How to split log access in a shared cluster

dkroger — Fri, 26 Sep 2025 14:31:49 GMT

We have migrated our logs recently to dynatrace, we have AKS shared clusters where with multiple teams with ingresses where we need to let them see their nginx logs (for their ingresses) but not all the ingresses logs from others teams. On nginx we were able to add additional headers so we have a custom appid in the nginx log json, here is an example of a query I was able to create based on this json:

fetch logs
| filter matchesValue(k8s.cluster.name, "my-cluster") AND matchesValue(k8s.namespace.name, "nginx-ingress")
| filter matchesValue(content, "{*")
and matchesPhrase(content, "\"appid\"")
| filter parse(content, "JSON{STRING:'appid'}(flat=true)") == "MYAPPID007"
| sort timestamp desc
| parse content, "JSON:json"

This query will show me the logs from the value we added, is there a way we can let users/teams only seeing specific logs from their custom appid?

I'm looking into segmentation now but I wanted to ask for guidance

Re: How to split log access in a shared cluster

Julius_Loman — Fri, 26 Sep 2025 15:46:04 GMT

@dkroger if you need to separate access, this is accomplished by IAM policies - boundaries in particular. So users can only see logs they have access to. Create boundaries which have the clusters you need in scope and then use them in conjunction with a IAM policy and assign to a group.

For filtering (you have access to the records, but you want to select a scope) you want to use segments.

If everyone should have access to every log, you need only segments. If you want to limit visibility, you need to use IAM policies.

topic How to split log access in a shared cluster in Log Analytics

How to split log access in a shared cluster

Re: How to split log access in a shared cluster