Automatic log enrichment
powered by Grail
Dynatrace automatically enriches logs ingested both via API.
Transform API-ingested logs
Generic log ingestion automatically transforms status
, severity
, level
, and syslog.severity
severity keys to the loglevel
attribute.
The input values for the status
, severity
, level
, and syslog.severity
severity keys are transformed (transformation is not case sensitive) into output values for the loglevel
attribute based on the following mapping:
Input value | Output value | Example value |
---|---|---|
Begins with |
|
|
Begins with |
|
|
Begins with |
|
|
Begins with |
|
|
Begins with |
|
|
Begins with |
|
|
Begins with |
|
|
Begins with |
|
|
Begins with |
|
|
Transform all types of logs
Additionally, for each log event, a status
attribute is created with a value that is a sum of loglevel
values based on the following grouping:
Included loglevel values | Combined status attribute value |
---|---|
|
|
|
|
|
|
|
|
For example:
The level
severity key in the generic log ingestion API request parameter contains the value serious
.
- The
level
severity key is transformed into theloglevel
attribute with theserious
value mapped toSEVERE
based on the above table. - The
loglevel
attribute containing theSEVERE
value is grouped intostatus
attribute. Based on the grouping table above, thestatus
attribute will contain theERROR
value. - For the log event details, the log viewer will report the following:
- status -
ERROR
- loglevel -
SEVERE