Log Management and Analytics use cases
powered by Grail
The following documentation describes Log Management and Analytics. If you are still using Log Monitoring Classic, you might be required to upgrade to Log powered by Grail.
Troubleshooting with Logs for Kubernetes environments
In this use case, you monitor log data in a Kubernetes environment. Additionally, some of the log data might contain sensitive information that needs to be masked before sending it to Dynatrace.
Make sure OneAgent autodiscovers your Kubernetes logs.
Make sure you've deployed OneAgent to your environment in a way that supports collecting Kubernetes logs. OneAgent automatically discovers log messages that are written to the containerized application's stdout/stderr streams.
Prevent sensitive data from being ingested.
As your logs contain sensitive data, set up rules to mask or replace that data before sending it to Dynatrace.
Send relevant log data to Dynatrace.
After OneAgent has discovered log data and masking rules are created, you need to decide if some or all of the logs should be sent to Dynatrace storage. Set up rules based on Kubernetes container, deployment, namespace, log content, or some other parameter; or ingest all logs.
Verify log ingestion.
Check recently ingested logs in the Logs and events viewer to verify that your desired log sources are visible. If you need to adjust masking or storage, check the previous steps.
If you see data integrity errors because of timestamp mismatch, create rules to detect the correct timestamp.
Get more from your Kubernetes logs
optional Create a metric based on a log for observability or alerting.
If your Kubernetes logs contain information for observability like count occurences, you might want to extract that data and create a log metric. The new metric can represent an occurrence of log records or an attribute value, and can be used for alerting.
optional Create a log event for alerting
Critical information found in ingested logs can be used to trigger a custom log event. You can then decide to create a problem for each triggered log event or enhance already detected problems with Logs.
optional Connect logs and traces
OneAgent offers log enrichment with traces. Enrichment enables you to seamlessly switch context and analyze individual spans, transactions, or entire workloads. It empowers development teams by making it easier and faster for them to detect and pinpoint problems. It also correlates log records with user sessions.
Real-time advanced observability with logs and DQL
This use case assumes you want to observe mission-critical information over time found in your logs that are send using log ingest API
Send your log data to the generic log ingestion API.
Log Monitoring API - POST ingest logs method allows you to stream log records to Dynatrace. The ingestion endpoint, which is located on your ActiveGate, tries to automatically transform any log data based on API schema.
optional Use a log shipper together with generic ingestion.
You can use the generic ingestion API together with a common log shipper like Fluentd or Logstash to stream logs to Dynatrace.
optional Forward logs from Cloud environments.
Generic ingestion API is used to stream logs from Cloud providers to Dynatrace.
Parse out attributes from raw logs with Log Processing.
Log Processing lets you manipulate all incoming log data during ingestion, such as extracting numeric or other attributes from raw log content, performing mathematical manipulations, or dropping, adding, or masking attributes before the log record is persisted.
Analyze log data in the Logs and events viewer.
Go to Logs in the Dynatrace menu to see the log data ingested. In Simple mode, select filters like log source, severity level, or topology entity. In Advanced mode, craft powerful queries with DQL to extract any information from historical logs or create aggregations or statistics.
Pin DQL query results to a dashboard.
You can reuse the DQL query in your workflows by pinning the result to a dashboard. You can pin a table of records or a visualization like a bar chart.
optional Use log-based metrics for observability
As an alternative to pinning a DQL query, you can use log metrics.