cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Logstash Json logfiles vs Dynatrace

henk_stobbe
DynaMight Leader
DynaMight Leader

Hi,

 

When you implement logstash, Dynatrace is unable to read the replaced logfile, the new format is son,

 

Is it the one or the other?

 

KR Henk

 

6 REPLIES 6

skrystosik
DynaMight Guru
DynaMight Guru

I don’t understand your case. You are monitoring logstash and you want read logs that are created by this technology or you want to export some data to logstash?

Sebastian


Regards, Sebastian

henk_stobbe
DynaMight Leader
DynaMight Leader

Hi Sebastian,

my mistake: customer lets tomcat log in json format, I think to make live easy for logtash. So my question should have been, is dynatrace capable of reading json logs. And I think the answer will be no, or not yet?


KR Henk




skrystosik
DynaMight Guru
DynaMight Guru

Hello,

according to documentation:

https://www.dynatrace.com/support/help/how-to-use-dynatrace/log-analytics/basic-concepts/what-log-fo...

JSON Formats are supported as well.

Sebastian

 

Regards, Sebastian

dave_mauney
Dynatrace Champion
Dynatrace Champion

Henk,

Check out the timestamp requirements on this page and make sure those are met:

https://www.dynatrace.com/support/help/how-to-use-dynatrace/log-analytics/basic-concepts/what-log-fo...

HTH,

dave


henk_stobbe
DynaMight Leader
DynaMight Leader

Hi,

The json log contains a timestamp, is not marked as having an invalide date format but still,

Your search didn't return any log matches for the selected time frame


So could the conclusion be that the format is fine, but Dynatrace can not handle the invalide content of the date field?


See a example log line:

{"clientip":"xx.xx.xx.xxx","timestamp":"[17/Jun/2019:00:00:00 +0200]","request":"GET /xxxxxxx/api/internal/v1/xxxxxxxxxxxxxx=xxxxxxxx=xxxxxxxxxxxxx=true HTTP/1.1","urlpath":"/xxxxxx/api/internal/v1/xxxxxxxx","urlquery":"?xxxxxxxxx=xxxxxxx&xxxxxxxxxxx=XXXXXX&xxxxxxx=true","protocol":"HTTP/1.1","method":"GET","port":8080,"status":200,"bytes":12,"duration":57,"xxxxxxxxx:"xxxxxxxxxxxxxxxxx","xforwardedFor":"xx.xx.xx.xx"}





In link that I've provided is info that in JSON there is only one timestamp format that can be used (at least for now). Your is different so yes, log is ok but without proper detection of date you cannot search it.

Sebastian


Regards, Sebastian

Featured Posts