cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dynatrace Log file monitoring not showing enough data in alert

pshinde
Inactive

Hi Team , I have tested log file monitoring for custom log files and event id from Windows Application log . I found very limited options available with alerting for the same .Please let us know is their any road map to fix this .

1) Email alert does not show up anything what is timestamp of triggered event and what is content of string which trigger the alert .

2) Even in Problem button it just show up about text pattern which we configured in event rule .It should show complete actual event in problem

3)Alert are getting auto closed in 10 min times . Is their any way we can increase time line to close the alert automatically.

4) If I want to trigger alert for event id 0 How to do that . If i just mention 0 under pattern monitoring it is picking those from any event where 0 is available . Their should be parameter or option should be available where I can define Event id = event id monitoring in event rule pattern .

7 REPLIES 7

pawel_brzoska
Inactive

Hi Prashant,

1-2 requires you to click to drilldown to log viewer. We will consider adding entire log message o event body as an enhancement.

3. Alert is closed when no pattern matching log entries are present in the log anymore. Problem stays on the list as "resolved'. Would you expect another behavior ? Why ?

4. This will be possible once we introduce parsing of windows log format. Coming soon.

pshinde
Inactive

@Pawel B. In email alert we expect to get complete string which caused alerts and timestamp of the event which is currently not happening ,Getting alert profile name is not useful .

Point 3 - Alert get close automatically it does not stay to clear the issue for log monitoring.

@Pawel B. I also encountered this issue. our customer expecting to get complete string which caused alerts in notification and want to know if it will be supported in the future. Thank you.


marco_mannucci1
Inactive

Adding complete details would be a great enhancement, also, being able to keep the event open, until resolved would be good too... a log event should not be treated in the same manner as a metric threshold breach as there is often only one instance of the event. Example:- job failure... there may be no subsequent events but the issue needs to be resolved before the "problem" is cleared. Would it be possible to correlate events from logs... EG. Job failure and job success.... the latter clearing the former. even if it takes a day or more to get the cleardown event..


Opening an event by one message and closing by another is in plans. Keeping event open as long as it is closed manually sounds more like Jira-type integration use case, would you agree ?


marco_mannucci1
Inactive

Pavel,

I will leave the argument about technical definitions to experts with far greater knowledge than I 🙂 But Jira, is one option for sure, yes. The essential issue we are looking to, hopefully, address, is to be able to treat log entries as events in the same manner as, for example a CPU alert, but, with the exception that we need to take into account that a log event will arrive once and once only, generally, having no repeat signal to indicate the issue is still valid. One action will be to be able to correlate events.. Job Fail with subsequent job success for example. The other case is to have the ability for some manual or automated intervention that can be triggered once the "issue" is resolved. In the sense... event is correctly seen by Dynatrace, and stays "live" until an external action, alters the state. Whether this is generated by an external ticketing system triggering the action, or whether this needs someone to physically set a flag on the event is open for discussion.

🙂

Do you have any spec or description around what and how you are planning your correlation?

Thank you


pawel_brzoska
Inactive

We dont have that details yet, will update you once it is known.