Event analytics

Events are essential raw data that Davis (the Dynatrace AI engine) considers during automated root-cause analysis to understand the reasons underlying any problems that are detected in your environment. Out of the box, Davis detects more than 80 different built-in system event types, including process crashes, deployment configuration changes, and VM motion events. Using extension points, you can report custom events through OneAgent plugins or via the Dynatrace API.

Davis shows all system events in the context of your data center topology. So you can analyze events in relation to their parent topological components (for example, hosts, processes, or services) and see how they relate to one another.

Event vs problem

Events represent different types of individual incidents, such as metric-threshold breaches, baseline degradations, or point-in-time events, such as process crashes. Dynatrace also detects and processes informational events such as new software deployments, configuration changes, and other event types.

A problem may be the result of a single event or multiple events, which is often the case in complex environments. To prevent a flood of seemingly unrelated problem alerts for related events in such environments, the Dynatrace AI correlates all events that share the same root cause into a single, trackable problem. This approach prevents event and alert spamming.

Problems have defined lifespans and are updated in real time with all incoming events and findings. Once a problem is detected, it's listed on your problems feed.

The Events section

The Events section on each host, process, and service overview page provides a chart that displays overall statistics for each event type that occurred during the selected analysis timeframe.

Scaling up and drilling down

Within production environments, a single host, or even a single process, may include thousands of individual events. The Dynatrace event-analytics engine can process all such events, even over large analysis timeframes. Importantly, event analysis offers convenient drill-down and filtering options that make it easy to focus on specific points in time where high event activity occurred and then filter those events based on event type.

The Events chart in the example above shows multiple event types over the course of a year-long analysis timeframe. However, the example below focuses on a single time and specific event type. By drilling down into the event highlighted below, we see that the file ase.jsp was newly deployed at this time.

Push events from third-party systems

By enabling Davis to consider information from third-party systems, you can have custom events pushed to any topological component (host, process, or service).

One popular use case is to have your continuous integration (CI) and build toolchain automatically report meta-information about software deployments. Each custom event includes a set of custom key-value properties that your toolchain can use to report important context information.

In the example below, you can see a custom deployment event with user-defined key-value properties for the Jenkins build number and Git commit information.