Solved: Low Traffic Alert

HeyEngineer · ‎04 Aug 2025

Have a service/request that team wants an alert if we don't see any traffic for it in 24 hours. It's little volume for the Anomaly Detection in Davis. Custom Alert only allows for traffic to be evaluated every 60 mins. Does anyone know a way this can be accomplished? Seems like something that we should be able to accomplish.

radek_jasinski · ‎05 Aug 2025

Dynatrace doesn’t natively support a 24-hour no-traffic alert, as the missing data alert only works with a maximum sliding window of 60 minutes. This can be worked around by combining hourly alerts with external logic (example by workflow or script) to detect the absence of data over a full day.

Radek

Have a nice day!

HeyEngineer · ‎09 Aug 2025

Could you please provide an example of how I can use query this in a workflow? Also unable to get a zero return if data is not found. Just doesn't return at all.

//need to return zero for total_request_count if OR match is not found

//FJT

timeseries {request_count= sum(dt.service.request.count), total_request_count = sum(dt.service.request.count, scalar: true)},

from: now() -24h,interval:1m, by: { dt.entity.service, endpoint.name},

filter: {matchesValue(entityAttr(dt.entity.service, "entity.name"), "EntityName") AND

matchesValue(endpoint.name, "EndPointOne") OR matchesValue(endpoint.name, "EndPointTwo")}

//nonempty:true

p_devulapalli · ‎05 Aug 2025

@HeyEngineer Try with the below DQL in detector and see if it helps . For the threshold set to alert if metric is below "1". I haven't tired it myself , but I guess should work

timeseries { request_count= sum(dt.service.request.count), total_request_count = sum(dt.service.request.count, scalar: true) },
from: now() - 24h,interval:1m, by: { dt.entity.service, endpoint.name }, 
filter: { matchesValue(entityAttr(dt.entity.service, "entity.name"), "SERVICE_XXXX") AND matchesValue(endpoint.name, "endponit_XXXX") }

Phani Devulapalli

HeyEngineer · ‎07 Aug 2025

Thanks for reply. Here's where I am. Need below to return a zero for the total_request_count when the ORs statement is not found. Been trying to use the nonempty(request_count, 0) however, getting stuck. End goal is to then place this in workbook and run it once a day and alert if any of ORs return zero. Can you help?

timeseries { request_count= sum(dt.service.request.count), total_request_count = sum(dt.service.request.count, scalar: true) },
from: now() -24h,interval:1m, by: { dt.entity.service, endpoint.name},
filter: {matchesValue(entityAttr(dt.entity.service, "entity.name"), "entity.name") AND
matchesValue(endpoint.name, "endpoint.nameA") OR matchesValue(endpoint.name, "endpoint.nameB")
OR matchesValue(endpoint.name, "endpoint.nameC") OR matchesValue(endpoint.name, "endpoint.nameD")
)},

p_devulapalli · ‎08 Aug 2025

@HeyEngineer This is a tricky one, I've tried multiple scenarios but could not get it working correctly . Will let you know if something works for me

Phani Devulapalli

kalle_lahtinen · ‎05 Aug 2025

In case you're using Managed and DQL is not an option, you can also query the data via API like this:

https://<your_dynatrace>/api/v2/metrics/query?metricSelector=<your_selector>&resolution=inf&from=now-1d&to=now&Api-Token=<your_token>

So the above example queries a single value for the time period of last 24 hours. How to implement this in practise:

1. First test around in Data Explorer to get the selector you want, use the time frame of 24 hours for this

2. Modify the above API query with your selector and other parameters (Dynatrace endpoint, API token with Read Metrics rights)

3. Configure a synthetic monitor which executes that API query and parses the returned value