Open Q&A
If there's no good subforum for your question - ask it here!
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

dynatrace_ingest for logs?

AntonioSousa
DynaMight Guru
DynaMight Guru

dynatrace_ingest can ingest metrics locally. But if we want to ingest logs locally, suggested way is with a curl command.
Is there a way to pipe output from a Linux/Windows command, through dynatrace_ingest, or something similar?

Antonio Sousa
10 REPLIES 10

AntonPineiro
DynaMight Guru
DynaMight Guru

Hi,

If you have OneAgent, you can ingest custom logs base on tomcus log course and ingestion rules.

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl

@AntonPineiro ,

The idea is to not have log files in the first place, so I don't have to write to disk. Something like:

  • ./my_program -v | dynatrace_ingest
Antonio Sousa

Hi,

I understand your point now. I am not aware that is possible.

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl

JustSchwendi
Dynatrace Enthusiast
Dynatrace Enthusiast

You mean ingest logs from local to SaaS cluster?
For this use case, you would use the log ingest API and curl, or powershell.
You first need to create an API log.ingest token and then run somthing like 

tail -f /var/log/syslog | while read line; do
curl -X POST "http://<tenantFQDN>/v2/logs/ingest" \
-H "Content-Type: application/json" \
-H "Authorization: Api-Token <your-token>" \
-d "{\"content\": \"$line\"}"
done



In this blog, OTel was used to ingest logs extracted from a local json file on a raspberry pi:
Leverage edge IoT data with OpenTelemetry and Dynatrace
Details are explained in Step 5.

Hope this helps 🙂

@JustSchwendi ,

As said below, the idea is to not have log files at all. nd also not having tokens and other configurations. If you ingest locally, you don't need it: https://docs.dynatrace.com/docs/ingest-from/extend-dynatrace/extend-logs/oneagent-log-ingest-api

My idea was just using something like dynatrace_ingest (link) to ingest locally without any other configuration. But it doesn't seem to exist, so creating a Product Idea: https://community.dynatrace.com/t5/Ideas/dynatrace-ingest-for-logs/idi-p/302055 

BTW, loved the blog post; hadn't seen it before.

Antonio Sousa

dylan_taelemans
Advisor

 

@AntonioSousa 
I believe this can be done without a token or additional configuration by using the OneAgent localhost API:

https://docs.dynatrace.com/docs/shortlink/oneagent-log-ingest-api

So it would be similar to the solution proposed by @JustSchwendi , but using the localhost endpoint instead. This removes the need for:

-H "Authorization: Api-Token <your-token>"

It is not as straightforward to use as dynatrace_ingest, but it could be a valid alternative depending on the use case and requirements.

The idea would be to pipe the output of your commands to curl, which then forwards the data to the local OneAgent endpoint.

Example using ls just to keep it simple:

ls | jq -Rs '{content: .}' | curl \
-H "Content-Type: application/json" \
-X POST \
-d @- \
http://localhost:14499/v2/logs/ingest

Note: the jq -Rs '{content: .}' part is only used to convert the output lines into the required JSON format.

If your script (./my_program) could already output the data in the expected JSON format, for example:

{"content": "YOUR_CONTENT"}

then jq would no longer be needed.

@dylan_taelemans ,
Yes, I know I can do it with curl, as I posted initially in the thread.
The question is if dynatrace_ingest could do it.

BTW, the reservation against curl is a security one: they don't want it to be used...

Antonio Sousa

Afaik dynatrace_ingest does it by HTTP POST anyway. 

Dynatrace Ambassador | Alanata a.s., Slovakia, Dynatrace Master Partner

Okay, I focused on your reply to @JustSchwendi.


==> As said below, the idea is to not have log files at all. nd also not having tokens and other configurations.

Therefore, I proposed a solution that does not require log files, tokens, or any additional configuration.

I don't think there is another way to achieve this, so the Product Idea is indeed the only remaining option.

Regarding the concern about curl being a security issue: I believe the script behind the dynatrace_ingest tool uses curl as well, or at least something with the same functionality. However, this should probably be validated/confirmed to be sure.

 

There are many options how to do a HTTP POST locally on http port. You can use printf + netcat or even bash redirection (if enabled). 

Curious what security issue does curl pose?

Dynatrace Ambassador | Alanata a.s., Slovakia, Dynatrace Master Partner

Featured Posts