The following reference contains a list of global fields that have a well defined semantic meaning in Dynatrace and can be used across different monitoring types. The fields are organized in namespaces that are separated with dots.
The top level fields contain generally relevant information for all monitoring data
timestamp1649822520123123123timeframestart_timeend_time.1649822520123123123end_timestart_time.1649822520123123165durationstart_time and end_time in nanoseconds.42interval1 minadobe.em.env_typedev; stage; prodadobe.em.programadobe.em.serviceadobe.em.tierauthor; publish; previewOneAgent might aggregate spans that have the same parent span into a single span. The aggregated span contains attributes to indicate the aggregation and to allow reconstructing details.
For aggregated spans the start_time holds the earliest start_time, end_time holds the latest end_time of all aggregated spans.
aggregation.count3aggregation.duration_max482aggregation.duration_min42aggregation.duration_samples[42, 482, 301]aggregation.duration_sum123aggregation.exception_count0; 6apache.tomcat.base/usr/share/tomcat6apache.tomcat.home/usr/share/tomcat6apache.httpd.config.pathapache.spark.master.ipThe app namespace contains information on the application sending the event.
app.bundlecom.example.easytravelapp.ideasytravelapp.short_version5.23app.version5.23.15789; 143542The artifact namespace contains information about software artifacts.
artifact.attestation.filenameartifact.filename.carts-service-amd64-0.1.1.tar.gz.intoto.json1artifact.attestation.hashb4e370270ac4fe8d728b845ab8d190a7c931f09ff7b0156dd4d6abf797f1fe6aartifact.filenameartifact.id, but can contain the artifact.version and other data like file extension.carts-service-amd64-0.1.1.tar.gzartifact.hash6c323d126547f71fafb4bffa02cdc480fb284678644ef0b6c69029f051fe5137artifact.idcarts-serviceaspnetcore.appl.pathFields that can come from audit logs.
audit.actionAccess to Azure Resource Manager; New User Created; User added to Groupaudit.identityname.surname@example.comaudit.resultSucceeded; Failedaudit.statusStarted; In Progress; Succeeded; Failed; Active; Resolvedaudit.time16/01/2025, 10:34 AMAuthentication type and method used to login to a Dynatrace system.
authentication.client.iddt0s02.UZCK6ENL.2YQ2A3DZUEISRJSUU5544J3SC3TMPXSEEMNA5HK7RW54SJ6XKLYGMWJNKL7B2DNHauthentication.grant.typeAUTHORIZATION_CODE; CLIENT_CREDENTIALSauthentication.tokendt0c01.AM4SEYKIBROBEJ2N3HAXZ4IXauthentication.typeOAUTH2authentication.grant.type MUST be one of the following:
AUTHORIZATION_CODECLIENT_CREDENTIALSauthentication.type MUST be one of the following:
DEVOPSTOKENNONETOKENauthentication.client.id and authentication.token MUST follow the Dynatrace token format definition.
Specifically, authentication.client.id MUST be prefixed with dt0s02.
Information about entity availability. Sample usage is reporting hosts and PGI-s availability by OS Agent. Value of availability.state can be used for calculating aggregate availability (dividing count of "successful" requests by count of all requests). With constant frequency of requests it can be treated as a time-base availability, showing percentage of time that the monitored entity was available.
availability.stateupavailability.state has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
availableno_datano_data_agent_inactivereboot_gracefulreboot_ungracefulshutdown_hostFields that can come from applications running on AWS.
aws.account.idpermission123456789012aws.account.nameexample.comaws.alb.namemy-albaws.arnarn:aws:lambda:us-east-1:478983378254:function:acceptanceWeatherBackendaws.availability_zoneus‑east‑1a; us‑east‑1baws.availability_zone.iduse1-az1; use1-az2; use1-az3aws.lambda.initialization_type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
on-demandprovisioned-concurrencysnap-startaws.lambda.invoked_arnContext passed to the function (Lambda-Runtime-Invoked-Function-Arn response header from the request to /runtime/invocation/next).arn:aws:lambda:us-east-1:123456789012:function:acceptanceWeatherBackend:productionaws.request_idx-amzn-requestid, x-amzn-request-id, or x-amz-request-id HTTP header, awsRequestId field in AWS lambda context object).0e7bc729-a468-57e8-8143-98f2eec5c925aws.xray.trace_idx-amzn-trace-id HTTP header, _X_AMZN_TRACE_ID environment variable on AWS lambda)Root=1-63441c4a-abcdef012345678912345678; Self=1-63441c4a-12456789abcdef012345678;Root=1-67891233-abcdef012345678912345678Fields that can come from applications running on Azure.
azure.availability_zones[1]azure.class_nameHost.Functionsazure.event_hub.locationpolandcentralazure.event_hub.namelogs-ingest-eventHub/logs-ingestazure.event_hub_namespace.namemy-event-hubazure.locationwesteuropebizflow.idbizflow.prioritycritical; high; medium; lowbizflow.urlFields that are integral to applications managed by BOSH.
bosh.availability_zoneus-east-1abosh.instance_idaf318409-9e9d-4a18-aca4-0fb52bbdc526bosh.nameisolated_diego_cell_devimaThe browser namespace contains information on the browser running an application.
browser.nameMozillabrowser.typedesktop; mobile; tablet; robot; otherbrowser.user_agentMozilla/5.0 (Windows NT 10.0; Win64; x64)browser.version5.0Span scoped attributes (e.g. method parameters, return values, class names, …) captured by the OneAgent based on a request attribute rule. The actual name of the attribute is the prefix "captured_attribute" plus the "request attribute name" defined in the request attributes configuration. In contrast to request attributes, captured attributes contain the raw values reported by the OneAgent at the location (i.e. on the active span) where they appeared. No aggregation (first/last value, distinct values, ...), type conversion or normalization is performed on them. They are the basis for request attributes.
captured_attribute.__attribute_name____attribute_name__ defined by the request attribute configuration. The values are mapped as an array according to the type of the captured attributes, so either boolean, double, long, or string. If the captured attributes have mixed types (e.g. long and string, or double and long, etc.), all attributes are converted to string and stored as string array.[42]; ['Platinum']; [32, 16, 8]; ['Special Offer', '1702']; ['18.35', '16']cassandra.cluster.nameThe cicd namespace contains information about Continuous Integration and Continuous Deployment systems.
cicd.pipeline.id12345cicd.pipeline.nameCI pipeline for main branchcicd.pipeline.run.id9876cicd.pipeline.run.outcomesuccesscicd.pipeline.run.url.fullhttps://github.com/ACME/ACME-repo/actions/runs/9876cicd.pipeline.url.fullhttps://github.com/ACME/ACME-repo/actions/workflows/ci-build.ymlcicd.pipeline.run.outcome has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
cancelederrorfailureskippedsuccesstimed_outThe client namespace contains information on the initiator of a network connection.
client.app.nameMS Outlookclient.ipsensitive-spans194.232.104.141; 2a01:468:1000:9::140client.ip.is_publictrueclient.ispInternet Service Provider Nameclient.port65123; 80Fields related to cloud deployments that can be used across different providers.
cloud.account.id111111111111; opentelemetrycloud.availability_zoneus-east-1acloud.provideralibaba_cloudcloud.regionus-east-1cloud.resource_idarn:aws:lambda:REGION:ACCOUNT_ID:function:my-function; //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID; /subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>The prefix of the service matches the one specified in cloud.provider.
cloud.platform MUST be one of the following:
alibaba_cloud_ecsalibaba_cloud_fcalibaba_cloud_openshiftaws_app_runneraws_ec2aws_ecscloud.provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
alibaba_cloudawsazuregcpherokuibm_cloudFields related to operations related to a cloud.
The cloud.target namespace provides information on the entity targeted by outgoing requests.
cloud.target.account.id111111111111; 984398786124cloud.target.provideralibaba_cloudcloud.target.regionus-east-1cloud.target.resource_idarn:aws:lambda:REGION:ACCOUNT_ID:function:my-function; //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID; /subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>cloud.target.provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
alibaba_cloudawsazuregcpherokuibm_cloudThe cloud.origin namespace provides information on the entity from which incoming requests originate.
cloud.origin.account.id111111111111; 984398786124cloud.origin.provideralibaba_cloudcloud.origin.regionus-east-1cloud.origin.resource_idarn:aws:lambda:REGION:ACCOUNT_ID:function:my-function; //run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID; /subscriptions/<SUBSCIPTION_GUID>/resourceGroups/<RG>/providers/Microsoft.Web/sites/<FUNCAPP>/functions/<FUNC>cloud.origin.provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
alibaba_cloudawsazuregcpherokuibm_cloudcloudfoundry.application.idcloudfoundry.application.namecloudfoundry.instance.indexcloudfoundry.space.idcloudfoundry.space.namecode.call_stackcode.function. The call stack starts with the code.function, and the stack frames are separated by a line feed.com.example.SampleClass.doProcessing(SampleClass.java) com.example.SampleClass.doSomeWork(SampleClass.java) com.example.SampleClass.main(SampleClass.java)code.filepath/usr/local/MyApplication/content_root/app/index.phpcode.functionserveRequestcode.invoked.filepathcode.filepath, only it represents the file path of the function that was active when a span has been started. Typically, it is the function that has been instrumented. It should only be set if it differs from code.filepath./usr/local/MyApplication/content_root/app/index.phpcode.invoked.functioncode.function, only it represents the function that was active when a span has been started. Typically, it's the function that has been instrumented. The spans duration does not reflect the duration of this function execution. It should only be set if it differs from code.function.invokecode.invoked.namespacecode.namespace, only it represents the namespace of the function that was active when a span has been started. Typically, it's the function that has been instrumented. It should only be set if it differs from code.namespace.com.sun.xml.ws.server.InvokerTube$2coldfusion.jvm.config.filecoldfusion.service.nameFor some technologies compilation of code might be a significant contributor to request execution time. Compilation timings provide insight into this, where available.
compilation_timings.compilation_countcompilation_timings.duration_sum.7compilation_timings.duration_sum6723compilation_timings.top_compilationscompilation_timings.duration_sum, represented as map from compilation unit name to duration in nanoseconds spent.{'/home/user/test/php/build/tmp/php-htdocs/memcached/memcachedCli.php': 1952, '/home/user/test/php/build/tmp/php-htdocs/curl_cli_uri_filtering.php': 1306}container.ida3bf90e006b2container.image.namegcr.io/opentelemetry/operatorcontainer.image.version0.1container.nameopentelemetry-autoconfCTG (shorthand for "CICS Transaction Gateway") is a connector for enterprise modernization of CICS assets. It empowers various application platforms, such as Java servlets, to incorporate CICS programs.
CICS (shorthand for "Customer Information Control System") is a middleware to support rapid, high-volume online transaction processing on IBM mainframe systems on z/OS. CTG features a client and a server, which communicate via so-called GatewayRequests.
ctg.request.call_type2ctg.request.commarea_length0ctg.request.extend_mode11ctg.request.flow_type5ctg.request.gateway_urltcp://1.2.3.4:5678/ctg.request.object_nameThe values are defined in the IBM CTG API source code.
ctg.request.type MUST be one of the following:
ADMINAUTHBASEECIEPIESIcustom_service.methodstartTask; run; authenticatecustom_service.nameMyCustomService; AuthenticationComponentdb.affected_item_count32db.collection.namecustomers; public.usersdb.connection_stringsensitive-spansjdbc:dynamodb:Access Key=XXX;Secret Key=XXX;Domain=amazonaws.com;Regiondb.cosmosdb.request_charge4.95; 2.0db.dynamodb.table_names[Cats, Dogs]db.namespacecustomers; test.usersDepending on the data provided on ingest, this attribute may be derived by e.g., parsing db.query.text. Parsing might fail, or the result might be inaccurate.
The value may be sanitized to exclude sensitive information.
db.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
adabascachecassandraclickhousecloudscapecockroachdbdeployment.release_build_version2021-03-24deployment.release_productWoGo Maindeployment.release_stageproductiondeployment.release_version0.4.1The device namespace contains information on the device running an application. This should only be used for end-user devices or devices outside of a private infrastructure. In line with the naming conventions and guidelines, we are in this case adhering to the emerging Open Telemetry convention around this, with some additions.
device.battery.level100device.is_rootedfalsedevice.manufacturerAppledevice.model.identifieriPhone3,4device.orientationlandscapedevice.screen.height1152Fields describing a disk.
disk.all_mountpoints[/mnt/storage, /home, /var/log]disk.device_namesdadisk.mountpoint/mnt/storagedisk.remote_disk_id0; 16864135562327138441; 18446744073709551615db.dli.pcb3; MYPCBNAMdb.dli.pcb_typeDC; DL/I; F/Pdb.dli.processing_optionsGRdb.dli.segment_level3; 24db.dli.segment_namePARTROOTdb.dli.status_codeQCdb.dli.pcb_type MUST be one of the following:
DCDL/IF/Pdotnet.dll.filedotnet.dll.pathMetadata with ActiveGate realated information.
dt.active_gate.group.nameGdanskLabdt.active_gate.id0x0xef3d21c3dt.active_gate.working_modeclusterdt.active_gate.working_mode MUST be one of the following:
clusterembeddedenvironmentmultitenantdt.active_gate.api_connector.config_id123; 9276dt.active_gate.api_connector.pipeline_identifierKubernetes/Topologydt.active_gate.api_connector.pipeline_statusfaileddt.active_gate.api_connector.technology_idKubernetes; CloudFoundry; AWS; Dynatrace Extension; Azuredt.active_gate.api_connector.pipeline_status MUST be one of the following:
failedskippedsucceededMetadata of the OneAgent module that reported a signal. These attributes are what one would also see in OneAgent Health.
dt.agent.module.id031f613871fab0b4; fc3cd1bb276f0beddt.agent.module.parent_idea89eef5db8b85a9dt.agent.module.typeapachedt.agent.module.version1.269.17.20221117-132428dt.agent.module.version_shortdt.agent.module.version's cardinality would be a problem1.269dt.agent.module.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
apachedotnetdumpprocextensionsgoiisFields defined in this namespace are used by Dynatrace to describe various aspects of events emitted by the AutomationEngine.
dt.automation_engine.action.appdynatrace.workflowsdt.automation_engine.action.functiontask_1dt.automation_engine.action_execution.id23e7b55a-884f-4497-8ad6-8d49d52b4348dt.automation_engine.action_execution.loop.indexdt.automation_engine.action_execution.retry.countdt.automation_engine.stateIDLE; RUNNING; WAITING; SUCCESS; ERROR; CANCELLEDSome attributes are used in the context of the Davis engine.
These fields can be set in events to influence the Davis engine behavior.
dt.davis.analysis_time_budgetdt.davis.analysis_trigger_delaydt.davis.is_entity_remapping_alloweddt.davis.is_frequent_issue_detection_alloweddt.davis.is_merging_alloweddt.davis.is_problem_suppressedThese fields can be set by Davis routines.
dt.davis.anomaly_detection.alertdt.davis.anomaly_detection.anomalydt.davis.anomaly_detection.lowerdt.davis.anomaly_detection.upperdt.davis.forecast.lowerdt.davis.forecast.pointThe Dynatrace OneAgent associates monitoring data with a so called Monitored Entity ID (ME ID). On OneAgent monitored environments, whenever ME IDs are accessible within the monitored system they should be used to enrich monitoring data to facilitate correlations with data primarily addressed through ME IDs coming from other channels.
The structure for keys that signify entity IDs is dt.entity.{type of entity}.
The value associated with such a key must be valid Dynatrace entity identifier
(see Monitored entities API).
To allow linking Entity IDs across various different monitoring artifacts (logs, metrics, etc.), all string representations of Entity IDs are required to follow a canonical form, which for all current entities is defined as PREFIX-0123456789ABCDEF.
Consumers should treat the token as an opaque value and must not infer any semantics on the ID itself. Producers need to match the Entity ID that is being returned by Dynatrace Entity API verbatim.
Producers of string representation must treat the string as if it was parsed case-sensitively, even though some parts of the product may be more lenient.
The structure of the entity ID is currently as follows: <ID-NAMESPACE>-<16-digit-hex-string>. The <ID-NAMESPACE> is type specific but cannot be used to determine the actual entity type reliably, especially in cases of CUSTOM_DEVICE. The <16-digit-hex-string> needs to be zero-padded (prefix) to a length of 16 digits and must use upper case letters A-F.
Current entity IDs in cannonical form can be represented structurally with the following regular expression: [A-Z][A-Z_]*-[0-9A-F]{16}.
Additional characters or changes in the format may happen in the future but will not invalidate existing IDs or ID generation rules.
When adding a name to an entity ID via the Grail function entityName, by default, the name of the respective entity will be represented as dt.entity.{type of entity}.name. Similarly, further entity attributes can be added via the Grail function entityAttr, resulting in additional field(s) following the naming convention dt.entity.{type of entity}.{name of attribute}.
dt.entity.applicationentity-idAPPLICATION-DC92E74A7A844E6Edt.entity.aws_availability_zoneentity-idAWS_AVAILABILITY_ZONE-6000A4E2BD2AB971dt.entity.azure_regionentity-idAZURE_REGION-0DD5C79E4034F0AAdt.entity.azure_vmentity-idAZURE_VM-326478B733D6CFB0dt.entity.cloud_applicationentity-idCLOUD_APPLICATION-3AB5BBF3E09A7942dt.entity.cloud_application_instanceentity-idCLOUD_APPLICATION_INSTANCE-E0D8F94D9065F24FAdditional extension information sent via self-monitoring.
dt.extension.config.idvu9U3hXa3q0AAAABAAtleHQ6ZXh0LTA0MAAIYWdfZ3JvdXAAA0FHMQAkMjY2YTIyM2YtZDgxYi0zNTNjLThlYzctYzk2YzliZjg4OGQ3vu9U3hXa3q0dt.extension.dsSNMPTrapdt.extension.endpoint.hints[nat-test.lab.dynatrace.org, 1521, orc]dt.extension.namecom.snmptrap.genericdt.extension.statusAUTHENTICATION_ERRORdt.extension.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AUTHENTICATION_ERRORDEVICE_CONNECTION_ERROREEC_CONNECTION_ERRORGENERIC_ERRORINVALID_ARGS_ERRORINVALID_CONFIG_ERRORAttributes used for Process Group enrichment in extensions.
Attributes defined in this namespace are used by Dynatrace to describe different aspects of the ingested data.
dt.ingest.debug_messages[MyATTribute mapped to myAttribute]dt.ingest.formatdtapi/json; otlp/protobufdt.ingest.size2005dt.ingest.warnings[attr_count_trimmed, content_trimmed]dt.ingest.format MUST be one of the following:
dtapi/jsondtapi/plaintextjournaldotlp/jsonotlp/protobufplaintextdt.ingest.warnings MUST contain only values from the following list:
content_trimmedcontent_trimmed_pipeattr_count_trimmedattr_count_trimmed_pipeattr_key_case_mismatchattr_key_trimmeddt.cost.costcenterTeam Adt.cost.productProduct Adt.host_group.idpermissionmyHostGroupdt.metrics.sourcetelegraf; com.dynatrace.extension.sql-oracledt.pg_detection.cluster.idThis is the framework used for capturing, processing and forwarding metrics, not the emitting monitored entity. Exemplary custom value: name of an extension sending metrics.
Value of this attribute will be based on one of dt.entity.<type> attributes value. That means that both attributes dt.source_entity and corresponding dt.entity.<type> will be set to the same ID.
dt.metrics.source has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
dynatrace_codemoduledynatrace_ingestdynatrace_osagentmicrometeroneagent_metric_apiopentelemetrydt.maintenance_window_idsc715d677-eb1b-3e1b-8dbc-db06cad5b8ebdt.querytimeseries avg(dt.host.cpu.idle); fetch logsdt.raw_data{"content": "example record content"}Fields defined in this namespace are used by Dynatrace to describe various aspects of the data ingested through OpenPipeline, providing detailed insights into the ingestion process.
dt.openpipeline.pipelines[[logs:default], [logs:pipeline_haproxy_2656, bizevents:default]]dt.openpipeline.source/platform/ingest/v1/events; oneagentdt.openpipeline.source_typeotlp; oneagentdt.openpipeline.source_type MUST be one of the following:
apiaws_firehoseextensiononeagentotlpunknownThe dt.rum namespace contains Dynatrace RUM specific fields.
dt.rum.application.idea7c4b59f27d43eb; 89b1a1e7-fe89-4151-81e9-410fa0235f0ddt.rum.instance.id3735928559dt.rum.schema_version0.1dt.rum.session.idHOPCPWKILUKHFHWRRQGBHHPAFLUJUOSH-0; 23626166142035610_1-0Fields for referencing Settings 2.0 objects, schemas and scopes.
Although the dt.settings.object_id is enough to identify a specific settings value within a dynatrace environment, adding explicit information about the schema, scope and/or scope type can be useful nonetheless. If your use-case will only ever involve a single schema, scope type and/or scope, documenting this is good enough - if multiple schemas, scope types and/or scopes can be involved, filling the corresponding fields is strongly recommended.
dt.settings.references can be used if multiple settings objects need to be referenced. In that case, each entry in the array can hold a reference to a single settings object.
The top level fields contain generally relevant information for all monitoring data.
dt.settings.object_idvu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQdt.settings.object_summaryJourney Service all errors; Really, this can be anything; My alerting ruledt.settings.references[{'dt.settings.object_id': 'vu9U3hXa3q0AAAABACFidWlsdGluOnJ1bS51c2VyLWV4cGVyaWVuY2Utc2NvcmUABnRlbmFudAAGdGVuYW50ACRhMzZmYmYwMy00NDY1LTNlNTYtOTZiOS1kOWMzOGQ3MzU1NmO-71TeFdrerQ', 'dt.settings.relationship': 'matched_rule'}, {'dt.settings.object_id': 'vu9U3hXa3q0AAAABAB9idWlsdGluOmRhdmlzLmFub21hbHktZGV0ZWN0b3JzAAZ0ZW5hbnQABnRlbmFudAAkMzM2NTc3MTgtYWNjYi0zOGY1LTlmOGUtMTg5NTBiYmNjNmRhvu9U3hXa3q0', 'dt.settings.relationship': 'triggered_alert'}]dt.settings.relationshipsnake_case) here that describe the relationship for your use-case.matched_rule; triggered_alertdt.settings.schema_idbuiltin:problem.notifications; app:dynatrace.jenkins:connectiondt.settings.schema_version1.0.0; 1.2.3The dt.synthetic namespace contains Dynatrace synthetic specific fields.
dt.synthetic.batch.iddt.synthetic.monitor.idHTTP_CHECK-6349B98E1CD87352dt.synthetic.monitored_entity_idsAPPLICATION-EA7C4B59F27D43EBdt.synthetic.request.targets127.0.0.1:22dt.synthetic.violated_entity_idsHTTP_CHECK-9349B98E1CD87352; HTTP_CHECK_STEP-6349B98E1CD87352result.stateFAILresult.state MUST be one of the following:
FAILSUCCESSThe namespace dt.system is reserved for Grail. These fields cannot be ingested but instead will be set by Grail directly. Every record that is fetched from Grail provides these fields, but by default they are hidden. You can display them by using the fieldsAdd command.
Example query:
// display the bucket for each log recordfetch logs| fieldsAdd dt.system.bucket
dt.system.bucketdefault_logs; default_spans; default_bizeventsdt.system.environmentwkf10640dt.system.monitoring_sourcefullstack_host; infrastructuredt.system.sampling_ratio1dt.system.segment_id5d97c09e-7337-443e-bab5-2f0474804687dt.system.storage_interval1 mindt.system.monitoring_source MUST be one of the following:
discoveryfullstack_containerfullstack_hostinfrastructuremainframedt.system.storage_interval MUST be one of the following:
1 minFields defined in this namespace are used by Dynatrace to describe different aspects of the context propagation between spans.
dt.tracing.custom_link.id736bd2684696c4a8dt.tracing.custom_link.original_bytesycXlxUBAQEDee9lm8pBcA8nF5cVAQEBA3nvZZvKQXAPee9lm8s4SAQ==dt.tracing.custom_link.transformed_bytesycXlxUBAQEDee9lm8pBcA8nF5cVAQEBA3nvZZvKQXAPee9lm8s4SAQ==dt.tracing.custom_link.typedt.tracing.custom_link.original_bytes to the dt.tracing.custom_link.transformed_bytes was applied.genericdt.tracing.foreign_link.bytes00000004000000010000000200000003000000040000002300000001dt.tracing.foreign_link.textFW4;129;12;-2023406815;4539717;0;17;66;c511;2h02;3h12345678;4h676767; FW1;129;4711;59959450;-1859959450;3;17;0dt.tracing.custom_link.type MUST be one of the following:
genericdt.tracing.custom_link.original_bytes have no special meaning.ibm_mqdt.tracing.custom_link.original_bytes are an IBM MQ custom link.ibm_mq_ignore_qnamedt.tracing.custom_link.original_bytes are an IBM MQ custom link, but the qname part should be ignored in mapping.dt.tracing.link.direction MUST be one of the following:
incomingoutgoingelasticsearch.cluster.nameelasticsearch.node.nameEndpoints define the public interface of services.
endpoint.namehttp.route or rpc.method. Endpoints are exclusively detected on request root spans.GET /; PUT /users/:userID?; GET /productpage; Reviews.GetReviewsFields that describe entities.
entity.conditional_nameCl-Prod1 Ser-1entity.customized_nameHost 1234entity.detected_nameip-10-100-200-5.eu-west-1.compute.internalentity.nameentity.customized_name, entity.conditional_name, entity.detected_name.easyTravelentity.typehost; serviceequinox.config.pathesb.application.namemyBusinessApp; YourServiceApp; any_workesb.library.namemyWebServicesLib; YourMessagingLibrary; any_toolsesb.vendoribm; tibcoesb.workflow.namemyMessageFlow; YourBusinessWorkflow; any_flowThe event namespace contains common identification, categorization and context on events in Dynatrace.
event.categoryAvailabilityevent.descriptionThe current response time (11 s) exceeds the auto-detected baseline (767 ms) by 1,336 %event.end16481073970000event.group_labelAvailabilityevent.id5547782627070661074_1647601320000event.kindpermissionINFRASTRUCTURE_EVENT; DAVIS_EVENT; BIZ_EVENT; RUM_EVENT; AUDIT_EVENT; BILLING_USAGE_EVENTValues are either in title-case or screaming snake case.
event.category SHOULD be one of the following:
AvailabilityErrorSlowdownResource contentionWarningInfoevent.status SHOULD be one of the following:
ActiveClosedevent.status_transition SHOULD be one of the following:
CreatedUpdatedRefreshedResolvedRecoveredClosedexception.caused_by_idexception.id of the exception the current exception was caused by.exception.column_number12304exception.escapedtrue indicates that the exception was recorded at a point where it is known that the exception escaped the scope of the span.exception.file.domainexception.file.full.www.foo.barexception.file.fullhttps://www.foo.bar/path/main.js; main.jsexception.file.pathexception.file.full./path/main.jsFields that can be expected from serverless functions or Function as a Service (FaaS) on various cloud platforms.
faas.max_memoryfaas.namemy-function; myazurefunctionapp/some-function-name; test_functionThis is the name of the function as configured/deployed on the FaaS platform and is usually different from the name of the callback
function (which may be stored in the code.namespace/code.function span attributes).
Value of the field depends on a cloud provider. This field is not set for Azure.
faas.coldstartfaas.invoked_namemy-functionfaas.invoked_providercloud.provider resource attribute.alibaba_cloudfaas.triggerdatasourceWill be equal to the invoked function's cloud.region resource attribute.
faas.invoked_provider has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
alibaba_cloudawsazuregcptencent_cloudfaas.trigger MUST be one of the following:
datasourcehttpotherpubsubtimerFields that can be expected for a failure detection on a Dynatrace span. Failure detection will be applied to spans that represent requests on endpoints and incoming Istio services mesh proxies. A request is considered failed if at least one failure reason is detected and no success forcing rule matches. The combined result (failure or success) will be stored in the attribute 'request.is_failed' (see also here).
failure_detection.general_parameters_idid of the failure detection general parameters (FDv1) that were applied to that span (uid128).4d76194c11a9426197a9062548f9e66ffailure_detection.http_parameters_idid of the failure detection http parameters (FDv1) that were applied to that span (uid128).4d76194c11a9426197a9062548f9e66gfailure_detection.resultsfailure_detection.ruleset_idid of the failure detection rule set (FDv2) that was applied to that span (uid128).4d76194c11a9426197a9062548f9e66eFields that can be expected for a failure detection result. Every matching rule within a failure detection rule set will produce one result record.
exception_ids[123423523456, 523463467234]reasonexceptionrule_nameFail on my.failure.attribute==failedverdictfailurereason MUST be one of the following:
custom_ruleexceptiongrpc_codehttp_codespan_statustag_conditionverdict MUST be one of the following:
failuresuccessfeature_flag.keylogo-colorfeature_flag.provider_nameFlag Managerfeature_flag.variantred; true; onA semantic identifier, commonly referred to as a variant, provides a means
for referring to a value without including the value itself. This can
provide additional context for understanding the meaning behind a value.
For example, the variant red maybe be used for the value #c05543.
A stringified version of the value can be used in situations where a semantic identifier is unavailable. The implementer should determine the string representation of the value.
gcp.app_engine.instancegcp.app_engine.servicegcp.cloud_run.servicegcp.instance.id6639848141313102286gcp.instance.namesingle-vm-testgcp.locationeurope-west3-cThe geo namespace contains geo location information. This section only holds all currently agreed upon fields in the Dynatrace Semantic Dictionary. Aligned closely to the ECS, with some adaptions around field groupings
geo.city.nameMontrealgeo.continent.nameNorth Americageo.country.nameCanadageo.region.nameQuebecglassfish.domain.nameglassfish.instance.namego.linkageFields describing a host.
Dynatrace aims to use the best fitting name for the field host.name. See below, how Dynatrace determines the host name in an ordered by precedence fashion:
Dynatrace supports customizing the host.name property. A custom set host name takes precedence over the auto detection mechanisms described further down.
oneagentctl tool can be used to set a custom host name. See Documentation for details.If no customized name is set locally, the OneAgent attempts to determine the host.name value by accessing cloud metadata where applicable.
name (case insensitive) is found, the tag's value is used as the host.name.name (case insensitive) instance metadata property is used. See Microsoft Azure documentationhostname instance metadata property is used. See Google Cloud documentation.gethostname() if it can be interpreted as a fully qualified domain name (FQDN) and doesn't contain "localhost".getaddrinfo() for port 80 is issued, again sanity checking whether the returned name is an FQDN and doesn't contain "localhost".GetComputerNameExA is used to determine a host's name. In particular, the resulting name is composed of <hostname>.<domainname> with the following details
hostname = ComputerNameDnsHostname retrieved by GetComputerNameExdomainname = ComputerNameDnsDomain retrieved by GetComputerNameExEmptyHostName if neither property can be resolved.host.custom.metadata[ENVIRONMENT]OperatorVersion:v0.9.0; [GOOGLE_COMPUTE_ENGINE]cluster-name:ext-demo1host.fqdn[ec2-43-213-176-3.compute-1.amazonaws.com, localhost.example.com]host.ip[194.232.104.141, 2a01:468:1000:9::140]host.logical.cpu.cores8host.logical.cpus8host.mac4C:03:4F:5B:E8:89; 00:15:5D:2F:1C:2Ahttp.request.body.size3495http.request.header.__key____key__ being the lowercase HTTP header name, for example "http.request.header.accept-encoding". The value is a string. If multiple headers have the same name or multiple header values, the values will be comma-separated into a single string.sensitive-spanshttps://www.foo.bar/; gzip, deflate, br; 1.2.3.4, 1.2.3.5http.request.methodGET; POST; HEADhttp.request.parameter.__key____key__ for example, "http.request.parameter.username". The value is a string. If there are multiple parameters with the same name or multiple parameter values, the values will be a single, comma-separated string.admin; premiumhttp.response.body.size3495http.response.header.__key____key__ being the lowercase HTTP header name, for example, "http.response.header.content-type". The value is a string. If multiple headers have the same name or multiple header values, the values will be comma-separated into a single string.909; text/html; charset=utf-8; abc, defhttp.server_nameMyServer; localhost:8000hybris.bin.dir/opt/hybris-60/hybris/binhybris.config.dir/opt/hybris-60/hybris/confighybris.data.dir/opt/hybris-60/hybris/dataibm.ace.integration_node.namemyIntegrationNode; YourBroker; the_management_instanceibm.ace.integration_server.namemyIntegrationServer; YourExecutionGroup; dataflow_engineibm.cics.aoribm.cics.programEDUCHANibm.cics.regionibm.cics.toriis.app_pool.nameiis.role.namejava.jar.filejava.jar.pathjava.main.classjava.main.modulejboss.homejboss.modeorg.jboss.as.standalone; org.jboss.as.serverjboss.server.namejdbc.connection.pool.namejdbc/db2journald.unitcron.service; oneagent.service; kubepods.slicek8s.cluster.namepermissionunguard-dev; acme-prod10k8s.cluster.uid1c7a24c7-ff51-46e0-bcc9-c52637ceec57k8s.container.namecontainer.name).redisk8s.namespace.namepermissiondefault; kube-systemk8s.namespace.uidbfb1ba44-3bcb-467d-a2dc-188fd74d1db5k8s.node.namecluster-pool-1-c3c7423d-azthk8s.namespace.annotation.__attribute_name__k8s.namespace.annotation.team=a_teamk8s.namespace.label.__attribute_name__k8s.namespace.label.env=devk8s.pod.annotation.__attribute_name__k8s.pod.annotation.team=a_teamk8s.pod.label.__attribute_name__k8s.pod.label.env=devk8s.workload.annotation.__attribute_name__k8s.workload.annotation.team=a_teamk8s.workload.label.__attribute_name__k8s.workload.label.env=devFields relevant for log events
log.file.namemessages; agent.loglog.file.path/var/log/messages; /var/log/dynatrace/agent.loglog.iostreamstdout; stderrlog.source/var/log/messages; Windows Event Log; Docker Container Output; stdoutlog.source.originCUSTOM; IIS_LOG_DETECTORloglevelERROR; INFO; TRACECan contain, for example, a file path, standard output, or an URI etc., depending on the log stream type. The value should be stable for one logical source (for example, not affected by log file rotation digits).
log.iostream MUST be one of the following:
stderrstdoutlog.source.origin MUST be one of the following:
CONTAINER_LOG_DETECTORCUSTOM_LOGIIS_LOG_DETECTORJOURNALD_LOG_DETECTOROPEN_LOG_DETECTORSYSTEM_LOG_DETECTORloglevel MUST be one of the following:
ALERTCRITICALDEBUGEMERGENCYERRORFATALmessaging.client.idaclient; myhost@68d46b89c9-c29qcmessaging.consumer.group.namemy-group; indexermessaging.destination.kindqueue; topicmessaging.destination.partition.id1Manager name SHOULD uniquely identify the broker.
Destination name SHOULD uniquely identify a specific queue, topic or other entity within the broker.
If a custom value is used for messaging.operation.type, it MUST be of low cardinality.
Manager name SHOULD uniquely identify the broker.
Source name SHOULD uniquely identify a specific queue, topic, or other entity within the broker.
messaging.destination.kind MUST be one of the following:
queuetopicmessaging.operation.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
peekprocesspublishreceivemessaging.source.kind MUST be one of the following:
queuetopicmessaging.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
activemqartemisaws_eventbridgeaws_snsaws_sqsazure_eventgridmessaging.akka.actor.kindsystem; usermessaging.akka.actor.path/system/log1-Logging$DefaultLogger; /remote/akka.tcp/RequesterSystem@localhost:52133/user/requestActor/$amessaging.akka.actor.systemRequesterSystem; ResponseSystemmessaging.akka.actor.typecom.acme.RespondingActormessaging.akka.message.typejava.lang.String; akka.event.Logging$Info2; com.acme.twosuds.ResponseActor$RequestMessagemessaging.kafka.message.keykey property of the message.mykeymessaging.kafka.message.tombstonetruemessaging.kafka.offset42If the message is a tombstone, the value is true. When missing, the value is assumed to be false.
In webserver technologies a multitude of modules might be contributing to handling a single web request. Module insights provides timings for these, where available.
module_insights.modules{'HttpRedirectionModule': 10299, 'BasicAuthenticationModule': 4665}These attributes may be used for any network related operation.
network.carrier.nameMagenta; AT&Tnetwork.connection.subtypelte; 802.11xnetwork.connection.typecell; wifinetwork.protocol.version1.1; 3.1.1network.connection.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
cellunavailableunknownwifiwirednetwork.transport has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
inprocotherpipetcpudpunixSignals that there is only in-process communication not using a "real" network protocol in cases where network attributes would typically be expected. Usually, all other network attributes can be left out.
network.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ipv4ipv6Fields that are used in extensions to describe network devices.
device10.102.0.45:161device.address10.102.0.45device.nameAT1i-WLC-TestingLab.dynatrace.orgdevice.port161nodejs.app.base.dirnodejs.app.namenodejs.script.nameFields that can come from applications running on Openstack.
openstack.availability_zoneus-east-1aopenstack.instance_uuid6790cb48-f8e9-4773-bcea-001469de0599The origin of a request associated with this event.
origin.address10.11.12.13origin.sessionnode0hfzncorigin.typeREST; LOCALorigin.x_forwarded_for1.2.3.4origin.type MUST be one of the following:
LOCALRESTThe os namespace contains information on the operating system running an application.
os.architectureX86os.nameiOSos.typeLINUX; WINDOWSos.version15.3.1; Ubuntu 16.04.7 LTS (Xenial Xerus) (kernel 4.15.0-206-generic); Windows Server 2022 Datacenter 21H2 2009, ver. 10.0.20348otel.scope.nameInstrumentationScope.Name in OTLP).io.opentelemetry.contrib.mongodbotel.scope.versionInstrumentationScope.Version in OTLP).1.0.0php.cli.script.pathphp.cli.working.dirphp.drupal.application.namephp.fpm.pool.namephp.symfony.application.namephp.wordpress.blog.nameprocess.executable.nameName in proc/[pid]/status. On Windows, can be set to the base name of GetProcessImageFileNameW.otelcolprocess.executable.pathproc/[pid]/exe. On Windows, can be set to the result of GetProcessImageFileNameW./usr/bin/cmd/otelcolprocess.pid1234request.is_failedrequest.is_root_spanRequest scoped attributes (e.g. method parameters, return values, class names, …) captured by the OneAgent based on a request attribute definition. The actual name of the attribute is the prefix "request_attribute" plus the "request attribute name" defined in the request attributes configuration. Request attributes are built based on captured attributes and other attributes like HTTP header values or "normal" span attributes, on which the aggregations (first/last value, distinct values, ...), type conversion and normalizations defined in the request attribute configuration are performed. They are evaluated for an entire request (possibly consisting of multiple spans) and are stored only on the request root node.
request_attribute.__attribute_name____attribute_name__ defined by the request attribute configuration. The data type of the value depends on the request attribute definition.sensitive-spans42; Platinum; ['Product A', 'Product B']; ['Special Offer', '1702']rpc.namespacetempuri.orgrpc.servicemyservice.EchoServicerpc.systemapache_cxf; dotnet_wcf; grpc; jax_wsThis is the logical name of the method from the RPC interface perspective, which can be different from the name of any implementing method/function. The code.function attribute may be used to store the latter (e.g., method executing the call on the server side, RPC client stub method on the client side).
This is the logical name of the service from the RPC interface perspective, which can be different from the name of any implementing class. The code.namespace attribute may be used to store the latter (despite the attribute name, it may include a class name, e.g., class with method executing actually executing the call on the server side, RPC client stub class on the client side).
rpc.system has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
apache_axisapache_cxfapache_winkaws_apidotnet_remotingdotnet_wcfThe server namespace contains information on the responder of a network connection.
server.addressexample.comserver.port65123; 80server.resolved_ipsserver.address.[194.232.104.141, 2a01:468:1000:9::140]service.nameshoppingcartservlet.context.nameservlet.context.pathFields that are used in SNMP extensions.
trap_oidSNMPv2-MIB::coldStartversionSNMPv3softwareag.install.rootsoftwareag.product.prop.namespan.alternate_parent_idspan.id of this span's parent span. If a trace is monitored by more tracing systems (for example, OneAgent and OpenTelemetry), there might be two parent spans. If the two parent spans differ, span.parent_id holds the ID of the parent span originating from same tenant of the span while span.alternate_parent_id holds the other parent span ID. The span.alternate_parent_id is an 8-byte ID and hex-encoded if shown as a string.f76281848bd8288cspan.eventsspan.exit_by_exception_idexception.id of the exception the its span.events with the current span exited. The referenced exception has set the attribute exception.escaped to true.span.idspan.id is an 8-byte ID and hex-encoded if shown as a string.f76281848bd8288cspan.is_exit_by_exceptiontrue if an exception exited the span. If set to false, the span has exception events, but none exited the span.span.is_subroutinetrue, it indicates that this span is a subroutine of its parent span. The spans represent functions running on the same thread on the same call stack.span.kind MUST be one of the following:
clientconsumerproducer request.internallinkproducerserverspan.status_code MUST be one of the following:
errorokspan_event.nameexceptionspan_event.name has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
bizeventexceptionfeature_flagLanguage Independent Interface Types For OpenTelemetry
spring.profile.namespring.startup.classDisk
storage.disk.encryptedstorage.disk.fstypeext4; btrfsstorage.disk.knamesdastorage.disk.modelbaracudastorage.disk.mountpoint/mnt/disk1storage.disk.other-mountpoints[/home/user1/mydisk, /opt/volume1]Partition
storage.partition.encryptedstorage.partition.fstypeext4; btrfsstorage.partition.knamesda1storage.partition.mountpoint/mnt/diskAstorage.partition.other-mountpoints[/home/user1/mydiskA, /opt/volumeA]storage.partition.path/dev/sda1Volume
storage.volume.display-namevg0-lv1; vg1-lv2; my-volumestorage.volume.fstypeext4; btrfsstorage.volume.knamedm-1; dm-2; dm-5storage.volume.mountpoint/mnt/diskAstorage.volume.other-mountpoints[/home/user1/mydiskA, /opt/volumeA]storage.volume.path/dev/mapper/vg0-lv1Software RAID
storage.software-raid.encryptedstorage.software-raid.fstypeext4; btrfsstorage.software-raid.knamemd0; md1; md3storage.software-raid.mountpoint/mnt/diskAstorage.software-raid.other-mountpoints[/home/user1/mydiskA, /opt/volumeA]storage.software-raid.parentmd0subtrace.id95efd70fcdb5b7b3; 96835e1d65490b48subtrace.is_root_spanAdditional information about the attributes of a data point.
supportability.alr_sampling_ratiosupportability.alr_sampling_ratio would be 8 and the numerator is 1.8supportability.atm_sampling_ratiosupportability.atm_sampling_ratio would be 16 and the numerator is 1.16supportability.custom_service.rule_id4d76194c11a9426197a9062548f9e66esupportability.dropped_attributes_count1supportability.dropped_events_count1supportability.dropped_http_request_headers_counthttp.request.header.__key__ that were discarded.1Span sensor rules used during ingestion of OpenTelemetry/OpenTracing spans by instrumentation of the OpenTelemetry/OpenTracing Apis are applied at span start time. Therefore these rules can only operate on span attributes given at span start time.
The value at span start time of attributes captured by this instrumentation is preserved to allow proper rule configuration.
supportability.span_start.__key____key__ is a placeholder for the actual attribute name. The data type of the value depends on the attribute.5, "initial", ["a", "b"]supportability.span_start.attribute_namessupportability.span_start.span.nameGETThe telemetry.sdk.* fields are used to describe the telemetry SDK in OpenTelemetry or ODIN ingest. It can be considered the closest equivalent of ODIN/OTel data to dt.agent.module.*.
The telemetry.exporter.* fields are used to define the exporter that exports telemetry data and is expected to be different for each exporter in case when multiple exporters co-exist.
telemetry.exporter.nameodintelemetry.exporter.package_version1.285.1telemetry.exporter.version1.285.1.20240101-256988telemetry.sdk.languagenodejs; python; javatelemetry.sdk.nameodin; opentelemetrytelemetry.sdk.version1.20.0thread.id42thread.namemainthread.pool.nameWorkerThreadPooltibco.businessworks.app.node.nametibco.businessworks.app.space.nametibco.businessworks.domain.nametibco.businessworks.hometibco.businessworks.property.file.nametibco.businessworks.property.file.pathThe time_correction namespace contains information on time corrections applied to the timestamps of an event, for example, start_time, timestamp or event.end.
Time corrections may be necessary if events are reported with timestamps that are completely off compared to cluster time. For example, Dynatrace RUM reported data can be off depending on client time.
time_correction.is_appliedfalsetime_correction.offset<corrected timestamp> = <original timestamp> + <offset>). May be a negative number. Example: original timestamp: 1670399998423233001, offset: 127927969312, corrected timestamp: 1670400126351202313127927969312trace.alternate_idtrace.alternate_id is a 16-byte ID and hex-encoded if shown as a string.357bf70f3c617cb34584b31bd4616af8trace.idtrace.id is a 16-byte ID and hex-encoded if shown as a string.357bf70f3c617cb34584b31bd4616af8trace.is_sampledtrace.statef4fe05b2-bd92206c@dt=fw4;3;abf102d9;c4592;0;0;0;2ee;5607;2h01;3habf102d9;4h0c4592;5h01;6h5f9a543f1184a52b1b744e383038911c;7h6564df6f55bd6eae,apmvendor=boo,foo=barThe url namespace contains semantic conventions for URL and its components.
url.domainwww.foo.bar; google.com; wikipedia.orgurl.fragmentSemConvurl.fullsensitive-spanshttps://www.foo.bar/docs/search?q=OpenTelemetry#SemConvurl.path/docs/searchurl.port443; 80url.querysensitive-spansq=OpenTelemetryRepresentation of a physical or logical user.
user.emailuser@mail.comuser.id35ba9499-f87c-4047-962c-14dc32e255e5; systemuser.nameWolfgang Amadeus Mozart; Systemuser.organizationDYNATRACE; CUSTOMER; PARTNERuser.organization MUST be one of the following:
CUSTOMERDYNATRACEPARTNERuser.organization MUST be one of the following:
DYNATRACECUSTOMERPARTNERThe vcs namespace contains information about Version Control Systems.
vcs.change.id1234vcs.change.stateopen; closed; mergedvcs.change.titleCA-1234: Fix some stuff; [chore] update dependencyvcs.line_change.typeadded; removedvcs.ref.base.namemy-branch-namevcs.ref.base.revisiond4322ab6cba38d21ad83c9de304a6a214ecf2cdc; main; 1337The base name refers to the starting point of a change. For example, if a feature branch was created from main,
main is the base reference of type branch.
The base revision refers to the starting revision of a change. For example, if a branch was created from a certain commit, this commit is the base revision.
The base type refers to the reference type of the starting point of a change. For example,
if a feature branch was created from the main branch, branch is the base reference's type.
The head name refers to the current reference's name. For example,
if main is currently checked out, the head name is main.
The head revision refers to the currently referenced revision.
The head type refers to the currently referenced type in the repository. For example,
if the main branch is currently checked out, the head reference is of type branch.
Be aware that the repository name might clash with forked repositories.
For Git VCS, this should not include the .git URL suffix.
vcs.change.state has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
closedmergedopenwipvcs.line_change.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
addedremovedvcs.ref.base.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
branchtagvcs.ref.head.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
branchtagvcs.ref.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
branchtagvcs.revision_delta.direction has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
aheadbehindFields that can come from applications running on VMware.
vmware.datacenter.namesrvwasapp1Cell01vmware.disk.namesrvwasapp1Cell01vmware.hypervisor.namemy-hypervisor.lab.dynatrace.orgvmware.nic.namevmnic0; vmnic1; vmnic2vmware.vcenter.namemy-vcenter.lab.dynatrace.orgvmware.vm.nameeasytravel-demovulnerability.code_location.nameorg.dynatrace.profileservice.BioController.markdownToHtml(String):80vulnerability.cvss.base_score8.1vulnerability.cvss.version3.1vulnerability.davis_assessment.assessment_modeFULL; NOT_AVAILABLE; REDUCEDvulnerability.davis_assessment.assessment_mode_reasons[LIMITED_BY_CONFIGURATION, LIMITED_AGENT_SUPPORT]vulnerability.davis_assessment.data_assets_statusNOT_AVAILABLE; NOT_DETECTED; REACHABLEvulnerability.davis_assessment.assessment_mode has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
FULLNOT_AVAILABLEREDUCEDvulnerability.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
NOT_AVAILABLENOT_DETECTEDREACHABLEvulnerability.davis_assessment.exploit_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AVAILABLENOT_AVAILABLEvulnerability.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ADJACENT_NETWORKNOT_AVAILABLENOT_DETECTEDPUBLIC_NETWORKvulnerability.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IN_USENOT_AVAILABLENOT_IN_USEvulnerability.mute.reason has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AFFECTEDCONFIGURATION_NOT_AFFECTEDFALSE_POSITIVEIGNOREOTHERvulnerability.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
MUTEDNOT_MUTEDvulnerability.parent.davis_assessment.assessment_mode has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
FULLNOT_AVAILABLEREDUCEDvulnerability.parent.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
NOT_AVAILABLENOT_DETECTEDREACHABLEvulnerability.parent.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ADJACENT_NETWORKNOT_AVAILABLENOT_DETECTEDPUBLIC_NETWORKvulnerability.parent.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.parent.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IN_USENOT_AVAILABLENOT_IN_USEvulnerability.parent.mute.reason has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AFFECTEDCONFIGURATION_NOT_AFFECTEDFALSE_POSITIVEIGNOREOTHERvulnerability.parent.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
MUTEDNOT_MUTEDvulnerability.parent.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
OPENRESOLVEDvulnerability.parent.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.previous.davis_assessment.data_assets_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
NOT_AVAILABLENOT_DETECTEDREACHABLEvulnerability.previous.davis_assessment.exploit_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
AVAILABLENOT_AVAILABLEvulnerability.previous.davis_assessment.exposure_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
ADJACENT_NETWORKNOT_AVAILABLENOT_DETECTEDPUBLIC_NETWORKvulnerability.previous.davis_assessment.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.previous.davis_assessment.vulnerable_function_status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
IN_USENOT_AVAILABLENOT_IN_USEvulnerability.previous.mute.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
MUTEDNOT_MUTEDvulnerability.previous.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
OPENRESOLVEDvulnerability.previous.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.resolution.status has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
OPENRESOLVEDvulnerability.risk.level has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CRITICALHIGHLOWMEDIUMNONEvulnerability.stack has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
CODECODE_LIBRARYCONTAINER_ORCHESTRATIONSOFTWAREvulnerability.technology has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
DOTNETGOJAVANODE_JSPHPweblogic.cluster.nameOrderManagement2weblogic.domain.nameCustomerManagementFulfillmentSvcweblogic.home/apps/infra/wls/bin/10.3.6_64/wlserver_10.3/serverweblogic.server.nameOrderManagement2Srv1websphere.cell.namesrvwasapp1Cell01websphere.cluster.nameCluApp1websphere.node.namenodeSrvApp2websphere.server.nameSrvApp2websphere_liberty.server.namedefaultServerwinlog.eventid4624; 1000winlog.keywordsClassic; Startedwinlog.levelCritical; Error; Warrningwinlog.opcodeInfo; Downloadwinlog.providerAvecto Service; Security-SPPwinlog.task5; 12804zos.address_space_id1; 296zos.job_idJOB12345zos.job_nameCICSAOR0; CTGATM00; IMSCR15zos.job_step_id00000001; 00000002zos.lpar_nameS0W1; ABCDzos.sys_idC259; CICS; IMSFzos.transaction.call_typeCTGzos.transaction.idCEMT; DTAX; IVTNOzos.transaction.job_nameCICSAOR0; CTGATM00; IMSCR15zos.transaction.lpar_nameS0W1; ABCDzos.transaction.program_typeDLI_DB; DLI_DC; MQ; DB2zos.transaction.call_type MUST be one of the following:
CTGDPLHTTPIMS_CONNECTIMS_CONNECT_APIITRAzos.transaction.program_type MUST be one of the following:
DB2DLI_DBDLI_DCMQcics.transaction.class_namenull; DFHTCL00cics.transaction.client.ip194.232.104.141; 2a01:468:1000:9::140cics.transaction.client.port65123; 80cics.transaction.path.name/dtroutercics.transaction.system_idC259; CICScics.transaction.task_id1234cics.file.defining_region_nameC259; CICScics.file.is_localtruecics.file_nameEXMPCAT; CICSFILEims.message.transaction.message.segment_count1; 5ims.message.transaction.message.size10; 421ims.message.transaction.terminal_nameHWSAM5ZD; 10505ims.message.transaction.unit_of_work_id5981228500318430862871015129591113287966852300630664295044916520394057871645605888; 5981112713529734741010744557477214433959078921583025076794253743298954785382793216ims.message.transaction.user_idUSER1; anonims.execution.transaction.commit_count4; 5ims.execution.transaction.current_priority1; 5ims.execution.transaction.execution_class45; 66ims.execution.transaction.psb_nameHWSAM5ZD; 10505ims.execution.transaction.schedule_count346613; 421ims.execution.transaction.unit_of_work_id5981228500318430862871015129591113287966852300630664295044916520394057871645605888; 5981112713529734741010744557477214433959078921583025076794253743298954785382793216ims.connect.transaction.client.ip194.232.104.141; 2a01:468:1000:9::140ims.connect.transaction.server.port65123; 80ims.connect.transaction.user_idUSER1; anonims.tm.resource.adapter.semantic_detection_version1ims.tm.resource.adapter.transaction.client.ip194.232.104.141; 2a01:468:1000:9::140ims.tm.resource.adapter.transaction.client.port65123; 80ims.tm.resource.adapter.transaction.commit_mode0ims.tm.resource.adapter.transaction.datastore_nameIMS1500ims.tm.resource.adapter.transaction.interaction_verb0ims.tm.resource.adapter.transaction.commit_mode MUST be one of the following:
01ims.tm.resource.adapter.transaction.interaction_verb MUST be one of the following:
013456ims.tm.resource.adapter.transaction.sync_level MUST be one of the following:
01zosconnect.api.descriptionThe API for the CICS catalog manager sample application.zosconnect.api.namecatalogzosconnect.api.version1.0.0zosconnect.request.body.size234zosconnect.request.id2215zosconnect.request.type MUST be one of the following:
ADMINAPISERVICEUNKNOWNzosconnect.sor.type MUST be one of the following:
CICSIMSMQRESTWOLA