This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Article

Why my logs are not visible in Dynatrace?

noel_david
Dynatrace Guide
Dynatrace Guide

‎16 Apr 2024 10:49 AM - edited ‎10 Dec 2024 01:38 PM

  

There can be many reasons why the logs are not visible in Dynatrace; the common reasons are below.

  • Check if the One agent running in the host is the supported version/latest version.

(https://docs.dynatrace.com/docs/shortlink/release-notes)

  • Check if the Log agent is running in the host; you can check by going to the host page -> Process analysis section- Filter by technology Dynatrace and see if the Log agent is running.

noel_david_0-1733837481920.png

                    

  • Check if Log Monitoring is enabled in your Dynatrace environment globally (Dynatrace web UI), or check if Log Monitoring is enabled on a host level (OneAgent CLI). To check if Dynatrace Log Monitoring is enabled globally: 
    1. Go to "Settings > Monitoring > Monitored technologies".
    2. Find "Log Monitoring" in the list of supported technologies, and select "Edit" (pencil icon).
    3. Check if "Monitor Log Monitoring" on every host option is enabled.

 

  • Log Monitoring is disabled on that host. Check "Settings -> Technology -> Log Monitoring" page on WebUI.

 

 

  • Improper ingest rules (https://docs.dynatrace.com/docs/observe-and-explore/logs/lma-log-ingestion-via-oa, follow also hints visible on configuration pages on WebUI), especially:  
    • No ingest rule was created to get the log content. These are for the automatically detected logs. (https://docs.dynatrace.com/docs/observe-and-explore/logs/lma-log-ingestion-via-oa/lma-autodiscovery)... To see if the logs are detected my Dynatrace, the easier way to check the process group page and check the logs tab.
    • If the logs are not detected then a custom rule is needed (https://docs.dynatrace.com/docs/shortlink/lma-custom-log-source). For a custom rule to work properly and a log ingestion rule is also needed.  (There is now a built-in log ingest rule that you can enable that will ingest all logs from custom log sources. Just enable that rule and you don't have to worry about making multiple rules.)
    • Multiple matchers of the same type (do not confuse with multiple values for the same matcher). Remember that you have "AND" operator between matchers, so usually you want max one occurrence of a single attribute type in the scope of a single rule.
    • Expecting partial match in a matcher (when actually full match is being done, so to have a partial match you need prefix and suffix wildcards).
    • Expecting case insensitive matching (when it is case sensitive, except log source names on Windows).
    • A typo, including non-visible characters, or non-ANSI Unicode characters.
    • Improper rule order - typically you need more specific closer to the top as they are executed top to bottom and the first catch is decisive
    • Improper scope - keep in mind that rules on more specific levels are evaluated earlier (so they are more important) - host before host group, and host group before tenant (https://docs.dynatrace.com/docs/shortlink/lma-log-ingest-rules#configuration-scopes)

 

Sample log

[2024-11-28 10:11:29.463 UTC] [/rework/logprocessing/filelogsource.cpp] [info] LGI: / /logs/appl/conc/out/*.txt doesn't meet security rules. (This message was ignored 14 times

 

  • Log Agent does not have access to the file. It might especially happen when a file is on NFS drive on Linux. Then you need to ensure that a user account Log Agent is running on has access to the file (i.e. read privileges to the file, and read with execute to all the directories on the file path) and also enable NFS drive log detection, Settings > Log Monitoring > Advanced log settings

 

  • The file and the folder where the logs reside, dtuser account must have access to it, if not logs wont be ingested.
    Sample log
[2024-11-28 01:00:23.630 UTC] [/rework/logprocessing/filelogsource.cpp] [debug] For /opt/logs/tomcat-stdOut.log no file has been found or files are not accessible

 

  • Improper format
    1. supported encodings include UTF-8 and UTF-16

 

  • No new content after the file has been configured to be sent - Log Agent does not send historical data.

 

 

 

 

 

Version history
Last update:
‎10 Dec 2024 01:38 PM
Updated by:
Dynatrace Guide
Comments
Babar_Qayyum
DynaMight Guru
DynaMight Guru
‎16 Apr 2024 11:04 AM

Hello @noel_david 

Thank you for summarizing the troubleshooting points.

What could be the potential issue of no Auto-discovery of Kubernetes/OpenShift logs?

Regards,

Babar

0 Kudos
noel_david
Dynatrace Guide
Dynatrace Guide
‎16 Apr 2024 11:13 AM

Hi @Babar_Qayyum ,

In general, 

 

Babar_Qayyum
DynaMight Guru
DynaMight Guru
‎16 Apr 2024 12:28 PM

Hello @noel_david 

The log ingested rule is applied on the namespaces level, and also these are important processes.

Regards,

Babar

noel_david
Dynatrace Guide
Dynatrace Guide
‎16 Apr 2024 02:03 PM

Hi @Babar_Qayyum ,

Please create a ticket, with all details. 

0 Kudos
Babar_Qayyum
DynaMight Guru
DynaMight Guru
‎17 Apr 2024 10:52 AM

Hello @noel_david 

I just wanted to update you that log monitoring was not enabled on the global level.

Regards,

Babar

erh_inetum
Pro
‎25 Sep 2024 02:28 PM

Hi @noel_david ,

Thanks a lot for your great post.

I think we can add another use case in "Improper ingest rules" point:

In this case the log will not visible in Dynatrace either.

Thanks,

Elena.

noel_david
Dynatrace Guide
Dynatrace Guide
‎26 Sep 2024 07:22 AM

Hi @erh_inetum , Thank you . 
Can you please share an example here, if possible,

0 Kudos
erh_inetum
Pro
‎27 Sep 2024 11:57 AM

Hi @noel_david ,

Here an example: for this kind of rules

erh_inetum_0-1727433817283.png

we have seen that if the process group doesn´t have deployed services 

erh_inetum_1-1727434310565.png

the log isn´t captured. But it is in case the process group has deployed services.

Please, let me know in case my explanation is not clear and it try to explain it better again.

Thanks you so much.

Regards,

Elena.

0 Kudos
noel_david
Dynatrace Guide
Dynatrace Guide
‎02 Oct 2024 02:13 PM

Hi @erh_inetum ,

I tried to reproduce the issue but was unsuccessful; if you can share a sample, it will be unique. Can you share me if you have one? A support ticket will be perfect.

0 Kudos
erh_inetum
Pro
‎02 Oct 2024 05:10 PM

Hi @noel_david ,

The screenshots that I put in my comment below are the issue we had and how to reproduce it.

We haven't opened a ticket because we configures the rule for an specific host and we got the log.

Let me know if this information os enough.

Thanks so much.

Regards,

Elena

 

 

0 Kudos
StrangerThing
Organizer
‎02 Oct 2024 06:43 PM

For this point:  

There is now a built-in log ingest rule that you can enable that will ingest all logs from custom log sources. Just enable that rule and you don't have to worry about making multiple rules.

noel_david
Dynatrace Guide
Dynatrace Guide
‎03 Oct 2024 06:51 AM

Hi @StrangerThing , Thank you.

 

@erh_inetum , Thank i'll have a  look