topic Re: ActiveGate SYSLOG - how to search for logs? in Log Analytics

ActiveGate SYSLOG - how to search for logs?

cbaldi — Thu, 12 Jun 2025 06:41:51 GMT

We have started to use the built-in Open Telemetry module in the ActiveGate to collect syslogs. We see the logs appearing in the Log Viewer, however there does not appear to be a good way to create a log filter for these other than content. None of the dimensions from these syslog messages are filterable other than the generic loglevel and event.type. I expected to be able to filter on things like dt.openpipeline.source or dt.ingest.source.ip or even syslog.hostname but those are not available. Am I missing something? How can we create a filter for these syslog messages?

Re: ActiveGate SYSLOG - how to search for logs?

RohitBisht — Thu, 12 Jun 2025 03:41:36 GMT

Hi @cbaldi ,

i think what you need here is some log processing rules that gives you attributes/fields to filter things out.
It's better to use openpipeline if you can otherwise you can use classic log processing rules.

https://docs.dynatrace.com/docs/shortlink/lma-openpipeline

Here are some examples on how you can create some rules:
https://docs.dynatrace.com/docs/shortlink/lma-log-processing-examples

Also, we have come up with some default log processors now that saves you from creating the rules. Goto openpipeline -> +pipeline -> select processor under 'technology bundle' and see below options

Re: ActiveGate SYSLOG - how to search for logs?

cbaldi — Thu, 12 Jun 2025 16:11:06 GMT

Thanks for that info, though since we are on the Managed platform we cannot use those Open Pipeline features. The problem is not creating processing rules (though there are challenges there too), but rather in being able to filter the logs themselves. In an environment with a large volume of logs (as in ours) being able to filter to just the relevant logs is an important step in understanding what processing rules to then create. With all other logs I can at least filter by log source, but with the ActiveGate open pipeline syslogs I cannot.

I was able to add the dimension "dt.openpipeline.source" as a custom attribute which now allows me to filter on that, but I should not need to do that. This feature should enable this filtering natively. This seems broken to me.