Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Filter Questions and exact matching?

https://support.nagios.com/forum/viewtopic.php?t=37657

Page 2 of 2

Re: Filter Questions and exact matching?

Posted: Sat Mar 26, 2016 9:06 am
by eloyd
OP originally wrote,
For example we have a service named: ENTERPRISE-DOCSTORENAS-SERVICE
but it will also match another service ENTERPRISE-DOCSTORENAS-SERVICE-TEST
When trying to filter out the ENTERPRISE-DOCSTORENAS-SERVICE messages from the ENTERPRISE-DOCSTORENAS-SERVICE-TEST messages filters both.
I don't know what else the message contains, so this will be a simple example, but I'd grok this out as:

Code: Select all

filter {
  grok {
    match { message => [ "^.*%{WORD:field1}-%{WORD:field2}-%{WORD:field3}(-%{WORD:field4})?.*" ]
  }
}
I may have a typo in there somehere, but that should break down as:

Code: Select all

field1 = ENTERPRISE
field2 = DOCSTORENAS
field3 = SERVICE
and optionally, if present,
field4 = TEST
Now you can filter on fields 1, 2, 3, 4 to ensure you're only seeing what you want.

Re: Filter Questions and exact matching?

Posted: Mon Mar 28, 2016 9:54 am
by jolson
Yup, agreed - making use of the grok filter is probably ideal here - alternatively you can use the 'mutate' filter to change one of the fields a bit so they don't match so exactly. @Jklre, let us know!
All times are UTC-05:00
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited