Log Monitoring API v2 - GET aggregate logs

Gets the aggregated log records that match the provided criteria.

Returns the aggregated number of occurrences of log values divided into time slots.

It is possible that the timeframe covered by the results exceeds the specified timeframe. In such cases, the request returns fewer timeslots than specified in the timeBuckets query parameter.

The request produces an application/json payload.

  • This request is an Early Adopter release and may be changed in non-compatible way.
  • This request is available only for Dynatrace SaaS.

GET

  • SaaS https://{your-environment-id}.live.dynatrace.com/api/v2/logs/aggregate
  • Environment ActiveGate https://{your-activegate-domain}/e/{your-environment-id}/api/v2/logs/aggregate

Authentication

To execute this request, you need the Read logs (logs.read) permission assigned to your API token. To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter Type Description In Required
from string

The start of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the relative timeframe of two weeks is used (now-2w).

query optional
to string

The end of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the current timestamp is used.

query optional
query string

Filtering query written in LQL

query optional
timeBuckets integer

Time buckets used in aggregation

query optional
maxGroupValues integer

Max distinct values per group in aggregation

query optional
groupBy array

Grouping used for aggregation

query optional

Response

Response codes

Code Description
200

Success

400

Failed. The input is invalid.

Response body

The AggregatedLog object

Aggregated log

Element Type Description
aggregationResult object

Aggregated log records.