cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Extracting and Setting LogLevel based off a Single Character

bsnurka
Dynatrace Advisor
Dynatrace Advisor

Use Case: Customer has an application log which contains a single character, "E" for example, which denotes what the LogLevel for said Log entry is.

 

 

[2024-05-21T12:06:40.084-0400] 012345 id=         com.github.example                        E HOST: An unexpected error occured whilst opening the log. Log example Log example Log example Log example Log example Log example Log example

 

 

Dynatrace will not automatically extract the single character and set the LogLevel as it is in a non-standard format, but we can perform this work using a Log Processing Rule - https://docs.dynatrace.com/docs/shortlink/lma-log-processing

Log Processor Setup: Open up the Dynatrace Tenant > Settings > Log Monitoring > Log Processing.

Click Add rule - Give the rule a friendly but descriptive name.

In the Matcher field, enter the DQL filters which will focus the log processing rule down to the specific application we are focused on. For example:

 

matchesValue(k8s.namespace.name, "App-namespace") AND matchesValue(k8s.deployment.name, "MyApplication")

 

For the processor definition, enter the following:

 

USING(INOUT loglevel, IN content)
|PARSE(content,"LD SPACE LD SPACE LD BLANK LD BLANK ['A-Z']{1}:logstatus SPACE")
| FIELDS_ADD(loglevel:
  IF(logstatus == "W", "WARN",
    IF(logstatus == "E", "ERROR", 
      IF(logstatus == "I", "INFO", 
        IF(logstatus == "C", "CRITICAL",
          IF(logstatus == "D", "DEBUG",
            IF(logstatus == "S", "SEVERE", 
              IF(logstatus == "T", "TRACE", 
                IF(logstatus == "N", "NOTICE",
                  IF(logstatus == "A", "ALERT",
                    IF(logstatus == "F", "FATAL",
                      "NONE"
                    )
                  )
                )
              )
            )
          )
        )
      )
    )
  )
)

 

This Log Processing Rule will extract the single character, "E" in the above example, and save that to a logstatus field. Then based off the logstatus field, we update the loglevel to the corresponding value.

Before transformation vs After Transformation

bsnurka_0-1722522958844.png

Save the Rule and Turn it on to start updating the loglevel for any newly ingested logs matching the defined matcher!

0 REPLIES 0

Featured Posts