Help needed with Custom Alerting

dannemca · ‎02 Sep 2024

Hi community, good day.

I have a specific need with a custom metric we are ingesting in our Dynatrace env.

To simplify, we are sending traffic data from 4 different hosts, where the host id () and app id are present as metric dimensions. By default, a single app traffic should happen at one host per time.

We now want to alert when an app is generating traffic in more than one host at the same time, for at least 10 min.

I am not finding a way to calculate this, either in DataExplorer (metric expression) nor using Davis Anomaly detection (DQL).

Let's see if anyone can help me to clear this out.

Example:

That's a normal behavior, we changed the traffic from one host to another. If the line (traffic) continues for both (or more) hosts at the same time, for 10 min, we have an issue.

Thanks.

Site Reliability Engineer @ Kyndryl

GosiaMurawska · ‎17 Dec 2024

Hi @dannemca, did you solve this one? 🤔

Peter_Youssef · ‎18 Dec 2024

Hello @dannemca

As an applicable suggestion, will divide the solution into "2" tasks as follows:

Metric Expression in Data Explorer: Creating a custom metric expression that combines traffic data and groups by the app id and host id. Using time window function to check if the app is sending traffic to more than one host at the same time for at least 10 minutes.
Dynatrace Query Language: Defining a custom DQL query to detect anomalies in the metric where traffic occurs across multiple hosts.

Hoping it helps.

BR,

Peter