Upgrade Log Monitoring Classic to Log Management and Analytics

Log Management and Analytics is the latest Dynatrace log monitoring solution. With the introduction of Dynatrace Platform and Grail, we encourage you to upgrade to the latest log monitoring offer.

How can I upgrade from Log Monitoring Classic to Log Management and Analytics?

Once your environment is enabled for activation:

  1. Go to Logs or Logs & Events (latest Dynatrace).
  2. In the banner message, select Go to activation page and select Activate Logs powered by Grail.
  3. On the Activate Grail for log and events page you can select:
    • Activate now
    • Wait 7 days
  4. Select Confirm to verify your choice.
  • Only administrative users can activate Log Management and Analytics for the environment.
  • Activating Log Management and Analytics is not reversible.

Upgrade with existing data

You can choose to upgrade with your existing log data.

  • If you choose Wait 7 days on the Activate Grail for log and events page, Grail activation will be postponed for 7 days. During that timeframe, your log data will be ingested into both Log Monitoring Classic and Grail. After the 7 day period ends, Grail will be activated automatically and you will begin using Log Management and Analytics with 7 days of existing data.
  • If you require log data for a longer period before upgrading, contact a Dynatrace product expert via live chat and request the longer wait time.
  • If upgrading with existing data is not important for you, choose Activate now on the Activate Grail for log and events page and Logs powered by Grail will become active in about 30 seconds.

What changes after activation

After activating Log Management and Analytics, the following changes take place:

  • Ingested log data

  • DDU consumption

  • API

  • No support for Management Zones

    • Management Zones configuration will not work with Grail. You have to use buckets and policies for access control. Please check the User access section below.

What does not change after activation

After activating Log Management and Analytics, the following will not change:

However we recommend to convert your LQL matchers for log processing, metrics and events to highly performing DQL matcher.

User access

The user access granting process depends on whether you are a new or existing user.

  • Assign policy to existing users
    After activating Log Management and Analytics, all users who already had access to log data are assigned a new policy to access the log data in Grail.

  • Assign policy to new users

    There are two options for configuring access policies for Grail:

    In Dynatrace SaaS, only admin users can manage policies (users with account permission Manage users).
    You need to have two policies, Storage Events Read and Storage Logs Read assigned, bound to a group.

    To check if your policies are assigned

    1. Go to Account Management.
    2. Go to Identity & access management > Policy management.
    3. Check if Storage Events Read and Storage Logs Read are present on the policy list.

    If Storage Events Read and Storage Logs Read are not present on you policy list, you need to add them manually:

    • Storage Events Read:
      Policy name: Storage Events Read
      Policy description: Enables reading events from GRAIL
      Policy statements: ALLOW storage:events:read
    • Storage Logs Read:
      Policy name: Storage Logs Read
      Policy description: Enables reading logs from GRAIL
      Policy statements: ALLOW storage:logs:read
      For details, see Manage IAM policies.

    To make a policy effective, you need to bind it to a group.

    1. Go to Account Management.
    2. Select Identity & access management > Groups.
      For details, see Manage group permissions with IAM policies.
    3. Edit the group to which you want to bind the policy (for example, Logs and events). Make sure the users who need to use the Logs and events have this group assigned to their names.
    4. Select the Policies tab.
    1. Obtain an OAuth token Make a POST call with form parameters to SSO.

      • client_id = [client_id]
      • client_secret = [secret]
      • grant_type = client_credentials
      • scope = iam:policies:write iam:policies:read

      In response, you get an authorization token

      {
      "scope": "iam:policies:read iam:policies:write",
      "token_type": "Bearer",
      "expires_in": 300,
      "access_token": "123(...)ABC"
      }
    2. Create a storage events read policy Make a POST call to IAM

      Body payload for the policy is:

      {
      "name": "Storage Events Read",
      "description": "Storage Events Read",
      "tags": [
      ],
      "statementQuery": "ALLOW storage:events:read;"
    3. Create a storage logs read policy Make a POST call to IAM

      Body payload for the policy is:

      {
      "name": "Storage Logs Read",
      "description": "Storage Logs Read",
      "tags": [
      ] ,
      "statementQuery": "ALLOW storage:logs:read;"
      }

    Your newly created policies will be visible on the account level. To check it, go to Account Management > Identity & access management > Policy management > Edit Storage Events Read.