With Dynatrace log analytics, you gain direct access to the log content of all your system's mission-critical processes. It's easy to search for specific log messages that you're interested in. Log content can be filtered based on keywords or time frame. You can even analyze multiple log files simultaneously—even when log files are stored across multiple hosts.
Most significantly, Dynatrace artificial intelligence automatically correlates relevant log messages with any problems that it detects in your environment. Relevant log messages that are associated with problems are then factored into problem root-cause analysis.
To enable Dynatrace log analytics, just make sure that you're running the latest version of Dynatrace. All new log content from important processes will then be auto-detected and monitored. There's no need to copy or export log content to external storage to facilitate analysis. For full details, see How do I enable log analytics?.
Access logs during problem analysis
When Dynatrace detects that a certain process is the root cause of a detected problem, an Analyze process logs link is displayed on the corresponding Problem page.
To access log content during problem analysis:
- Click the Problems tile on your Dynatrace homepage.
- Select a problem.
- Click the Analyze process logs link beneath the root cause section.
- The Log viewer appears pre-loaded with all problematic process log entries that occurred during the problem time-frame.
Using the Log viewer you can directly analyze log content and find problematic log messages that will help you understand the root cause of problems detected within monitored processes.
Browse for process logs
The Log viewer enables you to browse through process logs, manually selecting individual logs for ad hoc analysis. Alternatively you can search across selected process-log content using keyword search and filtering. Search queries can be saved for reuse later. You can even opt to have log results returned to you raw or in aggregated form.
To access the Log viewer, open the left-hand navigation menu and select Log files.
To browse the logs of selected process, it's easiest to use the log files list on individual Process pages. Note in the example below that the 'couchDB_ET' Process page displays two related log files. Clicking one of these opens the Log viewer with that log pre-selected.
Search log files
Extensible and easy to learn, the Dynatrace search query language enables you to filter out all log lines except for those that are of interest to you. For full details, see search query language.
Create events based on log patterns
When you identify specific patterns in your log files that indicate problems or potential problems (i.e., messages that match specific search criteria), you can save the patterns for automatic detection by Dynatrace artificial intelligence. This way, the next time Dynatrace encounters the saved log pattern, it will automatically generate a new problem for tracking and root-cause analysis.
To create events based on a log pattern:
- From the left-hand navigation menu, select Log files.
- Define a search query and select logs for analysis.
- At the bottom of the Log viewer, select a time frame (i.e., scope) for the query.
- Click Display log to view the search results.
- When happy with your query - click "Define event" button.
- Fine-tune the query or scope, if needed.
- Select the event type (Performance, Availability or Error) that best describes the searched pattern. This affects how the event will be correlated with other events.
- Modify the frequency threshold (if needed).
- Click Save.
All event definitions are available at Settings > Log analysis.
Basic log analytics functionality is included at no additional cost. Dynatrace accesses and analyzes all logs that are stored on monitored host disks. This means that there are limitations to the log content that Dynatrace has access to:
- Log files are available for analysis only as long as they are stored on a host that is actively monitored by Dynatrace.
- A maximum of 7 days of log history can be analyzed.
- Log-analysis queries can be run on a maximum of:
- 20 log files
- 500 MB total log(s) size (most recent 500MB is analyzed in case a single log file is selected)
- A maximum of 5 log-content pattern definitions can be defined and saved. Pattern definitions are used to automatically scan logs for events that should trigger the creation of new problems to be tracked and analyzed by Dynatrace.
All of the above limitations are removed in Log Analytics Premium.