Log Monitoring API - GET aggregate logs

Gets the aggregated log records that match the provided criteria.

Returns the aggregated number of occurrences of log values divided into time slots.

It is possible that the timeframe covered by the results exceeds the specified timeframe. In such cases, the request returns fewer timeslots than specified in the timeBuckets query parameter.

The request produces an application/json payload.

This request is an Early Adopter release and may be changed in non-compatible way.

GET	Dynatrace SaaS https://{your-environment-id}.live.dynatrace.com/api/v2/logs/aggregate Environment ActiveGate https://{your-activegate-domain}/e/{your-environment-id}/api/v2/logs/aggregate

Authentication

To execute this request, you need the Read logs (logs.read) permission assigned to your API token. To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter	Type	Description	In	Required
from	string	The start of the requested timeframe. You can use one of the following formats: Timestamp in UTC milliseconds. Human-readable format of `2021-01-25T05:57:01.123+01:00`. If no time zone is specified, UTC is used. You can use a space character instead of the `T`. Seconds and fractions of a second are optional. Relative timeframe, back from now. The format is `now-NU/A`, where `N` is the amount of time, `U` is the unit of time, and `A` is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, `now-1y/w` is one year back, aligned by a week. You can also specify relative timeframe without an alignment: `now-NU`. Supported time units for the relative timeframe are: `m`: minutes `h`: hours `d`: days `w`: weeks `M`: months `y`: years If not set, the relative timeframe of two weeks is used (`now-2w`).	query	optional
to	string	The end of the requested timeframe. You can use one of the following formats: Timestamp in UTC milliseconds. Human-readable format of `2021-01-25T05:57:01.123+01:00`. If no time zone is specified, UTC is used. You can use a space character instead of the `T`. Seconds and fractions of a second are optional. Relative timeframe, back from now. The format is `now-NU/A`, where `N` is the amount of time, `U` is the unit of time, and `A` is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, `now-1y/w` is one year back, aligned by a week. You can also specify relative timeframe without an alignment: `now-NU`. Supported time units for the relative timeframe are: `m`: minutes `h`: hours `d`: days `w`: weeks `M`: months `y`: years If not set, the current timestamp is used.	query	optional
query	string	The log search query. The query must use the Dynatrace search query language.	query	optional
timeBuckets	integer	The number of time slots in the result. The query timeframe is divided equally into the specified number of slots. The minimum length of a slot is 1 ms. If not set, 1 is used.	query	optional
maxGroupValues	integer	The maximum number of values in each group. You can get up to 100 values per group. If not set, 10 is used.	query	optional
groupBy	string[]	The groupings to be included in the response. You can specify several groups in the following format: `groupBy=status&groupBy=log.source`. If not set, all possible groups are returned. You can use this option to check for possible grouping values. Unique log data attributes (high-cardinality attributes) for example, `span_id` or `trace_id` cannot be used for grouping.	query	optional

Response

Response codes

Code	Type	Description
200	AggregatedLog	Success
400	ErrorEnvelope	Failed. The input is invalid.

Response body objects

The `AggregatedLog` object

Aggregated log records.

Element	Type	Description
aggregationResult	object	Aggregated log records.

Response body JSON model

1{
2  "aggregationResult": {
3    "hostId": {
4      "1597835271": {
5        "localhost": "12"
6      },
7      "1597835331": {
8        "remotehost": "6"
9      }
10    },
11    "logLevel": {
12      "1597835271": {
13        "ERROR": "1",
14        "INFO": "2"
15      },
16      "1597835331": {
17        "INFO": "17"
18      }
19    },
20    "logPath": {
21      "1597835271": {
22        "/var/log/messages": "15",
23        "/var/log/syslog": "3"
24      },
25      "1597835331": {
26        "/var/log/messages": "15",
27        "/var/log/syslog": "3"
28      }
29    },
30    "processId": {
31      "1597835271": {
32        "cassandra": "6"
33      },
34      "1597835331": {
35        "apache": "12",
36        "cassandra": "60"
37      }
38    }
39  }
40}