LOG Pattern Matching

[sarfarosh]

Hello Team,
I have a requirement, where i need to match a log pattern. How can i achieve it?
Sample log pattern are
:::DUMPLOG LOG CREATED
:::PROCESS LOG CREATED

We have to check count of “:::DUMPLOG LOG CREATED” and “:::PROCESS LOG CREATED” nearly equal. if count difference exceeded 10%, alert will generate.

[mcapra]

I would need to see some sample logs to ensure there aren't conflicts with any query I may provide.

A simple search for ":::DUMPLOG LOG CREATED" and ":::PROCESS LOG CREATED" seems to work to at least get results:

2017_03_24_09_26_21_Dashboard_Nagios_Log_Server.png

2017_03_24_09_27_29_Dashboard_Nagios_Log_Server.png

if count difference exceeded 10%, alert will generate.

Nagios Log Server alerts are currently a simple document count of query results. There's no way to implement conditional logic (or arithmetic) currently.

[sarfarosh]

Hello mcapra,
I am trying to create an alert and i found a Query field there. How to write a custom query for this ?

[mcapra]

The easiest way to create a query would be to get your dashboard displaying the events you would like to match, then using the "Manage Queries" button (magnifying glass at the top) to save the dashboard's query:

2017_03_30_10_50_13_Dashboard_Nagios_Log_Server.png

[sarfarosh]

Hello mcapra,
Thanks a lot. Exactly the thing i was looking for.

[cdienger]

Was there anything further we can help with related to this or are we okay to lock the thread?

[sarfarosh]

Hi Mcapra,
Thank you very much. We can close it now.