16 Apr 2024 10:49 AM - edited 16 Apr 2024 02:41 PM
There can be many reasons why the logs are not visible in Dynatrace, below are the common reasons.
Log Monitoring is disabled on that host. Check "Settings -> Technology -> Log Monitoring" page on WebUI.
No ingest rule was created to get the log content. These are for the automatically detected logs. (https://docs.dynatrace.com/docs/observe-and-explore/logs/lma-log-ingestion-via-oa/lma-autodiscovery)... To see if the logs are detected my Dynatrace, the easier way to check the process group page and check the logs tab.
Multiple matchers of the same type (do not confuse with multiple values for the same matcher). Remember that you have "AND" operator between matchers, so usually you want max one occurrence of a single attribute type in the scope of a single rule.
Expecting partial match in a matcher (when actually full match is being done, so to have a partial match you need prefix and suffix wildcards).
A typo, including non-visible characters, or non-ANSI Unicode characters.
Improper rule order - typically you need more specific closer to the top as they are executed top to bottom and the first catch is decisive
Security rules are violated (https://docs.dynatrace.com/docs/shortlink/lma-custom-log-source#security-rules)
Log Agent does not have access to the file. It might especially happen when a file is on NFS drive on Linux. Then you need to ensure that a user account Log Agent is running on has access to the file (i.e. read privileges to the file, and read with execute to all the directories on the file path) and also enable NFS drive log detection, Settings > Log Monitoring > Advanced log settings
Improper format
supported encodings include UTF-8 and UTF-16
No new content after the file has been configured to be sent - Log Agent does not send historical data.
Auto-detection limits are here: https://docs.dynatrace.com/docs/observe-and-explore/logs/lma-log-ingestion-via-oa/lma-autodiscovery#...
Log Monitoring default limits are mentioned here (https://docs.dynatrace.com/docs/shortlink/log-monitoring-limits)
Hello @noel_david
Thank you for summarizing the troubleshooting points.
What could be the potential issue of no Auto-discovery of Kubernetes/OpenShift logs?
Regards,
Babar
Hi @Babar_Qayyum ,
In general,
Hello @noel_david
The log ingested rule is applied on the namespaces level, and also these are important processes.
Regards,
Babar
Hello @noel_david
I just wanted to update you that log monitoring was not enabled on the global level.
Regards,
Babar