• Home
  • How to use Dynatrace
  • Log Monitoring
  • Log ingest & process
  • Log content autodiscovery

Log content autodiscovery

By default, Dynatrace automatically discovers all new log files that meet the requirements described below.

Default autodiscovery

Dynatrace autodiscovers, analyzes, and stores (if selected for storage) logs every 60 seconds.

By default, log files are autodiscovered and analyzed if they are in:

  • Windows Security Log
  • Windows Application Log
  • Windows System Log
  • IIS Event Logs
  • /var/log/messages
  • /var/log/syslog

For Windows events logs, Log Monitoring selects the following attributes:

Semantic attribute nameEvent property

winlog.level

Event.RenderingInfo.Level

winlog.levelid

Event.System.EventID

winlog.provider

Event.System.Provider.<xmlattr>.Name

winlog.task

Event.System.Task

winlog.opcode

Event.RenderingInfo.Opcode

Autodiscovery requirements

A log file must meet all of the following requirements in order to be autodiscovered:

  • The log file must be opened by an important process.

  • The log file must exist for a minimum of one minute.

  • The logs must have a supported character encoding. By default, the supported encoding is UTF-8. Other supported types include UTF-8 BOM and, if the files contain the byte-order mark (BOM), UTF-16LE and UTF-16BE.

    Binary logs and unsupported timestamp

    Binary log files are not analyzed and stored (only the file status is reported). Files with an unsupported timestamp are automatically timestamped with the file reading time.

  • The log file must be at least 0.5 KB in size.

  • The log file must have been updated (written to) in the last 7 days.
    Log files that have not been updated in the past 7 days while Log Monitoring is active will not be visible on dashboards.

  • The log file must be in the actual log or logs folder or in its subfolders:

    • Valid path examples:
      c:\log\log_file.txt
      c:\logs\NewFolder\log_file.txt
    • Invalid path example:
      c:\log\NewFolder\NewFolder\log_file.txt

    or the log filename must contain a log string preceded or followed by the period (.) or underscore (_) character:

    • Valid filename examples:
      c:\NewFolder\abc.log
      c:\NewFolder\0865842.log.txt
    • Invalid filename example:
      c:\NewFolder\logfile.txt

Limitations for detected files

  • File cannot be deleted earlier than a minute after creation.
  • Files must be appended (old content is not updated).
  • Files must have text content.
  • Log files must be opened constantly (not just for short periods of adding log entry).
  • Log files must be opened in write mode.

Turn off log autodiscovery

If you don't want Dynatrace to automatically discover new log files on a specific monitored host, you can turn off log autodiscovery.

  1. On the host, open the log analytics configuration file for editing.
    • On Linux:
      /var/lib/dynatrace/oneagent/agent/config/ruxitagentloganalytics.conf
    • On Windows:
      %PROGRAMDATA%\dynatrace\oneagent\agent\config\ruxitagentloganalytics.conf
  2. Set the following:
    AppLogAutoDetection = false

OneAgent restart is not required.

Related topics

Log Monitoring FAQ