Resources and links include GitHub templates, Dynatrace documentation on the Log Ingest API, Davis AI, and DQL, plus navigation to related posts and templates.

DQL and APM queries are provided to investigate basics, correlate with service metrics, analyze user activity, and detect security patterns such as ransomware-like behavior and after-hours access.

Dynatrace’s Davis AI stands out by using topology connectivity—not keyword matching—to automatically correlate events across entities and enable rapid root-cause analysis for storage-related issues.

The setup connects FSx ONTAP through an S3 Access Point, EventBridge Scheduler, Lambda, and finally the Dynatrace Log Ingest API v2 to enable automatic anomaly correlation.

Deployment options include SaaS and Managed variants, with data residency considerations and a production readiness ladder that scales from quick starts to full topology and service-level objectives, plus data classification and privacy notes.

This article is Part 11 of a multi-part FSx for ONTAP observability series, linking to prior posts that cover broader topics and alternative backends.

Quick-start guidance outlines a 30-minute setup: create a Dynatrace API token, store credentials in AWS Secrets Manager, deploy a CloudFormation stack with S3 Access Point, Dynatrace token, environment URL, and bucket name, and verify ingestion in Dynatrace Logs Viewer.

Logs are structured with attributes like dt.source_entity to map to a Dynatrace topology custom device (e.g., CUSTOM_DEVICE-fsxn-{svm-name}), enabling Davis AI correlation, with sample log formats and DQL queries.

Practical notes cover API behavior, ingestion lag, permission scopes, DLQ considerations, token scopes, and Lambda batch-size limits to avoid common pitfalls.

Davis AI correlation requires three topology components—application OneAgent, NFS/SMB access, and a pre-created custom device entity for each SVM—to establish causal links.

A serverless end-to-end pipeline ingests FSx for ONTAP audit logs to Dynatrace via the Log Ingest API v2, with Davis AI analyzing correlations across file access, application performance metrics, and infrastructure health to surface root causes in seconds.

Key capabilities demonstrated show how storage contention links to app slowdown, ransomware events correlate with service impact, and quota exhaustion aligns with write failures, all mapped through the topology to applications accessing FSx storage.