Log Monitoring API - GET search logs
Gets the log records matching the provided criteria. Matching log records are sorted by the criteria specified in the sort query parameter, and then the first X records (as specified by the limit query parameter) are returned. To run a query without a size limit, use the GET export logs request.
If the resulting log is too large, it is divided into slices. In such cases, the first response contains the nextSliceKey for the second slice. Use it in the nextSliceKey query parameter to obtain the second slice, which in turn contains the nextSliceKey for the third slice, and so on.
Results might be distributed unevenly between slices, and some slices might be empty.
The request produces an application/json
payload.
This request is an Early Adopter release and may be changed in non-compatible way.
GET |
|
Authentication
To execute this request, you need the Read logs (logs.read
) permission assigned to your API token. To learn how to obtain and use it, see Tokens and authentication.
Parameters
Parameter | Type | Description | In | Required |
---|---|---|---|---|
from | string | The start of the requested timeframe. You can use one of the following formats:
If not set, the relative timeframe of two weeks is used ( | query | optional |
to | string | The end of the requested timeframe. You can use one of the following formats:
If not set, the current timestamp is used. | query | optional |
limit | integer | The desired amount of log records. The maximal allowed limit is 1000. If not set, 1000 is used. | query | optional |
query | string | The log search query. The query must use the Dynatrace search query language. | query | optional |
sort | string | Defines the ordering of the log records. Each field has a sign prefix (+/-) for sorting order. If no sign prefix is set, then the Currently, ordering is available only for the timestamp (+timestamp for the oldest records first, or -timestamp for the newest records first). When millisecond resolution provided by the timestamp is not enough, log records are sorted based on the order in which they appear in the log source (remote process writing to REST API endpoint or remote process from which logs are collected). | query | optional |
nextSliceKey | string | The cursor for the next slice of results. You can find it in the nextSliceKey field of the previous response. The first slice is always returned if you don't specify this parameter. If this parameter is set, all other query parameters are ignored. | query | optional |
Response
Response codes
Code | Type | Description |
---|---|---|
200 | LogRecordsList | Success |
400 | ErrorEnvelope | Failed. The input is invalid. |
Response body objects
The LogRecordsList
object
A list of retrieved log records.
Element | Type | Description |
---|---|---|
nextSliceKey | string | The cursor for the next slice of log records. |
results | LogRecord[] | A list of retrieved log records. |
sliceSize | integer | The total number of records in a slice. |
The LogRecord
object
A single log record.
Element | Type | Description |
---|---|---|
additionalColumns | object | Additional columns of the log record. |
content | string | The content of the log record. |
eventType | string | Type of event
|
status | string | The log status (based on the log level).
|
timestamp | integer | The timestamp of the log record, in UTC milliseconds. |
Response body JSON model
1{2 "nextSliceKey": "___-2hI03q0AAAAAAAAAAAAAA-gAAAAAAAAH0P____8AAABkAAAACXRpbWVzdGFtcAD___7aEjTerQ",3 "results": [4 {5 "additionalColumns": {6 "custom.attribute": [7 "value1",8 "value2"9 ],10 "loglevel": [11 "SEVERE"12 ]13 },14 "content": "example log content",15 "event.type": "LOG",16 "status": "ERROR",17 "timestamp": "1631193089000"18 }19 ],20 "sliceSize": 10021}