Log Monitoring can read and analyze:
System, Security, and Application logs are automatically discovered on hosts. Other custom event-log format logs can be added manually on the environment level. The timestamp is sourced from an event's attribute, Event.System.TimeCreated.<xmlattr>.SystemTime
.
Any plain-text log file is valid as long as it is encoded in UTF-8 or UTF-16. The timestamp is detected automatically when it is present, according to the rules described in Supported timestamp formats (Logs Classic). It is also possible to configure your timestamp. If no timestamp is present, the log format is still valid. In such case, each line that doesn't start with a whitespace is treated as the beginning of a new log record, and is automatically assigned a timestamp that is the time of reading a log record by OneAgent.
There is no specific support for JSON. It is treated as text.
Any log entry with an unrecognized timestamp will be adjusted with the current timestamp to allow the log entry to be processed.
The proper timestamp format consists of both date and time. The list below covers possible time formats, which need to be paired with the allowed date formats listed in the next section:
12:23:34.12312:23:34.123GMT+010012:23:34.123 GMT+01000:00:00 GMT0:00:00 GMT+010000:00:0012:13:01+010012:13:02.12312:13:03.123123+010012:13:02,12312:13:03,123123+010012:13:04GMT12:13:05GMT+010012:13:06GMT+0112:13:09+010012:13:10+0112:13:12+020012:13:13.123pm12:13:14.123 AM12:13:15.123PM+0112:13:16.123 AM+0212:13:17CEST12:13:18 CET00:13:19
Below are the date formats that need to be paired with the time formats listed in the previous section:
2018-04-06 09:54:04.839 UTC2018-04-06 11:01:19,6252018/04/06 11:06:23 UTCApr 6 12:23:52Apr-6 13:35:57.621