Filter Questions and exact matching?

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
User avatar
eloyd
Cool Title Here
Posts: 2190
Joined: Thu Sep 27, 2012 9:14 am
Location: Rochester, NY
Contact:
Contact eloyd

Re: Filter Questions and exact matching?

Post by eloyd »

OP originally wrote,
For example we have a service named: ENTERPRISE-DOCSTORENAS-SERVICE
but it will also match another service ENTERPRISE-DOCSTORENAS-SERVICE-TEST
When trying to filter out the ENTERPRISE-DOCSTORENAS-SERVICE messages from the ENTERPRISE-DOCSTORENAS-SERVICE-TEST messages filters both.
I don't know what else the message contains, so this will be a simple example, but I'd grok this out as:

Code: Select all

filter {
  grok {
    match { message => [ "^.*%{WORD:field1}-%{WORD:field2}-%{WORD:field3}(-%{WORD:field4})?.*" ]
  }
}
I may have a typo in there somehere, but that should break down as:

Code: Select all

field1 = ENTERPRISE
field2 = DOCSTORENAS
field3 = SERVICE
and optionally, if present,
field4 = TEST
Now you can filter on fields 1, 2, 3, 4 to ensure you're only seeing what you want.
Image
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: Filter Questions and exact matching?

Post by jolson »

Yup, agreed - making use of the grok filter is probably ideal here - alternatively you can use the 'mutate' filter to change one of the fields a bit so they don't match so exactly. @Jklre, let us know!
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
Locked

Return to “Nagios Log Server”