conditions implied by the nature of the trace (e.g. trace exceeding the depth limit). The attribute is only present in case an assembly issue was detected (the list will not be empty). For more information and details about specific error codes, please reach out to Dynatrace support.
A string array of one or multiple error codes indicating issues in the assembly of a trace in Dynatrace. Typically, issues come from erroneous (3rd party) instrumentations (e.g. not sending a required field), data loss due to network connectivity (e.g. missing parent span) or conditions implied by the nature of the trace (e.g. trace exceeding the depth limit). The attribute is only present in case an assembly issue was detected (the list will not be empty). For more information and details about specific error codes, please reach out to Dynatrace support.
[C4, S3, A2]supportability.custom_service.rule_iduid
experimental
The id of a custom service configuration rule. This field is only present if a custom service was configured as automatic instrumentation rule in Dynatrace.
The id of a custom service configuration rule. This field is only present if a custom service was configured as automatic instrumentation rule in Dynatrace.
4d76194c11a9426197a9062548f9e66esupportability.atm_sampling_ratiolong
experimental
The denominator of the sampling ratio of an adative traffic management (ATM) aware sampler. The attribute is always present if a ATM aware sampler is active (this applies for example to the Dynatrace OneAgent). A numerator is not specified as it is always 1. If for example the Dynatrace OneAgent samples with a probability of 1/16 (6,25%) the value of
The denominator of the sampling ratio of an adative traffic management (ATM) aware sampler. The attribute is always present if a ATM aware sampler is active (this applies for example to the Dynatrace OneAgent). A numerator is not specified as it is always 1. If for example the Dynatrace OneAgent samples with a probability of 1/16 (6,25%) the value of
supportability.atm_sampling_ratio would be 16 and the numerator is 1.16supportability.alr_sampling_ratiolong
experimental
The denominator of the sampling ratio of the Dynatrace cluster, the attribute is only set if adaptive load redution (ALR) is active on the Dynatrace cluster. A numerator is not specified as it is always 1. If for example the Dynatrace cluster samples with a probability of 1/8 (12,5%) the value of
The denominator of the sampling ratio of the Dynatrace cluster, the attribute is only set if adaptive load redution (ALR) is active on the Dynatrace cluster. A numerator is not specified as it is always 1. If for example the Dynatrace cluster samples with a probability of 1/8 (12,5%) the value of
supportability.alr_sampling_ratio would be 8 and the numerator is 1.8supportability.original_start_timetimestamp
experimental
The original start time of the span. Only available if the value of the
The original start time of the span. Only available if the value of the
start_time attribute was truncated. Truncating the start time is technically required for long running spans that have a start time older than three days in the past.1649822520123123123supportability.serverid.processinglong
experimental
The id of the Dynatrace cluster node that received and processed this span.
The id of the Dynatrace cluster node that received and processed this span.
5supportability.serverid.addresseelong
experimental
The id of the Dynatrace cluster node this span was addressed to. This is only available if it differs from the value of
The id of the Dynatrace cluster node this span was addressed to. This is only available if it differs from the value of
supportability.serverid.processing.5Telemetry
The telemetry.sdk.* fields are used to describe the telemetry SDK in OpenTelemetry or ODIN ingest. It can be considered the closest equivalent of ODIN/OTel data to dt.agent.module.*.
The telemetry.exporter.* fields are used to define the exporter that exports telemetry data and is expected to be different for each exporter in case when multiple exporters co-exist.
Fields
Attribute
Type
Description
Examples
telemetry.exporter.namestring
experimental
The exporter name.
The exporter name.
odintelemetry.exporter.versionstring
experimental
The full agent/exporter version.
The full agent/exporter version.
1.285.1.20240101-256988telemetry.exporter.package_versionstring
experimental
The version as exposed to the package manager (e.g. npm).
The version as exposed to the package manager (e.g. npm).
1.285.1telemetry.sdk.namestring
experimental
The name of the telemetry SDK.
The name of the telemetry SDK.
odin; opentelemetrytelemetry.sdk.versionstring
experimental
The version string of the telemetry SDK.
The version string of the telemetry SDK.
1.20.0telemetry.sdk.languagestring
experimental
The programming language/tech of the telemetry SDK.
The programming language/tech of the telemetry SDK.
nodejs; python; javaThread
Fields
Attribute
Type
Description
Examples
thread.idlong
experimental
Current "managed" thread id (as opposed to OS thread id).
Current "managed" thread id (as opposed to OS thread id).
42thread.namestring
experimental
Current thread name.
Current thread name.
mainthread.pool.namestring
stable
The name of the thread pool.
The name of the thread pool.
WorkerThreadPoolTIBCO Business Works
Fields
Attribute
Type
Description
Examples
tibco.businessworks_ce.app.namestring
experimental
tibco.businessworks_ce.versionstring
experimental
tibco.businessworks.app.node.namestring
experimental
tibco.businessworks.app.space.namestring
experimental
tibco.businessworks.domain.namestring
experimental
tibco.businessworks.homestring
experimental
tibco.businessworks.property.file.pathstring
experimental
tibco.businessworks.property.file.namestring
experimental
Time correction
The time_correction namespace contains information on time corrections applied to the timestamps of an event like "timestamp", "event.start" or "event.end". Time corrections may be necessary if events are reported with timestamps that are completely off compared to cluster time, for example data reported by RUM agents can be off depending on client time.
Fields
Attribute
Type
Description
Examples
time_correction.offsetlong
experimental
The offset of the original timestamps to the corrected timestamps in nanoseconds (
The offset of the original timestamps to the corrected timestamps in nanoseconds (
<corrected timestamp> = <original timestamp> + <offset>). May be a negative number. Example: original timestamp: 1670399998423233001, offset: 127927969312, corrected timestamp: 1670400126351202313127927969312time_correction.is_appliedboolean
experimental
Gives hint if the time correction has already been applied to the timestamps of this event.
Gives hint if the time correction has already been applied to the timestamps of this event.
Trace
Fields
Attribute
Type
Description
Examples
trace.iduid
stable
A unique identifier for a trace. The
A unique identifier for a trace. The
trace.id is a 16-byte id and hex-encoded if shown as a string.357bf70f3c617cb34584b31bd4616af8trace.statestring
experimental
The trace state in the w3c-trace-context format.
The trace state in the w3c-trace-context format.
f4fe05b2-bd92206c@dt=fw4;3;abf102d9;c4592;0;0;0;2ee;5607;2h01;3habf102d9;4h0c4592;5h01;6h5f9a543f1184a52b1b744e383038911c;7h6564df6f55bd6eae,apmvendor=boo,foo=bartrace.alternate_iduid
experimental
The preserved trace id when OneAgent and other tracing systems monitor the same process and the trace id from the other tracing system was replaced by the OneAgent trace id. The
The preserved trace id when OneAgent and other tracing systems monitor the same process and the trace id from the other tracing system was replaced by the OneAgent trace id. The
trace.alternate_id is a 16-byte id and hex-encoded if shown as a string.357bf70f3c617cb34584b31bd4616af8URL
The url namespace contains semantic conventions for URL and its components.
Fields
Attribute
Type
Description
Examples
url.schemestring
experimental
The URI scheme component identifying the used protocol.
The URI scheme component identifying the used protocol.
https; ftp; telneturl.fullstring
experimental
Absolute URL describing a network resource according to RFC3986.
Tags:
Absolute URL describing a network resource according to RFC3986.
Tags:
sensitive-spanshttps://www.foo.bar/docs/search?q=OpenTelemetry#SemConvurl.pathstring
experimental
The URI path component.
The URI path component.
/docs/searchurl.truncated_pathstring
experimental
Truncated URI path component for endpoint detection of certain technologies that do not provide a
Truncated URI path component for endpoint detection of certain technologies that do not provide a
http.route. The truncation logic depends on the technology and is a best effort to provide a stable value. Example Adobe Experience Manager (AEM): First two parts of url.path. Truncated value of /content/wknd/us/en/ is /content/wknd./docsurl.querystring
experimental
The URI query component.
Tags:
The URI query component.
Tags:
sensitive-spansq=OpenTelemetryurl.fragmentstring
experimental
The URI fragment component.
The URI fragment component.
SemConvurl.domainstring
experimental
The URI domain component.
The URI domain component.
www.foo.bar; google.com; wikipedia.orgurl.portlong
experimental
The URI port component.
The URI port component.
443; 80User
Representation of a physical or logical user.
Attribute
Type
Description
Examples
user.idstring
stable
Unique identifer of a user.
Unique identifer of a user.
35ba9499-f87c-4047-962c-14dc32e255e5user.organizationstring
experimental
Organization the user belongs to.
Organization the user belongs to.
DYNATRACE; CUSTOMER; PARTNERuser.namestring
experimental
Full name of the user.
Full name of the user.
Wolfgang Amadeus Mozartuser.emailstring
stable
E-mail of the user.
E-mail of the user.
user@mail.comuser.organization MUST be one of the following:
Value
Description
CUSTOMERCustomer organization
DYNATRACEDynatrace organization
PARTNERDynatrace partner organization
user.organization MUST be one of the following:
Value
Description
DYNATRACEDynatrace organization
CUSTOMERCustomer organization
PARTNERDynatrace partner organization
VMware
Fields that can come from applications running on VMware.
Fields
Resource attributes
Attribute
Type
Description
Examples
vmware.hypervisor.namestring
experimental
ESXi Host.
ESXi Host.
my-hypervisor.lab.dynatrace.orgvmware.vcenter.namestring
experimental
The name of the vCenter server with multi-hypervisor environment.
The name of the vCenter server with multi-hypervisor environment.
my-vcenter.lab.dynatrace.orgvmware.nic.namestring
experimental
ESXi Host Network Interface.
ESXi Host Network Interface.
vmnic0; vmnic1; vmnic2vmware.datacenter.namestring
experimental
The name of data center hypervisor is running in.
The name of data center hypervisor is running in.
srvwasapp1Cell01vmware.vm.namestring
experimental
The name of the virtual machine.
The name of the virtual machine.
easytravel-demovmware.disk.namestring
experimental
ESXi Host Disk.
ESXi Host Disk.
srvwasapp1Cell01Vulnerability
Fields
Attribute
Type
Description
Examples
vulnerability.idstring
stable
Dynatrace unique identifier for the vulnerability.
Dynatrace unique identifier for the vulnerability.
2039861408676243188vulnerability.display_idstring
stable
Dynatrace user-readable identifier for the vulnerability.
Dynatrace user-readable identifier for the vulnerability.
S-1234vulnerability.external_idstring
stable
External provider's unique identifier for the vulnerability.
External provider's unique identifier for the vulnerability.
SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646vulnerability.typestring
stable
Classification of the vulnerability based on commonly accepted enums, such as CWE.
Classification of the vulnerability based on commonly accepted enums, such as CWE.
Improper Input Validationvulnerability.stackstring
experimental
Level of the vulnerable component in the technological stack.
Level of the vulnerable component in the technological stack.
CODE; CODE_LIBRARY; SOFTWARE; CONTAINER_ORCHESTRATIONvulnerability.technologystring
stable
Technology of the vulnerable component.
Technology of the vulnerable component.
JAVA; DOTNET; GO; PHP; NODE_JSvulnerability.titlestring
stable
Title of the vulnerability.
Title of the vulnerability.
Improper Input Validationvulnerability.descriptionstring
stable
Description of the vulnerability.
Description of the vulnerability.
More detailed description about improper input validation vulnerability.vulnerability.urlstring
stable
Dynatrace URL to the details page of the vulnerability. |
Dynatrace URL to the details page of the vulnerability. |
https://example.comvulnerability.external_urlstring
stable
External provider's URL to the details page of the vulnerability.
External provider's URL to the details page of the vulnerability.
https://example.comvulnerability.references.cvestring[]
stable
List of the vulnerability's CVE IDs.
List of the vulnerability's CVE IDs.
[CVE-2021-41079]vulnerability.references.cwestring[]
stable
List of the vulnerability's CWE IDs.
List of the vulnerability's CWE IDs.
[CWE-20]vulnerability.references.owaspstring[]
stable
List of vulnerability's OWASP IDs.
List of vulnerability's OWASP IDs.
[2021:A3]vulnerability.resolution.statusstring
stable
Vulnerability's resolution status.
Vulnerability's resolution status.
OPEN; RESOLVEDvulnerability.resolution.change_datetimestamp
stable
Timestamp of the vulnerability's last resolution status change.
Timestamp of the vulnerability's last resolution status change.
2023-03-22T13:19:37.466Zvulnerability.cvss.base_scoredouble
stable
Vulnerability's CVSS base score provided by NVD.
Vulnerability's CVSS base score provided by NVD.
8.1vulnerability.cvss.versionstring
stable
Vulnerability's CVSS score version.
Vulnerability's CVSS score version.
3.1vulnerability.risk.scoredouble
stable
Vulnerability's risk score defined by the provider. For Dynatrace, Davis Security Score.
Vulnerability's risk score defined by the provider. For Dynatrace, Davis Security Score.
8.1vulnerability.risk.levelstring
stable
Vulnerability's risk score level defined by the provider. For Dynatrace, the Davis Security Score level.
Vulnerability's risk score level defined by the provider. For Dynatrace, the Davis Security Score level.
LOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.risk.scalestring
stable
Scale by which the vulnerability's risk score and risk score level defined by the provider are measured.
Scale by which the vulnerability's risk score and risk score level defined by the provider are measured.
Davis Security Scorevulnerability.davis_assessment.scoredouble
stable
Vulnerability's Davis Security Score (1-10) calculated by Dynatrace.
Vulnerability's Davis Security Score (1-10) calculated by Dynatrace.
8.1vulnerability.davis_assessment.levelstring
stable
Vulnerability's risk level based on Davis Security Score.
Vulnerability's risk level based on Davis Security Score.
LOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.davis_assessment.exposure_statusstring
stable
Vulnerability's internet exposure status.
Vulnerability's internet exposure status.
NOT_AVAILABLE; NOT_DETECTED; PUBLIC_NETWORK; ADJACENT_NETWORKvulnerability.davis_assessment.data_assets_statusstring
stable
Vulnerability's reachability of related data assets by affected entities.
Vulnerability's reachability of related data assets by affected entities.
NOT_AVAILABLE; NOT_DETECTED; REACHABLEvulnerability.davis_assessment.assessment_modestring
stable
Availability of the information based on which the vulnerability assessment has been done.
Availability of the information based on which the vulnerability assessment has been done.
FULL; NOT_AVAILABLE; REDUCEDvulnerability.davis_assessment.assessment_mode_reasonsstring[]
experimental
Reasons for the assessment mode.
Reasons for the assessment mode.
[LIMITED_BY_CONFIGURATION, LIMITED_AGENT_SUPPORT]vulnerability.davis_assessment.exploit_statusstring
stable
Vulnerability's public exploits status.
Vulnerability's public exploits status.
AVAILABLE; NOT_AVAILABLEvulnerability.davis_assessment.vulnerable_function_statusstring
stable
Usage status of the vulnerable functions causing the vulnerability.
Usage status of the vulnerable functions causing the vulnerability.
IN_USE; NOT_AVAILABLE; NOT_IN_USEvulnerability.first_seentimestamp
stable
Timestamp of when the vulnerability was first detected.
Timestamp of when the vulnerability was first detected.
2023-03-22T13:19:36.945Zvulnerability.parent.resolution.statusstring
stable
Current status of the vulnerability.
Current status of the vulnerability.
OPEN; RESOLVEDvulnerability.parent.resolution.change_datestring
stable
Timestamp of the vulnerability's last resolution status change.
Timestamp of the vulnerability's last resolution status change.
2023-03-22T13:19:37.466Zvulnerability.parent.risk.scoredouble
stable
Vulnerability's risk score defined by the provider. For Dynatrace, Davis Security Score.
Vulnerability's risk score defined by the provider. For Dynatrace, Davis Security Score.
8.1vulnerability.parent.risk.levelstring
stable
Vulnerability's risk score level defined by the provider. For Dynatrace, the Davis Security Score level.
Vulnerability's risk score level defined by the provider. For Dynatrace, the Davis Security Score level.
LOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.parent.davis_assessment.scoredouble
stable
Vulnerability's Davis Security Score (1-10) calculated by Dynatrace.
Vulnerability's Davis Security Score (1-10) calculated by Dynatrace.
8.1vulnerability.parent.davis_assessment.levelstring
stable
Vulnerability's Davis Security Score level.
Vulnerability's Davis Security Score level.
LOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.parent.davis_assessment.exposure_statusstring
stable
Vulnerability's internet exposure status.
Vulnerability's internet exposure status.
NOT_AVAILABLE; NOT_DETECTED; PUBLIC_NETWORK; ADJACENT_NETWORKvulnerability.parent.davis_assessment.data_assets_statusstring
stable
Vulnerability's reachability of related data assets by affected entities.
Vulnerability's reachability of related data assets by affected entities.
NOT_AVAILABLE; NOT_DETECTED; REACHABLEvulnerability.parent.davis_assessment.assessment_modestring
stable
Availability of the information based on which the vulnerability assessment has been done.
Availability of the information based on which the vulnerability assessment has been done.
FULL; NOT_AVAILABLE; REDUCEDvulnerability.parent.davis_assessment.vulnerable_function_statusstring
stable
Usage status of vulnerable functions causing the vulnerability. Status is
Usage status of vulnerable functions causing the vulnerability. Status is
IN_USE when there's at least one vulnerable function in use by an application.IN_USE; NOT_AVAILABLE; NOT_IN_USEvulnerability.parent.first_seenstring
stable
Timestamp of when the vulnerability was first detected.
Timestamp of when the vulnerability was first detected.
2023-03-22T13:19:36.945Zvulnerability.parent.mute.statusstring
stable
Vulnerability's mute status.
Vulnerability's mute status.
MUTED; NOT_MUTEDvulnerability.mute.statusstring
stable
Vulnerability's mute status.
Vulnerability's mute status.
MUTED; NOT_MUTEDvulnerability.mute.userstring
stable
User who last changed the vulnerability's mute status.
User who last changed the vulnerability's mute status.
user@example.comvulnerability.parent.mute.userstring
stable
User who last changed the vulnerability's mute status.
User who last changed the vulnerability's mute status.
user@example.comvulnerability.mute.reasonstring
stable
Reason for muting or unmuting the vulnerability.
Reason for muting or unmuting the vulnerability.
FALSE_POSITIVE; IGNORE; AFFECTED; CONFIGURATION_NOT_AFFECTED; OTHERvulnerability.parent.mute.reasonstring
stable
Reason for muting or unmuting the vulnerability.
Reason for muting or unmuting the vulnerability.
FALSE_POSITIVE; IGNORE; AFFECTED; CONFIGURATION_NOT_AFFECTED; OTHERvulnerability.mute.change_datetimestamp
stable
Timestamp of the vulnerability's last muted or unmuted action.
Timestamp of the vulnerability's last muted or unmuted action.
2023-03-22T13:19:36.945Zvulnerability.parent.mute.change_datetimestamp
stable
Timestamp of the last mute or unmute action of the vulnerability.
Timestamp of the last mute or unmute action of the vulnerability.
2023-03-22T13:19:36.945Zvulnerability.previous.risk.scoredouble
stable
Vulnerability's previous risk score (in case the risk score has changed).
Vulnerability's previous risk score (in case the risk score has changed).
8.1vulnerability.previous.risk.levelstring
stable
Vulnerability's previous risk score level (in case the risk score level has changed).
Vulnerability's previous risk score level (in case the risk score level has changed).
LOW; MEDIUM; HIGH; CRITICALvulnerability.previous.cvss.base_scoredouble
stable
Vulnerability's previous CVSS base score (in case the CVSS base score has changed).
Vulnerability's previous CVSS base score (in case the CVSS base score has changed).
8.1vulnerability.previous.davis_assessment.scoredouble
stable
Vulnerability's previous Davis Security Score (in case Davis Security Score has changed).
Vulnerability's previous Davis Security Score (in case Davis Security Score has changed).
8.1vulnerability.previous.davis_assessment.levelstring
stable
Vulnerability's previous risk level (in case the risk level has changed).
Vulnerability's previous risk level (in case the risk level has changed).
LOW; MEDIUM; HIGH; CRITICAL; NONEvulnerability.previous.davis_assessment.exploit_statusstring
stable
Vulnerability's previous public exploit status (in case the public exploit status has changed).
Vulnerability's previous public exploit status (in case the public exploit status has changed).
AVAILABLE; NOT_AVAILABLEvulnerability.previous.davis_assessment.exposure_statusstring
stable
Vulnerability's previous internet exposure status (in case the internet exposure status has changed).
Vulnerability's previous internet exposure status (in case the internet exposure status has changed).
NOT_AVAILABLE; NOT_DETECTED; PUBLIC_NETWORK; ADJACENT_NETWORKvulnerability.previous.davis_assessment.data_assets_statusstring
stable
Vulnerability's previous reachability of related data assets by affected entities (in case the reachability has changed).
Vulnerability's previous reachability of related data assets by affected entities (in case the reachability has changed).
NOT_AVAILABLE; NOT_DETECTED; REACHABLEvulnerability.previous.davis_assessment.vulnerable_function_statusstring
stable
Vulnerability's previous vulnerable function status (in case the vulnerable function status has changed).
Vulnerability's previous vulnerable function status (in case the vulnerable function status has changed).
IN_USE; NOT_AVAILABLE; NOT_IN_USEvulnerability.previous.mute.statusstring
stable
Vulnerability's previous mute status (in case the mute status has changed).
Vulnerability's previous mute status (in case the mute status has changed).
MUTED; NOT_MUTEDvulnerability.previous.mute.userstring
stable
User who last changed the vulnerability's mute status (in case the mute status was last changed by a different user).
User who last changed the vulnerability's mute status (in case the mute status was last changed by a different user).
user@example.comvulnerability.previous.mute.reasonstring
stable
Reason for last muting or unmuting the vulnerability (in case the reason for muting or unmuting the vulnerability has changed).
Reason for last muting or unmuting the vulnerability (in case the reason for muting or unmuting the vulnerability has changed).
Muted: False positivevulnerability.previous.mute.change_datestring
stable
Timestamp of the vulnerability's previous mute status (in case the mute status has changed).
Timestamp of the vulnerability's previous mute status (in case the mute status has changed).
2023-03-22T13:19:36.945Zvulnerability.previous.resolution.statusstring
stable
Vulnerability's previous resolution status (in case the resolution status has changed).
Vulnerability's previous resolution status (in case the resolution status has changed).
OPEN; RESOLVEDvulnerability.code_location.namestring
stable
Name of the code location where the code-level vulnerability was detected.
Name of the code location where the code-level vulnerability was detected.
org.dynatrace.profileservice.BioController.markdownToHtml(String):80vulnerability.remediation.descriptionstring
experimental
Description of the vulnerability's remediation advice.
Description of the vulnerability's remediation advice.
Upgrade component to version 1.2.3 or highervulnerability.is_fix_availableboolean
experimental
Indicates if a vulnerability fix is available.
Indicates if a vulnerability fix is available.
vulnerability.stack has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
CODEcode
CODE_LIBRARYcode_library
CONTAINER_ORCHESTRATIONcontainer_orchestration
SOFTWAREsoftware
vulnerability.technology has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
DOTNETdotnet
GOgo
JAVAjava
NODE_JSnode_js
PHPphp
vulnerability.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
OPENopen
RESOLVEDresolved
vulnerability.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
CRITICALcritical
HIGHhigh
LOWlow
MEDIUMmedium
NONEnone
vulnerability.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
CRITICALcritical
HIGHhigh
LOWlow
MEDIUMmedium
NONEnone
vulnerability.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
ADJACENT_NETWORKadjacent_network
NOT_AVAILABLEnot_available
NOT_DETECTEDnot_detected
PUBLIC_NETWORKpublic_network
vulnerability.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
NOT_AVAILABLEnot_available
NOT_DETECTEDnot_detected
REACHABLEreachable
vulnerability.davis_assessment.assessment_mode has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
FULLfull
NOT_AVAILABLEnot_available
REDUCEDreduced
vulnerability.davis_assessment.exploit_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
AVAILABLEavailable
NOT_AVAILABLEnot_available
vulnerability.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
IN_USEin_use
NOT_AVAILABLEnot_available
NOT_IN_USEnot_in_use
vulnerability.parent.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
OPENopen
RESOLVEDresolved
vulnerability.parent.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
CRITICALcritical
HIGHhigh
LOWlow
MEDIUMmedium
NONEnone
vulnerability.parent.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
CRITICALcritical
HIGHhigh
LOWlow
MEDIUMmedium
NONEnone
vulnerability.parent.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
ADJACENT_NETWORKadjacent_network
NOT_AVAILABLEnot_available
NOT_DETECTEDnot_detected
PUBLIC_NETWORKpublic_network
vulnerability.parent.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
NOT_AVAILABLEnot_available
NOT_DETECTEDnot_detected
REACHABLEreachable
vulnerability.parent.davis_assessment.assessment_mode has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
FULLfull
NOT_AVAILABLEnot_available
REDUCEDreduced
vulnerability.parent.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
IN_USEin_use
NOT_AVAILABLEnot_available
NOT_IN_USEnot_in_use
vulnerability.parent.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
MUTEDmuted
NOT_MUTEDnot_muted
vulnerability.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
MUTEDmuted
NOT_MUTEDnot_muted
vulnerability.mute.reason has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
AFFECTEDaffected
CONFIGURATION_NOT_AFFECTEDconfiguration_not_affected
FALSE_POSITIVEfalse_positive
IGNOREignore
OTHERother
vulnerability.parent.mute.reason has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
AFFECTEDaffected
CONFIGURATION_NOT_AFFECTEDconfiguration_not_affected
FALSE_POSITIVEfalse_positive
IGNOREignore
OTHERother
vulnerability.previous.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
CRITICALcritical
HIGHhigh
LOWlow
MEDIUMmedium
NONEnone
vulnerability.previous.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
CRITICALcritical
HIGHhigh
LOWlow
MEDIUMmedium
NONEnone
vulnerability.previous.davis_assessment.exploit_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
AVAILABLEavailable
NOT_AVAILABLEnot_available
vulnerability.previous.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
ADJACENT_NETWORKadjacent_network
NOT_AVAILABLEnot_available
NOT_DETECTEDnot_detected
PUBLIC_NETWORKpublic_network
vulnerability.previous.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
NOT_AVAILABLEnot_available
NOT_DETECTEDnot_detected
REACHABLEreachable
vulnerability.previous.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
IN_USEin_use
NOT_AVAILABLEnot_available
NOT_IN_USEnot_in_use
vulnerability.previous.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
MUTEDmuted
NOT_MUTEDnot_muted
vulnerability.previous.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
Value
Description
OPENopen
RESOLVEDresolved
WebLogic
Fields
Attribute
Type
Description
Examples
weblogic.cluster.namestring
experimental
The name of the cluster this instance belongs to.
The name of the cluster this instance belongs to.
OrderManagement2weblogic.domain.namestring
experimental
The name of the domain this instance belongs to.
The name of the domain this instance belongs to.
CustomerManagementFulfillmentSvcweblogic.homestring
experimental
The instance's home directory.
The instance's home directory.
/apps/infra/wls/bin/10.3.6_64/wlserver_10.3/serverweblogic.server.namestring
experimental
The instance's server name.
The instance's server name.
OrderManagement2Srv1WebSphere
Fields
Attribute
Type
Description
Examples
websphere.cell.namestring
experimental
The name of the cell this instance belongs to.
The name of the cell this instance belongs to.
srvwasapp1Cell01websphere.cluster.namestring
experimental
The name of the cluster this instance belongs to.
The name of the cluster this instance belongs to.
CluApp1websphere.node.namestring
experimental
The name of the node this instance belongs to.
The name of the node this instance belongs to.
nodeSrvApp2websphere.server.namestring
experimental
The instance's server name.
The instance's server name.
SrvApp2WebSphere Liberty
Fields
Attribute
Type
Description
Examples
websphere_liberty.server.namestring
experimental
The instance's server name.
The instance's server name.
defaultServerz/OS
Fields zos resource attributes
Attribute
Type
Description
Examples
zos.address_space_idlong
experimental
The address space identifier (ASID) of the z/OS address space.
The address space identifier (ASID) of the z/OS address space.
1; 296zos.job_namestring
experimental
The jobname of the z/OS address space.
The jobname of the z/OS address space.
CICSAOR0; CTGATM00; IMSCR15zos.job_idstring
experimental
The job id of the z/OS address space.
The job id of the z/OS address space.
JOB12345zos.job_step_idstring
experimental
The step id within the job within the z/OS address space.
The step id within the job within the z/OS address space.
00000001; 00000002zos.lpar_namestring
experimental
The name of the LPAR that the z/OS address space executes within.
The name of the LPAR that the z/OS address space executes within.
S0W1; ABCDzos.sys_idstring
experimental
The system ID of the CICS/IMS address space.
The system ID of the CICS/IMS address space.
C259; CICS; IMSFFields zos transactions general
Attribute
Type
Description
Examples
zos.transaction.idstring
experimental
The ID of this transaction.
The ID of this transaction.
CEMT; DTAX; IVTNOzos.transaction.call_typestring
experimental
The type of transaction call that was invoked.
The type of transaction call that was invoked.
CTGzos.transaction.job_namestring
experimental
The jobname of the z/OS address space that the transaction executed in.
The jobname of the z/OS address space that the transaction executed in.
CICSAOR0; CTGATM00; IMSCR15zos.transaction.lpar_namestring
experimental
The name of the LPAR that the transaction executed on.
The name of the LPAR that the transaction executed on.
S0W1; ABCDzos.transaction.program_typestring
experimental
The type of transaction that was executed.
The type of transaction that was executed.
DLI_DB; DLI_DC; MQ; DB2zos.transaction.call_type MUST be one of the following:
Value
Description
CTGA CTG request triggered this transaction.
DPLA CICS DPL request triggered this transaction.
HTTPAn HTTP or HTTPS request triggered this transaction.
IMS_CONNECTAn IMS Connect request triggered this transaction.
IMS_CONNECT_APIAn IMS Connect API request triggered this transaction.
ITRAAn IMS TM Resource Adapter request triggered this transaction.
MQAn MQ operation triggered this transaction.
MSCAn IMS MSC request triggered this transaction.
PGM_SWITCHAn IMS Program Switch request triggered this transaction.
SDKAn SDK call triggered this transaction.
SHARED_QUEUEAn IMS Shared Queue request triggered this transaction.
SOAPA SOAP request triggered this transaction.
STARTAn EXEC CICS START triggered this transaction.
TTXA green screen terminal transaction code triggered this transaction.
TXA CICS or IMS transaction code triggered this transaction.
ZOS_CONNECTA z/OS Connect request triggered this transaction.
zos.transaction.program_type MUST be one of the following:
Value
Description
DB2The transaction performs DB2 database actions.
DLI_DBThe transaction performs DLI database actions.
DLI_DCThe transaction performs DLI data communications actions.
MQThe transaction performs MQ Queue actions.
Fields cics transasctions
Attribute
Type
Description
Examples
cics.transaction.system_idstring
experimental
The system ID of the CICS region that this transaction executed on.
The system ID of the CICS region that this transaction executed on.
C259; CICScics.transaction.task_idlong
experimental
The CICS task ID of this transaction.
The CICS task ID of this transaction.
1234cics.transaction.unit_of_work_idlong
experimental
The unit of work ID for this transaction, which is normally represented as a hex value.
The unit of work ID for this transaction, which is normally represented as a hex value.
15977055984148641282; 15977055491352760323cics.transaction.path.namestring
experimental
The path name, only applicable for web requests.
The path name, only applicable for web requests.
/dtrouter; ``cics.transaction.user_idstring
experimental
The user ID of the user who triggered this transaction.
The user ID of the user who triggered this transaction.
USER1; anoncics.transaction.client.ipipAddress
experimental
IP address of the client (IPv4 or IPv6) that made the request that triggered the transaction.
IP address of the client (IPv4 or IPv6) that made the request that triggered the transaction.
194.232.104.141; 2a01:468:1000:9::140cics.transaction.client.portlong
experimental
Port number of the client that made the request that triggered the transaction.
Port number of the client that made the request that triggered the transaction.
65123; 80cics.transaction.class_namestring
experimental
The name of the transaction class of this transaction.
The name of the transaction class of this transaction.
null; DFHTCL00cics.transaction.wlm.service_class_namestring
experimental
The name of the z/OS Workload Manager (WLM) service class of this transaction.
The name of the z/OS Workload Manager (WLM) service class of this transaction.
null; SYSSTC; VEL15I5cics.transaction.wlm.reporting_service_class_namestring
experimental
The name of the z/OS Workload Manager (WLM) reporting service class of this transaction.
The name of the z/OS Workload Manager (WLM) reporting service class of this transaction.
null; BAT_ATM; RC_CICSFields cics files
Attribute
Type
Description
Examples
cics.file_namestring
experimental
The logical name of the file, as defined in CEDA.
The logical name of the file, as defined in CEDA.
EXMPCAT; CICSFILEcics.file.is_localboolean
experimental
A boolean that is true if the file is defined within the CICS region that it executed in.
A boolean that is true if the file is defined within the CICS region that it executed in.
Truecics.file.defining_region_namestring
experimental
The system ID of the CICS region that is defined on the request.
The system ID of the CICS region that is defined on the request.
C259; CICSFields ims transactions
Attribute
Type
Description
Examples
ims.message.transaction.terminal_namestring
experimental
The terminal name that this IMS transaction executed on.
The terminal name that this IMS transaction executed on.
HWSAM5ZD; 10505ims.message.transaction.unit_of_work_idlong
experimental
The unit of work ID for this transaction, which is normally represented as a hex value.
The unit of work ID for this transaction, which is normally represented as a hex value.
5981228500318430862871015129591113287966852300630664295044916520394057871645605888; 5981112713529734741010744557477214433959078921583025076794253743298954785382793216ims.message.transaction.user_idstring
experimental
The user ID of the user who triggered this transaction.
The user ID of the user who triggered this transaction.
USER1; anonims.message.transaction.message.sizelong
experimental
The size of the message.
The size of the message.
10; 421ims.message.transaction.message.segment_countlong
experimental
The number of segments in the message.
The number of segments in the message.
1; 5Fields ims execution transactions
Attribute
Type
Description
Examples
ims.execution.transaction.psb_namestring
experimental
The PSB name that this IMS transaction executed on.
The PSB name that this IMS transaction executed on.
HWSAM5ZD; 10505ims.execution.transaction.unit_of_work_idlong
experimental
The unit of work ID for this transaction, which is normally represented as a hex value.
The unit of work ID for this transaction, which is normally represented as a hex value.
5981228500318430862871015129591113287966852300630664295044916520394057871645605888; 5981112713529734741010744557477214433959078921583025076794253743298954785382793216ims.execution.transaction.schedule_countlong
experimental
The schedule count for this transaction.
The schedule count for this transaction.
346613; 421ims.execution.transaction.commit_countlong
experimental
The commit count for this transaction.
The commit count for this transaction.
4; 5ims.execution.transaction.execution_classlong
experimental
The execution class of this transaction.
The execution class of this transaction.
45; 66ims.execution.transaction.current_prioritylong
experimental
The current priority of this transaction.
The current priority of this transaction.
1; 5Fields ims connect transactions
Attribute
Type
Description
Examples
ims.connect.transaction.user_idstring
experimental
The user ID of the user who triggered this transaction.
The user ID of the user who triggered this transaction.
USER1; anonims.connect.transaction.client.ipipAddress
experimental
IP address of the client (IPv4 or IPv6) that made the request that triggered the transaction.
IP address of the client (IPv4 or IPv6) that made the request that triggered the transaction.
194.232.104.141; 2a01:468:1000:9::140ims.connect.transaction.server.portlong
experimental
Port number on the IMS Connect server that received the request for this transaction
Port number on the IMS Connect server that received the request for this transaction
65123; 80Fields ims tm resource adapter (ITRA) transactions
Attribute
Type
Description
Examples
ims.tm.resource.adapter.semantic_detection_versionstring
experimental
The detection version for this transaction.
The detection version for this transaction.
1ims.tm.resource.adapter.transaction.datastore_namestring
experimental
The datastore name used by this transaction.
The datastore name used by this transaction.
IMS1500ims.tm.resource.adapter.transaction.lpar_namestring
experimental
The name of the LPAR that the transaction executed on.
The name of the LPAR that the transaction executed on.
S0W1; ABCDims.tm.resource.adapter.transaction.client.ipipAddress
experimental
IP address of the client (IPv4 or IPv6) that made the request that triggered the transaction.
IP address of the client (IPv4 or IPv6) that made the request that triggered the transaction.
194.232.104.141; 2a01:468:1000:9::140ims.tm.resource.adapter.transaction.client.portlong
experimental
Port number of the client that made the request that triggered the transaction.
Port number of the client that made the request that triggered the transaction.
65123; 80ims.tm.resource.adapter.transaction.interaction_verblong
experimental
The interaction verb that triggered the transaction.
The interaction verb that triggered the transaction.
0ims.tm.resource.adapter.transaction.commit_modelong
experimental
The commit mode of the transaction.
The commit mode of the transaction.
0ims.tm.resource.adapter.transaction.sync_levellong
experimental
Indicates the synchronization level of the transaction. This only applies when the interaction verb is set to "SYNC_SEND_RECEIVE", "SYNC_SEND", or "SYNC_RECEIVE_CALLOUT". This attribute applies to both conversational and non-conversational applications. It is used in conjuction with the ims.transaction.request.transaction.commit_mode attribute.
Indicates the synchronization level of the transaction. This only applies when the interaction verb is set to "SYNC_SEND_RECEIVE", "SYNC_SEND", or "SYNC_RECEIVE_CALLOUT". This attribute applies to both conversational and non-conversational applications. It is used in conjuction with the ims.transaction.request.transaction.commit_mode attribute.
0ims.tm.resource.adapter.transaction.interaction_verb MUST be one of the following:
Value
Description
0SYNC_SEND
1SYNC_SEND_RECEIVE
3SYNC_END_CONVERSATION
4SYNC_RECEIVE_ASYNCOUTPUT
5SYNC_RECEIVE_ASYNCOUTPUT_SINGLE_NOWAIT
6SYNC_RECEIVE_ASYNCOUTPUT_SINGLE_WAIT
7SYNC_RECEIVE_CALLOUT
ims.tm.resource.adapter.transaction.commit_mode MUST be one of the following:
Value
Description
0The commit happens before sending the response.
1The commit is deferred until the response has been sent and acknowledged.
ims.tm.resource.adapter.transaction.sync_level MUST be one of the following:
Value
Description
0There will be no synchronization.
1Synchronization will be confirmed.
z/OS Connect
Fields
Attribute
Type
Description
Examples
zosconnect.request.idlong
experimental
The z/OS Connect request ID.
The z/OS Connect request ID.
2215zosconnect.service.provider.namestring
experimental
The service provider name.
The service provider name.
CICS-1.0zosconnect.sor.referencestring
experimental
The system of record reference.
The system of record reference.
cicsConnzosconnect.sor.identifierstring
localhost:8080zosconnect.sor.resourcestring
experimental
Identifier for the resource invoked on the system of record. The format differs depending on the SOR type. 2
Identifier for the resource invoked on the system of record. The format differs depending on the SOR type. 2
01,DFH0XCMNzosconnect.sor.typestring
experimental
The system of record type.
The system of record type.
CICSzosconnect.request.body.sizelong
experimental
The size of the request payload in bytes.
The size of the request payload in bytes.
234zosconnect.response.body.sizelong
experimental
The size of the response payload in bytes.
The size of the response payload in bytes.
125zosconnect.api.namestring
experimental
The z/OS Connect API name.
The z/OS Connect API name.
catalogzosconnect.service.namestring
experimental
The z/OS Connect service name.
The z/OS Connect service name.
placeOrderzosconnect.api.descriptionstring
experimental
The z/OS Connect API description.
The z/OS Connect API description.
API for the CICS catalog manager sample applicationzosconnect.service.descriptionstring
experimental
The z/OS Connect service description.
The z/OS Connect service description.
EDUCHAN service using the CICS Service Providerzosconnect.api.versionstring
experimental
The z/OS Connect API version.
The z/OS Connect API version.
1.0.0zosconnect.service.versionstring
experimental
The z/OS Connect service version.
The z/OS Connect service version.
2.0zosconnect.sor.type MUST be one of the following:
Value
Description
CICScics
IMSims
MQmq
RESTrest
WOLAwola
zosconnect.request.type MUST be one of the following:
Value
Description
ADMINadmin
APIapi
SERVICEservice
UNKNOWNunknown