This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
DQL
Questions about Dynatrace Query Language
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Create Alerts for Multiple Location Failures Using DQL

sivart_89
Mentor

‎06 Nov 2024 04:07 PM - last edited on ‎18 Dec 2025 12:56 PM by Community Team

I'm trying to essentially duplicate this type of alerting but with a custom alert in the Davis anomaly detection app. What I'm struggling most with is the '3 times consecutively' part. The synthetic I am working with runs every 5 minutes, any ideas of a DQL that would work for this? I have some simple code below, it just needs to be improved upon.

sivart_89_0-1730908684096.png

timeseries synthetics_v = avg(dt.synthetic.browser.availability), by: {dt.entity.synthetic_test, dt.entity.synthetic_location}, interval: 5m
| fieldsAdd syntheticName = entityName(dt.entity.synthetic_test)
| fieldsAdd locationName = entityName(dt.entity.synthetic_location)
| filter contains(syntheticName, "<synthetic name>")

Labels:
0 Kudos
Reply
4 REPLIES 4

p_devulapalli
Leader

‎08 Nov 2024 12:05 AM

@sivart_89 - I think you can achieve it by using violating samples and sliding window in advanced properties of anomaly detector app

https://docs.dynatrace.com/docs/shortlink/anomaly-detection-configuration#sliding-window

p_devulapalli_0-1731024096217.png

 

Phani Devulapalli
0 Kudos
Reply

sivart_89
Mentor
In response to p_devulapalli

‎11 Nov 2024 03:39 PM

If I set it up this way then an alert will get created when a single location fails 3 times within a 5 minute window. There's 2 things I see wrong with this. First, I need it to alert when there are 3 consecutive failures and second, I only need an alert if 2 locations fail 3 times consecutive, I don't want an alert if just 1 single location is failing.

0 Kudos
Reply

IzabelaRokita
Community Team
Community Team

‎18 Dec 2025 12:56 PM

Hey @sivart_89 ,
I just wanted to check in and see if you still need help with this. If so, I’d be happy to look into it for you! 😊
Please let me know what works best for you.

0 Kudos
Reply

t_pawlak
Champion

‎18 Dec 2025 02:01 PM

Hi,
What you’re missing is that “3 consecutive failures” can’t be reliably expressed with violating samples or sliding windows alone, especially when you also need multi-location logic.

So, I think i find other solution, something like workaround. A practical way to model consecutive failures in DQL is to treat them as continuous failure over the evaluation window.
For a browser synthetic running every 5 minutes,
3 consecutive runs = 15 minutes of continuous failure.

You can express this in DQL by checking that all samples in the window failed, and then counting how many locations meet that condition.

Example DQL:

timeseries avail = avg(dt.synthetic.browser.availability),
by:{dt.entity.synthetic_test, dt.entity.synthetic_location},
interval:5m
| fieldsAdd syntheticName = entityName(dt.entity.synthetic_test)
| fieldsAdd locationName  = entityName(dt.entity.synthetic_location)
| filter syntheticName == "<synthetic name>"
| fieldsAdd
    samples  = arraySize(avail),
    maxAvail = arrayMax(avail)
| filter samples >= 3
| filter maxAvail < 1
| summarize
    failing_locations = count(),
    by:{dt.entity.synthetic_test}
| filter failing_locations >= 2

arrayMax(avail) < 1 guarantees there was no successful execution in the window → truly consecutive failures

samples >= 3 ensures at least 3 runs were evaluated

failing_locations >= 2 enforces the multi-location condition

In Davis Anomaly Detection, configure:

Evaluation window: 15 minutes

Evaluation frequency: 5 minutes

Trigger condition: Result exists

No sliding window / violating samples needed

Try this and give me feedback. I test it, but I don't have test with 3 failures.

0 Kudos
Reply
Ask a question

Featured Posts