Log Monitoring API - GET search logs

Gets the log records matching the provided criteria. Matching log records are sorted by the criteria specified in the sort query parameter, and then the first X records (as specified by the limit query parameter) are returned. To run a query without a size limit, use the GET export logs request.

If the resulting log is too large, it is divided into slices. In such cases, the first response contains the nextSliceKey for the second slice. Use it in the nextSliceKey query parameter to obtain the second slice, which in turn contains the nextSliceKey for the third slice, and so on.

Results might be distributed unevenly between slices, and some slices might be empty.

The request produces an application/json payload.

This request is an Early Adopter release and may be changed in non-compatible way.

GETSaaShttps://{your-environment-id}.live.dynatrace.com/api/v2/logs/search
Environment ActiveGateCluster ActiveGatehttps://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/logs/search

Authentication

To execute this request, you need an access token with logs.read scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter
Type
Description
In
Required
from
string

The start of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the relative timeframe of two weeks is used (now-2w).

query
optional
to
string

The end of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the current timestamp is used.

query
optional
limit
integer

The desired amount of log records.

The maximal allowed limit is 1000.

If not set, 1000 is used.

query
optional
query
string

The log search query.

The query must use the Dynatrace search query language.

query
optional
sort
string

Defines the ordering of the log records.

Each field has a sign prefix (+/-) for sorting order. If no sign prefix is set, then the + option will be applied.

Currently, ordering is available only for the timestamp (+timestamp for the oldest records first, or -timestamp for the newest records first).

When millisecond resolution provided by the timestamp is not enough, log records are sorted based on the order in which they appear in the log source (remote process writing to REST API endpoint or remote process from which logs are collected).

query
optional
nextSliceKey
string

The cursor for the next slice of results. You can find it in the nextSliceKey field of the previous response.

The first slice is always returned if you don't specify this parameter.

If this parameter is set, all other query parameters are ignored.

Unsupported on Log Management and Analytics, powered by Grail.

query
optional

Response

Response codes

Code
Type
Description
200

Success

400

Failed. The input is invalid.

4XX

Client side error.

5XX

Server side error.

Response body objects

The LogRecordsList object

A list of retrieved log records.

Element
Type
Description
nextSliceKey
string

The cursor for the next slice of log records. Always null on Log Management and Analytics, powered by Grail.

results

A list of retrieved log records.

sliceSize
integer

The total number of records in a slice.

warnings
string

Optional warning messages.

The LogRecord object

A single log record.

Element
Type
Description
additionalColumns
object

Additional columns of the log record.

content
string

The content of the log record.

eventType
string

Type of event

  • K8S
  • LOG
  • SFM
status
string

The log status (based on the log level).

  • ERROR
  • INFO
  • NONE
  • NOT_APPLICABLE
  • WARN
timestamp
integer

The timestamp of the log record, in UTC milliseconds.

Response body JSON model

{
  "nextSliceKey": "___-2hI03q0AAAAAAAAAAAAAA-gAAAAAAAAH0P____8AAABkAAAACXRpbWVzdGFtcAD___7aEjTerQ",
  "results": [
    {
      "additionalColumns": {
        "custom.attribute": [
          "value1",
          "value2"
        ],
        "loglevel": [
          "SEVERE"
        ]
      },
      "content": "example log content",
      "event.type": "LOG",
      "status": "ERROR",
      "timestamp": "1631193089000"
    }
  ],
  "sliceSize": 100
}

Related topics