This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Changing affected_entity_ids for entity name

Go to solution
EnnioCamacho
Observer

‎17 Oct 2023 09:25 PM

Hello!

Searching for help with the following, i'm relatively new using DQL. I have the following code, what i want is to display the entity names on the affected_entity_ids row, not the id, so far i have tried to change the affected_entity for dt.entity values but no luck so far, any ideas how i could change the values on that field?

Code:

fetch events, from: timestamp(year:2023,month:10,day:16,hour:0,minute:0,second:0), to: timestamp(year:2023,month:10,day:16,hour:23,minute:59,second:0)
| filter event.kind == "DAVIS_PROBLEM"
|expand event.name
|summarize by:{event.name,affected_entity_ids}, count = countDistinct(display_id)
|sort count, direction:"descending"

Result:

EnnioCamacho_0-1697574219667.png

 

Labels:
Reply
3 REPLIES 3

Go to solution
natanael_mendes
Champion

‎17 Oct 2023 09:51 PM

You need to reference the type of entity like this example below

fetch dt.entity.host | fieldsAdd runs[dt.entity.process_group]

Dynatrace Professional Certified
0 Kudos
Reply

Go to solution
EnnioCamacho
Observer
In response to natanael_mendes

‎23 Oct 2023 08:32 PM

Hello,

I've been trying to add the host entity with a lookup function since the first fetch i'm using it for the davis problem events, so far no luck, I've been trying to include the entity with the fieldsadd and the fieldrename but no luck, it does not write any records, could it be that the affected entity id does not match with other entities field?

0 Kudos
Reply

Go to solution
EnnioCamacho
Observer

‎31 Oct 2023 04:48 PM

I have something figured out for now, it might not be optimal but for now it's working, my only issue now is that the results are not grouping by event name as it used to, but for now it works for the purpose i intend to use it.

fetch events
| filter event.kind == "DAVIS_PROBLEM"
|expand affected_entity_ids
|lookup sourceField:affected_entity_ids, lookupField:id, prefix:"service.", [
fetch dt.entity.service | fields id, name = entity.name]
|lookup sourceField:affected_entity_ids, lookupField:id, prefix:"http.", [
fetch dt.entity.http_check | fields id, name = entity.name]
|lookup sourceField:affected_entity_ids, lookupField:id, prefix:"process.", [
fetch dt.entity.process_group_instance | fields id, name = entity.name]
|lookup sourceField:affected_entity_ids, lookupField:id, prefix:"host.", [
fetch dt.entity.host| fields id, name = entity.name]
|lookup sourceField:affected_entity_ids, lookupField:id, prefix:"mobile.", [
fetch dt.entity.mobile_application | fields id, name = entity.name]
|fieldsAdd componente = array(host.name, http.name, mobile.name, process.name, service.name)
|summarize by:{`Problema` = event.name, `Componente`= componente }, count = countDistinct(display_id)
|sort count, direction:"descending"

Reply
Ask a question

Featured Posts