Hi Team,

• Extending the list of fields used for setting the timestamp
• Extracting Timestamp and Severity from OTLP Logs

Details

1. Extending the List of Fields Used for Setting the Timestamp

The JSON Log Ingestion API (/logs/ingest endpoint) will be updated with ActiveGate version 332.

Currently, the list of fields treated as a timestamp includes the following keys:
timestamp, @timestamp, _timestamp, eventtime, date, published_date, and syslog.timestamp.

With the upcoming update, this list will be extended to include the following keys:
time, epochSecond, startTime, datetime, ts, @t, and timeMillis.

2. Extracting Timestamp and Severity from OTLP Logs

The OTLP Log Ingestion API (/otlp/v1/logs endpoint) will also be updated with ActiveGate version 332.

• Severity Extraction:
  Currently, log severity is determined based on the OTLP message severity or severityText fields, or one of the following Body attributes (if the Body is a map):
  log.level, status, severity, level, and syslog.severity.

  With the upcoming change, Dynatrace will additionally attempt to extract severity from the OTLP Log Record attributes using the same keys.

• Timestamp Extraction:
  Currently, the log time is determined based on the OTLP message timestamp field or one of the following Body attributes (if the Body is a map):
  timestamp, @timestamp, _timestamp, eventtime, date, published_date, and syslog.timestamp.

  With the update, this list of attributes will be extended to include:
  time, epochSecond, startTime, datetime, ts, @t, and timeMillis.

  Additionally, Dynatrace will attempt to extract the time from the OTLP Log Record attributes in the same way as from the Body.