5. View Data

It is time to view the data in Dynatrace.

In Dynatrace:

Press ctrl + k search for notebooks
Add a new section for logs
Search for Log line

dynatrace notebook syslog

Scroll right on the log line. Notice that Dynatrace natively understands syslog and has automatically mapped the fields to their human readable names.

dynatrace syslog mapping

These fields can be used to filter, group or parse log data further.

For example, the following query shows all log lines containing the text Log line split by the priority, hostname and proc_id fields:

fetch logs
| filter contains(content, "Log line")
| summarize logCount = count(), by:{priority, hostname, proc_id}
| sort logCount desc

syslog split by fields

Congratulations#

You have succesfully ingested syslog data into Dynatrace.

This Observability lab is now complete.

Click here to cleanup your environment