• Home
  • How to use Dynatrace
  • Management zones
  • Management-zone rules

Management-zone rules

Management zones comprise one or more rules that define and limit the entities or dimensional data (such as metrics) that can be accessed within the management zone.

When you select a management zone in Settings > Preferences > Management zones, all configured rules are displayed. You can Disable/Enable individual rules.

Management zone rules

Note

Read more about:

  • How log data can be ingested and automatically assigned to management zones in Management zones and Log Monitoring.
  • How to add a service-level objective to a management zone so users with access to the management zone can view SLO status and error budget in the Service-level objectives page.

Rule types

Management zones offer UI-based rule definition for:

  • Monitored entities
  • Dimensional data

You can select from predefined options for entity types, entity properties, rule conditions, and their operators.

When creating rules for some entities, you can propagate access to related topological entities without creating an extra rule. See How management-zone rules are applied below.

For UI-based rules for dimensional metric data, you can define conditions based on metric keys and dimension keys and values. Built-in, calculated, and ingested metrics are supported.

More information on the Metrics API v2

Use the powerful metric selector of the Metrics API v2 for metric and dimension keys and values:

  • GET a list of all available metrics in your environment.
  • GET the details of a specified metric to check dimension keys.
  • GET a list of data points to check dimension values.

Note that users automatically get access to metrics associated with entities that are included within their assigned management zones.

Text-based rules leverage the powerful entity selector for v2 Environment APIs to define entities. Text-based rules enable you to define entity access based on all the entity types, properties, values, and relationships exposed by the Monitored entities API v2.

There are several advantages of text-based rules:

  • You can provide granular and focused entity definitions without having to review the subset of choices available in the UI.
  • While UI-based rules allow for some relationship-based propagation of entity access, with text-based rules, you can explicitly use relationships to filter your entity selection. You have the flexibility to decide exactly which relationships you want to use to filter entities.
  • You can define text-based rules for including your own custom entity types, attributes, and relationships in management zones.

Important

Per monitoring environment, you can add:

  • 5,000 management zones by default. For any questions, contact Dynatrace ONE via in-product chat.
  • 150 UI-based management-zone rules for entities.
  • 150 UI-based management-zone rules for dimensional data (for metrics).
  • 150 text-based entity selector rules for management zones.
  • 100,000 conditions for all management-zone rules taken together (see Add a UI-based rule; does not apply to entity selector rules).
  • Any individual entity to a maximum of 200 management zones (run the GET an entity API call to see an entity's management zones).

Check our documentation on how to optimize management-zone rule performance at scale.

Add a UI-based rule

  1. Select/create a management zone and then select Add a new rule.

  2. Select the Rule type: Monitored entity or Dimensional data. (See information on text-based rule definition via the Entity selector.

  3. Select the entity to which the rule should apply (Rule applies to).

    • For UI-based entity definitions, select Monitored entity > Web applications for example.

      Select an entity

    • For a UI-based rule for a built-in, calculated, or ingested metric, select Dimensional data > METRIC.

    See Examples for different rule types and implementations.

  4. Each entity can be defined and limited by several different conditions. Select Add condition.

  5. Choose the condition Property, Operator, and Value (where relevant). For example, you can specify that the Web application name begins with a specified string. You can enter up to 80 characters; wildcard characters are not allowed; regular expressions are allowed in the contains regex and does not contain regex condition operators.

  6. If you enter a text string, specify whether it is Case sensitive.

    Rule conditions

  7. For some entities, you can propagate access to related topological entities without creating an extra rule. For example, turn on the appropriate toggles to include underlying hosts and process groups when defining a management-zone rule for Services.

    Include related entities

  8. Select Add condition to add another condition (or Remove condition to remove a condition) as required.

    Notes

    • You need to define at least one condition for the selected entity.
    • Conditions are applied using the AND logic—all conditions need to be met for the rule to apply to an entity.
    • There's no limit on the number of conditions per rule. However, there is a limit of 100,000 conditions for all rules taken together.

  9. Select Preview to see entities matching the rule that were active and online in the last 72 hours. (Of course, when you actually apply the management zone, all entities matching the rules for the given timeframe will be displayed.)

    Preview is not available for dimensional data rules.

    Rule preview

  10. Save changes.

Add a text-based entity selector rule

  1. Select/create a management zone and then select Add a new rule.

  2. In Rule type, select Entity selector.

  3. To fill out the Entity Selector text string, you might need to run API calls to fetch entity types, properties, values, and relationships. Consult entity selector documentation for details on how to construct an entity definition. See Examples for different rule types and implementations.

    Key parts of the entity selector string:

    • type(<entityType>) defines the type of entity that is subject to the rule. For example, the entity type for hosts is host and for process groups is process_group. The entity type is not case sensitive. You can only provide a single entry in <entityType>.

      Run the GET all entity types API call for a list of all entity types in your environment (including custom entities) and their properties.

      Alternatively, you can specify multiple individual entity IDs with the entityId criterion. You can run the GET entities list API call for a list of actual entities in your environment and their properties.

    • Entity properties and values filter the entity list that your rule applies to. For example, entityName.startsWith("Book") filters for entities whose name starts with Book. serviceType(WEB_REQUEST_SERVICE) filters for web request services.

      You can run the GET entity type API call for any entity type (for example, service) to get a list of all its properties (for example, serviceType). You can also run the GET entities list API call for a list of actual entities in your environment with their property values (for example, WEB_REQUEST_SERVICE).

    • Relationships further refine entity selection by defining an entity in terms of its relationship to another. Relationships are of two kinds.

      • A fromRelationsip implies that the direction of the relationship is from the given entity (that is, the entity being queried) to the related entity. When you query all the services that service A calls, this is a relationship “from (service A)” to other services.
      • A toRelationship implies that the direction of the relationship is from the related entity to the given entity (that is, the entity being queried). When you query all the services that call service A, this relationship is “to (service A)”.

      You can run the GET entity type API call on any entity type to get a list of the entity's from/to relationships and the related entity types. You can also run the GET entities list API call to get a list of the actual entities in your environment along with their relationship values (for example, a service entity type can have a calls from relationship to another service).

  4. Select Preview to see entities matching the rule that were active and online in the last 72 hours. (Of course, when you actually apply the management zone, all entities matching the rules for the given timeframe will be displayed.)

    Entity-selector rule preview

  5. Save changes.

How management-zone rules are applied

  • Conditions are applied using the AND logic—all conditions within a rule need to be met for the rule to apply to an entity.

  • Rules are applied using the OR logic—any rule must apply for an entity to be included in a management zone.

  • When creating rules for some entities, you can propagate access to related topological entities without creating an extra rule. For example, when creating a rule for services, you can opt to add underlying hosts and process groups. See Add a UI-based rule above.

    In other cases, the propagation of access to related topological entities is implicit. For example, when you grant access to a host in a management zone, any custom metrics ingested via that host are also accessible within the management zone. Note that this does not automatically include all measurements of those custom metrics but only those measurements that were sent in for your host.

    In cases where such propagation isn't available, you need to explicitly create rules for the entities you wish to add to a management zone. For example, a management-zone rule that applies to Host groups does not automatically grant access to the hosts within those groups; you need to explicitly add rules for the Hosts you wish to include in the management zone, as shown in Examples below.

Examples

Example 1: Management-zone rules providing access to hosts of specific host groups; users assigned to the zone can filter by accessible host groups.

  1. Set up a rule for hosts.

    1. Select Monitored entity as the Rule type.

    2. Select Hosts as the entity that the Rule applies to.

    3. Add a condition.

    4. Select Host group as the Property.

    5. Select or search for a host group in the Value field.

    6. Preview the list of matching entities.

      Preview the rule for hosts

    7. Save changes.

    Add a rule in this way for each set of hosts per host group.

  2. Set up a rule for host groups.

    In order for users to have visibility into host groups containing the hosts in the management zone, you need to set up host group rules—one per host group you wish to include. This ensures that users can filter by the host groups on the Hosts page.

    1. Select Monitored entity as the Rule type.

    2. Choose Host groups as the entity that the Rule applies to.

    3. Add a condition.

    4. Select Host group name as the Property.

    5. Define the condition for the host group name, for example, a text string contained in the host group's name.

    6. Preview the list of matching host groups.

      Rule for a host group

    7. Save changes.

    Add a rule in this way for each host group you wish to include in the management zone. Host group names are shown in the filter on the Hosts page only if a corresponding management-zone rule is defined for them. Generally, you would grant access to the same host groups that the hosts in your management zone belong to.

When the management zone is applied, the user can see only the assigned hosts and can filter the Hosts page by Host group. The host groups are those defined in your management-zone rules.

Host groups filter

Example 2: Management-zone rules providing access to all synthetic monitors

Management-zone rules can be defined for three types of synthetic entities:

  • Browser monitors
  • HTTP monitors
  • Third-party monitors

To provide access to all synthetic monitors, you need to define a rule to cover all monitors per synthetic entity type.

Management zones: synthetic entities

To set up a rule to cover all Browser monitors, for example:

Specify that the Browser monitor name exists. Preview the rule to see the matching entities.

Browser-monitor rule

Additionally, set up similar rules for HTTP and third-party monitors to cover all synthetic monitors in your environment.

Note

If you'd like your user to be able to create or edit synthetic monitors in a management zone, you need to provide the Change monitoring settings permission at the management-zone or environment level.

Example 3: Management-zone rules providing access to specific measurements of specific ingested metrics

You can provide access to an ingested metric, filtered by a dimension value so that only specific measurements of the given metric are accessible within the management zone (for charting and analysis, for example).

  1. Select the Dimensional data entity of type METRIC.

  2. Fill out the condition for the metric name (METRIC_KEY). You can provide access to a specific metric by specifying the entire name or a set of metrics by specifying the opening string (for example, business.revenue)

    Management-zone rule for custom metric name

  3. To filter for specific measurements of the metrics, you need to add a condition for the metric dimension. Select DIMENSION and provide the dimension name (Key) and (Value). For example, to filter your business metrics for the US eastern region, you would specify the dimension name region and value useast.

    Dimensional metric data in a management zone

  4. Save changes.

Note

If your management zone already provides access to the host through which a custom metric and its measurements are ingested, you automatically provide access to that custom metric; you do not need to set up an explicit rule for the custom metric. Note that this doesn’t include all measurements of that custom metric but only those measurements that were sent in for your host.

Example 4: Entity selector rule based on entity relationships

In order to filter for services that directly call a service with the name JourneyService, you can run the GET all entity types API call to check the entity type and relationships for services.

From the information gathered, you can now construct an entity-selector rule for the entity type service that has a calls from relationship to the entity type service with the name JourneyService:

type(SERVICE),fromRelationship.calls(type(SERVICE),entityName(JourneyService))

This can also be written as type(SERVICE),fromRelationship.calls(type(SERVICE) AND entityName.equals(JourneyService)).

Entity-selector rule based on relationships

Related topics
  • Monitored entities API v2

    Learn about the Dynatrace Entity API v2.

  • Environment API v2 - Entity selector

    Configure the entity selector for Environment API endpoints.

  • Metrics API v2

    Retrieve metric information via Metrics v2 API.

  • Metrics API - Metric selector

    Configure the metric selector for the Metric v2 API.

  • Best practices for scaling tagging and management-zone rules

    Optimize auto-tagging and management-zone rules to speed up the automatic assignment process.