Kubernets app only pod logs delivered via ingest API - association with Dynatrace entities

PetrVlacil — Fri, 23 May 2025 13:47:13 GMT

Hello

Our client has a Dynatrace managed. We monitor production OpenShift in CloudNative Fullstack. But for the dev OpenShift cluster, we use App Only mode. To get container output logs to Dynatrace, it is suggested to use, for example, fluentbit. If I understand it correctly, with the recommended default Fluentbit config, logs delivered via the log ingest api should be associated with the monitored entities in Dynatrace. However, our client uses Vector. We're able to get the container output logs to Dynatrace using Vector's HTTP output sink, but the logs are not associated with the cluster/namespace/pod.

Vector is sending some of the Kubernetes metadata with the logs. Currently we have:

k8s.container.name
k8s.namespace.name
k8s.container.image.name
k8s.container.id
k8s.pod.name

k8s.node.name

k8s.cluster.name

dt.kubernetes.cluster.name
host.name

But in the Fluentbit example value.yaml config mentioned in the Guide, there are some more fields:
k8s.pod.uid
k8s.cluster.uid

dt.kubernetes.cluster.id

Does anyone know which information/metadata Dynatrace is exactly using to correlate API ingested logs with monitored entities? If Vector starts sending k8s.pod.uid, k8s.cluster.uid, dt. Kubernetes.cluster.id, will Dynatrace be able to assign the logs to entities, or is any other information needed? For example, does Vector also need to send some pod annotations/labels that the Dynatrace operator adds to Kubernetes objects?

Thank you and best regards

Petr

topic Kubernets app only pod logs delivered via ingest API - association with Dynatrace entities in Log Analytics

Kubernets app only pod logs delivered via ingest API - association with Dynatrace entities