cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Pro tip: creating DQL filters faster in Security Investigator

Tiit_Hallas
Dynatrace Helper
Dynatrace Helper

When fetching logs and events from Grail, it is usually needed to create additional filters based on your results. To do it faster, Security Investigator has a bunch of "hidden gems" that allow Engineers to drill into their data in a much faster and flexible way. 

Filtering by multiple values

If you hold down the shift key on your keyboard and click on fields, you can select multiple fields in the same column. By right-clicking on them and choosing "Filter out", all the unique values are gathered from the selected fields and are added to the filtering statement:

Tiit_Hallas_0-1731407226285.png

Partial filtering

It is not always the full content of the field that you would want to filter by. This is why it is possible to create values from only a portion of the field value. By selecting only some of the value and choosing "Filter for", the filter statement will look only for the selected part.

Tiit_Hallas_1-1731409145524.png

Filtering by timestamps

If you find an error message from your logs, you might want to see, what happened around that error (or before.. or after it). This is why it is possible to create quick timestamp filters from the context menu. By choosing "Timestamp filters", you can see different filters provided for timestamps, including "Around 5 seconds", which will add the following filter to the query: 

| filter timestamp >= toTimestamp("2024-11-12T10:47:45.000000000Z")-5s 
     and timestamp <= toTimestamp("2024-11-12T10:47:45.000000000Z")+5s

Tiit_Hallas_2-1731409818914.png

Statistical filters

When selecting multiple numerical values, it is possible to create filters based on statistical values, for example: by the maximum number from the selection. 

Tiit_Hallas_3-1731410052995.png

I had a life once. Then I bought my first computer ...
0 REPLIES 0

Featured Posts