Versions Compared

Version Old Version 1 New Version 2
Changes made by

Borja Moro Moreno

Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Rw ui tabs macro
Rw tab
titleJSON (Cloud Collector)
Info

Replace the following placeholders:

  • <short_unique_input_id>: An identifier that should not exceed a length of 10-15 characters, i.e.: 123456abcdef.

  • <environment_value>: Name of the environment from which the data is retrieved, i.e.: prod, stage, dev, etc.

  • <token_value>: Obtained from the vendor.

  • <your_environment_id>: Obtained from the vendor.

  • <start_time_value>: The starting timestamp in ISO8601 format since the collector is going to start retrieving messages.

Code Block
{
  "global_overrides": {
    "debug": false
  },
  "inputs": {
    "dynatrace": {
      "id": "<short_unique_input_id>",
      "enabled": true,
      "credentials": {
        "token": "<token_value>"
      },
      "environment": "<environment_value>",
      "services": {
        "audit_logs": {
          "your_environment_id": "<your_environment_id_value>",
          "start_time": "<start_time_value>",
          "request_period_in_seconds": 60
        }
      }
    }
  },
  "behavior": {
    "custom": {
      "collector_globals": {
      },
      "inputs": {
        "dynatrace": {
          "authenticator": {
            "type": "header_token",
            "token_type": "Api-Token",
            "token_field": "Authorization"
          },
          "services": {
            "audit_logs": {
              "requester": {
                "url": "https://{your_environment_id}.live.dynatrace.com/api/v2/auditlogs",
                "headers": {
                  "Content-Type": "application/json"
                }
              },
              "paginator": {
                "type": "cursor",
                "config": {
                  "request_page_size_field": "pageSize",
                  "request_page_size": 1000,
                  "request_location": "params",
                  "response_location": "body",
                  "request_page_field": "nextPageKey",
                  "response_page_field": "nextPageKey"
                }
              },
              "retriever": {
                "type": "time_based",
                "config": {
                  "request_from_field": "from",
                  "request_to_field": "to",
                  "request_sort_field": "sort",
                  "request_sort_value": "timestamp",
                  "response_timestamp_field": "timestamp",
                  "response_unique_id_field": "logId",
                  "response_sort_order": "descending",
                  "response_max_data_size": 10000000,
                  "time_window_interval_in_seconds": 3600,
                  "timestamp_format": "millis",
                  "result_path": "$.auditLogs.[*]"
                }
              },
              "processor": {
                "type": "time_based",
                "config": {
                  "response_timestamp_field": "timestamp",
                  "response_sort_order": "descending",
                  "response_unique_id_field": "logId",
                  "tag": "monitor.dynatrace.api.audit_log"
                }
              }
            }
          }
        }
      }
    }
  }
}
Rw tab
titleYAML & DOCKER IMAGE (On-premise)
Info

Replace the following placeholders:

  • <collector_unique_id>: Collector unique id, i.e: collector-abcdefg-12345

  • <collector_unique_name>: Collector name, i.e.: dynatrace-collector-1

  • <devo_domain_relay_endpoint>: Devo platform endpoint, i.e.: collector-eu.devo.io

  • <devo_domain_crt>: The name of the certificate file, i.e.: domain1.crt

  • <devo_domain_key>: The name of the key file, i.e.: domain1.key

  • <short_unique_input_id>: An identifier that should not exceed a length of 10-15 characters, i.e.: 123456abcdef

  • <environment_value>: Name of the environment that the data is retrieved, i.e.: prod, stage, dev, etc.

  • <token_value>: Obtained from the vendor

  • <your_environment_id>: Obtained from the vendor

  • <start_time_value>: The starting timestamp in ISO8601 format since the collector is going to start retrieving messages

Code Block
globals:
  debug: false
  id: <collector_unique_id>
  name: <collector_unique_name>
  persistence:
    type: filesystem
    config:
      directory_name: state
#    type: redis
#    config:
#      host: host
#      port: port
#      password: password
#      db: db

outputs:
  devo_1:
    type: devo_platform
    config:
      address: <devo_domain_relay_endpoint>
      port: 443
      type: SSL
      chain: chain.crt
      cert: <devo_domain_crt>
      key: <devo_domain_key>
#  devo_2:
#    type: devo_platform
#    config:
#      address: collector-eu.devo.io
#      port: 443
#      type: SSL
#      chain: chain.crt
#      cert: <devo_domain>.crt
#      key: <devo_domain>.key
#  relay_1:
#    type: syslog
#    config:
#      address: 127.0.0.1
#      port: 13000
#  console_1:
#    type: console
#    config:
#      destination: standard
#  console_2:
#    type: console
#    config:
#      destination: null

inputs:
  dynatrace:
    id: <short_unique_input_id>
    enabled: true
    credentials:
      token: <token_value>
    environment: <environment_value>
    services:
      audit_logs:
        your_environment_id: <your_environment_id_value>
        start_time: <start_time_value>    # ISO 8601 format. i.e.: 2024-09-11T12:00:00Z
        request_period_in_seconds: 60

##########  DON'T MODIFY ANYTHING BELOW THIS LINE  ##########
behavior:
  custom:
    collector_globals:

    inputs:
      dynatrace:
        authenticator:
          type: "header_token"
          token_type: "Api-Token"
          token_field: "Authorization"
        services:
          audit_logs:

            requester:
              url: "https://{your_environment_id}.live.dynatrace.com/api/v2/auditlogs"
              headers:
                Content-Type: "application/json"
            paginator:
              type: "cursor"
              config:
                request_page_size_field: "pageSize"
                request_page_size: 1000
                request_location: "params"
                response_location: "body"
                request_page_field: "nextPageKey"
                response_page_field: "nextPageKey"
            retriever:
              type: "time_based"
              config:
                request_from_field: "from"
                request_to_field: "to"
                request_sort_field: "sort"
                request_sort_value: "timestamp"
                response_timestamp_field: "timestamp"
                response_unique_id_field: "logId"
                response_sort_order: "descending"
                response_max_data_size: 10000000
                time_window_interval_in_seconds: 3600
                timestamp_format: "millis"
                result_path: "$.auditLogs.[*]"
            processor:
              type: "time_based"
              config:
                response_timestamp_field: "timestamp"
                response_sort_order: "descending"
                response_unique_id_field: "logId"
                tag: "monitor.dynatrace.api.audit_log"
          #      tag_jsonpath: "$.tag_field"
          #      deduplication: true
          #      flattening: true
          #      flatten_field: "results"

Collector Docker image

SHA-256 hash