Log Monitoring functionality

Note: This feature is currently available in Preview. Be sure to read the Disclaimer.

Dynatrace version 1.206+

To enable Dynatrace Log Monitoring, just make sure you're running the latest version of Dynatrace.

All new log content from important processes will then be auto-detected and monitored.

You can include or exclude specific logs from storage using the setting option.

Additionally, you can add custom log files to be available for stored monitoring.

Also, you can enable generic ingest and allow ActiveGate to receive a stream of generic log data that is recognized and transformed by Dynatrace. Only this log data will be available in the log viewer

Log monitoring

By default, you can monitor and examine the log data that remains on the host system or is ingested and stored on the Dynatrace server. The default log data retention period is 35 days, and only log data configured in log storage and log sources is available in the log viewer.

Log Monitoring is typically used for troubleshooting and monitoring as described below.

Troubleshooting

You can analyze a specific log ad-hoc within a relatively short problem time frame for a specific process or host. In this use case, the log files remain on the host system and are not listed in the log viewer. You use Log Monitoring to drill down to the log files via the hosts or processes screens and track down the log file that pertains to the problem.

Important characteristics of using log monitoring for troubleshooting:

  • Process and operating system logs are auto-discovered.
  • You can examine the log files for the past 35 days.
  • You can examine log files one at a time in the context of your topology.

Example
Suppose a bug made it into production. An object churn causes high memory usage. This leads to garbage collectors activating, causing process restarts. Davis detects those process restarts and shows you the actual process and which services are affected. You are only one click away from looking at the log events captured during that problem time frame to enhance your troubleshooting.

Monitoring

You can analyze significant log events across multiple logs, across parts of the environment (production), and potentially over a longer time frame. For immediate notification, consider setting alerts for monitored logs. In this use case, you specify the log files to be stored on the Dynatrace server, enabling you to analyze longer time frames or to perform analysis across multiple log files.

Important characteristics of monitoring logs and storing log files on Dynatrace server:

  • You can retain data for 35 days.
  • You can create alerts based on text pattern occurrences across monitored logs.
  • You can bookmark search queries on multiple monitored logs.
  • You have access to the application programming interface (API) for these log files.
    For details, see Log Monitoring API.

Example
Suppose a security problem was found in production: confidential data was logged due to a bug. The security team has to find out when, and in which application versions, this bug occurs. To be more proactive going forward, alerting on critical log patterns must be established.

Log viewer

The Dynatrace log viewer is included in your host unit price free of charge. Dynatrace accesses and analyzes all log data that is stored on monitored host disks or streamed to Dynatrace via Activegate. To access the log viewer, select Log Monitoring in the left-hand navigation menu.

From the log viewer, you can access and examine only the logs that have been set to be monitored (stored) or streamed using Generic Log Ingest.

To view the logs for a selected process, use the log files list on individual Process pages. In the example below, the 'couchDB_ET' Process page displays two related log files. Clicking one of these opens the log viewer with that log pre-selected.

To view the logs for a selected host, use the log files list on individual host pages. Clicking one of these opens the log viewer with that log pre-selected. Host screen indicating how to view logs.