Log module feature flags

  • Latest Dynatrace
  • Concept
  • 1-min read

New features are introduced to OneAgent log module and Dynatrace log module for Kubernetes. The log module feature flags allow you to enable or disable specific functionalities of the OneAgent log module and the Dynatrace log module for Kubernetes.

Follow the steps below to control the log module feature flags:

  1. Go to Settings Settings > Log Monitoring > Log module feature flags.

  2. Enable or disable the Collect all container logs, Collect Journald logs, and/or Support for structured data in Windows Event Logs options to configure the desired functionalities.

Collect all container logs

OneAgent version 1.307+

This feature flag enables improved capability for streaming logs via the OneAgent log module from Kubernetes environments by:

  • Detection and collection of logs from short-lived containers and processes in Kubernetes
  • Detection and collection of logs from containers running processes not detected by OneAgent. For further reference, see Which are the most important processes?
  • Improved collection of logs from containers producing high volume of logs
  • Improved collection of logs from container wind-down
  • Log ingest configuration based on k8s.workload.name and k8s.workload.kind
  • Log ingest configuration based on pod annotations and labels
  • Log events decoration with k8s.workload.name and k8s.workload.kind

The matcher Deployment name in the log sources configuration will be ignored and needs to be replaced with Workload name. This requires Dynatrace Operator version 1.4.2+.

The feature flag only affects log ingestion via the OneAgent log module. The Kubernetes log module is not affected by this feature flag and always collects all container logs. Learn more about the different log modules.

New tenants have this feature flag enabled by default. Existing tenants have this feature flag disabled by default to avoid introducing compatibility-breaking changes or altering ingest volume. We recommend to consider enabling this feature flag to improve the capability of streaming logs from Kubernetes environments. Please consider the following changes when enabling this feature flag:

  • Logs from short-lived containers and processes will be collected and ingested. This may introduce additional log volume.
  • Logs from processes in containers not detected by OneAgent will be collected and ingested. This may introduce additional log volume.
  • Log events decoration according to semantic dictionary. This may affect existing filters, alerts, and dashboards based on log event properties.

Enable Journald log detector

OneAgent version 1.307+

Enable the OneAgent log module and the Kubernetes log module to collect logs from Journald on Linux systems. This option is enabled by default for new tenants, while existing tenants can opt-in. It still requires a proper ingest rule to be effective.

Support for structured data in Windows Event Logs

OneAgent version 1.317+

Enable OneAgent to collect data from event logs' User Data and Event Data sections. To learn more, see Support for structured data.

Related tags
Log Analytics