Log Monitoring Classic
Dynatrace Log Monitoring gives you the ability not only to view and analyze logs, but also to create metrics based on log data and use them throughout Dynatrace like any other metric. You can add them to your dashboard, include them in an analysis, and even create custom alerts.
Log metric pricing is based on the Davis data units (DDUs) model. Check DDUs for metrics to find out how you can estimate and track DDU consumption for log metrics.
Depending on the options you select during log metric creation, the new metric value can represent:
When Dynatrace ingests log data, it applies the defined query to the log data and, based on your log metric Measure selection, the metric value will therefore represent either a count of the log records that match the query or one of the following values for the specified attribute: Average
, Count
, Maximum
, Minimum
, Sum
, Median
, Percentile 10th
, Percentile 75th
, or Percentile 90th
. The specified attribute must be of numeric type. Dynatrace will attempt to convert string type attributes to numbers as long as they match the following pattern:
123
123.
123.456
.456
-.456
+.456
+123.456
-123.456
123.4e+5
-123.4E-5
1234e+5
1234e5
Attributes holding more than one value are not converted to attribute-based metrics.
All metrics based on a Log Monitoring matcher have a metric key with the log.
prefix.
A created log metric is available only when new log data is ingested, and it matches the input from the Matcher field defined during log metric creation. Ensure that new log data has been ingested before utilizing the log metric in other areas of Dynatrace.
The range of a timestamp for accepting data that is used in metric creation is between 1 hour in the past and 10 minutes in the future. If no timestamp is provided, the current timestamp of the server is used.
There are two ways to create a metric based on log data:
log.
metric key.If you switched to Dynatrace Grail, you may begin using the DQL functions in your Log Monitoring queries. For details, see Log processing.
In the advanced mode, you can specify more complex criteria for log events by using combinations of keywords, phrases, logical operators, and parentheses. If you use an advanced query and manually modify the query, select Run query to update the results table.
log.
and save changes to create the log metric.If you create metrics with high cardinality (a lot of unique dimensions), you can reach your environment's cardinality limit. To mitigate these limitations, you can:
Logs often contain valuable metric data, but you may not want to store the original log data. To get the metric data from logs and discard the original log data, you can create a metric from dropped logs. For example, consider the following log content:
2023-06-15T13:02:56Z localhost haproxy[12528]: 10.10.10.10:48064 http-in~ local/local0 3605/0/0/61/3666 HTTP_STATUS 200 138 - - ---- 7416/7413/400/401/0 0/0 {574|||domain.com} {|} "POST /communication HTTP/1.1"
You may be interested only in the active session total time from HAPproxy and you would like to discard the rest of the log data.
To do that
To list, enable, disable, delete, or modify metrics created from log data, go to Settings > Log Monitoring > Metrics extraction.
Editing a metric key will generate a new metric. As a result, historical data will be accessible only with the old metric key.
In this example, we create and chart a log metric, save it to a dashboard, and create an alert.
Go to Logs or Logs & Events (latest Dynatrace) to display the log viewer.
Create a query that filters the data that you are interested in. For this example, to filter all log entries for error
, enter this query: status="error"
Select Create metric.
The Log metrics page is displayed with Matcher set to your query.
Type in the metric key (a unique name for the metric). By default, each metric key begins with log.
prefix. All log metrics based on logs must have a key starting with this prefix.
For this example, set key to: log.error_PGI
Select Add dimension and then select the dt.entityprocess_group_instance
dimension from the list.
If you saved the metric without adding a dimension, Dynatrace would count errors globally. But in this example, we want to see how the error status is distributed across process group instances. Adding the dt.entityprocess_group_instance
dimension will make Dynatrace count the number of error statuses for each process group instance. This allows you to view precisely where the error status occurred and to create an alert for a particular dimension.
Save changes.
Now that you have defined the metric, you can chart it, pin it to a dashboard, and even create an alert based on it.
Chart: Go to Data Explorer, set Select metric… to log.error_PGI
, and select Run query.
Dashboard: After you create a chart, select Pin to dashboard to add the chart to one of your classic dashboards. For details, see Pin tiles to your dashboard.
Alert: Go to Settings > Anomaly detection > Metric events, select Add metric event, and create a custom event based on log.error_PGI
.