OneAgent for logs ingestion

  • Latest Dynatrace
  • Tutorial
  • 4-min read
  • Published Sep 18, 2025

This use case guides you through setting up log monitoring using OneAgent to automatically discover and ingest logs from your hosts. You'll learn how to configure log sources, create ingest rules, and apply data filtering and masking to ensure you collect the relevant logs while protecting sensitive information.

OneAgent provides automatic log discovery for many common log sources, and you can also add custom sources and fine-tune collection rules to meet your specific monitoring requirements.

Target audience

This article is intended for Dynatrace administrators setting up log monitoring with OneAgent.

Scenario

You are a Dynatrace admin who wants to track whether there are system errors on the hosts you monitor.

Before you begin

  1. You need to have OneAgent installed on your host.

  2. Check the Log Analytics feature status. Log monitoring is enabled by default. If the configuration was changed, ensure the following:

  • In your Dynatrace environment: OneAgent settings.

    This is not a log ingest configuration but a feature enablement option. It's enabled by default, so you don't need to change it in most cases.

  • On the OneAgent instance.

The following are the best practices to ingest and configure log sources at scale:

Steps

required

  1. Go to Hosts Hosts classic.
  2. Select your host record.
  3. On the menu on the right, select Log Sources.
  4. Review the auto-detected log sources to verify that OneAgent is discovering logs, and to identify any additional log sources you may need to configure manually in the next step.

optional

Follow the steps below to add a custom log source:

  1. Go to Settings Settings > Collect and capture > Log Monitoring > Custom log sources.
  2. Select Add custom log source.
  3. Provide a Rule name.
  4. optional Select the Process groups that you want to associate process groups to selected log sources. If you leave this field empty, your logs will be linked to the host.
  5. Select the log source type as either a Log path or a Windows Event Log. For logs that you import from a path, select either the Allow binary content toggle (for binary logs) or use the Encoding drop-down menu to choose the appropriate character encoding (for non-binary logs).
  6. Select Add custom log source path.
  7. In the Path field, input the path for the selected log source type, and select Add path.
  8. Select Save changes.

See Configure custom log source to add log sources that have not been autodetected.

It's recommended to add custom log sources if auto-detection adjustment is not possible.

required

Define log ingest rules with matchers to control which logs are collected and sent to Dynatrace storage. Go to Log ingest rules to learn more.

Follow the steps below to configure your log ingest rule:

  1. Go to Settings Settings > Collect and capture > Log Monitoring > Log ingest rules.
  2. Select Add rule and provide the name for your configuration. By default, the Include in storage button is turned on, indicating that log sources configured by this rule will be forwarded to Dynatrace. Alternatively, you can select the Exclude from storage rule type.
  3. Select Add condition, choose a Matcher attribute, and enter the appropriate Value. Each matcher can have multiple values, and each rule can have multiple matchers. Multiple matchers can be included in one rule.
  4. Select Add matcher.
  5. Select Save changes.

All the logs that are ingested by the ingest rules consume license for ingestion

optional

Create ingest rules with matchers for log.level or content attributes as described in Log ingest rules. This helps reduce data volume and focus on relevant logs.

For example, you can:

  • Filter by Log record level to collect only warning and error logs.
  • Filter by Log content to include or exclude logs containing specific phrases.

optional

Configure rules to mask sensitive log data such as user names, email addresses, or URL parameters. For more information about how to select the data that needs to be protected, and how to apply masking rules, see Sensitive data masking in OneAgent.

optional

Configure rules to mask sensitive data during ingest. This provides enhanced data protection because the masked data is not stored. For more information, see Log processing for sensitive data masking, or review all available Methods of masking sensitive data.

optional

Go to Settings > Collect and capture > Log monitoring > Advanced log settings. For detailed configuration guidance, see the Advanced log settings guide

These settings are typically needed when:

  • You have high-volume logging environments requiring performance tuning.
  • Your log files use non-standard formats or rotation patterns.
  • You need to troubleshoot OneAgent log collection issues.
Related tags
Log Analytics