Back to Details

dt-obs-predictive-analytics

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Predictive Analytics Skill

预测分析技能

Forecast resource saturation, detect trends, analyze anomalies, and characterize signal behavior using DQL and Dynatrace analyzer tools.
借助DQL和Dynatrace分析工具,预测资源饱和度、检测趋势、分析异常并表征信号行为。

Analysis Disciplines

分析领域

#DisciplineUse when …
1Forecast and PredictionPredicting future metric values for capacity planning, cost estimation, or proactive alerting
2Detecting ChangesA metric shifted — find when the character of the signal changed, regardless of whether it crossed a limit
3Detecting ViolationsA metric is currently out of bounds — find entities that exceed or fall below an acceptable range
4Timeseries CharacteristicsCharacterizing a signal's seasonality, noise level, and trend before further analysis
#领域适用场景……
1预测与预报为容量规划、成本估算或主动告警预测未来指标值
2变化检测指标发生“偏移”——找出信号特征发生变化的时间点,无论是否超出阈值
3违规检测指标当前“超出范围”——找出超出或低于可接受范围的实体
4时间序列特征在进一步分析前,表征信号的季节性、噪声水平和趋势

Choosing the Right Detection Tool

选择合适的检测工具

The single most important decision: are you asking "did this metric change?" or "is this metric currently wrong?"
QuestionToolWhy
"Did this metric change in the last N hours?"
timeseries-novelty-detection
Detects when the signal's character changed (spike, step, trend onset, variability shift) without requiring a known acceptable limit
"Which services spiked or dropped recently?"
timeseries-novelty-detection
with 
SPIKE
/ 
CHANGE_IN_VALUES
Finds the specific entities and timestamps where change occurred; returns empty for stable signals
"When did CPU start trending up?"
timeseries-novelty-detection
with 
TREND_IN_VALUES
Pinpoints the onset of a directional shift
"Which hosts are currently above 90% CPU?"
static-threshold-analyzer
Known fixed limit — fire alerts when exceeded
"Which services are currently above their usual load?"
adaptive-anomaly-detector
Learns the normal distribution from the data and flags sustained threshold violations
"Which services are high right now vs. their weekly pattern?"
seasonal-baseline-anomaly-detector
Accounts for time-of-day/day-of-week patterns before deciding what is anomalous
最重要的决策:你要问的是“这个指标是否发生了变化?”还是“这个指标当前是否异常?”
问题工具原因
“过去N小时内该指标是否发生变化?”
timeseries-novelty-detection
无需已知可接受阈值,即可检测信号特征发生变化的时间点(峰值、阶跃、趋势起始、波动性变化)
“哪些服务近期出现峰值或骤降?”
SPIKE
/
CHANGE_IN_VALUES
参数的
timeseries-novelty-detection
找出发生变化的具体实体和时间戳;信号稳定时返回空结果
“CPU何时开始呈上升趋势?”
TREND_IN_VALUES
参数的
timeseries-novelty-detection
精确定位方向性变化的起始点
“哪些主机当前CPU使用率超过90%?”
static-threshold-analyzer
已知固定阈值——超出时触发告警
“哪些服务当前负载高于常规水平?”
adaptive-anomaly-detector
从数据中学习正常分布,标记持续的阈值违规
“哪些服务当前流量与每周模式相比异常偏高?”
seasonal-baseline-anomaly-detector
在判断异常前,会考虑时段/星期几的模式

Decision rule in plain language

通俗决策规则

  • Use 
    timeseries-novelty-detection
     when the question contains "changed", "shifted", "spiked", "dropped", "started", "when did", or "did anything unusual happen". The tool answers whether a change occurred and when. It requires no predefined threshold.
  • Use an anomaly detector (
    adaptive
    , 
    seasonal
    , or 
    static
    ) when the question is about ongoing or current state relative to an expected range: "which are highest", "who is violating", "what is above X". These tools count violation samples inside a sliding window — they confirm how long something has been bad, not whether the signal changed.
Pitfall: Running 
adaptive-anomaly-detector
on a broad fleet to answer "which service changed load?" typically flags every service that has any variation, producing low-signal results. Use 
timeseries-novelty-detection
first to identify entities where the load character genuinely shifted, then use the anomaly detectors to measure the severity of those specific signals.
  • 使用
    timeseries-novelty-detection
    :当问题包含“变化”“偏移”“峰值”“骤降”“开始”“何时”或“是否发生异常”时。该工具回答是否发生变化以及何时发生变化,无需预定义阈值。
  • 使用异常检测器
    adaptive
    seasonal
    static
    ):当问题涉及当前持续状态与预期范围的对比时,例如“哪些指标最高”“哪些实体违规”“哪些指标超过X”。这些工具会统计滑动窗口内的违规样本——它们确认异常持续了多久,而非信号是否发生变化。
误区:在大规模集群上运行
adaptive-anomaly-detector
来回答“哪些服务负载发生变化?”通常会标记所有存在任何波动的服务,产生低价值结果。应先使用
timeseries-novelty-detection
识别负载特征真正发生变化的实体,再使用异常检测器衡量这些特定信号的严重程度。

When to Use This Skill

何时使用本技能

  • Capacity: "Which hosts will hit 90% CPU in the next 30 days?"
  • Forecast: "Forecast service request volume for the next 7 days"
  • Trend: "Is memory usage growing across our Kubernetes nodes?"
  • Anomaly: "Which services have unusual error rates right now?"
  • Baseline: "How does today's traffic compare to last week?"
  • Signal profile: "Is this metric seasonal or trending before I set up alerting?"
  • 容量规划:“哪些主机将在未来30天内达到90% CPU使用率?”
  • 预测:“预测未来7天的服务请求量”
  • 趋势分析:“Kubernetes节点的内存使用率是否在增长?”
  • 异常检测:“哪些服务当前错误率异常?”
  • 基线对比:“今日流量与上周相比如何?”
  • 信号特征分析:“在设置告警前,该指标是否具有季节性或趋势性?”

Important Constraints

重要约束

Dynatrace Forecast Analyzer supports univariate forecasting only — predicting one metric based on its own historical values. Multivariate forecasting (using multiple metrics as inputs) requires external tools (Python, R, Azure AutoML).
Tooling Rule: Run analyses using Dynatrace tools: 
timeseries-forecast
, 
adaptive-anomaly-detector
, 
seasonal-baseline-anomaly-detector
, 
static-threshold-analyzer
, and 
timeseries-novelty-detection
. Use 
execute-dql
for DQL queries.
Result Analysis Rule: Always analyse and summarise results directly from the raw tool output. Derive all numbers, trends, and conclusions inline.
Dynatrace预测分析器仅支持单变量预测——基于自身历史值预测单个指标。多变量预测(使用多个指标作为输入)需要外部工具(Python、R、Azure AutoML)。
工具规则:使用Dynatrace工具运行分析:
timeseries-forecast
adaptive-anomaly-detector
seasonal-baseline-anomaly-detector
static-threshold-analyzer
timeseries-novelty-detection
。使用
execute-dql
执行DQL查询。
结果分析规则:始终直接从工具原始输出中分析和总结结果。所有数值、趋势和结论都应直接推导得出。

Result Presentation Format

结果呈现格式

Always present forecast results as a structured table:
ColumnContent
Rank🥇 🥈 🥉 ordered by urgency or magnitude
Signal / EntityMetric name and entity or dimension
Last ActualMost recent non-null value from the historical series
ForecastPoint forecast at the end of the horizon
RangeLower – Upper confidence band at the same horizon point
Trend% change from Last Actual to Forecast: 🔴 >+20% / 🟠 +5–20% / 🟢 ±5% stable / 🔵 −5–20% declining / ⚫ <−20% sharp drop
Action✅ No action / ⚠️ Monitor / 🔴 Act now
Always follow the table with a Key Findings section (3–5 bullet points, ranked by priority).
预测结果始终以结构化表格呈现:
列名内容
优先级🥇 🥈 🥉 按紧急程度或影响程度排序
信号/实体指标名称及实体或维度
最新实际值历史序列中最近的非空值
预测值预测周期结束时的点预测值
置信区间同一预测时间点的下限–上限置信区间
趋势从最新实际值到预测值的变化百分比:🔴 >+20% / 🟠 +5–20% / 🟢 ±5% 稳定 / 🔵 −5–20% 下降 / ⚫ <−20% 骤降
行动建议✅ 无需行动 / ⚠️ 监控 / 🔴 立即处理
表格后始终跟随关键发现部分(3–5个要点,按优先级排序)。

Core DQL Techniques

核心DQL技巧

DQL has no native 
forecast
function. For forward-looking forecasts, use 
timeseries-forecast
(see 
references/forecasting-analyzer.md
).
DQL没有原生的
forecast
函数。如需前瞻性预测,请使用
timeseries-forecast
(参见
references/forecasting-analyzer.md
)。

Key DQL Rules

关键DQL规则

  1. timeseries
    returns arrays — one value per time slot per entity
  2. arrayLast(arr)
    = most recent value; 
    arrayFirst(arr)
    = oldest
  3. Growth = 
    (arrayLast - arrayFirst) / number_of_intervals
  4. Always 
    filter isNotNull(field)
    before sorting to avoid null ordering issues
  5. Use 
    toLong()
    when dividing 
    Long
    fields to avoid type errors
  6. Use 
    dt.smartscape.*
    not deprecated 
    dt.entity.*
    in DQL display fields; use 
    dt.smartscape.*
    in 
    by:{}
    grouping clauses for entity-level queries
  1. timeseries
    返回数组——每个实体每个时间槽对应一个值
  2. arrayLast(arr)
    = 最新值;
    arrayFirst(arr)
    = 最早值
  3. 增长率 = 
    (arrayLast - arrayFirst) / number_of_intervals
  4. 排序前始终使用
    filter isNotNull(field)
    以避免空值排序问题
  5. 分割
    Long
    类型字段时使用
    toLong()
    以避免类型错误
  6. 在DQL显示字段中使用
    dt.smartscape.*
    而非已弃用的
    dt.entity.*
    ;在实体级查询的
    by:{}
    分组子句中使用
    dt.smartscape.*

Standard Query Patterns

标准查询模式

Moving Average Trend

移动平均趋势

dql
timeseries cpu = avg(dt.host.cpu.usage), from: now()-24h, interval: 1h, by: {dt.smartscape.host}
| fieldsAdd moving_avg = arrayMovingAvg(cpu, 4)
| fieldsAdd current = arrayLast(cpu)
| fieldsAdd trend = arrayLast(cpu) - arrayFirst(cpu)
| filter isNotNull(current)
| sort trend desc
| limit 20
| fields dt.smartscape.host, current, trend, moving_avg
dql
timeseries cpu = avg(dt.host.cpu.usage), from: now()-24h, interval: 1h, by: {dt.smartscape.host}
| fieldsAdd moving_avg = arrayMovingAvg(cpu, 4)
| fieldsAdd current = arrayLast(cpu)
| fieldsAdd trend = arrayLast(cpu) - arrayFirst(cpu)
| filter isNotNull(current)
| sort trend desc
| limit 20
| fields dt.smartscape.host, current, trend, moving_avg

Saturation Risk Classification

饱和度风险分类

dql
timeseries cpu = avg(dt.host.cpu.usage), from: now()-7d, interval: 1h, by: {dt.smartscape.host}
| fieldsAdd p95 = arrayPercentile(cpu, 95)
| fieldsAdd saturation_risk = if(p95 > 85, "HIGH", else: if(p95 > 70, "MEDIUM", else: "LOW"))
| filter isNotNull(p95)
| sort p95 desc
| fields dt.smartscape.host, p95, saturation_risk
dql
timeseries cpu = avg(dt.host.cpu.usage), from: now()-7d, interval: 1h, by: {dt.smartscape.host}
| fieldsAdd p95 = arrayPercentile(cpu, 95)
| fieldsAdd saturation_risk = if(p95 > 85, "HIGH", else: if(p95 > 70, "MEDIUM", else: "LOW"))
| filter isNotNull(p95)
| sort p95 desc
| fields dt.smartscape.host, p95, saturation_risk

Days to Saturation Forecast

饱和剩余天数预测

dql
timeseries cpu = avg(dt.host.cpu.usage), from: now()-30d, interval: 1d, by: {dt.smartscape.host}
| fieldsAdd current = arrayLast(cpu)
| fieldsAdd daily_growth = (arrayLast(cpu) - arrayFirst(cpu)) / 30
| filter isNotNull(current)
| fieldsAdd days_to_saturation = if(daily_growth > 0, toLong((90 - current) / daily_growth), else: 9999)
| sort days_to_saturation asc
| limit 20
| fields dt.smartscape.host, current, daily_growth, days_to_saturation
dql
timeseries cpu = avg(dt.host.cpu.usage), from: now()-30d, interval: 1d, by: {dt.smartscape.host}
| fieldsAdd current = arrayLast(cpu)
| fieldsAdd daily_growth = (arrayLast(cpu) - arrayFirst(cpu)) / 30
| filter isNotNull(current)
| fieldsAdd days_to_saturation = if(daily_growth > 0, toLong((90 - current) / daily_growth), else: 9999)
| sort days_to_saturation asc
| limit 20
| fields dt.smartscape.host, current, daily_growth, days_to_saturation

Anomaly Scoring

异常评分

dql
timeseries cpu = avg(dt.host.cpu.usage), from: now()-24h, interval: 1h, by: {dt.smartscape.host}
| fieldsAdd baseline_avg = arrayAvg(cpu)
| fieldsAdd current = arrayLast(cpu)
| fieldsAdd anomaly_score = if(isNotNull(current) and isNotNull(baseline_avg), abs(current - baseline_avg), else: 0)
| sort anomaly_score desc
| limit 20
| fields dt.smartscape.host, current, baseline_avg, anomaly_score
dql
timeseries cpu = avg(dt.host.cpu.usage), from: now()-24h, interval: 1h, by: {dt.smartscape.host}
| fieldsAdd baseline_avg = arrayAvg(cpu)
| fieldsAdd current = arrayLast(cpu)
| fieldsAdd anomaly_score = if(isNotNull(current) and isNotNull(baseline_avg), abs(current - baseline_avg), else: 0)
| sort anomaly_score desc
| limit 20
| fields dt.smartscape.host, current, baseline_avg, anomaly_score

Metric Discovery

指标发现

Before forecasting, discover available metrics by keyword:
dql
metrics from: now() - 1h
| filter contains(metric.key, "cpu")
| summarize count(), by: {metric.key}
| sort `count()` desc
预测前,按关键词发现可用指标:
dql
metrics from: now() - 1h
| filter contains(metric.key, "cpu")
| summarize count(), by: {metric.key}
| sort `count()` desc

Reference Guides

参考指南

  • references/forecasting-analyzer.md
    timeseries-forecast
    tool: data requirements, parameter reference, interval selection, horizon limits, common pitfalls
  • references/capacity-forecasting.md
     — CPU/memory/disk/K8s saturation forecasts; multi-resource risk scoring; days-to-saturation DQL patterns
  • references/anomaly-scoring.md
    adaptive-anomaly-detector
    , 
    seasonal-baseline-anomaly-detector
    , 
    static-threshold-analyzer
    ; DQL deviation scoring
  • references/novelty-detection.md
    timeseries-novelty-detection
    tool: spike, drop, step change, trend onset, and variability change detection; all novelty types; parameter reference; worked examples
  • references/trend-detection.md
    timeseries-novelty-detection
    for trend onset and change points; week-over-week joins; growth rate and acceleration detection
  • references/forecasting-analyzer.md
    timeseries-forecast
    工具:数据要求、参数参考、时间间隔选择、预测范围限制、常见陷阱
  • references/capacity-forecasting.md
     — CPU/内存/磁盘/K8s饱和度预测;多资源风险评分;饱和剩余天数DQL模式
  • references/anomaly-scoring.md
    adaptive-anomaly-detector
    seasonal-baseline-anomaly-detector
    static-threshold-analyzer
    ;DQL偏差评分
  • references/novelty-detection.md
    timeseries-novelty-detection
    工具:峰值、骤降、阶跃变化、趋势起始和波动性变化检测;所有异常类型;参数参考;示例实践
  • references/trend-detection.md
     — 使用
    timeseries-novelty-detection
    进行趋势起始和变化点检测;周环比关联;增长率和加速度检测

Related Skills

相关技能

  • dt-dql-essentials — DQL syntax, 
    timeseries
    command rules, array function reference
  • dt-obs-hosts — Host and process metrics catalog
  • dt-obs-services — Service RED metrics for service-level trend analysis
  • dt-obs-problems — Davis AI problem history for anomaly correlation
  • dt-dql-essentials — DQL语法、
    timeseries
    命令规则、数组函数参考
  • dt-obs-hosts — 主机和进程指标目录
  • dt-obs-services — 用于服务级趋势分析的服务RED指标
  • dt-obs-problems — Davis AI问题历史记录,用于异常关联