Pivoting is a concept in Investigations (previously known as Security Investigator) that enables you to switch the context of your query. For example, you searched for log records containing errors and found several of them. Now you want to know what happened in the Pod that produced the errors around that time. So choosing the relevant records and Pivoting to Kubernetes Pods' logs will fetch log records originating from the pods that produced those errors, creating a new query node for each of the unique pods.

But the power of pivoting in Investigations app doesn't end here. Use-cases for pivoting aren't always limited to the existing dimensions or information available in the log record. Imagine you were analysing your errors and would like to analyse the spans in Grail based on the unique trace ID's added to those records. And you would expect to have each trace in a separate query node to analyse them in separate contexts. You can do this by choosing use custom dimensions from the pivoting menu!

A modal will open up that will enable you to write any DQL query and use your selected values with the macro $value. 

You can also modify, add or remove the values to be used in pivoting in the "Manage Values" tab. 

You can also save the query as a new custom dimension to reuse it later and save time crafting it.

By pressing the "Pivot N queries" button, your query will be executed with the chosen values, providing a new query node for each of them. I.e. if you started your pivoting from five trace_id's then five new query nodes will be created, each containing results for respective trace_id. 

You can try out the custom pivoting in Dynatrace Playground! Just find the Investigations app and give it a shot. You can find the Investigation created during this blog from https://wkf10640.apps.dynatrace.com/ui/apps/dynatrace.security.investigator/share/27dedb02-5de0-4c8e...