Log viewer (Logs Classic)
Log Monitoring Classic
The log viewer enables you to browse logs within a certain timeframe using detected aspects of the log content. You can use Available attributes to narrow down your log view and focus on a specific aspect of the log content.
To access the log viewer, in the Dynatrace menu, go to Logs. The log viewer has four sections:
In Filter by, you can set filters to narrow down the log events that are displayed in the results table. Select Advanced query to edit the query manually.
With Filter by displayed (the default), the filter is in autocomplete mode, where you select from a set of detected log data fields to filter the results (limit of 10 different attributes). For filters with the same attributes, only one statement needs to be true. For filters with different attributes, all statements need to be true. While in the auto-complete mode, selected filters and Available attributes are synchronized automatically.
With Advanced query selected, you can specify more complex criteria for log events by using combinations of keywords, phrases, logical operators, and parentheses (limit of 10 different attributes). The Dynatrace search query language provides you with complete flexibility over searches through log content. You can use the query entry to quickly text search the content of the log data. Any string entered in the query text box without specifying the log data attribute will be treated as a simple text search on the log data content.
You can turn Advanced query on and off to switch between the auto-complete and advanced modes. Dynatrace will transform the auto-complete filters to a query and vice versa provided that the query in the advanced mode can be transformed. Some complex queries with logical operators cannot be converted to auto-complete filters, in which case switching to auto-complete mode becomes unavailable.
In the advanced mode, you can run an empty query to return unfiltered log data.
Text searches help you find individual word occurrences. You can search text without any syntax (as long as no special characters or keywords are present, such as
Spaces are interpreted as AND operators:
Also, this mode allows you to use double quotes:
Searches are case-insensitive for both attribute names and values.
The query has a limit of 20 relations: logical operators (AND, OR) or comparison operators (
Search for records that have a specified attribute with a specified value.
A phrase is a group of words surrounded by double quotes. Phrases are treated just like single-word terms in queries. This allows you to search log data for a specified phrase in the content field. It returns only those records in which the entire phrase matches. In this example, the word
Keep in mind that using a phrase search for content takes into account only alphanumeric characters in the same manner as the text search described above.
Allowed operators are
Wildcards can be used to represent a variable or unknown alphanumeric characters in search terms. An asterisk
Escaping special characters in attribute names or attribute values:
For attribute names:
For attribute values:
For free text search mode:
Values that contain special characters must be wrapped with double quotes and special characters must be escaped with
Search for records using entity selector.
For more information, see Environment API v2 - Entity selector.
The log chart is a histogram of log events over time that gives you a quick overview of logs and their severity within the selected timeframe.
The results table under the chart displays the log events that match the provided query and filter within the selected timeframe. Each row in the table represents a log record and can be expanded for detailed log data. The first 100 matching records are displayed, but you can view more results by selecting Show 100 more at the bottom of the table.
By default, ingested log records are sorted according to timestamp and then according to the order that is maintained in the log source, where a log source is a remote process writing to a REST API endpoint or a remote process on which logs are detected.
By default, the log viewer displays a maximum of 1,000 log events. If you don't see expected results, run a more exact query or narrow down the timeframe to see better focused log data.
To show or hide specific columns in the result table
- Select Format table.
This lists Dynatrace generated and reserved log attributes that you can add to the results table for visibility and use as dimensions when creating a log metric. For example, you can use the
dt.entity.process_groupattribute to display the process group instance for which the log event occurred.
Select or clear checkboxes to display or hide the corresponding columns in the table.
To export table data
- Select Actions.
- Select Download table (JSON) or Download table (CSV), depending on the format you need. While your search query may return more than 1,000 log records, the result table will display only the first 1,000 log records. As a result, the exported table data will contain only the 1,000 log records visible in the table. The exported log records will include complete log data for each record, even if it is not displayed in the table column.
Available attributes (displayed to the left of the table) provide you with an overview and the ability to filter the log data. Available attributes are automatically detected attributes of the data presented in the table. You can use them to quickly filter the result table data for a specific log data attribute. Each available attribute displays up to ten most popular values for that attribute. To filter all values for a particular attribute, create and run a query in the log viewer search.
Unique log data attributes (high-cardinality attributes) such as
trace_id generate unnecessarily excessive lists of available attributes that may impact log viewer performance. Because of this, they aren't listed in Available attributes. You can still use them in an advanced search query.