I would like to create a dashboard with a dropdown input. The input would affect dynamically the field application_methodName. The problem is that I have some method names that contain accents in it, and they are not recognized when doing a search through this input. Next is the code of the input query : index=my_index timeseriesId=" appmethod.useractions" | dedup application_methodId | table application_methodName | sort application_methodName And the code of the query I'm trying to match with the dropdown input : index=my_index application_methodName="$userAction_token$" timeseriesId="appmethod.useractions" | stats sum(value) I could also use a application_methodId field as the dropdown token (that would erase the problem), but then it won't be user friendly anymore.  Any idea on how to make the query recognize accents ? Or a way to use the id as the token while still displaying the name in the dropdown ?  ... View more

I am encountering problems joining 2 querries that are getting values from 2 different sourcetypes. I would like to get the CPU load and maximum (s well as a trend line) of all my hosts, filtered by HostGroup. But the HostGroups are only linked to hosts in sourcetype=entity, and the value of CPU loads are located in sourcetype=metrics. I'll link the 2 queries and an explaination of the results, as for the combination I tried to make of the 2 queries.     index=my_index sourcetype="metrics" timeseriesId="host.cpu.user" | eval _time = strptime(timestamp, "%Y-%m-%d %H:%M:%S") | stats avg(value) as AvgCPU, max(value) as MaxCPU, values(unit) as Unit, sparkline(avg(value)) as Trend by hostName | eval AvgCPU = round(AvgCPU,2), MaxCPU = round(MaxCPU, 2)]     This query returns the average and maximum CPU load per host, which is the result I'm trying to get to, but sorted by HostGroup. And the only way for me to filter hosts by HostGroup is to use this query :     index=my_index sourcetype="entity" hostGroup.name="*" | spath | stats values(discoveredName) as hostName by hostGroup.name     So I tried combining the two queries using the mvexpand command :     index=my_index sourcetype="entity" hostGroup.name=$hostGroup_token$ | spath | stats values(discoveredName) as hostName | mvexpand hostName | join [ search index=my_index sourcetype="metrics" timeseriesId="host.cpu.user" | eval _time = strptime(timestamp, "%Y-%m-%d %H:%M:%S") | stats avg(value) as AvgCPU, max(value) as MaxCPU, values(unit) as Unit, sparkline(avg(value)) as Trend | eval AvgCPU = round(AvgCPU,2), MaxCPU = round(MaxCPU, 2)]       The problem is that this particular query returns only 1 value that is the average  and maximum value of CPU load and max of all my hosts.  Any idea on how to join the 2 queries so that it returns the CPU load and max filtered by HostGroup ? ... View more

How can I join two fields from different sourcetypes that don't share the same name ? The content of the two fields is strictly the same though. For more details, here are the two queries I would like to "join" :         index=dynatrace* sourcetype="dynatrace:entity" hostGroup.meId="HOST_GROUP-*" | spath | stats values(discoveredName) as HostName by hostGroup.name         In this one, I'm searching the entities to list all my host names by host group.         index=dynatrace_hp sourcetype=dynatrace:metrics timeseriesId="com.dynatrace.builtin:host.mem.used" | stats avg(value) as avgCPU, values(unit) as Unit by hostName         In this one, I'm searching the metrics to list all cpu loads by host name. I need to do it like this as I don't have access to the host group from the data in the metrics sourcetype. Already tried to make some joined queries but I can't find a working solution. Any idea ? ... View more