This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to Retrieve All Entities with a Specific Tag Using DQL

VictorRuiz
Contributor

‎06 May 2025 12:11 PM

Dear DQL Masters,

I have the following use case:

- I need to know all the entities that have a tag using DQL. For example I need to know all the entities, no matter if they are hosts, services, process groups, synthetics... and that contain a specific tag.

- I have created the following DQL:

fetch dt.entity.host
| fieldsAdd tags
| expand tags
| filter contains(toString(tags), "APP:TEST")
| parse tags, "ld:key ':' ld:tag_value"
| lookup [fetch dt.entity.service], lookupField: id, prefix:"lookup.affected.entity.services"
| lookup [fetch dt.entity.application], lookupField: id, prefix:"lookup.affected.entity.applications"
| lookup [fetch dt.entity.mobile_application], lookupField: id, prefix:"lookup.affected.entity.mobile"
| lookup [fetch dt.entity.custom_application], lookupField: id, prefix:"lookup.affected.entity.customapplication"
| lookup [fetch dt.entity.cloud_application], lookupField: id, prefix:"lookup.affected.entity.cloudapplication"
| lookup [fetch dt.entity.synthetic_test], lookupField: id, prefix:"lookup.affected.entity.synthetictest"
| lookup [fetch dt.entity.multiprotocol_monitor], lookupField: id, prefix:"lookup.affected.entity.multiprotocolmonitor"
| lookup [fetch dt.entity.custom_device], lookupField: id, prefix:"lookup.affected.entity.customdevices"
| lookup [fetch dt.entity.environment], lookupField: id, prefix:"lookup.affected.entity.environment"

But in the results it only shows me entities type hosts.

Is there any way to get all the entities that have this label using DQL?

Thanks a lot for your time

Labels:
0 Kudos
Reply
1 REPLY 1

Etienne1
Advisor

‎06 May 2025 12:58 PM - edited ‎06 May 2025 12:58 PM

Hello

here's how I did it, you should use :

| expand tags

| filter matchesvalue(tags, ‘Yourtags’)

 

here's an example of what I did

fetch events 
| filter matchesvalue(event.description, "*Host shutdown*") or matchesvalue(event.description, "*Host gracefully rebooted*")
| lookup [fetch dt.entity.host], sourceField:dt.entity.host, lookupField:id
| fieldsAdd tags = lookup.tags
| fieldsAdd lookup.hostGroupName
| expand tags
| filter matchesValue(tags,"Function:BDD-MSSQL") or matchesValue(tags,"[Environment]Function:EDITION") or matchesValue(tags,"[Environment]Function:WEB") or matchesValue(tags,"Function:APP")
| parse tags, """DATA * "Function:"LD:"Name""""
| fields event.start, event.end, Name, event.description
| sort Name,event.description asc

Etienne1_0-1746532619688.png

 

 

Reply
Ask a question

Featured Posts