11 Jun 2024 11:28 PM
Hello all,
I'm looking for a way to chart if a log source has not received any logs in over two hours, and possibly alert on it using DQL.
I would also like to do that from the host level, basically doing the same thing of showing how many logs a host has ingested in the last hour / if it's 0.
Thanks!
Solved! Go to Solution.
14 Jun 2024 02:23 PM
Sounds like you want to count the log line ocurrences for specific log files, you can do that with a log metric, and base a metric event on it. https://docs.dynatrace.com/docs/shortlink/lma-log-metrics
Here an example:
fetch logs, scanLimitGBytes: 2
| makeTimeseries count = count(), by:{log.source}, time:{timestamp}
| limit 10
14 Jun 2024 08:21 PM
Exactly like @mark_bley stated. The vast majority of the time, if you can build it in DQL/Data Explorer, you can alert on it via custom metric or even make a metric event.