topic Re: Pre-requisites of alerts Migration from Splunk to Dynatrace in Open Q&A

Pre-requisites of alerts Migration from Splunk to Dynatrace

Yougendra-More — Wed, 11 Jun 2025 10:56:32 GMT

Hi Community,

We are in the process of transitioning our alerting and monitoring workflows from Splunk to Dynatrace, and I’m looking for guidance on the technical pre-requisites and migration considerations involved in this process.

Specifically, I’m interested in understanding:

Baseline Requirements: What foundational configurations (e.g., custom metrics ingestion, tagging strategies, management zones, entity modeling) should be in place in Dynatrace before replicating Splunk alerts?
Alert Mapping Strategy: How do Splunk alerts (based on saved searches or correlation rules) translate into Dynatrace’s problem detection model, Davis AI, and custom event-based alerts?
Data Source Alignment: Are there recommended approaches for ensuring parity between Splunk data sources and Dynatrace-monitored entities (e.g., log ingestion, OneAgent coverage, API integrations)?
Automation & Tooling: Are there any tools, APIs, or scripts available to automate or streamline the alert migration process?
Governance & Tuning: Best practices for managing alert noise, threshold tuning, and aligning with Dynatrace’s AI-driven root cause analysis.
Lessons Learned: Any known challenges, limitations, or gotchas from teams who have already completed this migration?

If there’s any official documentation, migration playbooks, or community-shared templates, I’d greatly appreciate the pointers.

Thanks in advance for your insights!

Best regards,

Re: Pre-requisites of alerts Migration from Splunk to Dynatrace

lubrman — Mon, 16 Jun 2025 09:13:17 GMT

Hi @Yougendra-More

This is quite a complex topic that depends on many aspects, especially how deeply Splunk is integrated and what exactly you're monitoring with it, as well as which variant of Dynatrace you have — whether it's Managed or SaaS.

Splunk is primarily considered a log management tool, while Dynatrace is more of an APM (Application Performance Monitoring) or observability platform.

This results in significant differences in how the tools are configured.

Some time ago, we also transitioned from the Cisco family — specifically from AppDynamics — to Dynatrace. It required our teams to reframe their understanding of what APM is in the context of Dynatrace and how it works. This was especially important regarding the approach to AI, problem detection, and generation. It also involved creating new metrics, which may have different names in various tools, and offer completely different options for how to alert or monitor those issues.

As for integrations and APIs, Dynatrace provides many possibilities. Tracing in Dynatrace offers powerful support for using OpenTelemetry (OTEL).
https://www.dynatrace.com/technologies/opentelemetry/

When it comes to API capabilities, Dynatrace has a wide range of APIs that can be used to automate multi-level operations.

Re: Pre-requisites of alerts Migration from Splunk to Dynatrace

lubrman — Mon, 16 Jun 2025 09:20:52 GMT

example dynatrace api
https://docs.dynatrace.com/managed/whats-new/dynatrace-api/sprint-316

You can also integrate various exporters if you're using something like Prometheus.

However, I would start with a detailed analysis of the key metrics currently collected by Splunk and assess whether they can be replaced by Dynatrace. If it's not possible to replace them directly with a built-in metric, JMX, or OpenTelemetry (OTEL), I would consider using a custom exporter as an alternative.

I definitely recommend checking out the observability posts by Andreas Grabner.