• Home
  • How to use Dynatrace
  • Management zones
  • Management-zone rules

Management-zone rules

Management zones comprise one or more rules that define and limit the entities or dimensional data (such as metrics) that can be accessed within the management zone.

When you select a management zone in Settings > Preferences > Management zones, all configured rules are displayed. You can Disable/Enable individual rules.

Management zone rules

Note

Read more about:

  • How log data can be ingested and automatically assigned to management zones in Management zones and Log Monitoring.
  • How to add a service-level objective to a management zone so users with access to the management zone can view SLO status and error budget in the Service-level objectives page.

Rule types

Management zones offer UI-based rule definition for:

  • Monitored entities
  • Dimensional data

You can select from predefined options for entity types, entity properties, rule conditions, and their operators.

When creating rules for some entities, you can propagate access to related topological entities without creating an extra rule. See How management-zone rules are applied below.

For UI-based rules for dimensional metric data, you can define conditions based on metric keys and dimension keys and values. Built-in, calculated, and ingested metrics are supported.

More information on the Metrics API v2

Use the powerful metric selector of the Metrics API v2 for metric and dimension keys and values:

  • GET a list of all available metrics in your environment.
  • GET the details of a specified metric to check dimension keys.
  • GET a list of data points to check dimension values.

Note that users automatically get access to metrics associated with entities that are included within their assigned management zones.

Text-based rules leverage the powerful entity selector for v2 Environment APIs to define entities. Text-based rules enable you to define entity access based on all the entity types, properties, values, and relationships exposed by the Monitored entities API v2.

There are several advantages of text-based rules:

  • You can provide granular and focused entity definitions without having to review the subset of choices available in the UI.
  • While UI-based rules allow for some relationship-based propagation of entity access, with text-based rules, you can explicitly use relationships to filter your entity selection. You have the flexibility to decide exactly which relationships you want to use to filter entities.
  • You can define text-based rules for including your own custom entity types, attributes, and relationships in management zones.

Important

Per monitoring environment, you can add:

  • Any number of management zones.
  • 150 UI-based management-zone rules for entities.
  • 150 UI-based management-zone rules for dimensional data (for metrics).
  • 150 text-based entity selector rules for management zones.
  • 100,000 conditions for all management-zone rules taken together (see Add a UI-based rule; does not apply to entity selector rules).
  • Any individual entity to a maximum of 200 management zones (run the GET an entity API call to see an entity's management zones).

Check our documentation on how to optimize management-zone rule performance at scale.

Add a UI-based rule

  1. Select/create a management zone and then select Add a new rule.

  2. Select the entity to which the rule should apply (Rule applies to).

    • For UI-based entity definitions, select Web applications for example.

    Select an entity

    • For a UI-based rule for a built-in, calculated, or ingested metric, select Dimensional data > METRIC.

    Note that the ability to access dimensional log data within a management zone will be available in a future release.

    See Examples for different rule types and implementations.

  3. Where available, select properties to filter the entity. For example, you can select Services (entity) matching a specific process group, host group, service type, technology, and service topology (properties).

    Management-zone rule for services

  4. Each entity can be defined and limited by several different conditions. Choose the Conditions, for example, you can specify that the Web application name begins with a specified string.

    Rule conditions

  5. Specify a value for the condition—enter a text string and specify whether it is Case sensitive. You can enter up to 80 characters; wildcard characters are not allowed; regular expressions are allowed in the contains regex and does not contain regex condition operators.

  6. Select Add condition to add another condition (or Remove condition to remove a condition) as required.

    Notes

    • You need to define at least one condition or property for the selected entity.
    • Conditions are applied using the AND logic—all conditions need to be met in order for the rule to apply to an entity.
    • There's no limit on the number of conditions per rule. However, there is a limit of 100,000 conditions for all rules taken together.

  7. For some entities, you can propagate access to related topological entities without creating an extra rule. For example, select the appropriate check boxes to include underlying hosts and process groups when defining a management-zone rule for Services.

    Include related entities

  8. Select Preview to see matching entities that were active and online in the last 72 hours. (Of course, when you actually apply the management zone, all entities matching the rules for the given timeframe will be displayed.)

    Preview is not available for dimensional data rules.

    Rule preview

  9. Create rule and then Save changes.

Add a text-based entity selector rule

  1. Select/create a management zone and then select Add a new rule.

  2. Select the entity to which the rule should apply. In Rule applies to, select Entity selector. See Examples for different rule types and implementations.

  3. To fill out the Entity Selector text string, you might need to run API calls to fetch entity types, properties, values, and relationships. Consult entity selector documentation for details on how to construct an entity definition.

    Key parts of the entity selector string:

    • type(<entityType>) defines the type of entity that is subject to the rule. For example, the entity type for hosts is host and for process groups is process_group. The entity type is not case sensitive. You can only provide a single entry in <entityType>.

      Run the GET all entity types API call for a list of all entity types in your environment (including custom entities) and their properties.

      Alternatively, you can specify multiple individual entity IDs with the entityId criterion. You can run the GET entities list API call for a list of actual entities in your environment and their properties.

    • Entity properties and values filter the entity list that your rule applies to. For example, entityName.startsWith("Book") filters for entities whose name starts with Book. serviceType(WEB_REQUEST_SERVICE) filters for web request services.

      You can run the GET entity type API call for any entity type (for example, service) to get a list of all its properties (for example, serviceType). You can also run the GET entities list API call for a list of actual entities in your environment with their property values (for example, WEB_REQUEST_SERVICE).

    • Relationships further refine entity selection by defining an entity in terms of its relationship to another. Relationships are of two kinds.

      • A fromRelationsip implies that the direction of the relationship is from the given entity (that is, the entity being queried) to the related entity. When you query all the services that service A calls, this is a relationship “from (service A)” to other services.
      • A toRelationship implies that the direction of the relationship is from the related entity to the given entity (that is, the entity being queried). When you query all the services that call service A, this relationship is “to (service A)”.

      You can run the GET entity type API call on any entity type to get a list of the entity's from/to relationships and the related entity types. You can also run the GET entities list API call to get a list of the actual entities in your environment along with their relationship values (for example, a service entity type can have a calls from relationship to another service).

  4. Select Preview to see matching entities that were active and online in the last 72 hours. (Of course, when you actually apply the management zone, all entities matching the rules for the given timeframe will be displayed.)

    Entity selector rule preview

  5. Create rule and then Save changes.

How management-zone rules are applied

  • Rules are applied using the OR logic—any rule must apply for an entity to be included in a management zone.

  • When creating rules for some entities, you can propagate access to related topological entities without creating an extra rule. For example, when creating a rule for services, you can opt to add underlying hosts and process groups. The rule preview below shows included hosts and processes when you select the respective options.

    Management-zone rule for services

    In other cases, the propagation of access to related topological entities is implicit. For example, when you grant access to a host in a management zone, any custom metrics ingested via that host are also accessible within the management zone. Note that this doesn’t automatically include all measurements of those custom metrics but only those measurements that were sent in for your host.

    In cases where such propagation is not available, you need to explicitly create rules for the entities you wish to add to a management zone. For example, a management-zone rule that applies to Host groups does not automatically grant access to the hosts within those groups; you need to explicitly add rules for the Hosts you wish to include in the management zone, as shown in Examples below.

Examples

Example 1: Management-zone rules providing access to hosts of specific host groups; users assigned to the zone can filter by accessible host groups.

  1. Set up a rule for hosts.

    1. Choose Hosts as the entity that the Rule applies to.

    2. Select a host group from the list of groups available in your environment.

    3. If you don't require any other conditions, select Remove condition.

    4. Preview the list of matching entities.

      Management zone-rule for hosts

    5. Create rule and then Save changes.

      Preview the rule for hosts

    Add a rule in this way for each set of hosts per host group.

  2. Set up a rule for host groups.

    In order for users to have visibility into host groups containing the hosts in the management zone, you need to set up host group rules—one per host group you wish to include. This ensures that users can filter by the host groups on the Hosts page.

    1. Choose Host groups as the entity that the Rule applies to.

    2. Set up a condition for the host group name, for example, a text string contained in the host group's name.

    3. Preview the list of matching host groups.

    4. Create rule and then Save changes.

      Rule for a host group

    Add a rule in this way for each host group you wish to include in the management zone. Host group names are shown in the filter bar on the Hosts page only if a corresponding management-zone rule is defined for them. Generally, you would grant access to the same host groups that the hosts in your management zone belong to.

When the management zone is applied, the user can see only the assigned hosts and can filter the Hosts page by Host group. The host groups are those defined in your management-zone rules.

Host groups filter

Example 2: Management-zone rules providing access to all synthetic monitors

Management-zone rules can be defined for three types of synthetic entities:

  • Browser monitors
  • HTTP monitors
  • Third-party monitors

To provide access to all synthetic monitors, you need to define a rule to cover all monitors per synthetic entity type.

Management zone synthetic entities

To set up a rule to cover all Browser monitors, for example:

Specify that the Browser monitor name exists. Preview the rule to see the Synthetic monitors.

Browser-monitor rule

Additionally, set up similar rules for HTTP and third-party monitors to cover all synthetic monitors in your environment.

Note

If you'd like your user to be able to create or edit synthetic monitors in a management zone, you need to provide the Change monitoring settings permission at the management-zone or environment level.

Example 3: Management-zone rules providing access to specific measurements of specific ingested metrics

You can provide access to an ingested metric, filtered by a dimension value so that only specific measurements of the given metric are accessible within the management zone (for charting and analysis, for example).

  1. Select the Dimensional data entity of type METRIC.

  2. Fill out the condition for the metric name (METRIC_KEY). You can provide access to a specific metric by specifying the entire name or a set of metrics by specifying the opening string (for example, business.revenue)

    Management zone rule for custom metric name

  3. To filter for specific measurements of the metrics, you need to add a condition for the metric dimension. Select DIMENSION and provide the dimension name (Key) and (Value). For example, to filter your business metrics for the US eastern region, you would specify the dimension name region and value useast.

    Dimensional metric data in a management zone

  4. Create rule and then Save changes.

Note

If your management zone already provides access to the host through which a custom metric and its measurements are ingested, you automatically provide access to that custom metric; you do not need to set up an explicit rule for the custom metric. Note that this doesn’t include all measurements of that custom metric but only those measurements that were sent in for your host.

Example 4: Entity selector rule based on entity relationships

In order to filter for services that directly call a service with the name JourneyService, you can run the GET all entity types API call to check the entity type and relationships for services.

From the information gathered, you can now construct an entity selector rule for the entity type service that has a calls from relationship to the entity type service with the name JourneyService:

type(SERVICE),fromRelationship.calls(type(SERVICE),entityName(JourneyService))

This can also be written as type(SERVICE),fromRelationship.calls(type(SERVICE) AND entityName.equals(JourneyService)).

Entity selector rule based on relationships

Example 5: Entity selector rule based on ingested information from a Dynatrace integration

Dynatrace Cloudwatch integration enables ingestion of AWS resource tags and CloudWatch metrics, which show up in the Lambda functions section of the Dynatrace AWS page.

To construct an entity selector rule for Lambda services tagged with the ingested AWS resource tag STAGE: dev, your entity selector rule needs to filter for all services that run on an AWS Lambda function and are tagged STAGE: dev:

type(SERVICE),fromRelationships.runsOn(type(AWS_LAMBDA_FUNCTION),tag([AWS]STAGE:dev))

Entity selector rule using ingested AWS resource tags

Example 5: Entity selector rule for custom entity types

The Dynatrace platform enables you to define your own topology by introducing your own entity types and their relationships.

This example is based on two custom entity types for monitoring a Synology Diskstation device using an SNMP data stream. All custom entity type definitions can be queried using the Monitored entities API v2.

A Synology Diskstation has two properties: a name and unique serial number. The Diskstation also has a defined relationship with its individual disks that are hosted on the network drive.

This example sets up two entity selector rules, one for the Synology Diskstation with the serial number 1920PCN690410 and the other for all its child disks:

  • The rule for the Diskstation is type("syn:diskstation"),Serialnumber("1920PCN690410").

  • The rule for the child disks is:

    type("syn:disk"),fromRelationship.isChildOf(type("syn:diskstation"),Serialnumber("1920PCN690410"))

Entity selector rules for custom entity types

Related topics
  • Monitored entities API v2

    Learn about the Dynatrace Entity API v2.

  • Environment API v2 - Entity selector

    Configure the entity selector for Environment API endpoints.

  • Metrics API v2

    Retrieve metric information via Metrics v2 API.

  • Metrics API - Metric selector

    Configure the metric selector for the Metric v2 API.

  • Best practices for scaling tagging and management-zone rules

    Optimize auto-tagging and management-zone rules to speed up the automatic assignment process.