Solved: Re: Simple text log monitoring

olegus · ‎12 Sep 2023

I'm new to Dynatrace so bare with my dumb questions here 🙂

What I need is to make Dynatrace to watch a very simple log file in text format , check for a specific value and raise an alert if found.

So far I was able to specify a custom log source under a process that produces my logs but it seems Dynatrace does not want to monitor it. Why is that?

Also , I stumbled across log processing rules and I 'm struggling to create my own to simply find a word sequence there. All examples seems related to known logs from web servers like nginx /haproxy and includes some pretty complex data manipulation. Plus, It seems that logs should be in JSON format? At least that what's required for Rule Testing section..

I have a feeling that I've missing something obvious here - can you point me to the right direction how can I:

- add a text log file to Dynatrace

- add a rule to simply check for words "exit code XXX"

- raise an alert

natanael_mendes · ‎13 Sep 2023

Hey, you can use some rules to do this.

Check this documentation if you use classic v2

https://www.dynatrace.com/support/help/observe-and-explore/logs/log-monitoring/log-processing

Check this documentation if you use Grail

https://www.dynatrace.com/support/help/observe-and-explore/logs/log-management-and-analytics/lma-use...

Dynatrace Professional Certified

sundarv1 · ‎09 Apr 2024

log.source= "/opt/oracle" AND (content="ORA-"). This is log source. instead of searching for content, i want to search ORA- in the first line in the log only. How to do that

Mizső · ‎14 Sep 2023

Hi @olegus,

Could you please check my pervious posts about log monitoring.

Solved: List log files for a metric - Dynatrace Community

Solved: Application Log monitoring - Dynatrace Community

As a first step is to set the log collection:

1. At cutom log source configuration you add it manually the test file log

and then

2. At log source configuration if DT recognized your text file log after ponit 1.

It will be also usefull from other members: Solved: Logs Classic - Log storage configuration vs Custom log source - Dynatrace Community

Maybe you can use them.

I hope it helps.

Best regards,

Mizső

Dynatrace Community RockStar 2024, Certified Dynatrace Professional

olegus · ‎14 Sep 2023

Thanks, Mizso,

That looks promising, a question regarding switching to Log Monitoring v2 - what will we lose when we switch to v2? We dont monitor any logs yet , but if we do, would we need to redo all log metrics ?

Mizső · ‎14 Sep 2023

Hi @olegus,

I think the answer yes. You will have to redo the log metrics. I was lucky because I switched to v2 quite early I did not have to much v1 configuration. You should do it as soon as possible because as you may read v1 support will end by 01.2024.

Regarding the v1 vs v2. No questions, v2 has much more possibilities than v1. I perfer it.

Best regards,

Mizső

Dynatrace Community RockStar 2024, Certified Dynatrace Professional

sundarv1 · ‎14 Apr 2024

Hi Mizso

log.source= "/opt/oracle" AND (content="ORA-"). This is log source. instead of searching for content, i want to search ORA- in the first line in the log only. How to do we do that?

Now alerts are generatiing if ORA- is there is any part of content, instead we want to alert generated if ORA- is present in first line.

sundarv1 · ‎16 Apr 2024

log.source= "/opt/oracle" AND (content="ORA-"). This is log source. instead of searching for content, i want to search ORA- in the first line in the log only. How to do that

Mizső · ‎16 Apr 2024

Hi @sundarv1,

I do not have solution for your request, maybe other community members have any idea...

Best regards,

Mizső

Dynatrace Community RockStar 2024, Certified Dynatrace Professional

sundarv1 · ‎18 Apr 2024

Hi Mizzo

og.source= "/opt/oracle" AND (content="ORA-"). This is log source. instead of searching for content, i want to search ORA- in the first line in the log only. How to do that

Mizső · ‎18 Apr 2024

Hi @sundarv1,

As I wrote I do not have solution for your request, maybe other community members have any idea...

Best regards,

Mizső

Dynatrace Community RockStar 2024, Certified Dynatrace Professional

sundarv1 · ‎10 Jul 2024

Hi Mizso

How do we map to Servicenow Group to the log monitoring so that incident directly assign to group for log events?

olegus · ‎14 Sep 2023

Not sure how this forum works, but the first post that was "accepted as a solution" (not by me btw) did not answer my questions - it just contains links to general DT docs, which I already read before asking those questions. I will re-read them and try solutions provided by Mizsco and report back.

Mizső · ‎14 Sep 2023

Hi @olegus,

You can accept my answer also. 😉

Thanks in advance.

Best regards,

Mizső

Dynatrace Community RockStar 2024, Certified Dynatrace Professional

olegus · ‎14 Sep 2023

Mizso,

1. So far I created Custom Log Source configuration and I also created Log Storage configuration for the same log file - now i see my log in Logs&Events.

2. I've added DQL rule to filter my log data to show only "exit code XXX" lines

3. Looks like I'm good to go to create a Log event.

sundarv1 · ‎14 May 2024

Hi

How do we display host IP Address in the Log Monitoring incidents. Currently we are getting Host name only

Thanks

Sundar.v