Log ingestion via OneAgent
OneAgent is a powerful tool for automatically discovering and ingesting log data from a wide array of technologies. Built for enterprise-scale operation, it supports multiple configuration options and allows for centralized orchestration of multiple instances with detailed configuration options.
Check out the OneAgent platform and capability support matrix and deploy OneAgent to your environment.
Log data autodiscovery
OneAgent automatically detects log files, ensuring that relevant logs are collected and analyzed for all monitored processes. OneAgent scans the file system and applications running on the host to detect log files and sources and identifies log files. Access the Log content autodiscovery page to learn about the autodiscovery process.
Once log sources are detected, OneAgent applies relevant log ingestion rules. These rules define how the logs should be collected, parsed, and forwarded to the Dynatrace monitoring platform. The autodetection includes log rotation patterns.
OneAgent autodetects logs from hosts, and collects logs from Kubernetes container orchestration systems and from Docker containers.
Custom log sources
Many applications generate logs in formats or locations not covered by the default autodiscovery mechanism. You can add custom log sources when automatic detection does not recognize specific log files or when you need to monitor logs from applications not covered by default settings. Configure custom log sources if you encounter challenges with the rotation pattern or when the log file does not meet the detector's requirements. To learn more, see Custom log source.
OneAgent log configuration flow
The only required step after OneAgent installation is to review default ingest rules or create custom log ingest rules to ensure the logs are ingested to the Dynatrace tenant. For further configurations, you can use the options listed in the diagram below:
Log ingest rules
required
Setting up the log ingest rules is the most important step in the configuration process. The rules allow you to specify which automatically discovered and custom logs are ingested, filtered, and stored. The log ingest rules allow customization according to specified matchers, such as process group or log source file. This ensures that the logs ingested from various sources are properly managed and integrated into the Dynatrace log monitoring system. (includes automatically discovered and custom logs).
You can review log sources detected by OneAgent on the Host or Process page in Dynatrace. For new tenants, some built-in rules are enabled by default. Learn more by accessing the Log ingest rules page.
The log ingest rules apply exclusively to OneAgent. These rules do not extend to other log collection mechanisms.
Sensitive data
You can set up OneAgent to mask any information that you consider to be sensitive so it doesn't reach Dynatrace in plain text. To learn about this configuration, see Sensitive data masking in OneAgent.
Timestamps
Learn how OneAgent supports timestamps, or you can optionally configure a custom timestamp pattern specific to your case.
OneAgent settings
Dynatrace Log Monitoring uses the OneAgent log module enabled by default with all OneAgent installations. While Log Monitoring does not require any specific configuration, you can modify some of the options available for the OneAgent log module.
Global OneAgent settings for Log Monitoring
- Go to Settings > Log Monitoring > Advanced log settings.
- Adjust settings and Save changes.
Host-specific OneAgent settings for Log Monitoring
- Go to Hosts and select your Linux host.
- On the host overview page, select More (…) > Settings in the upper-right corner of the page.
- On the Host settings page, select Log Monitoring and Advanced log settings.
- Adjust settings and Save changes.
Setting
Default
Detect open log files
enabled
Detect system logs
enabled
Detect logs of containerized applications
enabled
Detect IIS logs
enabled
Detect logs on network file systems
disabled
Allow OneAgent to monitor Dynatrace logs
disabled
Detect container time zones
enabled
Default timezone for agents
Local time zone
Timestamp search limit
64 bytes
Severity search chars limit
100 bytes
Severity search lines limit
2
Maximum of log group instances per entity limit - count
200
Windows Event Log query timeout
5 seconds
Minimal log file size to perform binary detection
512 bytes
Log enrichment
As an out of the box feature, OneAgent automatically decorates logs by adding topology context, maintaining trace information, and identifying severity levels. To learn more, see Automatic log enrichment.
Alternative to ingestion via OneAgent
You can use the following alternatives to OneAgent for monitoring your log data:
- Log ingestion API: Collect logs via API when unable to install OneAgent.
- Dynatrace Extensions: Use customizable add-ons to ingest logs and extend observability.
- Syslog: Stream, oversee and control log files from various system components.
Troubleshooting
Visit Dynatrace Community for troubleshooting guides.