Recent changes and improvements to Dash0

When creating or editing an auth token in Settings > Auth Tokens, a new Signal type dropdown appears between the dataset restriction and permissions fields. Select a signal type to lock the token to that single type of telemetry, or leave it set to "Unrestricted" to accept all signals as before. The restriction is enforced server-side in the collector pipeline: any data that does not match the permitted signal type is silently dropped.

Why this matters for Website monitoring

Website monitoring in Dash0 is powered by the Dash0 Web SDK, which sends both spans and logs over the same OTLP connection. In backend observability, each signal type typically arrives through a separate pipeline with its own token. But the browser is different — a single Web SDK instance emits page loads, web vitals, user interactions (as spans), and console errors or custom events (as logs) through one shared auth token.

With signal type restrictions, you can now issue a dedicated token that only accepts web events. This is valuable for two reasons:

1. Security boundary. The auth token embedded in your website's JavaScript is publicly visible to anyone who opens the browser's developer
tools. A token restricted to web events cannot be abused to ingest backend traces, metrics, or profiles into your organization — even if it is
extracted from the page source.
2. Blast-radius reduction. If a web-events-only token is compromised or accidentally shared, the damage is contained to a single signal type.
Backend observability data, alerting metrics, and profiling data remain unaffected.

Interplay with other features

Signal type restrictions combine with the existing dataset restriction — a token can be scoped to both a specific dataset and a specific signal type for maximum isolation.

And, by the way, you can go and retrofit your existing authentication tokens with the new restrictions!

What changed

Error comparison as the default baseline. Opening the Triage tab in the Trace Explorer, Logs Explorer, or Web Events Explorer now automatically
compares error spans, error logs, or failed web events against their non-error counterparts. There is no longer a need to manually switch the
analysis method.

Conflicting filter detection. If you already have a general filter restricting data to errors (e.g., otel.span.status.code = ERRORCopy), the error
comparison becomes meaningless — every record matches both the selection and the baseline. When this happens, the triage panel now detects the
conflict and shows a "Remove filter" button that strips the redundant filter in one click, restoring a meaningful comparison.

Why this matters

Error triage is the most common entry point when investigating incidents. Defaulting to error comparison mode removes a step from the most
frequent workflow, while the new conflicting-filter detection ensures users are never stuck on a "No major differences" screen without guidance
on how to fix it.

The translation works automatically as long as your JavaScript files and source maps are reachable via HTTP(S).

If your build tool generates source maps and deploys them alongside your JavaScript bundles, no additional configuration is required.

If your source maps are hosted behind authentication, you can configure a Source Map Integration to provide credentials (Basic Auth, Bearer token, or custom headers) for specific URL prefixes.

What’s included:

• Automatic translation of minified JavaScript stack traces
• Support for public and authenticated source maps
• URL prefix–based integration configuration
• Per-frame translation with detailed error feedback
• Original stack trace always preserved

Each frame in a stack trace is translated independently. If a frame cannot be resolved, it remains in its original form and shows a warning icon. Hovering over the icon reveals the reason (for example, missing source map, authentication error, or file not found).

You can switch between the original and translated stack trace at any time using the toggle in the UI.

At Dash0, we live and breathe OpenTelemetry Semantic Conventions. And in building Dash0, we have defined attributes we add to telemetry you send us, and metrics we make available to you out of the box like the synthetic metrics that you use a lot for alerting.

We like a lot of what we see in the OpenTelemetry Weaver project, which provides the tooling that the OpenTelemetry project uses to publish the OpenTelemetry Semantic Conventions.

And so we did the same ourselves.

Why a public registry?

Dash0 enriches incoming telemetry with attributes such as dash0.operation.nameCopy, dash0.resource.typeCopy, or dash0.log.patternCopy.
Until now, the meaning of these fields lived in internal documentation.
Making them public means you can discover every Dash0-specific attribute, metric, and event in one place. And chances are, you may discover the next Dash0 feature you love!

What is in the Dash0 Semantic Conventions registry

The registry covers four areas:

Attributes

Every attribute Dash0 materialises on spans, logs, metrics, and web events is documented — from resource identity (dash0.resource.idCopy, dash0.resource.nameCopy and dash0.resource.typeCopy) to AI-inferred log fields (dash0.log.ai.message_inferredCopy).

Also OTLP protocol fields that Dash0 maps to queryable attributes (otel.trace.idCopy, otel.span.kindCopy, otel.log.severity.rangeCopy, and many others) are included as well.

Metrics

All dash0.*Copy metrics are listed with their instrument, unit, and stability level.
Synthetic metrics like dash0.spansCopy and dash0.spans.durationCopy are clearly marked, along with their deprecated Prometheus aliases.

The registry also covers website monitoring (dash0.web.*Copy), synthetic checks (dash0.synthetic_check.*Copy), alerting (dash0.check.*Copy), and so on.

Events

The dash0.deploymentCopy event — that you can emit from CI/CD pipelines to mark a service deployment (for example using the brand new Dash0 CLI) is fully specified, including its required resource attributes and optional VCS metadata.

Open in Dash0

Every metric and attribute page includes an Open in Dash0 link that takes you straight to the relevant explorer with the right filters pre-applied.
Click a metric name to open it in the Metrics Explorer.
Click an attribute to jump to the Traces, Logs, Metrics, or Web Events Explorer with the right filters pre-set.

Browse the full registry at dash0hq.github.io/dash0-semantic-conventions. We will also integrate it in the Dash0 Documentation soon.

What's New

• Linear integration for Agent0: Agent0 can now reference Linear issues, projects, and teams while investigating production behavior, so you can tie runtime signals to the work your team already tracks.
• Invoke Agent0 from Linear: Mention @Dash0Copy in any Linear issue or comment to start an investigation without leaving Linear. Agent0 reads the issue context, runs analysis against your telemetry, and posts results back into the same thread, including tool execution steps and a deep link to the full session in Dash0.
• Context preserved across tools: Agent0 responses posted into Linear include a deep link that reopens the investigation in Dash0 with organization, dataset, and time range already set.
• Read-only access: Agent0 reads your Linear workspace but cannot create, modify, or close issues.

Availability

Available now for all Dash0 organizations. Set up in Organization Settings → Integrations → Add → LinearCopy. Open integration settings.

What's New

Preferred dataset: Enable the Preferred toggle on any dataset's Overview page. Dash0 opens that dataset for all organization members when no dataset is encoded in the URL.

Note that if users already opened a dataset before, that previously stored dataset has precedence over the preferred organisation dataset.

Available to all Dash0 users. Changing the preferred dataset requires admin permissions.

One consistent interface for every asset type

Dashboards, check rules, views, and synthetic checks all share the same set of subcommands:

12345
dash0 dashboards list
dash0 check-rules get <id>
dash0 views create -f view.yaml
dash0 synthetic-checks update <id> -f check.yaml
dash0 dashboards delete <id>

listCopy, getCopy, createCopy, updateCopy, deleteCopy: the same verbs, the same flags, the same output formats across every asset type. No need to learn a different interface for each one.

Export, edit, re-apply

The getCopy command with -o yamlCopy or -o jsonCopy gives you the full asset definition, ready for editing:

123
dash0 dashboards get <id> -o yaml > dashboard.yaml
# edit dashboard.yaml
dash0 dashboards update <id> -f dashboard.yaml

The applyCopy command: GitOps for observability

applyCopy is the single command that ties it all together.Point it at a file or a directory, and it figures out the rest:

12345
# Apply a single file
dash0 apply -f dashboard.yaml

# Apply an entire directory recursively
dash0 apply -f assets/

The command auto-detects whether each asset needs to be created or updated. Multi-document YAML files (separated by ---Copy) let you bundle related assets into a single file. Hidden files and directories are skipped, so your .gitCopy folder stays out of the way.

Prometheus alerting rules, native in Dash0

Already have Prometheus alerting rules? The CLI accepts PrometheusRule CRD files directly:

12
dash0 check-rules create -f prometheus-rules.yaml
dash0 apply -f prometheus-rules.yaml

Each alerting rule in the CRD becomes a Dash0 check rule. Recording rules are skipped automatically. No manual conversion required.

Multiple output formats

Every list and get command supports tableCopy, wideCopy, jsonCopy, yamlCopy, and csvCopy output. Use wideCopy for a quick overview that includes dataset, origin, and URL. Use csvCopy with --skip-headerCopy for machine-readable automation.

Get started

123456789
export DASH0_API_URL=... # Get the value at https://app.dash0.com/goto/settings/endpoints?endpoint_type=api_http
export DASH0_AUTH_TOKEN=... # Get the value at https://app.dash0.com/goto/settings/auth-tokens

# See what you have
dash0 dashboards list

# Export, tweak, and re-apply
dash0 dashboards get <id> -o yaml > my-dashboard.yaml
dash0 apply -f my-dashboard.yaml

Asset management is available in all stable releases of the Dash0 CLI: no experimental flag needed.

Search spans like you search logs

The spans queryCopy command brings to spans the same filtering, output formats, and custom columns you already know from logs queryCopy:

1234
dash0 -X spans query \
    --from now-1h \
    --filter "service.name is checkout-service" \
    --filter "otel.span.status.code is ERROR"

The default table shows timestamp, duration, span name, status, service name, parent ID, trace ID, and span links. Swap in any OTLP attribute as a column to surface the dimensions that matter to your investigation:

12345
dash0 -X spans query \
    --column timestamp \
    --column duration \
    --column "span name" \
    --column http.request.method

JSON and CSV outputs are available for scripting and downstream processing.

Reconstruct full traces

Once you have a trace ID — from a span query, a log record, or an alerting rule — traces getCopy fetches every span in the trace and displays them as an indented tree:

1
dash0 -X traces get 0af7651916cd43dd8448eb211c80319c

Follow span links across trace boundaries

Modern architectures do not always fit into a single trace. A message queue consumer might link back to the producer's trace; a batch job might reference the request that triggered it.

The --follow-span-linksCopy flag tells the CLI to chase those connections automatically:

1
dash0 -X traces get 0af7651916cd43dd8448eb211c80319c --follow-span-links

The CLI walks span links recursively (up to 20 traces), displaying each linked trace under a clear header. You can set a custom lookback period for the linked traces, like --follow-span-links 2hCopy, to control how far back the search reaches.

Get started

1234
export DASH0_API_URL=... # Get the value at https://app.dash0.com/goto/settings/endpoints?endpoint_type=api_http
export DASH0_AUTH_TOKEN=... # Get the value at https://app.dash0.com/goto/settings/auth-tokens

dash0 -X spans query --from now-15m

Span and trace commands are experimental: enable them with -XCopy and tell us how they fit into your workflow.

Powerful filtering at your fingertips

The --filterCopy flag accepts the same expression language you use in the Dash0 UI so you can zero in on exactly the records that matter. Combine multiple filters (AND logic) to slice through millions of log lines in seconds:

12345
dash0 -X logs query \
    --from now-1h \
    --filter "service.name is api-gateway" \
    --filter "otel.log.severity.range is_one_of ERROR FATAL" \
    --limit 200

Supported operators range from exact matches (isCopy, is_notCopy) and substring checks (containsCopy, starts_withCopy) to regex (matchesCopy), numeric comparisons (gtCopy, gteCopy, ltCopy, lteCopy), and presence tests (is_setCopy, is_not_setCopy). If you can describe the condition in the Dash0 Logging Explorer, the CLI can express it.

Flexible output for humans and machines

By default, logs queryCopy prints a clean table with timestamp, severity, and body. Need the full OTLP payload for a script? Switch to --output jsonCopy. Feeding results into awkCopy or a spreadsheet? Use --output csvCopy.

Custom columns let you pull any attribute into view:

1234
dash0 -X logs query \
    --column time \
    --column service.name \
    --column body

Any OTLP attribute key, at resource, scope, or log record level, works as a column, so you see exactly the dimensions you care about.

Built for automation

Relative timestamps (now-15mCopy, now-1hCopy), machine-readable CSV output, and --skip-headerCopy make logs queryCopy a natural fit for shell scripts, CI checks, and AI-agent workflows. Pipe it into jqCopy, grepCopy, or your favorite data tool.

12345
# Count errors in the last 30 minutes
dash0 -X logs query \
    --from now-30m \
    --filter "otel.log.severity.range is ERROR" \
    -o csv --skip-header | wc -l

Get started

Install or update the Dash0 CLI, set your credentials, and start querying:

1234
export DASH0_API_URL=... # Get the value at https://app.dash0.com/goto/settings/endpoints?endpoint_type=api_http
export DASH0_AUTH_TOKEN=... # Get the value at https://app.dash0.com/goto/settings/auth-tokens

dash0 -X logs query --from now-1h

Logs query is an experimental command: enable it with the -XCopy flag and let us know what you think.

We have extended the following tools with comprehensive management capabilities for members and teams:

• The official Dash0 API
• The Dash0 Go API Client
• The dash0 CLI (Command Line Interface)

Teams Management

The core team API endpoints, starting with /teamsCopy, cover operations like:

• Retrieving a list of all teams in your organization.
• Creating new teams with specific access configurations.
• Adding and removing members from teams.
• Fetching details for a single team.
• Updating existing team properties, such as the name.
• Deleting teams.

CLI Snippets

1234567891011
# List all teams
dash0 teams -X list

# Create a new team
dash0 teams -X create --name "Frontend Developers"

# Add members to a team
dash0 teams -X add-members <teamId> <memberIdOrEmail> <memberIdOrEmail> <memberIdOrEmail>

# Delete a team
dash0 teams -X delete <teamId>

The teamsCopy command is currently experimental (like all recently introduced commands), and therefore requires the –X/-–experimentalCopy flag.

Members Management

The API endpoints under /membersCopy let you manage individuals in your organization:

• Listing all members in the organization.
• Inviting new users to the organization.
• Managing member roles and permissions.

CLI Snippets

12345678
# List all members
dash0 members -X list

# Invite a new user
dash0 members -X invite "user@example.com"

# Invite a new user
dash0 members -X remove "user@example.com"

The membersCopy command is currently experimental (like all recently introduced commands), and therefore requires the –X/-–experimentalCopy flag.