16 Apr 2024 10:49 AM - edited 03 Oct 2024 06:50 AM
There can be many reasons why the logs are not visible in Dynatrace, below are the common reasons.
Check if Log Monitoring is enabled in your Dynatrace environment globally (Dynatrace web UI), or check if Log Monitoring is enabled on a host level (OneAgent CLI). To check if Dynatrace Log Monitoring is enabled globally:
Log Monitoring is disabled on that host. Check "Settings -> Technology -> Log Monitoring" page on WebUI.
No ingest rule was created to get the log content. These are for the automatically detected logs. (https://docs.dynatrace.com/docs/observe-and-explore/logs/lma-log-ingestion-via-oa/lma-autodiscovery)... To see if the logs are detected my Dynatrace, the easier way to check the process group page and check the logs tab.
Multiple matchers of the same type (do not confuse with multiple values for the same matcher). Remember that you have "AND" operator between matchers, so usually you want max one occurrence of a single attribute type in the scope of a single rule.
Expecting partial match in a matcher (when actually full match is being done, so to have a partial match you need prefix and suffix wildcards).
A typo, including non-visible characters, or non-ANSI Unicode characters.
Improper rule order - typically you need more specific closer to the top as they are executed top to bottom and the first catch is decisive
Security rules are violated (https://docs.dynatrace.com/docs/shortlink/lma-custom-log-source#security-rules)
Log Agent does not have access to the file. It might especially happen when a file is on NFS drive on Linux. Then you need to ensure that a user account Log Agent is running on has access to the file (i.e. read privileges to the file, and read with execute to all the directories on the file path) and also enable NFS drive log detection, Settings > Log Monitoring > Advanced log settings
Improper format
supported encodings include UTF-8 and UTF-16
No new content after the file has been configured to be sent - Log Agent does not send historical data.
Auto-detection limits are here: https://docs.dynatrace.com/docs/observe-and-explore/logs/lma-log-ingestion-via-oa/lma-autodiscovery#...
Log Monitoring default limits are mentioned here (https://docs.dynatrace.com/docs/shortlink/log-monitoring-limits)
Hello @noel_david
Thank you for summarizing the troubleshooting points.
What could be the potential issue of no Auto-discovery of Kubernetes/OpenShift logs?
Regards,
Babar
Hi @Babar_Qayyum ,
In general,
Hello @noel_david
The log ingested rule is applied on the namespaces level, and also these are important processes.
Regards,
Babar
Hello @noel_david
I just wanted to update you that log monitoring was not enabled on the global level.
Regards,
Babar
Hi @noel_david ,
Thanks a lot for your great post.
I think we can add another use case in "Improper ingest rules" point:
In this case the log will not visible in Dynatrace either.
Thanks,
Elena.
Hi @erh_inetum , Thank you .
Can you please share an example here, if possible,
Hi @noel_david ,
Here an example: for this kind of rules
we have seen that if the process group doesn´t have deployed services
the log isn´t captured. But it is in case the process group has deployed services.
Please, let me know in case my explanation is not clear and it try to explain it better again.
Thanks you so much.
Regards,
Elena.
Hi @erh_inetum ,
I tried to reproduce the issue but was unsuccessful; if you can share a sample, it will be unique. Can you share me if you have one? A support ticket will be perfect.
Hi @noel_david ,
The screenshots that I put in my comment below are the issue we had and how to reproduce it.
We haven't opened a ticket because we configures the rule for an specific host and we got the log.
Let me know if this information os enough.
Thanks so much.
Regards,
Elena
For this point:
There is now a built-in log ingest rule that you can enable that will ingest all logs from custom log sources. Just enable that rule and you don't have to worry about making multiple rules.