Kubernetes log monitoring

Dynatrace provides integrated Log management and analytics for your Kubernetes environments by either running the OneAgent Log module or integrating with log collectors such as Fluent Bit, Dynatrace OpenTelemetry Collector, Logstash, or Fluentd.

Use cases

Deployment options for Kubernetes log monitoring

Dynatrace provides a flexible approach to Kubernetes observability where you can pick and choose the level of observability you need for your Kubernetes clusters. The Dynatrace Operator manages all the components needed to get the data into Dynatrace for you. This also applies to collecting logs from Kubernetes containers. Depending on the selected observability option, the Dynatrace Operator configures and manages the Log module to work in conjunction with or without a OneAgent on the node.

Log monitoring value

Kubernetes platform monitoring (optional: + Application observability)

Kubernetes platform monitoring + Full-Stack observability

Auto discovery of container logs

Applicable

Applicable

Control ingest via annotations and labels

Applicable

Applicable

Log enrichment with Kubernetes metadata

Applicable

Applicable

Logs in context of traces

Applicable 1

Applicable

Log enrichment with process context

Applicable

Report logs to different Dynatrace environments

Applicable

Dynatrace Operator for managing the rollout and lifecycle

Applicable

Applicable

1

For pods with Application observability enabled

  • Dynatrace version 1.310+
  • Dynatrace Operator version 1.4.2+
  • Dynatrace OneAgent version 1.309+

Before you begin

Before installing Dynatrace on your Kubernetes cluster, ensure that you meet the following requirements:

  • Your kubectl CLI is connected to the Kubernetes cluster that you want to monitor.
  • You have sufficient privileges on the monitored cluster to run kubectl or oc commands.

Cluster setup and configuration

  • You must allow egress for Dynatrace pods (default: Dynatrace namespace) to your Dynatrace environment URL
  • For OpenShift Dedicated, you need the cluster-admin role
  • Helm installation Use Helm version 3

Supported versions

See supported Kubernetes/OpenShift platform versions and distributions.

The OneAgent Log Module is not yet supported on GKE Autopilot clusters.

The OneAgent Log module reads logs from containerd and cri-o containers. Other container runtimes aren't supported.

Installation options

Kubernetes and OpenShift (with future support for GKE Autopilot) are automatically detected during the installation. The necessary manifests are applied as required. Follow the steps below:

  1. Install Dynatrace Operator 

    helm install dynatrace-operator oci://public.ecr.aws/dynatrace/dynatrace-operator \
       --set "csidriver.enabled=false"
       --create-namespace \
       --namespace dynatrace \
       --atomic

    Edit the values.yaml sample from GitHub, and then run the install command, passing the YAML file as an argument:

    helm install dynatrace-operator oci://public.ecr.aws/dynatrace/dynatrace-operator \
       --create-namespace \
       --namespace dynatrace \
       --atomic \
       -f values.yaml

  2. Create secret for access tokens

    Create a secret named dynakube for the Dynatrace Operator token and data ingest token obtained in Tokens and permissions required.

    kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=<OPERATOR_TOKEN>" --from-literal="dataIngestToken=<DATA_INGEST_TOKEN>"

  3. Create your DynaKube custom resource YAML file.

    You can review the available parameters or how-to guides, and adapt the DynaKube custom resource according to your requirements.

    apiVersion: dynatrace.com/v1beta3
    kind: DynaKube
    metadata:
      name: dynakube
      namespace: dynatrace
    #  annotations:
    #    feature.dynatrace.com/oneagent-privileged: "true" # Required on Openshift
    spec:
      # Link to api reference for further information: https://docs.dynatrace.com/docs/ingest-from/setup-on-k8s/reference/dynakube-parameters
    

      apiUrl: https://ENVIRONMENTID.live.dynatrace.com/api
    

      metadataEnrichment:
        enabled: true
    

      logMonitoring: {}
    

      activeGate:
        capabilities:
          - kubernetes-monitoring
        resources:
          requests:
            cpu: 500m
            memory: 512Mi
          limits:
            cpu: 1000m
            memory: 1.5Gi
      templates:
        logMonitoring:
          imageRef:
            repository: public.ecr.aws/dynatrace/dynatrace-logmodule
            tag: <tag>
          tolerations:
            - effect: NoSchedule
              key: node-role.kubernetes.io/master
              operator: Exists
            - effect: NoSchedule
              key: node-role.kubernetes.io/control-plane
              operator: Exists

    To retrieve the <tag> version for the logMonitoring template:

    1. Go to the ECR Public Gallery.
    2. Select Image tabs, and use one of the versions. For example, 1.311.70.20250416-094918.

  4. Apply the DynaKube custom resource

    Run the command below to apply the DynaKube custom resource, making sure to replace <your-DynaKube-CR> with your actual DynaKube custom resource file name. A validation webhook will provide helpful error messages if there's a problem.

    kubectl apply -f <your-DynaKube-CR>.yaml

  5. optional Verify deployment

    Verify that your DynaKube is running and all pods in your Dynatrace namespace are running and ready.

    > kubectl get dynakube -n dynatrace
    NAME         APIURL                                          STATUS     AGE
    dynakube     https://<ENVIRONMENTID>.live.dynatrace.com/api  Running    45s

    In a default DynaKube configuration, you should see the following pods:

    > kubectl get pods -n dynatrace
    NAME                                  READY   STATUS    RESTARTS   AGE
    dynakube-activegate-0                 1/1     Running   0          55s
    dynakube-logmonitoring-grrnd          1/1     Running   0          55s
    dynakube-logmonitoring-ptjgk          1/1     Running   0          55s
    dynakube-logmonitoring-rtc2p          1/1     Running   0          55s
    dynatrace-oneagent-csi-driver-2twgv   4/4     Running   0          5m
    dynatrace-oneagent-csi-driver-jbwdv   4/4     Running   0          5m
    dynatrace-oneagent-csi-driver-t68tt   4/4     Running   0          5m
    dynatrace-operator-74dbb44b57-g58mn   1/1     Running   0          5m
    dynatrace-webhook-59b69958d6-82wlr    1/1     Running   0          5m
    dynatrace-webhook-59b69958d6-d9vqd    1/1     Running   0          5m

    As the OneAgent Log module is deployed as DaemonSet you should have a Log monitoring pod on each node.

Licensing

Kubernetes Log monitoring requires Dynatrace Platform Subscription (DPS) and is licensed by the ingested gibibyte (GiB) volume.

Control log ingest with Kubernetes metadata

You can configure log ingestion rules in Dynatrace to control which logs should be collected from your Kubernetes environment. The rules leverage Kubernetes metadata and other common log entry attributes to determine which logs are to be ingested. The standard log processing features from OneAgent, including sensitive data masking, timestamp configuration, log boundary definition, and automatic enrichment of log records, are also available for Kubernetes logs.

See Stream Kubernetes logs with OneAgent Log Module for a detailed description, use cases, and REST API examples.