Generic log ingestion
powered by Grail
Dynatrace automatically collects log and event data from a vast array of technologies. With generic log ingestion, you can stream log records to a system and have Dynatrace transform the stream into meaningful log messages.
Create metrics from dropped logs
Logs often contain valuable metric data, but you may not want to store the original log data. To get the metric data from logs and discard the original log data, you can create a metric from dropped logs. For example, consider the following log content:
2023-06-15T13:02:56Z localhost haproxy[12528]: 10.10.10.10:48064 http-in~ local/local0 3605/0/0/61/3666 HTTP_STATUS 200 138 - - ---- 7416/7413/400/401/0 0/0 {574|||domain.com} {|} "POST /communication HTTP/1.1"
You may be interested only in the active session total time from HAPproxy and you would like to discard the rest of the log data.
To do that
- Ingest the log data via OneAgent and API.
- Extract the metric from the ingested log data.
- Create the log metric.
- Drop the original log data using the Don't store in a bucket option in the bucket configuration.
Editing log metric
To list, enable, disable, delete, or modify metrics created from log data, go to Settings > Log Monitoring > Log metrics.
Editing a metric key will generate a new metric. As a result, historical data will be accessible only with the old metric key.
Example
In this example, we create and chart a log metric, save it to a dashboard, and create an alert.
-
In the Dynatrace menu, go to Logs to display the log viewer.
-
Create a query that filters the data that you are interested in. For this example, to filter all log entries for
error
, enter this query:status="error"
-
Select Create metric.
The Log metrics page is displayed with Query set to your query. -
Type in the metric key (a unique name for the metric). By default, each metric key begins with
log.
prefix. All log metrics based on logs must have a key starting with this prefix.
For this example, set key to:log.error_PGI
-
Select Add dimension and then select the
dt.entityprocess_group_instance
dimension from the list.If you saved the metric without adding a dimension, Dynatrace would count errors globally. But in this example, we want to see how the error status is distributed across process group instances. Adding the
dt.entityprocess_group_instance
dimension will make Dynatrace count the number of error statuses for each process group instance. This allows you to view precisely where the error status occurred and to create an alert for a particular dimension. -
Save changes.
Now that you have defined the metric, you can chart it, pin it to a dashboard, and even create an alert based on it.
-
Chart: Go to Data explorer, set Select metric… to
log.error_PGI
, and select Run query. -
Dashboard: After you create a chart, select Pin to dashboard to add the chart to one of your classic dashboards. For details, see Pin tiles to your dashboard.
-
Alert: Go to Settings > Anomaly detection > Metric events, select Add metric event, and create a custom event based on
log.error_PGI
.