This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Create Metric for DQL Query

Go to solution
Vikas_g1997
Dynatrace Guide
Dynatrace Guide

‎05 Mar 2025 07:02 AM

Hi Team,
We are looking to create a metric and configure an alert based on the count of logs generated from a specific source. The goal is to trigger an alert if the count value exceeds 500 or 1000.Could anyone suggest how we can set up this metric and configure the alert accordingly? Your assistance would be greatly appreciated.


| filter log.source =="/home/wtrovruns/bb/log/bb-ovo.log"
| summarize eventcount= count()

Labels:
0 Kudos
Reply
7 REPLIES 7

Go to solution
moin_DT1
Helper

‎05 Mar 2025 05:11 PM - edited ‎07 Mar 2025 12:30 PM

Hi @Vikas_g1997 
Try using Davis Anomaly Detector.

And there you have to use query with makeTimeseries command. And put 500 or 1000 in the threshold value.

moin_DT1_0-1741194586250.png

I never created a Metric event like this, but try creating yourself.

Regards,

Moin

Reply

Go to solution
StrangerThing
Advisor
In response to moin_DT1

‎07 Mar 2025 06:44 PM

This is the way if you want to use DQL

Observability Engineer at FreedomPay
0 Kudos
Reply

Go to solution
marco_irmer
Advisor
In response to StrangerThing

‎07 Mar 2025 06:56 PM

DQL & Davis Anomaly detector can also be used on a log metric. The main difference in using a log metric lies in the fact that the logs do not need to be queried continuously, thus reducing query expenses. The other difference is that the log metric will benefit from the longer default data retention vs logs.

0 Kudos
Reply

Go to solution
StrangerThing
Advisor
In response to marco_irmer

‎07 Mar 2025 07:03 PM

I agree and this is what I do in practice and would recommend to keep query costs down. He was just asking about creating the metric event with DQL

Observability Engineer at FreedomPay
Reply

Go to solution
marco_irmer
Advisor

‎06 Mar 2025 08:23 PM

I believe the most straight-forward way to accomplish this would be to create a log metric to count these log entries. During the configuration, you will be asked to provide filter criteria which will ensure that only the relevant log entries are counted. Once the metric is created you will gain the ability to report and alert on the data just as you would with any other metric.

References:

  1. https://docs.dynatrace.com/docs/analyze-explore-automate/logs/lma-analysis/lma-log-metrics
  2. https://docs.dynatrace.com/docs/analyze-explore-automate/logs/lma-openpipeline

 

Reply

Go to solution
moin_DT1
Helper
In response to marco_irmer

‎07 Mar 2025 12:32 PM

@marco_irmer Yes exactly, but i think he would like to if using DQL we can create metric events?

0 Kudos
Reply

Go to solution
rguaram
Observer

‎07 Mar 2025 04:59 PM 

Hello, how are you? I have achieved it with metric extraction

rguaram_0-1741366562531.pngrguaram_1-1741366671205.png

or also with workflow if the query is very complex

 

rguaram_2-1741366753386.png

 

Reply
Ask a question

Featured Posts