This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
Open Q&A
If there's no good subforum for your question - ask it here!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to hide or mask SQL statements in Distributed Traces

Saqib_Fayaz
Visitor

‎19 Aug 2025 08:33 AM

 

When I open the Distributed Traces view, I can see the full SQL statements, for example:

 

 
SELECT (columns) FROM (table) WHERE (conditions)
 

I would like to mask or hide the entire SQL statement so that no one can see the actual query text.

  • Is there a way to completely disable SQL statement capture so Dynatrace doesn’t ingest them at all?

  • Alternatively, if SQL statements are ingested, can I mask or obfuscate them so they are not visible in the UI?

What is the recommended approach to achieve this?

Labels:
ss.png
405 KB
0 Kudos
Reply
3 REPLIES 3

AntonPineiro
DynaMight Guru
DynaMight Guru

‎19 Aug 2025 08:10 PM

Hi,

You can check mask data with Openpipeline.

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl
Reply

Julius_Loman
DynaMight Legend
DynaMight Legend

‎19 Aug 2025 08:52 PM

There are different options:

  • Disable capture of database requests using OneAgent features responsible for capturing database tracing. This depends on the technology used in your monitored process. For example "Java JDBC". This will disable database spans completely, including Distributed traces classic or Distributed tracing - if traces are from OneAgent. You also won't see any database services.
  • Use OpenPipleline to remove the database spans. This is applicable only for Distributed tracing app. You will still see them in Distributed Traces Classic

Disabling OneAgent feature will work for Managed deployments and SaaS. While OpenPipeline only for SaaS (and new Distributed tracing app).

Anyway - Dynatrace does not capture any sensitive data unless you turn on SQL bind variables capture and those are displayed only for users view view sensitive data priviledge. Generally I would not recommend to remove the database spans or disable its capture.

Dynatrace Ambassador | Alanata a.s., Slovakia, Dynatrace Master Partner
Reply

Saqib_Fayaz
Visitor
In response to Julius_Loman

‎20 Aug 2025 01:41 PM

actually the client i am working with is a bank. so their security team doesn't want us or anyone who has access to the dynatrace tenant , to see the schema of their database tables, so they want database statements to come inside the grail, but they want schema and values inside the distributed traces to be masked.

0 Kudos
Reply
Ask a question

Featured Posts