Log Monitoring API v2 - POST ingest logs

Pushes custom logs to Dynatrace.

This endpoint requires an ActiveGate with the Log analytics collector module enabled. This module is enabled by default on all of your ActiveGates.

The request consumes one of the following payload types:

  • text/plain—limited to a single log event.
  • application/json—supports multiple log events in a single payload.

Be sure to set the correct Content-Type header and encode payload with UTF-8: application/json; charset=utf-8.

  • This request is an Early Adopter release and may be changed in non-compatible way.
  • This request is available only for Dynatrace SaaS.
SaaS Environment ActiveGate only

The log ingest API is only available for Environment ActiveGates in Dynatrace SaaS:
https://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/logs/ingest

Authentication

To execute this request, you need the Ingest logs (logs.ingest) permission assigned to your API token. To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter Type Description In Required
body LogMessageJson

The body of the request. Contains one or more log events to be ingested.

The endpoint accepts one of the following payload types, defined by the Accept header:

  • text/plain: supports only one log event.
  • application/json: supports multiple log events in a single payload.
body optional

Body format

The LogMessagePlain object

The log message in plain text.

The length of the message is limited to 8,192 characters. Any content exceeding the limit is trimmed.

The LogMessageJson object

The log message in JSON format. Use one object representing a single event or an array of objects representing multiple events.

The object might contain the following types of keys (the possible key values are listed below):

  • Timestamp. The following formats are supported: UTC milliseconds, RFC3339, and RFC3164. If not set, the current timestamp is used.
  • Severity. If not set, NONE is used.
  • Content. If the content key is not set, the whole JSON is parsed as the content.
  • Semantic attribute. Only values of the String type are supported. Semantic attributes are indexed and can be used in queries. These are also displayed in aggregations (facets). If an unsupported key occurs it is not indexed and cannot be used in indexing and aggregations.

The length of the value is limited. Any content exceeding the limit is trimmed. Default limits:

  • Content: 8,192 characters.
  • Semantic attribute value: 250 characters.

Supported timestamp keys:

  • @timestamp
  • Timestamp
  • _timestamp
  • date
  • eventTime
  • published_date
  • syslog.timestamp
  • timestamp

Supported content keys:

  • body
  • content
  • message
  • payload

Supported severity keys:

  • level
  • loglevel
  • severity
  • status
  • syslog.severity

Supported semantic attribute keys:

  • audit.action
  • audit.identity
  • audit.result
  • aws.account.id
  • aws.arn
  • aws.log_group
  • aws.log_stream
  • aws.region
  • aws.resource.id
  • aws.resource.type
  • aws.service
  • azure.location
  • azure.resource.group
  • azure.resource.id
  • azure.resource.name
  • azure.resource.type
  • azure.subscription
  • cloud.account.id
  • cloud.availability_zone
  • cloud.provider
  • cloud.region
  • container.image.name
  • container.image.tag
  • container.name
  • db.cassandra.keyspace
  • db.connection_string
  • db.hbase.namespace
  • db.jdbc.driver_classname
  • db.mongodb.collection
  • db.mssql.instance_name
  • db.name
  • db.operation
  • db.redis.database_index
  • db.statement
  • db.system
  • db.user
  • dt.active_gate.group.name
  • dt.active_gate.id
  • dt.code.filepath
  • dt.code.func
  • dt.code.lineno
  • dt.code.ns
  • dt.ctg.calltype
  • dt.ctg.extendmode
  • dt.ctg.gatewayurl
  • dt.ctg.program
  • dt.ctg.rc
  • dt.ctg.requesttype
  • dt.ctg.serverid
  • dt.ctg.termid
  • dt.ctg.transid
  • dt.ctg.userid
  • dt.entity.cloud_application
  • dt.entity.cloud_application_instance
  • dt.entity.cloud_application_namespace
  • dt.entity.container_group
  • dt.entity.container_group_instance
  • dt.entity.custom_device
  • dt.entity.host
  • dt.entity.kubernetes_cluster
  • dt.entity.kubernetes_node
  • dt.entity.process_group
  • dt.entity.process_group_instance
  • dt.event.group_label
  • dt.event.key
  • dt.events.root_cause_relevant
  • dt.exception.messages
  • dt.exception.serialized_stacktraces
  • dt.exception.types
  • dt.extension.config.id
  • dt.extension.ds
  • dt.extension.name
  • dt.extension.status
  • dt.host.ip
  • dt.host.smfid
  • dt.host.snaid
  • dt.host_group.id
  • dt.http.application_id
  • dt.http.context_root
  • dt.kubernetes.cluster.name
  • dt.kubernetes.config.id
  • dt.kubernetes.event.involved_object.kind
  • dt.kubernetes.event.involved_object.name
  • dt.kubernetes.event.reason
  • dt.kubernetes.node.name
  • dt.kubernetes.node.system_uuid
  • dt.kubernetes.topmost_controller.kind
  • dt.kubernetes.workload.kind
  • dt.kubernetes.workload.name
  • dt.network_zone.id
  • dt.os.description
  • dt.os.type
  • dt.process.commandline
  • dt.process.executable
  • dt.process.name
  • dt.source_entity
  • dt.source_entity_name
  • dt.source_entity_type
  • faas.id
  • faas.instance
  • faas.name
  • faas.version
  • gcp.instance.id
  • gcp.instance.name
  • gcp.project.id
  • gcp.region
  • gcp.resource.type
  • host.hostname
  • host.id
  • host.image.id
  • host.image.name
  • host.image.version
  • host.name
  • host.type
  • http.client_ip
  • http.flavor
  • http.host
  • http.method
  • http.route
  • http.scheme
  • http.server_name
  • http.status_code
  • http.status_text
  • http.target
  • http.url
  • k8s.cluster.name
  • k8s.container.name
  • k8s.cronjob.name
  • k8s.cronjob.uid
  • k8s.daemonset.name
  • k8s.daemonset.uid
  • k8s.deployment.name
  • k8s.deployment.uid
  • k8s.job.name
  • k8s.job.uid
  • k8s.namespace.name
  • k8s.pod.name
  • k8s.pod.uid
  • k8s.replicaset.name
  • k8s.replicaset.uid
  • k8s.statefulset.name
  • k8s.statefulset.uid
  • log.source
  • net.host.ip
  • net.host.name
  • net.host.port
  • net.peer.ip
  • net.peer.name
  • net.peer.port
  • net.transport
  • service.instance.id
  • service.name
  • service.namespace
  • service.version
  • span.id
  • trace.id

Response

Response codes

Code Description
200

Success. Some log events were limited.

204

Success. Response doesn't have a body.

400

Failed. The input is invalid.

402

Failed. You can't add more logs to the storage, because you are out of Davis Data Units (DDU). Purchase additional DDUs.

404

Failed. The requested resource doesn't exist. This may happen when no Environment or Cluster ActiveGate is available with Log Analytics Collector module enabled.

Response body

The SuccessEnvelope object

Element Type Description
details Success

The Success object

Element Type Description
message string

Detailed message

code integer

The HTTP status code