Re: Creating metric with multiple matchers

Joe_Kulesza · ‎26 Mar 2026

Hi Team,

I am in the process of cleaning up some of our custom alerts and dashboards by converting things into metrics but wanted to see what the best practices are when there are multiple matchers for the query. An example query would be :

fetch logs
| filter k8s.container.name == "x"
and k8s.namespace.name == "y" and matchesPhrase(content, "z") or matchesPhrase(content, "z2") or matchesPhrase(content, "z3")
| summarize count()

would it be best to create a separate metric for each matchesPhrase option or is there a proper way to make this into one metric for a simple log count?

Thanks for any input or suggestions

AntonPineiro · ‎26 Mar 2026

Hi,

Maybe using Openpipeline + metric extraction. You have an example here.

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl

t_pawlak · ‎26 Mar 2026

Hi,
that makes sense.

But I think the answer depends on the goal:

if the requirement is just to count matching logs in DQL, then a single query/metric with grouped OR conditions is enough, for example:

fetch logs
| filter k8s.cluster.name == "gke-live"
  and k8s.namespace.name == "online-boutique"
  and (
    matchesPhrase(content, "4cefce565e791b2f")
    or matchesPhrase(content, "acf295bf59a432028d879e50cf4b6674")
  )
| summarize count()

if the goal is long-term monitoring, dashboarding, or alerting, then OpenPipeline + metric extraction is probably the better approach, because Dynatrace supports extracting metrics from logs during ingest and routing data through dedicated log pipelines. Log processing with OpenPipeline