This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
Alerting
Questions about alerting and problem detection in Dynatrace.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Where I can check my custom events created from anomaly detection using dql over logs data

heramb_sawant
Organizer

‎23 Mar 2026 04:53 PM

Hi,
I  have created anomaly detection to capture specific error from the logs.In that I have defined dql that get timeseries data for the error occurrence for particular k8s application. Statis threshold is defined.

In the anomaly list , status shows "success". I verified target error has occurred , seen in the logs as well.But somehow  I am not able to see my custom event in in grail-> events.

Can somebody please help me to find all the custom events in grail which are related to all the Anomaly detection.


Note - My final goal is to trigger workflow if custom events occurs.

Any help will be appreciated.


Regards,
Heramb Sawant




Labels:
Reply
8 REPLIES 8

heramb_sawant
Organizer

‎23 Mar 2026 05:31 PM

Any help would be appreciated.

0 Kudos
Reply

t_pawlak
Leader
In response to heramb_sawant

‎24 Mar 2026 10:27 AM

Hi,
dt.system.events will usually not show the actual custom event raised by anomaly detection. That bucket is mainly for detector execution/status information, such as ANOMALY_DETECTOR_STATUS_EVENT and ANALYZER_EXECUTION_EVENT—for example, whether the detector ran successfully, timed out, or produced warnings
If the anomaly detection configuration really raised an alert, I’d look for it in Davis events, for example:

fetch events, from: now()-24h
| filter event.kind == "DAVIS_EVENT"
| sort timestamp desc

events.jpg

and then narrow it down using your event template fields / event name if available. Dynatrace treats events from custom alerts as Davis events, which can then be correlated into Problems

So I’d separate it like this:

  • dt.system.events → anomaly detector execution health/status
  • events / Davis events → actual alert events raised by the detector
  • Problems → correlated incidents created from those events

System event models 
For example, if you want to see the related active problems created from custom alerts:

fetch dt.davis.problems, from: now()-24h
| filter event.status == "ACTIVE"
| filter event.category == "CUSTOM_ALERT"
| fields timestamp, display_id, event.name, event.description, event.category, event.status, affected_entity_ids
| sort timestamp desc

custom_alert.jpg
So if your final goal is to trigger a workflow, I’d first verify whether the anomaly detector is producing a `CUSTOM_ALERT` Davis event, and then decide whether to trigger on the event itself or on the correlated problem.

Reply

AntonPineiro
DynaMight Guru
DynaMight Guru

‎24 Mar 2026 07:59 AM

Hi,

Maybe you can check System event models.

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl
Reply

heramb_sawant
Organizer
In response to AntonPineiro

‎25 Mar 2026 07:29 AM

Thanks t_pawlak, you shared very useful information and thanks to AntonPineiro


I referred System event models. ,  checked  below DQL, and found my task is failed with reason "The task was disabled by the service operator to maintain system stability. Contact support if the task keeps failing."

fetch dt.system.events, from:now()-24h
| filter event.kind == "ANALYZER_EXECUTION_EVENT"

what you will suggest  on this?? How it can be enabled.

Note - DQL defined in anomaly detection is  pulling timeseries data capturing specific 4xx error.

0 Kudos
Reply

heramb_sawant
Organizer
In response to heramb_sawant

‎26 Mar 2026 07:37 AM

Any inputs ??

0 Kudos
Reply

heramb_sawant
Organizer
In response to heramb_sawant

‎26 Mar 2026 03:47 PM

any further help will be appreciated 

0 Kudos
Reply

t_pawlak
Leader
In response to heramb_sawant

‎26 Mar 2026 04:11 PM

Hi,

I tested the same DQL on my side:

fetch dt.system.events, from:now()-24h
| filter event.kind == "ANALYZER_EXECUTION_EVENT"

and the query itself works, so this does not look like a DQL syntax issue.

ab.jpg

Based on the error message:

"The task was disabled by the service operator to maintain system stability. Contact support if the task keeps failing."

it looks like the specific anomaly detection task was automatically disabled by Dynatrace safeguards, most likely because the detector execution was considered too expensive or unstable.

So I would suggest review the anomaly detector query and try to reduce its cost, like narrow the timeframe, or use some filters. Make it less expensive. 
And if the issue continues, opening a Dynatrace Support case, because the message suggests a service-side safeguard.

0 Kudos
Reply

sonja
Dynatrace Champion
Dynatrace Champion

‎27 Mar 2026 07:44 AM

hi! in addition to all the useful comments, I wanted to share this new page in the documentation that helps better understand how everything fit together: https://docs.dynatrace.com/docs/analyze-explore-automate/alerting-and-notifications including this graphic.

I hope this helps,
Sonja
20260316-workflows-problems-2645-abca3e7823


Reply
Ask a question

Featured Posts