cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

With DQL, Chart / alert on if a host or log source has not recieved any logs over a period of time.

DanielDubs
Newcomer

Hello all,

I'm looking for a way to chart if a log source has not received any logs in over two hours, and possibly alert on it using DQL. 

I would also like to do that from the host level, basically doing the same thing of showing how many logs a host has ingested in the last hour / if it's 0. 

Thanks!

2 REPLIES 2

mark_bley
Dynatrace Champion
Dynatrace Champion

Sounds like you want to count the log line ocurrences for specific log files, you can do that with a log metric, and base a metric event on it. https://docs.dynatrace.com/docs/shortlink/lma-log-metrics

Here an example:

fetch logs, scanLimitGBytes: 2
| makeTimeseries count = count(), by:{log.source}, time:{timestamp}
| limit 10

mark_bley_0-1718371359822.png

 

ChadTurner
DynaMight Legend
DynaMight Legend

Exactly like @mark_bley stated. The vast majority of the time, if you can build it in DQL/Data Explorer, you can alert on it via custom metric or even make a metric event. 

 

-Chad

Featured Posts