Log Monitoring Classic
For the newest Dynatrace version, see Automatic log enrichment.
Dynatrace enables you to transform logs ingested both via OneAgent and API.
Log ingestion API automatically transforms status, severity, level, and syslog.severity severity keys to the loglevel attribute.
The input values for the status, severity, level, and syslog.severity severity keys are transformed (transformation is not case sensitive) into output values for the loglevel attribute based on the mapping below:
This transformation applies both to OneAgent-ingested logs and API-ingested logs.
Additionally, for each log event, a status attribute is created with a value that is a sum of loglevel values based on the following grouping:
For example:
The level severity key in the Log ingestion API request parameter contains the value serious.
level severity key is transformed into the loglevel attribute with the serious value mapped to SEVERE based on the above table.loglevel attribute containing the SEVERE value is grouped into status attribute. Based on the grouping table above, the status attribute will contain the ERROR value.ERRORSEVEREDuring the log ingestion via OneAgent, the following attributes are added automatically:
container.namecontainer.image.namecontainer.iddt.host_group.iddt.kubernetes.cluster.iddt.kubernetes.cluster.namedt.kubernetes.node.system_uuiddt.process.nameevent.typehost.namek8s.cluster.namek8s.namespace.namek8s.pod.namek8s.pod.uidk8s.container.namek8s.deployment.namelog.iostreamloglevellog.sourceprocess.technologyspan_idstatustrace_idweb_server.iis.site_idweb_server.iis.site_nameweb_server.iis.application_pooldt.entity.cloud_applicationdt.entity.cloud_application_instancedt.entity.cloud_application_namespacedt.entity.container_groupdt.entity.container_group_instancedt.entity.hostdt.entity.kubernetes_clusterdt.entity.kubernetes_nodedt.entity.process_groupdt.entity.process_group_instancedt.source_entity