Page 1 of 1
LOG Pattern Matching
Posted: Fri Mar 24, 2017 1:15 am
by sarfarosh
Hello Team,
I have a requirement, where i need to match a log pattern. How can i achieve it?
Sample log pattern are
:::DUMPLOG LOG CREATED
:::PROCESS LOG CREATED
We have to check count of “:::DUMPLOG LOG CREATED” and “:::PROCESS LOG CREATED” nearly equal. if count difference exceeded 10%, alert will generate.
Re: LOG Pattern Matching
Posted: Fri Mar 24, 2017 9:30 am
by mcapra
I would need to see some sample logs to ensure there aren't conflicts with any query I may provide.
A simple search for
":::DUMPLOG LOG CREATED" and
":::PROCESS LOG CREATED" seems to work to at least get results:
2017_03_24_09_26_21_Dashboard_Nagios_Log_Server.png
2017_03_24_09_27_29_Dashboard_Nagios_Log_Server.png
if count difference exceeded 10%, alert will generate.
Nagios Log Server alerts are currently a simple document count of query results. There's no way to implement conditional logic (or arithmetic) currently.
Re: LOG Pattern Matching
Posted: Thu Mar 30, 2017 7:59 am
by sarfarosh
Hello mcapra,
I am trying to create an alert and i found a Query field there. How to write a custom query for this ?
Re: LOG Pattern Matching
Posted: Thu Mar 30, 2017 10:51 am
by mcapra
The easiest way to create a query would be to get your dashboard displaying the events you would like to match, then using the "Manage Queries" button (magnifying glass at the top) to save the dashboard's query:
2017_03_30_10_50_13_Dashboard_Nagios_Log_Server.png
Re: LOG Pattern Matching
Posted: Mon Apr 03, 2017 1:07 am
by sarfarosh
Hello mcapra,
Thanks a lot. Exactly the thing i was looking for.
Re: LOG Pattern Matching
Posted: Mon Apr 03, 2017 9:40 am
by cdienger
Was there anything further we can help with related to this or are we okay to lock the thread?
Re: LOG Pattern Matching
Posted: Mon Apr 24, 2017 12:26 am
by sarfarosh
Hi Mcapra,
Thank you very much. We can close it now.