This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ActiveGate SYSLOG - how to search for logs?

cbaldi
Guide

‎11 Jun 2025 08:47 PM - last edited on ‎12 Jun 2025 07:41 AM by Community Team

We have started to use the built-in Open Telemetry module in the ActiveGate to collect syslogs. We see the logs appearing in the Log Viewer, however there does not appear to be a good way to create a log filter for these other than content. None of the dimensions from these syslog messages are filterable other than the generic loglevel and event.type. I expected to be able to filter on things like dt.openpipeline.source or dt.ingest.source.ip or even syslog.hostname but those are not available. Am I missing something? How can we create a filter for these syslog messages?

 

0 Kudos
Reply
2 REPLIES 2

RohitBisht
Dynatrace Pro
Dynatrace Pro

‎12 Jun 2025 04:41 AM

Hi @cbaldi ,

i think what you need here is some log processing rules that gives you attributes/fields to filter things out.
It's better to use openpipeline if you can otherwise you can use classic log processing rules.

https://docs.dynatrace.com/docs/shortlink/lma-openpipeline

Here are some examples on how you can create some rules:
https://docs.dynatrace.com/docs/shortlink/lma-log-processing-examples

Also, we have come up with some default log processors now that saves you from creating the rules. Goto openpipeline -> +pipeline -> select processor under 'technology bundle' and see below options

RohitBisht_0-1749699596490.png

 



RB
0 Kudos
Reply

cbaldi
Guide
In response to RohitBisht

‎12 Jun 2025 05:11 PM

Thanks for that info, though since we are on the Managed platform we cannot use those Open Pipeline features. The problem is not creating processing rules (though there are challenges there too), but rather in being able to filter the logs themselves. In an environment with a large volume of logs (as in ours) being able to filter to just the relevant logs is an important step in understanding what processing rules to then create. With all other logs I can at least filter by log source, but with the ActiveGate open pipeline syslogs I cannot.

I was able to add the dimension "dt.openpipeline.source" as a custom attribute which now allows me to filter on that, but I should not need to do that. This feature should enable this filtering natively. This seems broken to me.

 

0 Kudos
Reply
Ask a question

Featured Posts