cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Logtash Json logfiles vs Dynatrace

henk_stobbe
Mentor

Hi,


When you implement logtash, Dynatrace is unable to read the replaced logfile, the new format is son,


Is it the one or the other?


KR Henk


6 REPLIES 6

I don’t understand your case. You are monitoring logstash and you want read logs that are created by this technology or you want to export some data to logstash?

Sebastian


henk_stobbe
Mentor

Hi Sebastian,

my mistake: customer lets tomcat log in json format, I think to make live easy for logtash. So my question should have been, is dynatrace capable of reading json logs. And I think the answer will be no, or not yet?


KR Henk




Hello,

according to documentation:

https://www.dynatrace.com/support/help/how-to-use-dynatrace/log-analytics/basic-concepts/what-log-fo...

JSON Formats are supported as well.

Sebastian


dave_mauney
Dynatrace Champion
Dynatrace Champion

Henk,

Check out the timestamp requirements on this page and make sure those are met:

https://www.dynatrace.com/support/help/how-to-use-dynatrace/log-analytics/basic-concepts/what-log-fo...

HTH,

dave


henk_stobbe
Mentor

Hi,

The json log contains a timestamp, is not marked as having an invalide date format but still,

Your search didn't return any log matches for the selected time frame


So could the conclusion be that the format is fine, but Dynatrace can not handle the invalide content of the date field?


See a example log line:

{"clientip":"xx.xx.xx.xxx","timestamp":"[17/Jun/2019:00:00:00 +0200]","request":"GET /xxxxxxx/api/internal/v1/xxxxxxxxxxxxxx=xxxxxxxx=xxxxxxxxxxxxx=true HTTP/1.1","urlpath":"/xxxxxx/api/internal/v1/xxxxxxxx","urlquery":"?xxxxxxxxx=xxxxxxx&xxxxxxxxxxx=XXXXXX&xxxxxxx=true","protocol":"HTTP/1.1","method":"GET","port":8080,"status":200,"bytes":12,"duration":57,"xxxxxxxxx:"xxxxxxxxxxxxxxxxx","xforwardedFor":"xx.xx.xx.xx"}





In link that I've provided is info that in JSON there is only one timestamp format that can be used (at least for now). Your is different so yes, log is ok but without proper detection of date you cannot search it.

Sebastian