Log ingestion via OneAgent

powered by Grail

OneAgent is a powerful tool for automatically discovering and ingesting log and event data from a vast array of technologies. It supports multiple configurations of timestamps, masking sensitive data, detecting log rotation patterns, and much more. OneAgent is built for enterprise-scale operation, which lets you orchestrate a fleet of OneAgent instances centrally with as much granularity in a configuration as required.

OneAgent log configuration flow

To configure OneAgent log ingestion, use the following options:

• optional Log auto-detection: Configure the OneAgent detection mechanism. From the Dynatrace menu, go to Settings > Log Monitoring > OneAgent configuration.

• optional Custom log source configuration

• required Log storage configuration: Define ingestion rules for log sources known to OneAgent.

  This configuration is required for auto-detected and custom log sources.

• optional Sensitive data masking

• optional Timestamp configuration

OneAgent log module

Check out the OneAgent platform and capability support matrix and deploy OneAgent to your environment.

• OneAgent platform and capability support matrix

Log data discovery

Understand how OneAgent automatically discovers log data.

• Log content autodiscovery

Learn how OneAgent monitors rotation patterns for log files.

• Log rotation patterns

You can add custom log sources for OneAgent to discover.

• Custom log source

Log storage configuration

You can create rules for sending logs to Dynatrace (includes automatically discovered and custom logs).

• Log storage configuration

Log enrichment

You can transform logs ingested via OneAgent by automatically creating and extracting log attributes from log content.

• Automatic log enrichment

Sensitive data

You can set up OneAgent to mask any information that you consider to be sensitive so it doesn't reach Dynatrace in plain text.

• Sensitive data masking in OneAgent

Timestamps

Learn how OneAgent supports timestamps, or you can optionally configure a custom timestamp pattern specific to your case.

• Supported timestamp formats
• Timestamp configuration

Logs from containers

OneAgent also supports collecting logs from Docker containers and Kubernetes container orchestration systems.

• Log Monitoring in Docker
• Log Monitoring in Kubernetes

Configure OneAgent for logs

1. Make sure that the OneAgent log module is supported in your deployment or environment.

   • OneAgent platform and capability support matrix

2. Check out the supported timestamps; if necessary, you can configure your custom timestamp pattern.

   • Supported timestamp formats
   • Timestamp configuration

3. Check out how OneAgent automatically discovers log data; if necessary, you can add a custom log source.

   • Log content autodiscovery
   • Custom log source

4. Create rules for sending log data to Dynatrace (including log data from automatically discovered and custom logs).

   • Log storage configuration

5. Set up sensitive data masking to prevent private information from reaching Dynatrace.

   • Sensitive data masking in OneAgent

OneAgent also supports collecting logs from Docker containers and Kubernetes container orchestration systems.

• Log Monitoring in Docker
• Log Monitoring in Kubernetes

Alternative to ingestion via OneAgent

As an alternative to OneAgent for monitoring your log data, you can use generic ingestion to collect logs via API.

• Generic log ingestion