Log viewer

Dynatrace version 1.206+

The log viewer enables you to browse logs within a certain timeframe using detected aspects of the log content. You can use automatically generated facets to narrow down your log view and focus on a specific aspect of the log content.

To access the log viewer, in the Dynatrace menu, go to Logs. The log viewer has four sections:

In Filter by, you can set filters to narrow down the log events that are displayed in the results table. Select Advanced query to edit the query manually.

  • With Filter by displayed (the default), the filter is in autocomplete mode, where you select from a set of detected log data fields to filter the results (limit of 10 different attributes). For filters with the same attributes, only one statement needs to be true. For filters with different attributes, all statements need to be true. While in the auto-complete mode, selected filters and facets are synchronized automatically.

  • With Advanced query selected, you can specify more complex criteria for log events by using combinations of keywords, phrases, logical operators, and parentheses (limit of 10 different attrbiutes). The Dynatrace search query language provides you with complete flexibility over searches through log content. You can use the query entry to quickly text search the content of the log data. Any string entered in the query text box without specifying the log data attribute will be treated as a simple text search on the log data content.

You can turn Advanced query on and off to switch between the auto-complete and advanced modes. Dynatrace will transform the auto-complete filters to a query and vice versa provided that the query in the advanced mode can be transformed. Some complex queries with logical operators cannot be converted to auto-complete filters, in which case switching to auto-complete mode becomes unavailable.

Tip: In the advanced mode, you can run an empty query to return unfiltered log data.


The log chart is a histogram of log events over time that gives you a quick overview of logs and their severity within the selected timeframe.

Results table

The results table under the chart displays the log events that match the provided query and filter within the selected timeframe. Each row in the table represents a log record and can be expanded for detailed log data. The first 100 matching records are displayed, but you can view more results by selecting Show 100 more at the bottom of the table.

By default, ingested log records are sorted according to timestamp and then according to the order that is maintained in the log source, where a log source is a remote process writing to a REST API endpoint or a remote process on which logs are detected.

Hint: By default, the log viewer displays a maximum of 1,000 log events. If you don't see expected results, run a more exact query or narrow down the timeframe to see better focused log data.

To show or hide specific columns in the result table

  1. Select Table options.
    This lists Dynatrace generated and reserved log attributes that you can add to the results table for visibility and use as dimensions when creating a log metric. For example, you can use the dt.entity.process_group attribute to display the process group instance for which the log event occurred.
  2. Select or clear checkboxes to display or hide the corresponding columns in the table.


Facets (displayed to the left of the table) provide you with an overview and the ability to filter the log data. Facets are automatically detected attributes of the data presented in the table. You can use them to quickly filter the result table data for a specific log data attribute. Each facet displays the ten most popular values for that attribute. To filter all values for a particular attribute (facet), create and run a query in the log viewer search.

Unique log data attributes (high-cardinality attributes) such as span_id and trace_id generate unnecessarily excessive facet lists that may impact log viewer performance. Because of this, they aren't listed in facets. You can still use them in an advanced search query.