Log streaming: Dynatrace

  Last updated 2025-02-28

Fastly's Real-Time Log Streaming feature can send log files to Dynatrace. Dynatrace delivers end-to-end observability with artificial intelligence for IT operations (AIOps) and application security in one unified platform.

NOTE

Fastly does not provide direct support for third-party services. Read Fastly's Terms of Service for more information.

Prerequisites

Before adding Dynatrace as a logging endpoint for Fastly services, you will need to have both a Dynatrace account and API access token.

Dynatrace Account. If you don't have an account, you can sign up for one on the Dynatrace website.

Dynatrace API access token. Follow these instructions to create one:

  1. In the Dynatrace interface, go to Access Tokens.
  2. Select Generate new token.
  3. Enter a name for your token. Dynatrace doesn't enforce unique token names. You can create multiple tokens with the same name. Be sure to provide a meaningful name for each token you generate. Proper naming helps you to efficiently manage your tokens and delete them when they're no longer needed.
  4. Select the scope of logs.ingest.
  5. Choose Generate access token.
  6. Copy the generated token to the clipboard and store the token in a password manager for future use.

Adding Dynatrace as a logging endpoint

NOTE

This logging endpoint is only available for Fastly's Deliver (VCL-based) services, not Compute services.

Follow these instructions to add Dynatrace as a logging endpoint:

  1. Deliver services
  1. Review the information in our guide to setting up remote log streaming.
  2. In the HTTPS area, click Create endpoint button.
  3. Fill out the Create an HTTPS endpoint fields as follows:
    • In the Name field, enter a human-readable name for the endpoint.
    • In the Placement area, select where the logging call should be placed in the generated VCL. Valid values are Format Version Default, waf_debug (waf_debug_log), and None. Read our guide on changing log placement for more information.
    • In the Log format field, replace the placeholder log format and make the appropriate changes as shown in our log format and recommendations section below.
    • In the URL field, enter https://<dynatrace-instance-id>.live.dynatrace.com/api/v2/logs/ingest, replacing <dynatrace-instance-id> with the name of your Dynatrace instance. Refer to the Dynatrace documentation for additional information.
    • In the Maximum logs field, leave as 0 (the default).
    • In the Maximum bytes field, enter 0.
  4. Click the Advanced options link of the Create an HTTPS endpoint page. The Advanced options appear.
  5. Fill out the Advanced options of the Create an HTTPS endpoint page as follows:
    • In the Content type field, enter application/json.
    • In the Custom header name field, enter Authorization.
    • In the Custom header value field, enter Api-Token <Dynatrace API Access token>, substituting the values for your Dynatrace token. Refer to the Dynatrace documentation for additional information.
    • From the Method controls, select POST.
    • From the JSON log entry format controls, select Array of JSON as the appropriate log entry format to use.
    • In the Select a log line format area, select Blank as the log line format for your log messages. Our guide on changing log line formats provides more information.
    • Leave the Placement controls set to the default.
    • In the TLS hostname field, optionally enter a hostname to verify the logging destination server's certificate. This should be one of the Subject Alternative Name (SAN) fields for the certificate. Common Names (CN) are not supported.
    • Leave TLS CA certificate, TLS client certificate, and TLS client key fields empty.
  6. Click Create to create the new logging endpoint.
  7. Click Activate to deploy your configuration changes.

Log format recommendations

Data sent to Dynatrace must be formatted as valid JSON that conforms to Dynatrace's expectations. Here's an example format string for sending data to Dynatrace. The fields used here are in accordance with the Dynatrace Semantic Dictionary.

The Fastly docs for format strings provide more information.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
{
  "log.source":"fastly",
  "loglevel":"INFO",
  "status":"INFO",
  "event.type":"LOG",
  "dt.ingest.format":"dtapi/json",
  "timestamp":"%{begin:%s000}t",
  "fastly.service.id":"%{req.service_id}V",
  "fastly.service.version":"%{req.vcl.version}V",
  "fastly.service.products":"%{if(req.http.x-sigsci-agentresponse, "vcl waf", "vcl")}V",
  "fastly.server":"%{server.identity}V",
  "fastly.datacenter":"%{server.datacenter}V",
  "fastly.region":"%{server.region}V",
  "fastly.billing_region":"%{server.billing_region}V",
  "fastly.cache_status":"%{regsub(fastly_info.state, "^(HIT-(SYNTH)|(HITPASS|HIT|MISS|PASS|ERROR|PIPE)).*", "\\2\\3") }V",
  "fastly.is_edge":%{if(fastly.ff.visits_this_service == 0, "true", "false")}V,
  "fastly.waf.tags":%{if(req.http.x-sigsci-tags, "%22"+json.escape(req.http.x-sigsci-tags)+"%22", "null")}V,
  "fastly.waf.agentresponse":%{if(req.http.x-sigsci-agentresponse, req.http.x-sigsci-agentresponse, "null")}V,
  "fastly.waf.decision_ms":%{if(req.http.x-sigsci-decision-ms, req.http.x-sigsci-decision-ms, "null")}V,
  "browser.user_agent":"%{req.http.User-Agent}V",
  "browser.name":"%{client.browser.name}V",
  "browser.version":"%{client.browser.version}V",
  "client.ip":"%{req.http.Fastly-Client-IP}V",
  "client.port":%{client.port}V,
  "client.isp":"%{client.as.name}V",
  "cloud.availability_zone":"%{server.datacenter}V",
  "cloud.region":"%{server.region}V",
  "cloud.resource_id":"%{req.service_id}V",
  "cloud.provider":"fastly",
  "cloud.platform":"fastly_vcl",
  "host.name":"%{req.http.Fastly-Orig-Host}V",
  "host.ip":"%{server.ip}V",
  "http.request.method":"%{req.method}V",
  "http.request.body.size":%{req.body_bytes_read}V,
  "http.request.header.referer":"%{json.escape(req.http.Referer)}V",
  "http.request.header.accept_content":"%{json.escape(req.http.Accept)}V",
  "http.request.header.accept_language":"%{json.escape(req.http.Accept-Language)}V",
  "http.request.header.accept_charset":"%{json.escape(req.http.Accept-Charset)}V",
  "http.response.state":"%{json.escape(fastly_info.state)}V",
  "http.response.status_code":%{resp.status}V,
  "http.response.reason_phrase":%{if(resp.response, "%22"+json.escape(resp.response)+"%22", "null")}V,
  "http.response.body.size":%{resp.body_bytes_written}V,
  "http.response.header.content_type":"%{resp.http.Content-Type}V",
  "network.type":"%{if(req.is_ipv6, "ipv6", "ipv4")}V",
  "network.protocol.name":"%{if(fastly_info.edge.is_tls, "https", "http")}V",
  "network.protocol.version":"%{regsub(req.proto, "^HTTP\/", "")}V",
  "url.scheme":"%{if(fastly_info.edge.is_tls, "https", "http")}V",
  "url.full":"%{json.escape(if(fastly_info.edge.is_tls, "https", "http") "://" req.http.Fastly-Orig-Host req.url)}V",
  "url.path":"%{json.escape(req.url.path)}V",
  "url.query":"%{json.escape(req.url.qs)}V",
  "url.domain":"%{req.http.Fastly-Orig-Host}V",
  "url.port":%{client.port}V,
  "geo.country_name":"%{client.geo.country_name}V",
  "geo.city_name":"%{client.geo.city}V",
  "geo.continent.name":"%{client.geo.continent_code}V",
  "geo.region.name":"%{client.geo.region}V"
}

Logs should begin appearing in your Dynatrace account a few seconds after you've created the endpoint and deployed your service changes. These logs can then be accessed using the Logs App or the Dynatrace Logs and events viewer.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fastly
© Fastly 2025