06 Feb 2024 01:46 PM
Hello,
I'm using this query and I want to exclude a particular text from logs -
"fetch logs //, scanLimitGBytes: 500, samplingRatio: 1000
| filter matchesValue(dt.entity.process_group, "abcd") and matchesValue(status, "ERROR")"
Please let me know, how?
Thanks in advance.
Solved! Go to Solution.
06 Feb 2024 06:59 PM
HI @munawarhossain1,
What text would you like to remove?
To make things clearer, can you show us the results of your query pls?
07 Feb 2024 05:20 AM
Sure @gbaudart
07 Feb 2024 06:07 PM
Hey @munawarhossain1 , would using the filterOut cmd be viable? I am assuming you want the DQL query to return all logs that matches the first two conditions combined via AND, but specifically exclude all instances of "ExtHandler cached endpoint not found"
fetch logs
| filter matchesValue(dt.entity.process_group, "abcd") and matchesValue(status, "ERROR")
| filterOut contains(content, "ExtHandler cached endpoint not found")
08 Feb 2024 08:23 AM
That's work mate, thanks!
But as ingesting rule is defined to not capture content "bulk" but it is popping now it seems into logs
Could you please help me to rectify the condition?
Thanks
08 Feb 2024 04:07 PM
Is it as simple as the rule being defined as "Bulk" in the second Log content parameter but our actual log content is "bulk"?
08 Feb 2024 04:14 PM
I've tweaked that now -
But still appearing -
08 Feb 2024 04:21 PM
I am under the assumption your goal is to exclude the ingestation of any logs that have "This bulk request has failures failure in bulk execution:" in its log content. Assuming so, you will need to look into the Log Ingest Rules. There are some specifics around the wildcards accepted by Dynatrace, which I think the example from the documentation illustrates well:
If no wildcard is used in the value, then the matcher looks for an exact fit to the value. If a wildcard is used, the matcher looks for the exact match. For example, the value INFO results in sending only the log data having the exact INFO string, but the value *INFO* (using the wildcards) matches log data that contain the INFO string in its content.
Right now based off the screenshots, I suspect your log ingest rule is looking for log content that simply says "bulk" or "Bulk" as we aren't configured with a wildcard.
08 Feb 2024 04:27 PM
Alright thanks, changes are made now -
I'll wait for a result now