How to enable Log Analytics

By default, Dynatrace auto-discovers, analyzes, and stores logs every 60 seconds. You can modify this frequency in the Log Analytics configuration file.

Auto-discovery of log content

By default, Dynatrace auto-discovers all new log files. While some of the log files are valid and auto-discovered by default, other log files must meet certain requirements to be auto-discovered.

Default auto-discovery

By default, log files are auto-discovered and analyzed if they are in:

  • Windows System Log
  • Windows Security Log
  • Windows Application Log
  • /var/log/syslog
  • /var/log/messages

Auto-discovery requirements

A log file must meet all of the following requirements in order to be auto-discovered:

  • The log file must be opened by an important process. See, Which are the most important processes?

  • The log file must exist for a minimum of one minute.

  • The log file must contain a supported time stamp.

    Binary logs and unsupported time stamp

    Binary log files and log files that contain an unsupported time stamp will be detected automatically but will not be analyzed and will not be stored (only the file status will be reported). See, Log Analytics configuration file.

  • The log file must be at least 0.5 kb in size.

  • The log file must have been updated (written to) in the last 7 days.

  • The log file must be in a root or in a sub folder of a log or logs folder:

    • Valid path examples:
      c:\log\log_file.txt
      c:\logs\NewFolder\log_file.txt
    • Invalid path example:
      c:\log\NewFolder\NewFolder\log_file.txt

    or the log filename must contain a log string preceded or followed by the period (.) or underscore (_) character:

    • Valid filename examples:
      c:\NewFolder\0865842.log.txt
      c:\NewFolder\log_file.txt
    • Invalid filename example:
      c:\NewFolder\logfile.txt
No auto-discovery

If you don't want Dynatrace to automatically discover new log files on a specific monitored host, set:

AppLogAutoDetection = false

On Linux:

  • Dynatrace OneAgent versions 103 and later:
    /var/lib/dynatrace/oneagent/agent/config/ruxitagentloganalytics.conf

  • Dynatrace OneAgent versions 102 and earlier:
    /var/lib/ruxit/agent/config/ruxitagentloganalytics.conf

On Windows:

  • Dynatrace OneAgent versions 103 and later:
    C:\ProgramData\dynatrace\oneagent\agent\config\ruxitagentloganalytics.conf

  • Dynatrace OneAgent versions 102 and earlier:
    C:\ProgramData\ruxit\agent\config\ruxitagentloganalytics.conf

OneAgent restart is not required.

Enable or disable Log Analytics

Dynatrace Log Analytics is enabled by default. However you can easily disable/enable Log Analytics-

To enable/disable Log Analytics globally:

  1. Open the navigation menu and select Settings.
  2. Select Monitoring > Monitored technologies.
  3. Set the Log Analytics switch to the On position for enable or to the Off position for disable.

User rights for Log Analytics

Logs often contain sensitive information that may not be appropriate for all users to see. For this reason, your Dynatrace administrator must enable the View logs account-security permission by adding these users to the Log viewer group. Non-admin users are NOT part of this group by default. To access log contents, they must be explicitly added.