DDU pricing applies to cloud Log Monitoring. See DDUs for Log Monitoring for details.
Azure log forwarding allows you to stream Azure logs from Azure Event Hubs into Dynatrace logs via an Azure Function App instance. It supports both Azure resource logs and activity logs.
Azure log forwarding is performed directly through Cluster API. If you don't want to use direct ingest through the Cluster API, you have to use an existing ActiveGate for log ingestion.
Deployment of Azure log forwarder results in creating the following resources:
Microsoft.Storage/storageAccounts
)Microsoft.Storage/storageAccounts/blobServices
)Microsoft.Web/serverfarms
)Microsoft.Web/sites
)Azure log forwarder uses Linux based Azure function by default. Windows based function is not supported.
For details about the resources created, see the Azure Resource Manager file on GitHub
Logs older than 24 hours are rejected (considered too old by the Dynatrace log ingest endpoint), so we recommend that you don't set a retention time of more than 24 hours for Azure Event Hubs.
The Azure log forwarder supports a maximum 70 MB per minute (~4 GB per hour) in the default configuration. The throughput is measured with Event Hubs metric Outgoing Bytes
of the Event Hubs instance attached to the function. See Scaling guide for scaling instructions.
See below the list of requirements for setting up Azure log forwarding. Some are needed before you start deployment, others during the deployment process.
If you're using an earlier version of Dynatrace, see Alternative deployments for instructions.
In each Azure location from where you want to pull logs Create a resource group & Set up an Azure Event Hubs instance.
To be able to send logs,
Create an authorization rule with the listen permission for the Event Hubs instance that is configured for receiving logs:
az eventhubs eventhub authorization-rule create --resource-group <your_resource_group> --namespace-name <your_event_hub_namespace> --eventhub-name <your_event_hub_instance> --name <authorization_rule_name> --rights Listen
Get an Event Hubs connection string for the authorization rule created above:
az eventhubs eventhub authorization-rule keys list --resource-group <your_resource_group> --namespace-name <your_event_hub_namespace> --eventhub-name <your_event_hub_instance> --name <your_authorization_rule_name>
Configure diagnostic settings for resources from which you want to stream logs so that the diagnostic settings point to Azure Event Hubs instances.
You can run Azure log forwarding deployment using Azure Portal Cloud Shell (Bash) or from any machine with Azure CLI and Bash shell (Linux or Windows WSL).
Set the following environment variables, making sure to replace the placeholders (<...>
) with your own values.
For DEPLOYMENT_NAME
, enter your deployment name between 3 and 20 characters long. You can use lowercase letters and numbers.
Note: The name needs to be globally unique—it is appended to the created Azure resources.
TARGET_URL
, enter your environment URL: https://<your_environment_ID>.live.dynatrace.com
. To learn how to determine your environment ID for the SaaS deployment, see environment ID.TARGET_API_TOKEN
, enter your API token. See Dynatrace requirements for details.RESOURCE_GROUP
, enter the name of the Azure resource group in which deployment will run. See Azure requirements for details.EVENT_HUB_CONNECTION_STRING
, enter the connection string for the Azure Event Hubs instances configured for receiving logs. See Azure requirements for details.optional You can enable self-monitoring and/or log filtering during or after deployment.
DEPLOYMENT_NAME=<your_deployment_name>TARGET_URL=<your_environment_URL>TARGET_API_TOKEN=<your_API_token>RESOURCE_GROUP=<your_resource_group>EVENT_HUB_CONNECTION_STRING="<your_Event_Hub_connection_string>"
Download the azure-log-forwarder-function
script and deploy the infrastructure.
wget -q https://github.com/dynatrace-oss/dynatrace-azure-log-forwarder/releases/latest/download/dynatrace-azure-logs.sh -O dynatrace-azure-logs.sh && chmod +x ./dynatrace-azure-logs.sh \&& ./dynatrace-azure-logs.sh --deployment-name $DEPLOYMENT_NAME --target-url $TARGET_URL --target-api-token $TARGET_API_TOKEN --resource-group $RESOURCE_GROUP --event-hub-connection-string $EVENT_HUB_CONNECTION_STRING --require-valid-certificate true
After deploying the script, you can view and analyze Azure logs in Dynatrace: Go to Logs or Logs & Events (latest Dynatrace) and, in the attributes filter, search for Azure.
Self-monitoring allows a quick diagnosis to see if your function processes and sends logs to Dynatrace properly.
To enable self-monitoring, you have two options:
During deployment: Set the --enable-self-monitoring
parameter (or the SFM_ENABLED
environment variable) to true
.
After deployment: In Azure Portal, go to the configuration of your deployed Function App instance and set SELF_MONITORING_ENABLED
to true
.
After enabling self-monitoring, you need to enable managed identity for your Function App instance created during deployment, and configure it to allow pushing metrics to the resource.
Once you enable self-monitoring, you can view the following metrics in your dynatrace_logs_self_monitoring
namespace of the newly deployed Function App instance.
all_requests
dynatrace_connectivity_failures
connectivity_status
parsing_errors
processing_time
sending_time
too_long_content_size
too_old_records
To reduce the number of logs that are sent to Dynatrace, you can apply filters.
To apply filters you have two options:
During deployment: Set the FILTER_CONFIG
environment variable in Azure Portal Cloud Shell (Bash) before running the deployment script.
Add the FILTER_CONFIG
environment variable to the list of environment variables needed for the deployment script.
Be sure to replace placeholders with your values. See Filter options for details.
FILTER_CONFIG="FILTER.GLOBAL.MIN_LOG_LEVEL=<log_level>;FILTER.GLOBAL.CONTAINS_PATTERN=<pattern>;FILTER.RESOURCE_TYPE.MIN_LOG_LEVEL.<resource_type>=<log_level>;FILTER.RESOURCE_TYPE.CONTAINS_PATTERN.<resource_type>=<pattern>;FILTER.RESOURCE_ID.MIN_LOG_LEVEL.<resource_id>=<log_level>;FILTER.RESOURCE_ID.CONTAINS_PATTERN.<resource_id>=<pattern>"
Set the environment variables.
Download the azure-log-forwarder-function
script and deploy the infrastructure.
After deployment: Add FILTER_CONFIG
in Azure Portal.
In Azure Portal, go to Environment variables of your deployed Function App instance.
In App settings, search and select FILTER_CONFIG.
FILTER_CONFIG will appear in Azure after running the deployment script.
Select Edit to add a Value for your filter.
Alternatively, you can select Advanced edit to enter your value in the JSON.
Select OK.
Restart your Function App instance.
FILTER_CONFIG
is a key-value pair variable. You can set two types of filters (MIN_LOG_LEVEL
and/or CONTAINS_PATTERN
) for three filter groups (GLOBAL
, RESOURCE_TYPE
, and/or RESOURCE_ID
).
MIN_LOG_LEVEL
This filter type allows you to filter out logs with unwanted levels. Possible log levels are:
1
)2
)3
)4
)Example:
FILTER_CONFIG="FILTER.GLOBAL.MIN_LOG_LEVEL=Warning"
In the example above, Informational logs will be skipped, and only Warning, Error, and Critical logs will be sent to Dynatrace.
Syntax options are:
FILTER.GLOBAL.MIN_LOG_LEVEL=<log_level>
FILTER.RESOURCE_TYPE.MIN_LOG_LEVEL.<resource_type>=<log_level>
FILTER.RESOURCE_ID.MIN_LOG_LEVEL.<resource_id>=<log_level>
You can have one global-level filter and additional filters for a particular resource type/ID.
Example:
FILTER_CONFIG="FILTER.GLOBAL.MIN_LOG_LEVEL=Error;FILTER.RESOURCE_TYPE.MIN_LOG_LEVEL.MICROSOFT.WEB/SITES=Informational"
In the example above, all logs from instances with resource type MICROSOFT.WEB/SITES
will be sent to Dynatrace, while for all other resources, Informational and Warning logs will be filtered out.
CONTAINS_PATTERN
This filter type allows you to collect logs containing a particular text. We use fnmatch that provides support for Unix shell–style wildcards. See Unix filename pattern matching for details.
Syntax options are:
FILTER.GLOBAL.CONTAINS_PATTERN=<log_pattern>
FILTER.RESOURCE_TYPE.CONTAINS_PATTERN.<resource_type>=<log_pattern>
FILTER.RESOURCE_ID.CONTAINS_PATTERN.<resource_id>=<log_pattern>
GLOBAL
This filter is set for all logs.
RESOURCE_TYPE
This filter is used only for logs coming from resources of the given Azure resource type, such as Microsoft.Compute/virtualMachines
.
You can find the resource type in Azure Portal, in your resource's Properties.
If the Type field doesn't appear in Properties, you can extract it from the resource ID string.
Resource ID string syntax:
/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/<resourceType>/<resourceName>
The resource type will be the part between /providers/
and /resourceName/
.
RESOURCE_ID
This filter is used only for logs coming from the given resource that is identified by the Azure resource ID.
You can look for the resource type in Azure Portal, in your resource's Properties.
If you set two filter types for the same group, both conditions need to be met, so the second filter will have to match the first filter.
For example, if you set MIN_LOG_LEVEL
to Warning and CONTAINS_PATTERN
to <some_important_message>
, you will get only Warning logs containing <some_important_message>
, and all other warning logs that don't contain that specific message will be filtered out.
If you set one filter type for one group, and another filter type for another group, the two conditions do not overlap.
For example, if you set MIN_LOG_LEVEL
to Warning for GLOBAL
, and CONTAINS_PATTERN
to <some_important_message>
for RESOURCE_TYPE
, you will get all Warning, Error, and Critical logs from GLOBAL
, and all logs containing <some_important_message>
from RESOURCE_TYPE
.
If you set more than one pair of filter types (MIN_LOG_LEVEL
and CONTAINS_PATTERN
) for the same group (global or resource type/ID), only the last pair of filter types will apply; all the others will be ignored.
To update Azure log forwarding
You need a package that contains the source code of Azure log forwarder—download the latest Dynatrace version.
wget https://github.com/dynatrace-oss/dynatrace-azure-log-forwarder/releases/latest/download/dynatrace-azure-log-forwarder.zip
Deploy the new version, making sure to replace the placeholders with the required values.
az webapp deployment source config-zip -g <your_resource_group_name> -n <application_name> --src <zip_file_path>
If you don't want to use direct ingest through the Cluster API, you have to use an existing ActiveGate for log ingestion.
See below for instructions.
Dynatrace version 1.217+
Set the following environment variables, making sure to replace the placeholders (<...>
) with your own values.
DEPLOYMENT_NAME
, enter your deployment name (lowercase only).TARGET_URL
, enter the API URL of your ActiveGate endpoint: https://<your_activegate_IP_or_hostname>:9999/e/<your_environment_ID>
. To learn how to determine your environment ID, see environment ID.TARGET_API_TOKEN
, enter your API token. For details, see the prerequisites above.RESOURCE_GROUP
, enter the name of the Azure resource group in which deployment will run. See Azure requirements for details.EVENT_HUB_CONNECTION_STRING
, enter the connection string for the Azure Event Hubs instances configured for receiving logs. See Azure requirements for details.USE_EXISTING_ACTIVE_GATE
, enter true
.REQUIRE_VALID_CERTIFICATE
, enter true
or false
. This parameter tells the log forwarder to verify the SSL certificate of your ActiveGate. By default, certificates are validated.optional You can enable self-monitoring and/or log filtering during or after deployment.
DEPLOYMENT_NAME=<your_deployment_name>TARGET_URL=<your_environment_URL>TARGET_API_TOKEN=<your_API_token>RESOURCE_GROUP=<your_resource_group>EVENT_HUB_CONNECTION_STRING="<your_Event_Hub_connection_string>"USE_EXISTING_ACTIVE_GATE=trueREQUIRE_VALID_CERTIFICATE=true
Download the azure-log-forwarder-function
script and deploy the infrastructure.
Be sure to check whether you want to set other optional parameters as well. All parameters between brackets ([...]
) are optional. For details, see Deploy table.
wget -q https://github.com/dynatrace-oss/dynatrace-azure-log-forwarder/releases/latest/download/dynatrace-azure-logs.sh -O dynatrace-azure-logs.sh && chmod +x ./dynatrace-azure-logs.sh \&& ./dynatrace-azure-logs.sh --deployment-name $DEPLOYMENT_NAME --target-url $TARGET_URL --target-api-token $TARGET_API_TOKEN --resource-group $RESOURCE_GROUP --event-hub-connection-string $EVENT_HUB_CONNECTION_STRING --require-valid-certificate $REQUIRE_VALID_CERTIFICATE
There are two managed identity types: system-assigned and user-assigned. By default, a system-assigned managed identity is used. If you prefer to use a user-assigned managed identity, see below for instructions.
Dynatrace version 1.217+
In addition to the Azure requirements listed above, you should also create a user-assigned managed identity in Azure Portal.
Add Event Hubs roles in the user-assigned managed identity. For the event hub trigger binding, you need to assign corresponding built-in roles. The built-in roles are Azure Event Hubs Data Receiver and Azure Event Hubs Data Owner.
Set the following environment variables, making sure to replace the placeholders (<...>
) with your own values.
DEPLOYMENT_NAME=<your_deployment_name>TARGET_URL=<your_environment_URL>TARGET_API_TOKEN=<your_API_token>RESOURCE_GROUP=<your_resource_group>EVENT_HUB_NAME=<your_Event_Hub_name>REQUIRE_VALID_CERTIFICATE=trueENABLE_USER_ASSIGNED_MANAGED_IDENTITY=trueEVENT_HUB_CONNECTION_CLIENT_ID=<your_user_assigned_MI_client_id>MANAGED_IDENTITY_RESOURCE_NAME=<your_user_assigned_MI_resource_name>EVENT_HUB_CONNECTION_FULLY_QUALIFIED_NAMESPACE="<your_eventhub_namespace_host_name>"CONSUMER_GROUP ="<Your_custom_default_consumer_group_name>"
DEPLOYMENT_NAME
, enter your deployment name (lowercase only).TARGET_URL
, enter your environment URL: https://<your_environment_ID>.live.dynatrace.com
. To learn how to determine your environment ID for a SaaS deployment, see environment ID.TARGET_API_TOKEN
, enter your API token. For details, see the prerequisites above.RESOURCE_GROUP
, enter the name of the Azure resource group in which deployment will run. See Azure requirements for details.EVENT_HUB_NAME
, enter the name of the Azure Event Hubs instances configured for receiving logs. See Azure requirements for details.REQUIRE_VALID_CERTIFICATE
, enter true
or false
. This parameter tells the log forwarder to verify the SSL certificate of your ActiveGate. By default, certificates are validated.ENABLE_USER_ASSIGNED_MANAGED_IDENTITY
, enter true
. This parameter is used to determine if a user-assigned managed identity is used instead of system assigned.EVENT_HUB_CONNECTION_CLIENT_ID
, enter the Client ID
of the created managed identity.MANAGED_IDENTITY_RESOURCE_NAME
, enter the resource name of the created managed identity.EVENT_HUB_CONNECTION_FULLY_QUALIFIED_NAMESPACE
, enter:
Host name
of the Event Hubs namespace.optional You can enable self-monitoring and/or log filtering during or after deployment.
Download the azure-log-forwarder-function
script and deploy the infrastructure.
Be sure to check whether you want to set other optional parameters as well. All parameters between brackets ([...]
) are optional. For details, see Deploy table.
wget -q https://github.com/dynatrace-oss/dynatrace-azure-log-forwarder/releases/latest/download/dynatrace-azure-logs.sh -O dynatrace-azure-logs.sh && chmod +x ./dynatrace-azure-logs.sh \&& ./dynatrace-azure-logs.sh --deployment-name $DEPLOYMENT_NAME --target-url $TARGET_URL --target-api-token $TARGET_API_TOKEN --resource-group $RESOURCE_GROUP --event-hub-name $EVENT_HUB_NAME --require-valid-certificate $REQUIRE_VALID_CERTIFICATE --enable-user-assigned-managed-identity $ENABLE_USER_ASSIGNED_MANAGED_IDENTITY --eventhub-connection-client-id $EVENT_HUB_CONNECTION_CLIENT_ID --managed-identity-resource-name $MANAGED_IDENTITY_RESOURCE_NAME --eventhub-connection-fully-qualified-namespace $EVENT_HUB_CONNECTION_FULLY_QUALIFIED_NAMESPACE --custom-consumer-group $CONSUMER_GROUP
For a complete list of parameters, see the deploy table below.
--deployment-name
DEPLOYMENT_NAME
--target-url
TARGET_URL
--target-api-token
TARGET_API_TOKEN
--resource-group
RESOURCE_GROUP
--event-hub-connection-string
EVENT_HUB_CONNECTION_STRING
--event-hub-name
EVENT_HUB_NAME
--require-valid-certificate
REQUIRE_VALID_CERTIFICATE
true
, the log forwarder verifies the SSL certificate of your ActiveGate. By default, certificates are validated.--enable-self-monitoring
SFM_ENABLED
true
, Dynatrace sends custom metrics to Azure. See Enable self-monitoring for details. By default, custom metrics aren't sent to Azure.--filter-config
FILTER_CONFIG
--tags
TAGS
"tag:value,tag2:value2"
). The following characters are not supported in a tag key: ,:<>%&\?/
--enable-user-assigned-managed-identity
ENABLE_USER_ASSIGNED_MANAGED_IDENTITY
true
, options --eventhub-connection-client-id
, --managed-identity-resource-name
, --eventhub-connection-fully-qualified-namespace
, --event-hub-name
are required. Enables usage of a user-assigned managed identity instead of a system-assigned managed identity.--custom-consumer-group
CONSUMER_GROUP
--eventhub-connection-client-id
EVENT_HUB_CONNECTION_CLIENT_ID
Client ID
of the created managed identity. Example value: d8916c27-4c4r-482o-895b-doe0b48c76f7
--managed-identity-resource-name
MANAGED_IDENTITY_RESOURCE_NAME
test-managed-identity
--eventhub-connection-fully-qualified-namespace
EVENT_HUB_CONNECTION_FULLY_QUALIFIED_NAMESPACE
Host name
of the Azure Event Hubs namespace. Example value: sample-eventhub-namespace.servicebus.windows.net
To verify if the deployment was successful, in Dynatrace, go to Logs or Logs & Events (latest Dynatrace) and confirm that the following log line is present:
In around 10 minutes, further logs should start coming in. If no logs are coming in, make sure that:
Furthermore, you can read Azure Function logs in which the Azure-log-forwarder is running. Enable streaming execution logs in Azure Functions
SNAT port exhaustion: Azure Functions have a limited number of ports that can be opened at a time (128). The number of instances, the number of worker processes, and the number of concurrent calls are the factors that contribute to the open connections. If the limit is reached, see the scaling guide below.
To check the version of the currently deployed Azure log forwarder
main.py
is selected by default).version.txt
.The recommended way of scaling up the default throughput of 70 MB/min is to upgrade the App Service plan, increase the number of App Service instances respectively, increase FUNCTIONS_WORKER_PROCESS_COUNT
(default is 1), increase NUMBER_OF_CONCURRENT_SEND_CALLS
(default is 2). You can add FUNCTIONS_WORKER_PROCESS_COUNT
and NUMBER_OF_CONCURRENT_SEND_CALLS
as New application setting in Azure Portal (Azure function > Configuration > New application setting).
Please note that the performance of the log forwarder may vary depending on the log content (size/ processing complexity).
70 MB/minute
(up to 4 GB/hour)S1
1
580 MB/minute
(up to 32 GB/hour)P1V3
1
1 GB/minute
(up to 60 GB/hour)P2V3
1
2.3 GB/minute
(up to 138 GB/hour)P2V3
3
As a last resort, scale horizontally: deploy more integrations and distribute the logs' load into different Event Hubs instances.
To uninstall the Dynatrace Azure log forwarder
In Azure Portal, go to the resource group used for installation.
Filter resources by tag.
The deployment script tags all created resources with LogsForwarderDeployment = <your_deployment_name>
.
Delete the resources.