topic How to hide or mask SQL statements in Distributed Traces in Open Q&A

How to hide or mask SQL statements in Distributed Traces

Saqib_Fayaz — Tue, 19 Aug 2025 07:33:54 GMT

When I open the Distributed Traces view, I can see the full SQL statements, for example:

SELECT (columns) FROM (table) WHERE (conditions)

I would like to mask or hide the entire SQL statement so that no one can see the actual query text.

Is there a way to completely disable SQL statement capture so Dynatrace doesn’t ingest them at all?
Alternatively, if SQL statements are ingested, can I mask or obfuscate them so they are not visible in the UI?

What is the recommended approach to achieve this?

Re: How to hide or mask SQL statements in Distributed Traces

AntonPineiro — Tue, 19 Aug 2025 19:10:07 GMT

Hi,

You can check mask data with Openpipeline.

Best regards

Re: How to hide or mask SQL statements in Distributed Traces

Julius_Loman — Tue, 19 Aug 2025 19:52:12 GMT

There are different options:

Disable capture of database requests using OneAgent features responsible for capturing database tracing. This depends on the technology used in your monitored process. For example "Java JDBC". This will disable database spans completely, including Distributed traces classic or Distributed tracing - if traces are from OneAgent. You also won't see any database services.
Use OpenPipleline to remove the database spans. This is applicable only for Distributed tracing app. You will still see them in Distributed Traces Classic

Disabling OneAgent feature will work for Managed deployments and SaaS. While OpenPipeline only for SaaS (and new Distributed tracing app).

Anyway - Dynatrace does not capture any sensitive data unless you turn on SQL bind variables capture and those are displayed only for users view view sensitive data priviledge. Generally I would not recommend to remove the database spans or disable its capture.

Re: How to hide or mask SQL statements in Distributed Traces

Saqib_Fayaz — Wed, 20 Aug 2025 12:41:37 GMT

actually the client i am working with is a bank. so their security team doesn't want us or anyone who has access to the dynatrace tenant , to see the schema of their database tables, so they want database statements to come inside the grail, but they want schema and values inside the distributed traces to be masked.