Dt Obs Logs
Query and analyze Dynatrace application and infrastructure logs with DQL when you are triaging production issues or tracking error rates.
Overview
dt-obs-logs is an agent skill for the Operate phase that queries, filters, and analyzes Dynatrace logs with DQL for troubleshooting and monitoring.
Install
npx skills add https://github.com/dynatrace/dynatrace-for-ai --skill dt-obs-logsWhat is this skill?
- DQL queries for severity, entity, process group, and time-window filters
- Pattern matching and JSON log parsing for targeted message search
- Error-rate and entry-count statistics plus trend views over time
- Grouping and aggregation by dimensions for top error messages
- Smartscape topology join guidance when host or cloud attributes must mix with logs
Adoption & trust: 708 installs on skills.sh; 87 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You know something failed in production but scrolling raw log UIs or guessing DQL filters wastes minutes while error rates climb.
Who is it for?
Solo builders or tiny teams on Dynatrace who need repeatable log triage during incidents or weekly health checks.
Skip if: Explaining Dynatrace product docs, teaching DQL theory only, or distributed tracing and span analysis (use dt-obs-tracing).
When should I use this skill?
User asks to show error logs, search logs for keywords, compute log error rates, find recent errors, analyze log patterns, parse JSON logs, filter by process group, or trend log entry counts—excluding tracing and pure do
What do I get? / Deliverables
You get targeted log slices, error-rate stats, and pattern summaries you can act on—or a clear pointer to dt-obs-tracing when the question is spans, not log lines.
- Executable DQL log queries with filters and time bounds
- Error-rate or aggregation summaries aligned to the user’s triage question
Recommended Skills
Journey fit
Log search, error-rate math, and pattern trends are canonical production observability work after you have shipped. Monitoring is the right shelf because the skill centers on live log streams, filters, and aggregates—not greenfield build or launch SEO.
How it compares
Use for log-centric DQL workflows, not as a substitute for full APM trace investigation skills in the same Dynatrace pack.
Common Questions / FAQ
Who is dt-obs-logs for?
Builders and operators who already ingest logs into Dynatrace and want an agent to turn natural-language triage requests into DQL-backed log queries and aggregates.
When should I use dt-obs-logs?
During Operate monitoring when you need error logs, keyword search, hourly windows, error rates, log patterns, or JSON parsing—and not when the question is traces or spans.
Is dt-obs-logs safe to install?
Review the Security Audits panel on this Prism page and your Dynatrace token scopes before granting network or API access from an agent environment.
SKILL.md
READMESKILL.md - Dt Obs Logs
# Log Analysis Skill Query, filter, and analyze Dynatrace log data using DQL for troubleshooting and monitoring. ## What This Skill Covers - Fetching and filtering logs by severity, content, and entity - Searching log messages using pattern matching - Calculating error rates and statistics - Analyzing log patterns and trends - Grouping and aggregating log data by dimensions > **Cross-source join required:** If the query must combine logs with host attributes > (OS type, hostname, IP address, cloud provider) → also read > `dt-dql-essentials/references/smartscape-topology-navigation.md` before writing the query. --- ## Use Cases Use this skill when users want to: - Find specific log entries (e.g., "show me error logs from the last hour") - Filter logs by severity, process group, or content - Search logs for specific keywords or phrases - Calculate error rates or log statistics - Identify common error messages or patterns - Analyze log trends over time - Troubleshoot issues using log data ## Key Concepts ### Log Data Model - **timestamp**: When the log entry was created - **content**: The log message text - **status**: Log level (ERROR, FATAL, WARN, INFO, etc.) - **dt.process_group.id**: Associated process group entity - **dt.process_group.detected_name**: Resolves process group IDs to human-readable names ### Query Patterns - **fetch logs**: Primary command for log data access - **Time ranges**: Use `from:now() - <duration>` for time windows - **Filtering**: Apply severity, content, and entity filters - **Aggregation**: Group and summarize log data - **Pattern Detection**: Use `matchesPhrase()` and `contains()` for content search ### Common Operations - Severity filtering (single or multiple levels) - Content search (simple and full-text) - Entity-based filtering (process groups) - Time-series analysis (bucketing, sorting) - Error rate calculation - Pattern analysis (exceptions, timeouts, etc.) ## Core Workflows ### 1. Log Searching Find specific log entries by time, severity, and content. **Typical steps**: 1. Define time range 2. Filter by severity (optional) 3. Search content for keywords 4. Select relevant fields 5. Sort and limit results **Example**: ```dql fetch logs, from:now() - 1h | filter status == "ERROR" | fields timestamp, content, process_group = dt.process_group.detected_name | sort timestamp desc | limit 100 ``` ### 2. Log Filtering Narrow down logs using multiple criteria (severity, entity, content). **Typical steps**: 1. Fetch logs with time range 2. Apply severity filters 3. Filter by entity (process_group) 4. Apply content filters 5. Format and sort output **Example**: ```dql fetch logs, from:now() - 2h | filter in(status, {"ERROR", "FATAL", "WARN"}) | summarize count(), by: {dt.process_group.id, dt.process_group.detected_name} | fieldsAdd process_group = dt.process_group.detected_name | sort `count()` desc ``` ### 3. Pattern Analysis Identify patterns, trends, and anomalies in log data. **Typical steps**: 1. Fetch logs with time range 2. Add pattern detection fields 3. Aggregate by entity or time 4. Calculate statistics and ratios 5. Sort by frequency or rate **Example**: ```dql fetch logs, from:now() - 2h | filter status == "ERROR" | fieldsAdd has_exception = if(matchesPhrase(content, "exception"), true, else: false), has_timeout