Dynatrace solution data connectors under certain circumstances fields are being trimmed to the max allowed size for log analytics workspace

[keyoke]

Describe the bug Dynatrace solution data connectors( Audit & Problem ) under certain circumstances data returned by the Dynatrace REST API contains a very large value i.e. JSON data, a warning is triggered by Log Analytics Workspace about being trimmed to the max allowed size.

Some examples:

• The following fields' values evidenceDetails_details of type DynatraceProblems_CL have been trimmed to the max allowed size, 32766 bytes. Please adjust your input accordingly. (1)

• The following fields' values patch of type DynatraceAuditLogs_CL have been trimmed to the max allowed size, 32766 bytes. Please adjust your input accordingly. (1)

Expected behavior The connectors should correctly handle these cases where field length is longer than 32kb

Question What is the guidance from Microsoft for handling these cases when partners develop a codeless connector? Is it possible to use Data Collection Rules to transform the incoming data and fan it out into one or more additional tables?

[keyoke]

Hello @v-sudkharat we have customers which are currently impacted by this issue are you able to provide us any feedback? many thanks

[v-mabrindha]

Hi @keyoke, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 02-08-2024. Thanks!

[v-mabrindha]

Hi @keyoke,

This is expected Behaviour, since this is a limit that is documented for data collector API: https://learn.microsoft.com/en-us/azure/azure-monitor/service-limits#log-analytics-workspaces

And this API will deprecated and will no longer be functional as of 14/9/2026. Reference Doc :- Azure Monitor HTTP Data Collector API - Azure Monitor | Microsoft Learn

Below is 2 workaround that can help you to unblock from the size limitations:-

1. You need to change your code\script used in Data connector to split the data before it's ingested into workspace.
2. Or you can migrate to use the new Log Ingestion API which has a field limit of 64KB instead of 32KB. The guidance is documented added here: Migrate from the HTTP Data Collector API to the Log Ingestion API - Azure Monitor | Microsoft Learn

[v-mabrindha]

Hi @keyoke, Could you please inform us if this has helped in resolving your issue?

[v-mabrindha]

Hi @keyoke , Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond.

[keyoke]

Hi @v-mabrindha, Thanks we are aware of the limits

1. we leverage codeless connector therefore there is no code/scripts
2. how is this implemented in CCP do you have any docs?

[v-mabrindha]

Hi @keyoke,

Please the reference document - https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V3/CCP_README.md

[v-mabrindha]

Hi @keyoke , Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond.

[keyoke]

@v-mabrindha thank you for the document

[v-mabrindha]

Thank you, @keyoke for the status update. I'll proceed with closing this GitHub issue.