Why am I unable to get the dynatrace logs to Splun...

phanikumarcs · ‎03-10-2023

Hi,

i want to test the Dynatrace logs to Splunk via the Dynatrace add-on and App from Splunkbase.

Created Inputs in Add-on:

Created configurations:

_raw

2023-03-10 12:30:55,868 ERROR pid=7140 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
File "C:\Program Files\Splunk\etc\apps\Splunk_TA_Dynatrace\bin\splunk_ta_dynatrace\aob_py3\modinput_wrapper\base_modinput.py", line 128, in stream_events
    self.collect_events(ew)
File "C:\Program Files\Splunk\etc\apps\Splunk_TA_Dynatrace\bin\dynatrace_problem.py", line 72, in collect_events
    input_module.collect_events(self, ew)
File "C:\Program Files\Splunk\etc\apps\Splunk_TA_Dynatrace\bin\input_module_dynatrace_problem.py", line 71, in collect_events
    entityDict = x["result"]["problems"]
KeyError: 'result'

2023-03-10 12:30:55,866 ERROR pid=7140 tid=MainThread file=base_modinput.py:log_error:309 | {"error":{"code":403,"message":"Token is missing required scope. Use one of: DataExport (Access problem and event feed, metrics, and topology), Davis (Dynatrace module integration - Davis)"}}

2023-03-10 12:30:55,647 INFO pid=7140 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!

2023-03-10 12:30:55,646 INFO pid=7140 tid=MainThread file=setup_util.py:log_info:117 | Log level is not set, use default INFO

2023-03-10 12:30:44,268 ERROR pid=9852 tid=MainThread file=base_modinput.py:log_error:309 | {"error":{"code":403,"message":"Token is missing required scope. Use one of: DataExport (Access problem and event feed, metrics, and topology), Davis (Dynatrace module integration - Davis)"}}

2023-03-10 12:30:44,021 INFO pid=9852 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!

2023-03-10 12:30:44,021 INFO pid=9852 tid=MainThread file=setup_util.py:log_info:117 | Log level is not set, use default INFO

2023-03-10 12:29:29,773 ERROR pid=10888 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
File "C:\Program Files\Splunk\etc\apps\Splunk_TA_Dynatrace\bin\splunk_ta_dynatrace\aob_py3\modinput_wrapper\base_modinput.py", line 128, in stream_events
    self.collect_events(ew)
File "C:\Program Files\Splunk\etc\apps\Splunk_TA_Dynatrace\bin\dynatrace_problem.py", line 72, in collect_events
    input_module.collect_events(self, ew)
File "C:\Program Files\Splunk\etc\apps\Splunk_TA_Dynatrace\bin\input_module_dynatrace_problem.py", line 71, in collect_events
    entityDict = x["result"]["problems"]
KeyError: 'result'

sdeveen · ‎11-20-2023

Looks like the dynatrace tenant is not comlete.
There is missing the part after the tenant: /e/<your_envirohnment>

PickleRick · ‎07-31-2023

I don't know this app but I'd check this:

"error":{"code":403,"message":"Token is missing required scope. Use one of: DataExport (Access problem and event feed, metrics, and topology), Davis (Dynatrace module integration - Davis)"

akriti · ‎07-31-2023

Hi @phanikumarcs were you able to resolve this error? I'm getting the same error in my environment.

Why am I unable to get the dynatrace logs to Splunk?

modular input

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?