20 Oct 2023
08:10 PM
- last edited on
23 Oct 2023
10:01 AM
by
MaciejNeumann
Been trying to work out a DQL to get all the problems from events where the service with the problem is filtered on a custom tag called "Application", and where the host the service runs on is filtered on a custom tag called "Environment".
Been working with support, but they suggested asking here for additional help. So far I have this query:
fetch events
| filter event.kind == "DAVIS_PROBLEM"
| lookup sourceField:runs_on[dt.entity.host], lookupField:id, fields:{host.name = entity.name}
| fieldsAdd entity.type, lifetime, tags
| filter matchesValue(entity_tags,"Application:ContractHub")
| filter event.status != "CLOSED"
| summarize Problems = count()
However, I am getting a syntax error on the lookup section:
There aren't enough parameters for command `lookup`. 1 mandatory parameter is missing: lookupTable. lookupTable: Sub-query for records with fields to add or overwrite in the input.
I don't see a "lookupTable" argument in the docs (https://www.dynatrace.com/support/help/platform/grail/dynatrace-query-language/commands#lookup), so not sure what to change
Thanks!