This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Parse Multiline Log

Go to solution
MarcioKaue
Helper

‎14 Nov 2023 03:16 PM

Hello,

We are facing a problem parsing log lines where we understand that the root cause is due to the data being multiline.

Below is an example log:

2023-02-31 11:51:28,988 - INFO - Prediction Output: class0_proba=0.00 class1_proba=0.00
INFO: 0.0.0.0:12345 - "POST /api/v1/model/string/predict HTTP/1.1" 200 OK

We would like to parse the Status Code information but it is not being effective:

 

fetch logs
| filter contains(content, "POST")
| parse content, "LD 'HTTP/1.1\"' LD:httpcode "

In a log that is not multiline this parse works correctly. Does anyone have any idea how we can extract this information?

Labels:
Reply
5 REPLIES 5

Go to solution
sinisa_zubic
Dynatrace Champion
Dynatrace Champion

‎14 Nov 2023 04:43 PM

Hi @MarcioKaue 

 

The reason why is because LD is only matching one single line. You have to use the DATA matcher, which is the multiline matcher.

| parse content, """DATA 'HTTP/1.1\" ' INT:httpcode"""

 

Best,
Sini

Reply

Go to solution
MarcioKaue
Helper
In response to sinisa_zubic

‎14 Nov 2023 06:05 PM

Thanks @sinisa_zubic , it worked perfectly!

0 Kudos
Reply

Go to solution
MarcioKaue
Helper

‎14 Nov 2023 06:45 PM

@sinisa_zubic ,Can we also get other fields using DATA?

Example get status code and API name "/api/v1/model/string/predict"

0 Kudos
Reply

Go to solution
sinisa_zubic
Dynatrace Champion
Dynatrace Champion
In response to MarcioKaue

‎14 Nov 2023 07:16 PM

yes you can

| parse content, """DATA '"' ALPHA:method ' ' LD:apiName ' HTTP/1.1\" ' INT:httpcode"""

 

If you are new to the Dynatrace Pattern Language, I would suggest that you check out those two resources

https://www.dynatrace.com/news/blog/speed-up-your-security-investigations-with-dpl-architect/

https://docs.dynatrace.com/docs/platform/grail/dynatrace-pattern-language/dpl-architect

Reply

Go to solution
Kenny_Gillette
DynaMight Leader
DynaMight Leader

‎15 Apr 2025 07:58 PM

I am trying to figure out DQL/DPL

Stuck on this:

info: cartservice.cartstore.ValkeyCartStore[0]
AddItemAsync called with userId=744108ea-1a14-11f0-b19d-fe219cfda8e5, productId=2ZYFJ3GM2N, quantity=5

 

Need to pull UserID, productId, and quantity.

Going through a class on university:

https://university.dynatrace.com/ondemand/course/39387/video/36652?content=resources&section=39620

 

But their example didn't have two lines.  I know to use DATA but just can't figure out.

Dynatrace Certified Professional
0 Kudos
Reply
Ask a question

Featured Posts