Re: Conditional alerting on Anomaly Detector

g_kat · ‎14 May 2026

Hi,

I have been trying to create the following Anomaly Detector configuration:

evaluate the average dt.host.cpu.usage for a host group and alert if it's above 80%.

The tricky part is that I want to generate a conditional alert based on the value: e.g. 80<cpu<90 generates a warning, cpu>90 generates a critical. I can't seem to be able to set up the criticality dimension to the event title/properties.

The latest query I have is below, but whenever I include criticality in the dimensions it messes up the result.

timeseries cpu_usage = avg(dt.host.cpu.usage), filter: contains(dt.host_group.id, "XXXX"), by:{host.name,dt.source_entity}
| expand cpu_usage 
| fieldsAdd criticality = if(cpu_usage >= 90, "critical", else: "warning")
| fieldsAdd raise_problem = if(cpu_usage >= 80, 1, else: 0)
| summarize raise_problem = collectArray(raise_problem), by: {host.name, timeframe,interval,dt.source_entity, criticality}

Thanks,

George

"Jack of all trades and master of none, still better than master of one."

AntonPineiro · ‎14 May 2026

Hi,

Let me share this thread also. We were talking also about two timeries metric data and apply some conditional logic:

https://community.dynatrace.com/t5/DQL/Anomaly-Detector-Disk-monitoring-AND-condition/m-p/298214

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl

g_kat · ‎14 May 2026

Hi,

My case is a bit different, getting the multiple conditions isn't that hard, the problem lies in creating a modifiable alert based on that.

"Jack of all trades and master of none, still better than master of one."

AntonPineiro · ‎14 May 2026

Hi,

As you can see in link, DQL output is "1" or "0" base on condition are meet or not.

Later you just create an anomaly detector using that DQL and saying below 1, or above 0.

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl