This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PRO TIP - DQL for Query Usage Cost and Audit.

Go to solution
Dant3
Pro

‎22 Feb 2024 01:08 AM - last edited on ‎26 Feb 2024 12:35 PM by Community Team

So, I  assumed that something like this might be already posted. But since I couldn't find it I will just drop it here, just in case.

So with the new and shiny DQL and GA of DPS moving forward, we need a way to "Have a glance" at what the hell the users are querying. I expect that the lovely "Consumption" gets back for DPS at some point. But while we wait let's fix it with a Query lol. 

So these two use cases have the same basic query:

 

 

 

fetch dt.system.events
| filter matchesValue(event.kind, "QUERY_EXECUTION_EVENT")
| sort timestamp DESC

 

 

 

So for those that do not know, there are a bunch of buckets with system info... cool info.

But with the event kind "QUERY_EXECUTION_EVENT" you get those juicy executed queries, doing a little math you can get (based on the default rate card) how much GB and $$$ are being dropped in those queries: 

 

 

 

fetch dt.system.events
| filter matchesValue(event.kind, "QUERY_EXECUTION_EVENT")
| fieldsAdd consumidoGiB = ((scanned_bytes) * 0.000000000931322574615478515625) 
| fieldsAdd consumidoGiBCosto = consumidoGiB * 0.00365 
| fieldsKeep timestamp, consumidoGiBCosto, consumidoGiB, scanned_bytes, analysis_timeframe.start, analysis_timeframe.end, client.application_context, query_string, user, user.email
| summarize Cost = sum(consumidoGiBCosto), by:{user.email}
| sort Cost desc

 

 

 

Look to those Juicy USD spent in queries!

Dant3_1-1708562455218.png

And from where?

Dant3_0-1708564004825.png

Anyhow.. this consumes too.. but so far I have only seen consumptions of maybe 11 MiB scanned, for 30 days in a "big" environment. So is cheap (IMO)

Now.. one could also do something similar for those buckets that ARE important... you know, the one that might have PII stuff maybe. 

 

 

 

fetch dt.system.events
| filter matchesValue(event.kind, "QUERY_EXECUTION_EVENT")
| fieldskeep timestamp, bucket, delivered_records, status, user, user.email, query_string
| sort timestamp DESC

 

 

 

It is pretty much a simple query, the result is self-explanatory.

Dant3_2-1708563357232.png

So, anyway hope you guys find it useful to track down those users who might consume... a little too much or maybe those apps and automations that have a high cost!

Cheers

Services Solution Engineer @PowerCloud - Observability/CloudOps Certified / Former SE @Dynatrace.
Labels:
Reply
5 REPLIES 5

Go to solution
DanielS
DynaMight Guru
DynaMight Guru

‎27 Feb 2024 09:31 PM

Great, thanks @Dant3 

Dynatrace Certified Professional @ www.dosbyte.com
Reply

Go to solution
cesarsaravia
Dynatrace Pro
Dynatrace Pro

‎27 Feb 2024 10:24 PM

Amazing tip @Dant3, thanks for sharing! 

-César S. -
Reply

Go to solution
tijust1
Advisor

‎13 Mar 2024 05:18 AM

Thats interesting. Thanks @Dant3 for sharing this.

Dynatrace Professional Certified
0 Kudos
Reply

Go to solution
Marcelo_santand
Helper

‎18 Mar 2024 12:38 PM

Thats interesting. Thanks

0 Kudos
Reply

Go to solution
Sajarra
Participant

‎10 Mar 2025 03:09 PM

Great Info. BTW, is that possible to find the events in GB for each management zones (total number of events (in GB) in each MZs)? I will give a rough idea, how much it will cost if we are querying it.

0 Kudos
Reply
Ask a question

Featured Posts