cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to get log attributes in the Davis Anamoly detection Event Proeperties

subashsagi41
Frequent Guest

Hi,

I was able to get the dimensions from the metrics but not directly from the logs. Here is my query

fetch logs
| filter contains(azure.resource.name, "MTH") and contains(content, "QRY_STATUS") and contains(content, "ETL-ALERT") //and loglevel == "ERROR" 
| parse content, "JSON:json"
| fieldsFlatten json
| fields timestamp, azure.resource.group, APPLICATION_NAME = json.Properties[APPLICATION_NAME], QRY_STATUS = json.Properties[QRY_STATUS], PIPELINESTEPCODE = json.Properties[PIPELINESTEPCODE], 
         TENANT_ID = json.Properties[TENANT_ID], LEVELNUMBER = json.Properties[LEVELNUMBER], QRY_ERROR = json.Properties[QRY_ERROR]
| filter QRY_STATUS == "FAILED"
| makeTimeseries count(), interval: 1m, time: timestamp

 

I want to get the all the attributes in the fields in the event properties, but ,I'm not able to get those.

Any help here is highly appreciated.

Thanks

 

1 REPLY 1

Fin_Ubels
Dynatrace Champion
Dynatrace Champion

Hey @subashsagi41 

It looks like because by the end of the query there are no attributes/dimensions. When using the maketimeseries command without any splits nothing from the logs is retained and the system cannot extract information where there is none. If you run this query in a notebook and visualize it with "Record List" you'll be able to see what's retained.

Also, if you're looking to create an alert based off the logs I'd recommend turning them into a metric using processing rules on ingest. This will allow for cheaper visualization and querying if you don't anticipate it changing much over time. 

Featured Posts