
# Correlation Analysis: Dynatrace Alerts vs ETA Logs

This notebook analyzes the correlation between Dynatrace problem alerts and ETA transaction logs.

### Steps:
1. Load ETA logs from `cleaned_eta_logs.csv`
2. Convert alert timestamps from epoch to human-readable datetime
3. Aggregate ETA logs by minute and count slow transactions
4. Visualize slow transaction trends with alert markers
5. Generate correlation summary for each alert window


In [1]:

import pandas as pd
import plotly.express as px
from datetime import datetime
import json


In [3]:
import pandas as pd

# Load ETA logs
eta_logs = pd.read_csv('cleaned_eta_logs.csv')
eta_logs['datetime'] = pd.to_datetime(eta_logs['datetime'], format='mixed')
eta_logs.head()

Unnamed: 0,datetime,agent_type,pid,transaction_id,execution_time,source_file,line_number,date,hour,minute,is_slow,is_very_slow,is_critical
0,2025-11-06 00:00:00.850,eta_agent,7964,11017737610524,4.121,time6.txt,82537,2025-11-06,0,0,False,False,False
1,2025-11-06 00:00:04.978,eta_agent,7773,11017737601406,0.099,time6.txt,44569,2025-11-06,0,0,False,False,False
2,2025-11-06 00:00:05.251,eta_agent,7690,11017737607061,10.955,time6.txt,1,2025-11-06,0,0,False,False,False
3,2025-11-06 00:00:05.782,eta_agent,8144,11017737599261,3.988,time6.txt,128222,2025-11-06,0,0,False,False,False
4,2025-11-06 00:00:05.995,eta_agent,7771,11017737599253,4.455,time6.txt,40181,2025-11-06,0,0,False,False,False


In [4]:

# Define problem alerts from provided JSON
problem_json_list = [
    {"problemId":"1000724463514535050_1762455660000V2","title":"AppGW-Borders Gov - SA - Slowness","status":"OPEN","startTime":1762455660000,"endTime":-1},
    {"problemId":"-1349479328943597503_1762456020000V2","title":"AppGW-Borders Gov - SA - Slowness","status":"CLOSED","startTime":1762456020000,"endTime":1762466460000},
    {"problemId":"6509037658883742559_1762466400000V2","title":"Multiple environment problems","status":"CLOSED","startTime":1762466580000,"endTime":1762467660000},
    {"problemId":"-167381760208408038_1762468320000V2","title":"AppGW-Borders Gov - SA - Slowness","status":"CLOSED","startTime":1762468440000,"endTime":1762468620000}
]

# Convert epoch to datetime
for alert in problem_json_list:
    alert['start_dt'] = datetime.fromtimestamp(alert['startTime']/1000)
    alert['end_dt'] = None if alert['endTime'] == -1 else datetime.fromtimestamp(alert['endTime']/1000)
problem_json_list


[{'problemId': '1000724463514535050_1762455660000V2',
  'title': 'AppGW-Borders Gov - SA - Slowness',
  'status': 'OPEN',
  'startTime': 1762455660000,
  'endTime': -1,
  'start_dt': datetime.datetime(2025, 11, 6, 19, 1),
  'end_dt': None},
 {'problemId': '-1349479328943597503_1762456020000V2',
  'title': 'AppGW-Borders Gov - SA - Slowness',
  'status': 'CLOSED',
  'startTime': 1762456020000,
  'endTime': 1762466460000,
  'start_dt': datetime.datetime(2025, 11, 6, 19, 7),
  'end_dt': datetime.datetime(2025, 11, 6, 22, 1)},
 {'problemId': '6509037658883742559_1762466400000V2',
  'title': 'Multiple environment problems',
  'status': 'CLOSED',
  'startTime': 1762466580000,
  'endTime': 1762467660000,
  'start_dt': datetime.datetime(2025, 11, 6, 22, 3),
  'end_dt': datetime.datetime(2025, 11, 6, 22, 21)},
 {'problemId': '-167381760208408038_1762468320000V2',
  'title': 'AppGW-Borders Gov - SA - Slowness',
  'status': 'CLOSED',
  'startTime': 1762468440000,
  'endTime': 1762468620000,
  'st

In [5]:

# Aggregate ETA logs by minute and count slow transactions
eta_logs['minute_bucket'] = eta_logs['datetime'].dt.floor('min')
slow_counts = eta_logs.groupby('minute_bucket')['is_slow'].sum().reset_index()
slow_counts.rename(columns={'is_slow':'slow_txn_count'}, inplace=True)

# Save as csv
slow_counts.to_csv('slow_counts.csv', index=False)
print('Saved -> slow_counts.csv')

slow_counts.head()


Saved -> slow_counts.csv


Unnamed: 0,minute_bucket,slow_txn_count
0,2025-11-06 00:00:00,0
1,2025-11-06 00:01:00,0
2,2025-11-06 00:02:00,0
3,2025-11-06 00:03:00,0
4,2025-11-06 00:04:00,0


In [8]:
# Create timeline chart
fig = px.line(slow_counts, x='minute_bucket', y='slow_txn_count', title='Slow Transactions Over Time')

# Add alert markers
for alert in problem_json_list:
    fig.add_vline(x=alert['start_dt'], line_width=2, line_dash="dash", line_color="red")
    if alert['end_dt']:
        fig.add_vline(x=alert['end_dt'], line_width=2, line_dash="dot", line_color="green")

# fig.update_layout(width=1000, height=600)
# fig.show(renderer="notebook")  # or "iframe" or "browser" if notebook fails
# fig.update_xaxes(range=[slow_counts['minute_bucket'].min(), slow_counts['minute_bucket'].max()])

# fig.update_layout(width=1000, height=600)
# fig.show(renderer="notebook")  # or "iframe" or "browser" if notebook fails
# fig.update_xaxes(range=[slow_counts['minute_bucket'].min(), slow_counts['minute_bucket'].max()])

fig.show()

In [9]:
# Create timeline chart
fig = px.line(slow_counts, x='minute_bucket', y='slow_txn_count', title='Slow Transactions Over Time')

# Add alert markers using shapes instead of vlines
for i, alert in enumerate(problem_json_list):
    # Reset to original timestamps
    alert['start_dt'] = datetime.fromtimestamp(alert['startTime']/1000)
    alert['end_dt'] = None if alert['endTime'] == -1 else datetime.fromtimestamp(alert['endTime']/1000)

    # Add vertical line for alert start
    fig.add_shape(
        type="line",
        x0=alert['start_dt'], x1=alert['start_dt'],
        y0=0, y1=1,
        yref="paper",
        line=dict(color="red", width=2, dash="dash")
    )

    # Add annotation for alert start
    fig.add_annotation(
        x=alert['start_dt'],
        y=1,
        yref="paper",
        text=f"Alert {i+1} Start",
        showarrow=True,
        arrowhead=2,
        arrowcolor="red"
    )

    # Add alert end if it exists
    if alert['end_dt']:
        fig.add_shape(
            type="line",
            x0=alert['end_dt'], x1=alert['end_dt'],
            y0=0, y1=1,
            yref="paper",
            line=dict(color="green", width=2, dash="dot")
        )

        fig.add_annotation(
            x=alert['end_dt'],
            y=0.9,
            yref="paper",
            text=f"Alert {i+1} End",
            showarrow=True,
            arrowhead=2,
            arrowcolor="green"
        )

fig.update_layout(
    width=1000,
    height=600,
    xaxis_title="Time",
    yaxis_title="Slow Transaction Count"
)

fig.show()

In [None]:

# Generate correlation summary
summary = []
for alert in problem_json_list:
    window_start = alert['start_dt']
    window_end = alert['end_dt'] if alert['end_dt'] else window_start + pd.Timedelta(minutes=30)
    window_data = slow_counts[(slow_counts['minute_bucket'] >= window_start) & (slow_counts['minute_bucket'] <= window_end)]
    avg_slow = window_data['slow_txn_count'].mean() if not window_data.empty else 0
    summary.append({
        'problemId': alert['problemId'],
        'title': alert['title'],
        'status': alert['status'],
        'start': str(window_start),
        'end': str(window_end),
        'avg_slow_txn_count': avg_slow
    })

summary


[{'problemId': '1000724463514535050_1762455660000V2',
  'title': 'AppGW-Borders Gov - SA - Slowness',
  'status': 'OPEN',
  'start': '2025-11-06 22:01:00',
  'end': '2025-11-06 22:31:00',
  'avg_slow_txn_count': np.float64(17.548387096774192)},
 {'problemId': '-1349479328943597503_1762456020000V2',
  'title': 'AppGW-Borders Gov - SA - Slowness',
  'status': 'CLOSED',
  'start': '2025-11-06 22:07:00',
  'end': '2025-11-07 01:01:00',
  'avg_slow_txn_count': np.float64(11.942857142857143)},
 {'problemId': '6509037658883742559_1762466400000V2',
  'title': 'Multiple environment problems',
  'status': 'CLOSED',
  'start': '2025-11-07 01:03:00',
  'end': '2025-11-07 01:21:00',
  'avg_slow_txn_count': np.float64(4.947368421052632)},
 {'problemId': '-167381760208408038_1762468320000V2',
  'title': 'AppGW-Borders Gov - SA - Slowness',
  'status': 'CLOSED',
  'start': '2025-11-07 01:34:00',
  'end': '2025-11-07 01:37:00',
  'avg_slow_txn_count': np.float64(0.5)}]