Exclude logs from storage (Managed)

Log Monitoring Classic

Managed deployments only

This setting is available only to Dynatrace Managed deployments with environments using Log Monitoring Classic.

Dynatrace allows you to exclude specific log sources for storage. Using logs matched by rules, you can control which logs should not be stored in your deployment but still be processed by log metrics and log events.

The configuration is based on rules that use Matchers to determine the storage of log files known to OneAgent, auto-detected log files, and custom log files defined per process group.

Log drop rules

Go to Settings > Log Monitoring > Log drop rules to view log drop rules that are in effect, reorder the existing rules, and create new rules. Rules are executed in the order in which they're listed, from top to bottom. This order is critical because a preceding rule may impact the log data that a subsequent rule uses in its definition.

Expand Details to examine a rule definition. A log drop rule consists of the following:

  • Rule name
  • Matcher

You can turn any rule on or off in the Enabled column.

Create a log drop rule

To create a log processing rule

  1. Select Add rule on the Log drop rules page.

  2. Provide the name for the log drop rule.

  3. Provide a log query in the Matcher section.
    A log search query narrows down the available log data for executing this specific rule. This is the same search query that you have been using in the log viewer search query (Log viewer).

  4. Save changes.

REST API

You can use the Settings API to manage your log drop configuration:

  • View schema
  • List stored configuration objects
  • View single configuration object
  • Create new, edit, or remove existing configuration object

To check the current schema version for log drop configuration, list all available schemas and look for the builtin:logmonitoring.log-drop-rules schema identifier.

To create a log drop configuration using the API:

  1. Create an access token with the Write settings (settings.write) and Read settings (settings.read) permissions.

  2. Use the GET a schema endpoint to learn the JSON format required to post your configuration. The log drop configuration schema identifier (schemaId) is builtin:logmonitoring.log-drop-rules. Here is an example JSON payload with the log drop configuration:

    ...
     {
       "objectId": "Y2ktaGdyb3VwLTEyMythZjhjOThlOS0wN2I0LTMyMGEtOTQzNi02NTEyMmVlNWY4NGQ=",
       "schemaId": "builtin:logmonitoring.log-drop-rules",
       "externalId": "string",
       "scope": "HOST-123",
       "value": {
           "enabled": true,
           "ruleName": "John Smith rule",
           "matcher": "user.id=\"smith.john@mycompany.com\""
       },
       "schemaVersion": "1.0.1",
       "insertAfter": "Y2ktaGdyb3VwLTEyMythZjhjOThlOS0wN2I0LTMyMGEtOTQzNi02NTEyMmVlNWY4NGQ="
     }
    ...

  3. Use the POST an object endpoint to send your configuration.

Create metrics from dropped logs

You can create a log metric from dropped logs by extracting values from the logs and discarding the original log data. This method:

  • Saves storage space in Managed deployments.
  • Is a cost-effective alternative to extracting metrics during query time.
  • Unclutters observability.

See Create metrics from dropped logs.