Log file formats v1
You are viewing documentation for Log Monitoring v1. Dynatrace Log Monitoring v1, is considered a legacy solution.
Log Monitoring v1 will reach the end of life and will be switched off in November 2023.
SaaS environments will be automatically upgraded to LMA or LMC.
We strongly encourage you to switch to the latest Dynatrace Log Monitoring version.
If you are currently using Dynatrace SaaS, upgrade to the latest version of Dynatrace log monitoring.
Log Monitoring can read and analyze:
Windows event logs
System, Security, and Application logs are automatically discovered on hosts. Other custom event-log format logs can be added manually on the process group level.
Plain-text logs
Any plain-text log file as long as it contains a timestamp and meets these basic requirements:
-
The file must be encoded as UTF-8 or UTF-16. All other encoded files will be recognized as binary.
-
A timestamp must appear at the beginning of each log entry.
-
The timestamp date can be separated using any of the following:
(space)
/(slash)
-(dash)
.(period)
T(Combined date and time in UTC, ISO 8601 format)
,(comma)
@(ampersand) -
For the timestamp date, either month abbreviations or full names can be used in the date format.
By default, Log Monitoring recognizes only English month abbreviations and months represented by number (1-12 and jan-dec). -
A timestamp must include BOTH the date and time.
-
A timestamp time is in the following format:
[0-9]{1,2}:[0-9]{2}:[0-9]{2}((\.|,)[0-9]{1,9})?( *AM|PM)? *((GMT|UTC)?[+-][0-9]{2,4})?(GMT|CEST|CET|OTHER_TZ_ABBREVIATION)?
JSON logs
The timestamp in a JSON file is automatically detected through the time or timestamp tag and it must be in the following timestamp format: ::*_year_*:-:*_month_*:-:*_day_*:T:*_time_*:0::.
For example: 2018-02-28T16:17:50.000
Also, the JSON file must meet the following conditions:
- The date must be in UTC standard.
- The file cannot contain any headers.
- In the file, each log entry is represented by one JSON object on one line.
For example:{ "log" : "content = 0, t = 1000000000", "time":"2019-10-09T14:45:00.000000Z", "stream" : "stderr" }{ "log" : "content = 0, t = 1000000000", "time":"2019-10-09T14:46:00.000000Z", "stream" : "stderr" } - To be automatically recognized and indexed, any attributes must be placed as a top level JSON object.
For example, you can make an API log ingest call with JSON that contains the following log attributes:
Any nested data will be recognized as a string value for that top-level property.{"timestamp": "2021-07-29T10:54:40.962165022Z","level": "error","source": "Skynet","application.id": "PaymentService-Prod","message": "PaymentService-Prod failure.","data": {}}
For example:Everything in the{"timestamp": "2021-07-29T10:54:40.962165022Z","level": "error","source": "Skynet","application.id": "PaymentService-Prod","message": "PaymentService-Prod failure.","data": {"error":[{ "id": "1001", "type": "Regular" },{ "id": "1002", "type": "Extreme" }]}}dataproperty will be treated as a string value fordata.
Examples of valid log file date formats
2018 04 062018/04/062018-04-062018.04.062018-04-06T18:46:19Z
Examples of valid log file time formats
12:23:34.12312:23:34.123GMT+010012:23:34.123 GMT+01000:00:00 GMT0:00:00 GMT+010000:00:0012:13:01+010012:13:02.12312:13:03.123123+010012:13:02,12312:13:03,123123+010012:13:04GMT12:13:05GMT+010012:13:06GMT+0112:13:09+010012:13:10+0112:13:12+020012:13:13.123pm12:13:14.123 AM12:13:15.123PM+0112:13:16.123 AM+0212:13:17CEST12:13:18 CET00:13:19
Examples of valid log file timestamps
2018-04-06 09:54:04.839 UTC2018-04-06 11:01:19,6252018/04/06 11:06:23 UTCApr 6 12:23:52Apr-6 13:35:57.621
Incorrect date formats
Any log file containing an invalid timestamp will generate an Incorrect date format error and will not be analyzed or stored (only the file status will be reported).