Cloud provider log forwarding
powered by Grail
You can configure cloud log forwarding to stream the following log data to Dynatrace using API:
- Amazon Web Services
AWS log forwarding for ingesting your logs from Amazon CloudWatch and AWS S3.
- Microsoft Azure
Stream Azure logs from Azure Event Hubs into Dynatrace logs via an Azure Function App instance.
- Google Cloud Platform
After running the deployment script in Google Cloud Shell, you'll get metrics, logs, dashboards, and alerts for your configured services in Dynatrace.
The DDU consumption model applies to cloud Log Management and Analytics. For details, see DDUs for Log Management and Analytics.
Amazon Web Services
AWS log forwarding allows you to ingest your logs from Amazon CloudWatch and AWS S3.
Log ingestion from Amazon CloudWatch
You can stream logs from Amazon CloudWatch into Dynatrace logs via an ActiveGate.
To enable AWS log forwarding, you need to deploy our special-purpose CloudFormation stack into your AWS account. The stack consists of a Kinesis Firehose instance and a Lambda function. These resources incur AWS costs according to standard AWS billing policy. The same applies to included self-monitoring resources (CloudWatch dashboards and metrics).
|Service name||CloudWatch log forwarding||Log enrichment||Entity linking|
|AWS App Runner|
|AWS CloudTrail 1||-|
|Amazon API Gateway||-|
|All services that write to CloudWatch||-|
AWS CloudTrail log group name is chosen by user. For log enrichment, start the log group name with
For detailed instructions on how to set up AWS log forwarding, see Log monitoring in AWS.
Log ingestion from Amazon S3
You can stream logs from AWS S3 to Dynatrace using a serverless architecture.
The log forwarder offers:
- Out of the box parsing of AWS services, see Supported AWS Services
- Processing mechanism for any other use case including 3rd party logs written to s3, see Log Processing
- Cross-region support, see S3 buckets on different AWS regions
- Multiple AWS account support, see S3 buckets on different AWS accounts
For detailed instructions on how to set up log ingestion from AWS S3, see documentation on GitHub.
AWS Lambda log collection
You can collect logs directly from your AWS Lambda functions and send them to Dynatrace for analysis. The solution is an alternative to the CloudWatch log forwarder with benefits in terms of cost and latency, and is also easier to set up, particularly if AWS Lambda tracing is already in place. As part of the OneAgent installation process, this feature provides a streamlined solution for collecting logs from your Lambda functions. For more information, see AWS Lambda documentation page.
Azure log forwarding allows you to stream Azure logs from Azure Event Hubs into Dynatrace logs via an Azure Function App instance. It supports both Azure resource logs and activity logs.
Azure log forwarding is performed directly through Cluster API. If you don't want to use direct ingest through the Cluster API, you have to use an existing ActiveGate for log ingestion.
The following resources will be created by the Azure logs forwarder deployment script:
- Storage account (
- Storage Account Blob Service (
- Azure App Service plan (
- Azure Function App (
For details about the resources created, see the Azure Resource Manager file on GitHub
For detailed instruction on how to set up Azure log forwarding see, Azure Logs.
Google Cloud Platform
To set up Google Cloud Platform monitoring for metrics and logs, you'll run the deployment script in Google Cloud Shell. During setup, a new Pub/Sub subscription will be created. GKE will run two containers: a metric forwarder and a log forwarder. After installation, you'll get metrics, logs, dashboards, and alerts for your configured services in Dynatrace. Instructions will depend on the location where you want the deployment script to run:
Depending on where you want log ingestion to be performed, you may need additional resources. For example, for Managed deployments, there is a possibility to use an AG for log ingestion. But you have to do it manually since the installation script does not deploy it.
For all log ingestion options, see Log ingestion.