Log ingestion via OneAgent
OneAgent is a powerful tool for automatically discovering and ingesting log and event data from a vast array of technologies. It supports multiple configurations of timestamps, masking sensitive data, detecting log rotation patterns, and much more. OneAgent is built for enterprise-scale operation, which lets you orchestrate a fleet of OneAgent instances centrally with as much granularity in a configuration as required.
OneAgent log configuration flow
To configure OneAgent log ingestion, use the following options:
-
optional Log auto-detection: Configure the OneAgent detection mechanism. Go to Settings > Log Monitoring > Advanced log settings.
-
optional Custom log sources
-
required Log ingest rules: Define ingestion rules for log sources known to OneAgent.
This configuration is required for auto-detected and custom log sources.
-
optional Sensitive data masking
-
optional Timestamp/Splitting patterns
OneAgent log module
Check out the OneAgent platform and capability support matrix and deploy OneAgent to your environment.
Log data discovery
Understand how OneAgent automatically discovers log data.
Learn how OneAgent monitors rotation patterns for log files.
You can add custom log sources for OneAgent to discover.
Log ingest rules
You can create rules for sending logs to Dynatrace (includes automatically discovered and custom logs).
Log enrichment
You can transform logs ingested via OneAgent by automatically creating and extracting log attributes from log content.
Sensitive data
You can set up OneAgent to mask any information that you consider to be sensitive so it doesn't reach Dynatrace in plain text.
Timestamps
Learn how OneAgent supports timestamps, or you can optionally configure a custom timestamp pattern specific to your case.
Logs from containers
OneAgent also supports collecting logs from Docker containers and Kubernetes container orchestration systems.
OneAgent settings
Dynatrace Log Monitoring uses the OneAgent log module enabled by default with all OneAgent installations. While Log Monitoring does not require any specific configuration, you can modify some of the options available for the OneAgent log module.
You can adjust:
Enable and disable automatic log detection for different technologies.
Define default timezone in containers.
Enable defining the storage configuration by a configuration file on the host.
Define specific location where the timestamp and severity occur in your incoming log data.
Define the maximum number of log group instances per entity.
Global OneAgent settings for Log Monitoring
- Go to Settings > Log Monitoring > Advanced log settings.
- Adjust settings and Save changes.
Host-specific OneAgent settings for Log Monitoring
- Go to Hosts and select your Linux host.
- On the host overview page, select More (…) > Settings in the upper-right corner of the page.
- On the Host settings page, select Log Monitoring and Advanced log settings.
- Adjust settings and Save changes.
Default OneAgent settings
Setting | Default |
---|---|
Detect IIS logs | enabled |
Detect system logs | enabled |
Detect logs on NFS | disabled |
Allow OneAgent to monitor OneAgent logs | disabled |
Detect logs inside containers | enabled |
Set UTC as default timezone in containers | enabled |
Timestamp search limit |
|
Severity search chars limit |
|
Severity search lines limit |
|
Maximum of log group instances per entity limit - count |
|
Alternative to ingestion via OneAgent
As an alternative to OneAgent for monitoring your log data, you can use generic ingestion to collect logs via API.