Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.traversal.com/llms.txt

Use this file to discover all available pages before exploring further.

Connecting Dynatrace lets Traversal pull entities, Davis-detected problems, metrics, events, logs, and traces during investigations so it can correlate symptoms across your services and produce grounded root-cause explanations.

What Traversal reads

  • Entities and topology — host, service, process, and application entities, plus their dependency relationships
  • Problems — Davis-detected problems and their evidence
  • Metrics — time-series data and dimensional metadata
  • Events — deployment events and other point-in-time signals
  • Logs — classic log queries and Grail (DQL) log queries
  • Spans / Traces — APM spans and trace context
  • Settings — read-only access to configuration objects (e.g. anomaly-detection rules)

Authentication

Traversal talks to Dynatrace through two complementary API surfaces, and you can connect either, or both at the same time:
SurfaceHostAuthenticationCovers
Classic Environment API*.live.dynatrace.comAPI token (dt0c01...)Entities, problems, events, classic metrics, classic logs, SLOs
Platform / Grail*.apps.dynatrace.comOAuth 2.0 client credentialsDQL queries against logs, events, spans, metrics, and bizevents
Pick what fits your tenant:
  • Dynatrace Managed / self-hosted — Classic API only (Grail is SaaS-only).
  • SaaS, Grail-only — OAuth client only. Problems and entities are still reachable via DQL.
  • SaaS, mid-migration or both surfaces in use — provide both. Traversal automatically routes each query to the right surface.
You only need to fill in the section(s) for the surface(s) you want to connect; leave the other section empty. Traversal’s connection check exercises every credential you provide and reports per-surface pass/fail, so you’ll see exactly which half is working if one side is misconfigured.

Setup

1

Choose which surface(s) to connect

Best for Dynatrace Managed, self-hosted, or any tenant where you only need entities, problems, events, classic metrics, classic logs, and SLOs. Works on every Dynatrace deployment.
2

Create a Classic API token (if connecting the Classic API)

  1. In Dynatrace, open Settings → Integration → Dynatrace API → Generate token.
  2. Name it (e.g. traversal).
  3. Choose the read-only scopes you want to grant. Traversal will exercise whichever scopes the token carries; the more scopes you grant, the more data Traversal can use during investigations.
Minimum:
ScopeWhat it covers
entities.readRequired to connect. Powers entity-listing and service-dependency lookups.
Recommended additions — grant whichever your security policy allows:
ScopeWhat it unlocks
problems.readDavis-detected problems (/api/v2/problems)
metrics.readMetric time-series queries (/api/v2/metrics/query)
events.readEvents including deployments (/api/v2/events)
releases.readCurated release lists (/api/v2/releases); only available on tenants where the Releases feature is enabled. Traversal falls back to events automatically when this scope isn’t granted.
settings.readSettings 2.0 objects, including anomaly-detection rules (/api/v2/settings/objects)
logs.readClassic log queries
slo.readSLO definitions and status
traces.lookupClassic trace lookups
Granting only entities.read is enough to connect, but Traversal won’t have anything else to read. Grant the additional scopes for the data types you want surfaced during investigations.
  1. Click Generate token and copy the token immediately. Dynatrace shows it only once.
  2. Note your Classic Environment URL in the format https://<env-id>.live.dynatrace.com. The environment ID is the subdomain of your Dynatrace UI URL.
For Dynatrace Managed deployments the URL format is https://<your-domain>/e/<env-id> instead. Traversal supports both.
3

Create a Platform OAuth client (if connecting Grail)

  1. In Dynatrace, open Account Management → Identity & access management → OAuth clients → Create client.
  2. Name it (e.g. traversal) and choose which storage scopes to grant. Traversal queries whichever data types the token can read, so grant the storage scopes for the signals you want available during investigations.
Minimum:
ScopeWhat it covers
noneNo storage scopes are required to connect — you can save the integration first and grant data scopes later.
Recommended additions — grant whichever your security policy allows:
ScopeWhat it unlocks
storage:logs:readLog records in Grail
storage:events:readEvent records in Grail (including deployment events)
storage:spans:readSpan records in Grail
storage:metrics:readMetric records in Grail
storage:bizevents:readBusiness event records
storage:buckets:readStorage bucket metadata; useful for letting Traversal discover which buckets exist before querying them
storage:system:readSystem tables (e.g. dt.system.tables); useful for schema discovery
You can save the integration with zero storage scopes if you want to set up authentication first and add data scopes later. Until you grant the relevant storage:*:read scopes, Traversal won’t be able to read any data from Grail.
  1. Click Create client and copy the Client ID, Client secret, and Account URN. The secret is shown only once.
  2. Note your Platform URL in the format https://<env-id>.apps.dynatrace.com. The environment ID is the same as your Classic URL — only the host suffix differs (.apps. vs .live.).
4

Configure in Traversal

Go to Company Knowledge → Integrations, select Dynatrace, and fill in the section(s) for the surface(s) you’re connecting:Classic API
  • Classic Environment URL — e.g. https://abc12345.live.dynatrace.com
  • API Token — the dt0c01... token from Step 2
Platform / Grail
  • Platform URL — e.g. https://abc12345.apps.dynatrace.com
  • OAuth Client ID — starts with dt0s02.
  • OAuth Client Secret — the secret you copied
  • Account URN — format urn:dtaccount:<uuid>, found in Account Management → Overview
Click Save. Traversal exercises every credential you provided and reports the result per surface — if you connected both, you’ll see a separate pass/fail for Classic and Grail.

Troubleshooting

  • Classic connection fails with an entities.read permission errorentities.read is the only scope required to connect; other scopes are only needed for the corresponding queries. Re-generate the token with entities.read granted.
  • Integration saves but a specific Dynatrace query returns “no data” or a permission error — the corresponding scope is likely not granted on the token (Classic) or OAuth client (Grail). Add the scope from the tables above and re-save the integration.
  • Classic URL pasted on the Platform host (or vice-versa) — Traversal rejects URLs that mix the two surfaces. Use *.live.dynatrace.com for Classic and *.apps.dynatrace.com for Grail.
  • Grail OAuth connection fails with an SSO error — check that all three of Client ID, Client Secret, and Account URN are correct. The Account URN must be the format urn:dtaccount:<uuid> from your Dynatrace Account Management page, not the environment ID.

More information