This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
DQL
Questions about Dynatrace Query Language
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Compare Columns Across Multiple Query Executions Using DQL

rseibert1
Contributor

‎10 Dec 2024 09:58 AM - last edited on ‎18 Dec 2025 12:53 PM by Community Team

I have a workflow that has the below DQL task, I want to run and compare executions of this and create a list (of new unhealthy workers).

fetch logs
| filter contains(log.tag, "octopus_workers")
| parse content, "JSON:json"
| fieldsFlatten json
| expand json.content
| fieldsFlatten json.content
| expand json.content.alertText
| fieldsFlatten json.content.alertText
| fields timestamp, Id=json.content.alertText.Id

 

The table looks like:

rseibert1_0-1733824360988.png

The timestamps are only currently ever 12hrs, (via the task that ingests the logs) but I will eventually ingest logs  every 5min from workflow.

So the ability to compare Id's from previous 5min and capture Ids that are recently added.

 

Labels:
0 Kudos
Reply
3 REPLIES 3

rseibert1
Contributor

‎13 Dec 2024 03:16 PM

Think maybe more than one way to do this, looking for the simplest, think if it ingests logs every 5min, I could compare the Id column from one execution to another and grab any unique ones. OR could make one DQL query that compares logs from the different times (now and -5min) but not having luck finding any examples of what I want to do.

Thanks 

0 Kudos
Reply

IzabelaRokita
Community Team
Community Team

‎18 Dec 2025 12:52 PM

Hey @rseibert1 ,
I just wanted to check in and see if you still need help with this. If so, I’d be happy to look into it for you! 😊
Please let me know what works best for you.

0 Kudos
Reply

t_pawlak
Champion

‎18 Dec 2025 02:03 PM

Hi,
You can do it in one DQL query by splitting the last 10 minutes into two windows (current 5m vs previous 5m) and returning only IDs that appear in the current window but not in the previous one.

fetch logs
| filter contains(log.tag, "octopus_workers")
| filter timestamp >= now() - 10m
| parse content, "JSON:json"
| expand json.content
| expand json.content.alertText
| fields ts = timestamp, Id = json.content.alertText.Id
| fieldsAdd window = if(ts >= now() - 5m, "curr", else: "prev")
| summarize
    in_curr    = sum(if(window == "curr", 1, else: 0)),
    in_prev    = sum(if(window == "prev", 1, else: 0)),
    first_seen = min(ts),
    last_seen  = max(ts),
    by:{Id}
| filter in_curr > 0 and in_prev == 0
| fields Id, first_seen, last_seen
| sort last_seen desc
Reply
Ask a question

Featured Posts