Management-zone rules
Management zones comprise one or more rules that define and limit the entities or dimensional data (such as metrics) that can be accessed within the management zone.
When you select a management zone in Settings > Preferences > Management zones, all configured rules are displayed. You can Disable/Enable individual rules.
Note
Read more about:
- How log data can be ingested and automatically assigned to management zones in Management zones and Log Monitoring.
- How to add a service-level objective to a management zone so users with access to the management zone can view SLO status and error budget in the Service-level objectives page.
Rule types
Management zones offer UI-based rule definition for:
- Monitored entities
- Dimensional data
You can select from predefined options for entity types, entity properties, rule conditions, and their operators.
When creating rules for some entities, you can propagate access to related topological entities without creating an extra rule. See How management-zone rules are applied below.
For UI-based rules for dimensional metric data, you can define conditions based on metric keys and dimension keys and values. Built-in, calculated, and ingested metrics are supported.
Note that users automatically get access to metrics associated with entities that are included within their assigned management zones.
Text-based rules leverage the powerful entity selector for v2 Environment APIs to define entities. Text-based rules enable you to define entity access based on all the entity types, properties, values, and relationships exposed by the Monitored entities API v2.
There are several advantages of text-based rules:
- You can provide granular and focused entity definitions without having to review the subset of choices available in the UI.
- While UI-based rules allow for some relationship-based propagation of entity access, with text-based rules, you can explicitly use relationships to filter your entity selection. You have the flexibility to decide exactly which relationships you want to use to filter entities.
- You can define text-based rules for including your own custom entity types, attributes, and relationships in management zones.
Important
Per monitoring environment, you can add:
- 5,000 management zones by default. For any questions, contact Dynatrace ONE via in-product chat.
- 150 UI-based management-zone rules for entities.
- 150 UI-based management-zone rules for dimensional data (for metrics).
- 150 text-based entity selector rules for management zones.
- 100,000 conditions for all management-zone rules taken together (see Add a UI-based rule; does not apply to entity selector rules).
- Any individual entity to a maximum of 200 management zones (run the GET an entity API call to see an entity's management zones).
Check our documentation on how to optimize management-zone rule performance at scale.
Add a UI-based rule
-
Select/create a management zone and then select Add a new rule.
-
Select the Rule type: Monitored entity or Dimensional data. (See information on text-based rule definition via the Entity selector.
-
Select the entity to which the rule should apply (Rule applies to).
-
For UI-based entity definitions, select Monitored entity > Web applications for example.
-
For a UI-based rule for a built-in, calculated, or ingested metric, select Dimensional data > METRIC.
See Examples for different rule types and implementations.
-
-
Each entity can be defined and limited by several different conditions. Select Add condition.
-
Choose the condition Property, Operator, and Value (where relevant). For example, you can specify that the Web application name begins with a specified string. You can enter up to 80 characters; wildcard characters are not allowed; regular expressions are allowed in the contains regex and does not contain regex condition operators.
-
If you enter a text string, specify whether it is Case sensitive.
-
For some entities, you can propagate access to related topological entities without creating an extra rule. For example, turn on the appropriate toggles to include underlying hosts and process groups when defining a management-zone rule for Services.
-
Select Add condition to add another condition (or Remove condition to remove a condition) as required.
Notes
- You need to define at least one condition for the selected entity.
- Conditions are applied using the
AND
logic—all conditions need to be met for the rule to apply to an entity. - There's no limit on the number of conditions per rule. However, there is a limit of 100,000 conditions for all rules taken together.
-
Select Preview to see entities matching the rule that were active and online in the last 72 hours. (Of course, when you actually apply the management zone, all entities matching the rules for the given timeframe will be displayed.)
Preview is not available for dimensional data rules.
-
Save changes.
Add a text-based entity selector rule
-
Select/create a management zone and then select Add a new rule.
-
In Rule type, select Entity selector.
-
To fill out the Entity Selector text string, you might need to run API calls to fetch entity types, properties, values, and relationships. Consult entity selector documentation for details on how to construct an entity definition. See Examples for different rule types and implementations.
Key parts of the entity selector string:
-
type(<entityType>)
defines the type of entity that is subject to the rule. For example, the entity type for hosts ishost
and for process groups isprocess_group
. The entity type is not case sensitive. You can only provide a single entry in<entityType>
.Run the GET all entity types API call for a list of all entity types in your environment (including custom entities) and their properties.
Alternatively, you can specify multiple individual entity IDs with the
entityId
criterion. You can run the GET entities list API call for a list of actual entities in your environment and their properties. -
Entity properties and values filter the entity list that your rule applies to. For example,
entityName.startsWith("Book")
filters for entities whose name starts withBook
.serviceType(WEB_REQUEST_SERVICE)
filters for web request services.You can run the GET entity type API call for any entity type (for example,
service
) to get a list of all its properties (for example,serviceType
). You can also run the GET entities list API call for a list of actual entities in your environment with their property values (for example,WEB_REQUEST_SERVICE
). -
Relationships further refine entity selection by defining an entity in terms of its relationship to another. Relationships are of two kinds.
- A
fromRelationsip
implies that the direction of the relationship is from the given entity (that is, the entity being queried) to the related entity. When you query all the services that service A calls, this is a relationship “from (service A)” to other services. - A
toRelationship
implies that the direction of the relationship is from the related entity to the given entity (that is, the entity being queried). When you query all the services that call service A, this relationship is “to (service A)”.
You can run the GET entity type API call on any entity type to get a list of the entity's from/to relationships and the related entity types. You can also run the GET entities list API call to get a list of the actual entities in your environment along with their relationship values (for example, a
service
entity type can have acalls
from relationship to anotherservice
). - A
-
-
Select Preview to see entities matching the rule that were active and online in the last 72 hours. (Of course, when you actually apply the management zone, all entities matching the rules for the given timeframe will be displayed.)
-
Save changes.
How management-zone rules are applied
-
Conditions are applied using the
AND
logic—all conditions within a rule need to be met for the rule to apply to an entity. -
Rules are applied using the
OR
logic—any rule must apply for an entity to be included in a management zone. -
When creating rules for some entities, you can propagate access to related topological entities without creating an extra rule. For example, when creating a rule for services, you can opt to add underlying hosts and process groups. See Add a UI-based rule above.
In other cases, the propagation of access to related topological entities is implicit. For example, when you grant access to a host in a management zone, any custom metrics ingested via that host are also accessible within the management zone. Note that this does not automatically include all measurements of those custom metrics but only those measurements that were sent in for your host.
In cases where such propagation isn't available, you need to explicitly create rules for the entities you wish to add to a management zone. For example, a management-zone rule that applies to Host groups does not automatically grant access to the hosts within those groups; you need to explicitly add rules for the Hosts you wish to include in the management zone, as shown in Examples below.