Skip to main content
Connect your Dynatrace environment to enable CloudThinker agents to run DQL queries, investigate problems, review security vulnerabilities, discover entities and ownership context, and inspect documents such as notebooks and dashboards across your observability stack. CloudThinker connects to Dynatrace through the official Dynatrace MCP server using a Dynatrace Platform token and your Dynatrace Platform environment URL.

Prerequisites

  • A Dynatrace Platform environment with the logs, events, spans, metrics, problems, entities, or documents you want CloudThinker to investigate.
  • Your Dynatrace Platform environment URL, such as https://abc12345.apps.dynatrace.com.
  • A Dynatrace Platform token with the read scopes CloudThinker needs.
CloudThinker runs the Dynatrace MCP server with npx, so you only need to provide the Dynatrace environment URL and Platform token in the connection form.

Setup

1

Open Dynatrace

Sign in to your Dynatrace Platform environment. Use the Platform URL that follows the format https://<environment-id>.apps.dynatrace.com.
2

Create a Platform Token

Create a dedicated Dynatrace Platform token for CloudThinker and grant only the scopes listed in Required Permissions for the workflows you want to enable.Copy the token immediately — it may not be shown again.
3

Add Connection in CloudThinker

Navigate to Connections → Dynatrace and enter:
  • DT_ENVIRONMENT: your Dynatrace Platform environment URL
  • DT_PLATFORM_TOKEN: the Platform token you just created
Click Connect. CloudThinker verifies the credentials and shows a Connected status.
Use a Dynatrace Platform token, not a classic Dynatrace API token. Classic API tokens do not provide the Platform scopes needed by the MCP server.

Connection Details

FieldDescriptionExample
DT_ENVIRONMENTDynatrace Platform environment URLhttps://abc12345.apps.dynatrace.com
DT_PLATFORM_TOKENDynatrace Platform token
Use the Platform environment URL, not a classic live.dynatrace.com URL. The MCP server uses DT_ENVIRONMENT to reach Dynatrace Platform APIs and Grail data.

Required Permissions

Create a dedicated Dynatrace Platform token and grant only the scopes required for the CloudThinker workflows you plan to use.
ScopeEnables
app-engine:apps:runRun most Dynatrace MCP tools
storage:buckets:readRead system data stored on Grail and discover accessible buckets
storage:logs:readQuery logs through DQL
storage:metrics:readQuery metrics through DQL
storage:bizevents:readQuery business events through DQL
storage:spans:readQuery traces and spans through DQL
storage:entities:readQuery monitored entities through DQL
storage:events:readQuery events through DQL
storage:security.events:readQuery security events through DQL
storage:system:readQuery system data through DQL
storage:user.events:readQuery user events through DQL
storage:user.sessions:readQuery user sessions through DQL
storage:smartscape:readQuery Smartscape data through DQL
storage:files:readUse DQL load statements for lookup data
document:documents:readList and read Dynatrace documents such as notebooks, dashboards, and launchpads
document:documents:writeCreate Dynatrace documents when approved workflows need document creation
Start with app-engine:apps:run plus the read scopes for the data types you need. Add document:documents:write later only for approved workflows that need agents to create Dynatrace documents.
Older Dynatrace MCP server versions required app-engine:functions:run, settings:objects:read, and environment-api:entities:read. Current versions no longer require those scopes.

Agent Capabilities

Once connected, agents have access to the Dynatrace observability data allowed by the Platform token.
CapabilityDescription
DQL ExecutionRun and validate Dynatrace Query Language queries against Grail data
Logs, Events, Spans, and MetricsInvestigate telemetry across short time windows and focused queries
Problem InvestigationRetrieve Dynatrace problems and summarize affected services or infrastructure
Security VulnerabilitiesReview reported vulnerabilities when the token includes security problem read access
Entity DiscoveryDiscover monitored entities and ownership context for impacted systems
DocumentsInspect notebooks and dashboards when document scopes are granted

Example Prompts

@alex investigate current Dynatrace problems affecting production and summarize impacted entities
@alex run a Dynatrace DQL query for error logs from the checkout service over the last 30 minutes
@alex review Dynatrace spans for the payment service and identify latency hotspots
@oliver check Dynatrace security vulnerabilities affecting internet-facing services
@alex inspect Dynatrace dashboards or notebooks related to incident INC-1234 and summarize the evidence
For large environments, scope requests with a known service, entity, bucket, and short time window so DQL queries stay focused.

Troubleshooting

Make sure DT_ENVIRONMENT is the Dynatrace Platform URL, such as https://abc12345.apps.dynatrace.com. Classic live.dynatrace.com URLs are not valid for this connection.
The Platform token is missing, expired, revoked, or copied incorrectly. Create a new Dynatrace Platform token with the required scopes and reconnect.
The token is missing one or more required scopes. For example, if DQL works for events but not logs, add storage:logs:read. If most tools fail, confirm the token includes app-engine:apps:run.
The query may target an empty bucket, a data type the token cannot read, or a time range without matching telemetry. Try a shorter known query against a known service, bucket, or timeframe.
Unbounded DQL queries can return too much data or take too long. Add filters, use short time windows, and ask agents to validate the query before expanding it.

Security Best Practices

  • Dedicated token - Create a token used only by CloudThinker
  • Least privilege - Grant only the Platform scopes needed for enabled workflows
  • Read scopes first - Start with read-only access and add document:documents:write only for approved document workflows
  • Short scoped queries - Prefer service, entity, bucket, and time filters to limit data exposure
  • Token rotation - Rotate the Platform token regularly and update it in CloudThinker
  • Revoke when unused - Revoke the token in Dynatrace if you disconnect the integration
https://mintcdn.com/cloudthinker/aLd-ttc-SCW-aFky/images/icons/datadog.svg?fit=max&auto=format&n=aLd-ttc-SCW-aFky&q=85&s=e8382167f2a1eb1e00971b5f4d703d48

Datadog Connection

Logs, metrics, APM, and incidents
https://mintcdn.com/cloudthinker/wCGuHK6EQ4nmA6Df/images/icons/newrelic.svg?fit=max&auto=format&n=wCGuHK6EQ4nmA6Df&q=85&s=5c54d5df836916a27f3e0b7e6c8f8edb

New Relic Connection

APM, NRQL, infrastructure, and alerts