Dynatrace: Search Logs
AvailabilityThis workflow action is available on Business and Enterprise for Incident Management pricing plans. Contact the Sales Team to upgrade to an account with this action.
Description
The action runs a log query using Dynatrace Grail (fetch logs / DQL) and returns up to Max Records rows (allowed range 1–1000; default 100). Use it to pull logs while you investigate or automate around an incident.
If Query is a full DQL statement starting with fetch (for example fetch logs | filter … | limit 50), PagerDuty sends it as-is to Dynatrace and Start Time and End Time are ignored. Otherwise, PagerDuty wraps your Query as a filter inside a fetch logs pipeline using the selected time range.
Long-running queries may return 202 from Dynatrace; the action polls until the query succeeds, fails, or times out.
Prerequisites
- A Dynatrace environment with Grail log query APIs enabled and reachable from PagerDuty over HTTPS (Environment URL as in your Workflow Integration).
- A Dynatrace Workflow Integration connection in PagerDuty with valid OAuth2 Client ID and OAuth2 Client Secret (and optional OAuth2 Account UUID) as described on Workflow Integrations under Dynatrace, including OAuth2 client permissions and Dynatrace environment API token permissions when published.
- OAuth client or API token scopes that allow Grail log read and related access as described in the Workflow Integrations article (at minimum
storage:logs:readandstorage:buckets:readfor typical log-only queries).
Instructions
- If you have not done so, follow the instructions to Create an Incident Workflow.
- When the instructions prompt you to add actions, select this action.
- Enter the following Inputs and click Save.
- Continue following instructions to Publish the Workflow.
- When the action runs, you will see the Outputs listed below.
Inputs
Field ReferencesFields with the {+} icon accept Field References, which can be useful for referencing incident data or outputs created in prior workflow steps. To add Field References, click {+}, or enter
{{, and select relevant fields. Refer to the Field References article for more information.
| Name | Description |
|---|---|
| Connection Input | The Dynatrace Workflow Integration connection (Environment URL and OAuth credentials configured in PagerDuty). If you have not yet configured a Dynatrace integration, please see the Dynatrace Integration section for instructions. |
| Query | A DQL filter expression (for example loglevel == "ERROR") or a full DQL query starting with fetch (for example a pipeline that selects logs, applies a filter, and uses limit). When Query starts with fetch, Start Time and End Time are ignored. Simple field="value" style filters are normalized to DQL equality where applicable. |
| Start Time | Start of the time window for the search when Query is not a full fetch statement. Preset relative values (for example 5m (Past 5 Minutes)) or equivalent. Default: 5m (Past 5 Minutes). |
| End Time | End of the time window when Query is not a full fetch statement. Now or preset relative values. Default: Now. |
| Max Records | Maximum log records to return. Allowed range: 1–1000. Default: 100. |
| Sort Order | +timestamp (Oldest First) or -timestamp (Newest First). Default: -timestamp (Newest First). |
Query and Time Range
When you rely on Start Time and End Time, PagerDuty builds a
fetch logsquery withfromandtoISO timestamps. For full control (for example custom fetch pipelines or explicit time in DQL), supply a Query that starts with fetch.
Outputs
| Name | Description |
|---|---|
| Logs | JSON array of log records returned by Dynatrace for this execution. |
| Log Count | Number of log records in Logs for this response. |
| Query Used | The DQL string sent to Dynatrace after processing. |
| Time Range Start | Start timestamp used for the search (may reflect defaults when a full fetch query ignores the time pickers). |
| Time Range End | End timestamp used for the search. |
| Slice Size | Number of records in this result slice (same as Log Count for this action). |
| Result | Value that shows if the action was successful or not. Either "Success" or "Failed." |
| Result Summary | Brief description of what the action did or if it failed. Example: "Successfully retrieved 42 logs." |
| Error | Brief description that is populated if the action failed. Example: "Failed to retrieve logs: Datasource not found." |
Updated about 2 hours ago