Re: Process Crash event.name change?

StrangerThing · ‎11 Apr 2025

I had a "Crash Alerter" Workflow that was looking for event.name containing "Process crashed". This trigger used to work just fine and catch all the process crash events I was looking for. However, recently I noticed that the event.name has changed for this event type (and potentially others). Is there a way to be notified when important events like that have a name (or other field) change? I'm assuming this was rolled out with some tenant release, but I haven't checked the release notes yet. This was a breaking change for me and we missed out on some crucial alerting with my event-driven Workflow.

Observability Engineer at FreedomPay

m3tomlins · ‎11 Apr 2025

Maybe changes like this were in the release notes, but we missed it?

Dynatrace AllStar | Community Champion | @m3tomlins | @performacology | Dynatracer at FreedomPay

p_devulapalli · ‎14 Apr 2025

@StrangerThing I still see the "event.name: Process crashed" showing up in events , what is that its changed to in your environment ?

Phani Devulapalli

StrangerThing · ‎14 Apr 2025

It's changed to "<process name> has crashed" in all my tenants.

Observability Engineer at FreedomPay

p_devulapalli · ‎14 Apr 2025

@StrangerThing I think these changes could be due to the version of OneAgent used rather than a cluster version. I see older OneAgents are still using the "event.name: Process crashed" but its different for hosts with new OneAgent versions . At least this is what I observed .

You might still be able to use "event.group_label:Process crashed" instead to trigger the workflow as that's available.

Phani Devulapalli

StrangerThing · ‎15 Apr 2025

I've already changed my workflow to make sure I catch crashes through three different fields. My point is that I don't think this kind of change was very well communicated.

Observability Engineer at FreedomPay

p_devulapalli · ‎15 Apr 2025

@StrangerThing Agreed, this should have been better documented

Phani Devulapalli