cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Fetch logs from all hosts with a Tag

S_Hadley1138
Contributor

Hi there,

I'm a newbie, so please don't flame me.  I'm trying to get the logs from all hosts that have a certain Tag...  i can get the hosts, but them how do i feed that to a fetch logs ?

fetch dt.entity.host | filter matchesValue(tags,"MESSAGING:DAG01")
| fetch logs

doesn't seem to work

any pointers would be appreciated, cheers

14 REPLIES 14

gbaudart
DynaMight Champion
DynaMight Champion

Hi @S_Hadley1138,

Try this :

fetch logs
| lookup [ fetch dt.entity.host
  | filter matchesValue(tags,"MESSAGING:DAG01")
],lookupField:id, fields:{id} 

Let me know if it's ok for you 

Observability Consultant - Dynatrace Professional Certified

thanks for responding.  it does execute, but its not respecting the tag, and pulling everything back.  it seems i can put anything in the tag field in the query and get the same results...  very odd

ive tried to show in the screenshot, that the hosts its pulling back are citrix, rather than messaging, and have different tags

Ooh.. so you can try this :

fetch logs
| lookup 
  [ 
    fetch dt.entity.host
  ],sourceField:dt.entity.host, lookupField:id, fields:{id,tags}
| filter matchesValue(tags,"MESSAGING:DAG01")

 

Observability Consultant - Dynatrace Professional Certified

i may have found the issue....  seems our servers were not enabled for collecting the windows application logs, so there are no logs to find...      apologies for that

That might explain it all ^^

Observability Consultant - Dynatrace Professional Certified

like I said, I am a Newbie...   (and a Muppet...)   thanks for your help

@S_Hadley1138 
oooh.. So you can try this one : 

 

fetch logs
| lookup 
  [ 
    fetch dt.entity.host
  ],sourceField:dt.entity.host, lookupField:id, fields:{id,tags}
| filter matchesValue(tags,"MESSAGING:DAG01")

 

Observability Consultant - Dynatrace Professional Certified

close, but that doesn't return anything...

i can see what you are doing with the filter, as this query returns the host names ok

fetch dt.entity.host
|fieldsAdd entity.name
| filter matchesValue(tags,"MESSAGING:DAG01")

just need to get the logs to filter by this list....  so close

sadly, that return no results.  the filter part works against the hosts table, it just doesnt want to connect the two parts.  any other ideas?

It's curious because I tested the command on my environment and it works well..

Observability Consultant - Dynatrace Professional Certified

count it be because there are many Tags?  might it need to be a 'containsValue' rather than matchesValue?  or whatever the DQL equivalent is?  in your testing, try it with several tags....

 

i agree, as i think it is along the right lines.....  I've included a screenshot, i can prove the tags are right...  i must be doing something wrong

can you observe the desired tags with the following command?

fetch dt.entity.host
| filter matchesValue(tags,"MESSAGING:DAG01")
| fields entity.name, id, tags
Observability Consultant - Dynatrace Professional Certified

yep, that query works fine (apologies for the red, im trying to obscure the company name)

Featured Posts