Nagios Support Forum

Hello Nagios Support:

This is a follow-up to the previous post:
https://support.nagios.com/forum/viewto ... 16&t=61019

We have done some further testing on this and this is what we've found and would like your guidance as to a better way to do what we'd like to do.

We have enabled the Deadpool processor.

We're only interested in dealing with our services at the moment, which we have set stage 1 to 30 days and stage 2 to 300 days and have set the action to "Deactivate".

We are targeting a very limited list of services to deadpool that have a naming convention of "SBC-XXX-XXX-XXX".

We built an exclusion list of all service names that begin with "S". You can see "SBC" and "sbc" in the list. We will remove those from the exclusion filter.

[root@nagios-p services]# cat *.cfg | grep service_description | sed 's/service_description//g' | sed 's/ //g' | cut -c1-3 | grep ^[S,s] | sort -u
SAE
SAJ
sbc <------
SBC <------
SCH
SDF
SDH
SDI
SDM
SDR
Se0
Se1
sen
Sen
SEP
Ser
SFE
SFR
SGO
SGP
SHU
Sig
SIM
SIP
SIT
SKA
SKC
SKP
SKY
SLE
Smp
SNM
SON
Spa
SPV
SRT
SS-
SSB
SSH
Sta
STA
STG
sto
STS
Sub
Swa
SWG
Swi
SWZ
sys
Sys

We also want to add ALL OTHER SERVICES to this exclusion filter (A-R*, T-Z*, etc). After some initial testing, it appears that Deadpool *does* work retroactively, as we had several services deadpooled that we believe should not have been. Our exclusion filter looked like this:

A*
B*
C*
D*
E*
F*
G*
H*
I*
J*
K*
L*
M*
N*
O*
P*
Q*
R*
T*
U*
V*
W*
X*
Y*
Z*
/*
SAE*
SAJ*
SCH*
SDF*
SDH*
SDI*
SDM
SDR*
Se0*
Se1*
sen*
Sen*
SEP*
Ser*
SFE*
SFR*
SGO*
SGP*
SHU*
Sig*
SIM*
SIP*
SIT*
SKA*
SKC*
SKP*
SKY*
SLE*
Smp*
SNM*
SON*
Spa*
SPV*
SRT*
SS-*
SSB*
SSH*
Sta*
STA*
STG*
STS*
Sub*
Swa*
SWG*
Swi*
SWZ*
sys*
Sys*

When we enabled Deadpool, we immediately received ~20 emails saying dozens of services were Deadpooled. This is where we found that Deadpool does seem to work retroactively:

From https://assets.nagios.com/downloads/nag ... ios-XI.pdf
"Deadpool does not work retroactively. For example, if a service has already been down for 4 days and then Deadpool is activated with its default setting to delete after 3 days, the service will not be deleted."

One email showed the following services (trimmed down) having been added to the Deadpool service group:

...
NOAS-CSG-MBI-IO6 / HP Switch CPU Usage
NOAS-CSG-MBI-IO6 / HP Switch Memory Usage
NOAS-CSG-MBI-IO6 / Ping
NOAS-CSG-MBI-IO5 / HP Switch CPU Usage
NOAS-CSG-MBI-IO5 / HP Switch Memory Usage
NOAS-CSG-MBI-IO5 / Ping
NOAS-CSG-MBI-IO2 / HP Switch CPU Usage
NOAS-CSG-MBI-IO2 / HP Switch Memory Usage
NOAS-CSG-MBI-IO2 / Ping
NOAS-CSG-MBI-IO1 / HP Switch CPU Usage
NOAS-CSG-MBI-IO1 / HP Switch Memory Usage
NOAS-CSG-MBI-IO1 / Ping
NOAS-CSG-MBI-APP04-iLO / Overall Temperature Condition
NOAS-CSG-MBI-APP04-iLO / Overall Health Condition
NOAS-CSG-MBI-APP03-iLO / Overall Health Condition
NOAS-CSG-MBI-APP03-iLO / Overall Temperature Condition
NOAS-CSG-MBI-APP02-iLO / Overall Health Condition
NOAS-CSG-MBI-APP02-iLO / Overall Temperature Condition
...


Then we looked into the regular expression rules and found that we possibly needed to do the following to our exclusion filter:
/A*/
/B*/
/C*/
/D*/
/E*/
/F*/
/G*/
/H*/
/I*/
/J*/
/K*/
/L*/
/M*/
/N*/
/O*/
/P*/
/Q*/
/R*/
/T*/
/U*/
/V*/
/W*/
/X*/
/Y*/
/Z*/
/a*/
/b*/
/c*/
/d*/
/e*/
/f*/
/g*/
/h*/
/i*/
/j*/
/k*/
/l*/
/m*/
/n*/
/o*/
/p*/
/q*/
/r*/
/s*/
/t*/
/u*/
/v*/
/w*/
/x*/
/y*/
/z*/
/SAE*/
/SAJ*/
/SCH*/
/SDF*/
/SDH*/
/SDI*/
/SDM/
/SDR*/
/Se0*/
/Se1*/
/sen*/
/Sen*/
/SEP*/
/Ser*/
/SFE*/
/SFR*/
/SGO*/
/SGP*/
/SHU*/
/Sig*/
/SIM*/
/SIP*/
/SIT*/
/SKA*/
/SKC*/
/SKP*/
/SKY*/
/SLE*/
/Smp*/
/SNM*/
/SON*/
/Spa*/
/SPV*/
/SRT*/
/SS-*/
/SSB*/
/SSH*/
/Sta*/
/STA*/
/STG*/
/STS*/
/Sub*/
/Swa*/
/SWG*/
/Swi*/
/SWZ*/
/sys*/
/Sys*/
/\/*/

QUESTION 1: Is this the correct way to build an exclusion filter?
QUESTION 2: Would this be more efficient? Or does it matter?
/[A-R]\*/
/[T-Z]\*/
...
then the remaining S* services.

Once enabled, we found that our mysqld process's CPU load would be higher than normal.

When we look at the Deadpool log we see the following:

Matched service filter '/u*/' -> skipping service
Matched service filter '/v*/' -> skipping service
Matched service filter '/w*/' -> skipping service
Matched service filter '/x*/' -> skipping service
Matched service filter '/y*/' -> skipping service
Matched service filter '/z*/' -> skipping service
Matched service filter '/\/*/' -> skipping service
HOST/SVC: GMV-OSS-RC-17B-TPOSSINF01/LDAP Server = 1600208922 (33492739 seconds ago) [1]
Matched service filter '/A*/' -> skipping service
Matched service filter '/B*/' -> skipping service
Matched service filter '/C*/' -> skipping service
Matched service filter '/D*/' -> skipping service
Matched service filter '/E*/' -> skipping service

Here are some relevant lines:

HOST/SVC: NOAS-CS-G-GENERIC/CSg FRK Service Performance = 1631546426 (2155296 seconds ago) [0]
HOST/SVC: NOAS-CS-G-GENERIC/CSg HKG Service Performance = 1631546441 (2155281 seconds ago) [0]
HOST/SVC: GSIP-ZRH-SBC4/GSIP SBC Ping = 1629771474 (3930248 seconds ago) [1]
HOST/SVC: GSIP-ZRH-SBC3/GSIP SBC Ping = 1629773498 (3928224 seconds ago) [1]
HOST/SVC: GSIP-RSM-CHC/ASR for GSIP-CHC-SBC9:ZAYO = 1632781038 (920684 seconds ago) [0]
HOST/SVC: GSIP-RSM-AMH/ASR for GSIP-FFT-SBC5:PUREIP = 1632750318 (951404 seconds ago) [0]
HOST/SVC: GSIP-NUT-SBC1/SBC1-NUT-AM:EP-TK-K0000005256-0-TCP = 1633700199 (1523 seconds ago) [0]
HOST/SVC: GSIP-NUT-SBC1/SBC1-NUT-AM:EP-TK-K0000008512-0-TCP = 1633700199 (1523 seconds ago) [0]
HOST/SVC: GSIP-NUT-SBC1/SBC1-NUT-AM:EP-TK-IDAL-TLS00000804-0-TCP = 1633700199 (1523 seconds ago) [0]
HOST/SVC: GSIP-CE1-AMH-EU/Interfaces ERR DISC = 1610642464 (23059258 seconds ago) [1]
HOST/SVC: GSIP-CE1-AMH-EU/Ping = 1611896721 (21805001 seconds ago) [1]
HOST/SVC: GSIP-CE1-AMH-EU/CPU Usage = 1610642339 (23059383 seconds ago) [1]
HOST/SVC: GSIP-CE1-AMH-EU/Hardware Health - Card = 1610642499 (23059223 seconds ago) [1]
HOST/SVC: GSIP-CE1-AMH-EU/Hardware Health - Fan and PSU = 1610642499 (23059223 seconds ago) [1]
HOST/SVC: GSIP-CE1-AMH-EU/Memory Usage = 1610642499 (23059223 seconds ago) [1]
HOST/SVC: GMV_WIN_LDAP_TUF/Logon Errors = 1632812181 (889541 seconds ago) [0]
HOST/SVC: GMV_WIN_LDAP_LGS/Logon Errors = 1607973862 (25727860 seconds ago) [1]
HOST/SVC: GMV-OSS-RC-17B-TPOSSNAS02-ILO/Overall Temperature Condition = 1601108976 (32592746 seconds ago) [1]
HOST/SVC: GMV-OSS-RC-17B-TPOSSINF01/LDAP Server = 1600208922 (33492800 seconds ago) [1]
...
...
Matched service filter '/SIT*/' -> skipping service
Matched service filter '/\/*/' -> skipping service
HOST/SVC: GSIP-RSM-CHC/ASR for GSIP-CHC-SBC9:ZAYO = 1632781038 (920924 seconds ago) [0]
Passive only -> skipping service
HOST/SVC: GSIP-RSM-AMH/ASR for GSIP-FFT-SBC5:PUREIP = 1632750318 (951644 seconds ago) [0]
Passive only -> skipping service
HOST/SVC: GSIP-NUT-SBC1/SBC1-NUT-AM:EP-TK-K0000005256-0-TCP = 1633700199 (1763 seconds ago) [0]
Passive only -> skipping service
HOST/SVC: GSIP-NUT-SBC1/SBC1-NUT-AM:EP-TK-K0000008512-0-TCP = 1633700199 (1763 seconds ago) [0]
Passive only -> skipping service
HOST/SVC: GSIP-NUT-SBC1/SBC1-NUT-AM:EP-TK-IDAL-TLS00000804-0-TCP = 1633700199 (1763 seconds ago) [0]
Passive only -> skipping service
HOST/SVC: GSIP-CE1-AMH-EU/Interfaces ERR DISC = 1610642464 (23059498 seconds ago) [1]
Matched service filter '/A*/' -> skipping service
Matched service filter '/B*/' -> skipping service

QUESTION 3: What does "Passive only" mean? Will passive services be skipped regardless of their Deadpool status?

Our exclusion filter appears to be working, but we are concerned that it may be causing excessive CPU load on MySQL.

Thank you in advance for your support.

Regards,
JLu

Is that the entirety of your filter list or how many total do you have?

Please attach your /etc/php.ini file.

Please PM me a copy of your profile, you can download it from Admin > System Profile by clicking the Download Profile button.

Additionally, please send the output of this command:
- NOTE: You may need to adjust the -h 127.0.0.1, the -uroot, and -pnagiosxi in the command if your DB is offloaded to another server and/or you've changed the root mysql password
EDIT: I think it skips passive services because there may be large gaps between passive results (such as SNMP traps, etc)

Hi Sean,

I'm sending you the system profile via DM.

### Is that the entirety of your filter list or how many total do you have?

Quick answer is 100. But to summarize our exclusion filter issue:

I want to exclude every service *except* those that start with "SBC" or "sbc". Is there a way to write an exclusion filter that would look like:
NOT "SBC*"
NOT "sbc*"

We would like to trim it down from each entry for A-Z* and a-z*, which is why I asked the following.

## QUESTION 2: Would this be more efficient? Or does it matter?
## /[A-R]\*/
## /[T-Z]\*/

Or even:
/[A-R,a-r,T-Z,t-z]\*/

Here's php.ini:

[root@nagios-p services]# cat /etc/php.ini | grep -v ^\; | grep -v "^\[" | sort -u
allow_call_time_pass_reference = Off
allow_url_fopen = On
allow_url_include = Off
asp_tags = Off
auto_append_file =
auto_globals_jit = On
auto_prepend_file =
bcmath.scale = 0
date.timezone = Etc/UTC
default_mimetype = "text/html"
default_socket_timeout = 60
define_syslog_variables = Off
disable_classes =
disable_functions =
display_errors = Off
display_startup_errors = Off
doc_root =
enable_dl = Off
engine = On
error_reporting = E_ALL & ~E_DEPRECATED
expose_php = On
file_uploads = On
html_errors = Off
ignore_repeated_errors = Off
ignore_repeated_source = Off
implicit_flush = Off
log_errors_max_len = 1024
log_errors = On
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
mail.add_x_header = On
max_execution_time = 300
max_input_time = 300
max_input_vars = 50000
memory_limit = 1024M
mssql.allow_persistent = On
mssql.compatability_mode = Off
mssql.max_links = -1
mssql.max_persistent = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.secure_connection = Off
mysql.allow_persistent = On
mysql.connect_timeout = 60
mysql.default_host =
mysql.default_password =
mysql.default_port =
mysql.default_socket =
mysql.default_user =
mysqli.default_host =
mysqli.default_port = 3306
mysqli.default_pw =
mysqli.default_socket =
mysqli.default_user =
mysqli.max_links = -1
mysqli.reconnect = Off
mysql.max_links = -1
mysql.max_persistent = -1
mysql.trace_mode = Off
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.defaultbinmode = 1
odbc.defaultlrl = 4096
odbc.max_links = -1
odbc.max_persistent = -1
output_buffering = 4096
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.ignore_notice = 0
pgsql.log_notice = 0
pgsql.max_links = -1
pgsql.max_persistent = -1
post_max_size = 21M
precision = 14
register_argc_argv = Off
register_globals = Off
register_long_arrays = Off
report_memleaks = On
request_order = "GP"
safe_mode_allowed_env_vars = PHP_
safe_mode_exec_dir =
safe_mode_gid = Off
safe_mode_include_dir =
safe_mode = Off
safe_mode_protected_env_vars = LD_LIBRARY_PATH
sendmail_path = /usr/sbin/sendmail -t -i
serialize_precision = 100
session.auto_start = 0
session.bug_compat_42 = Off
session.bug_compat_warn = Off
session.cache_expire = 180
session.cache_limiter = nocache
session.cookie_domain =
session.cookie_httponly =
session.cookie_lifetime = 0
session.cookie_path = /
session.entropy_file =
session.entropy_length = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.gc_probability = 1
session.hash_bits_per_character = 5
session.hash_function = 0
session.name = PHPSESSID
session.referer_check =
session.save_handler = files
session.save_path = "/var/lib/php/session"
session.serialize_handler = php
session.use_cookies = 1
session.use_only_cookies = 1
session.use_trans_sid = 0
short_open_tag = Off
SMTP = localhost
smtp_port = 25
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_enabled=1
soap.wsdl_cache_ttl=86400
sql.safe_mode = Off
sybct.allow_persistent = On
sybct.max_links = -1
sybct.max_persistent = -1
sybct.min_client_severity = 10
sybct.min_server_severity = 10
tidy.clean_output = Off
track_errors = Off
unserialize_callback_func =
upload_max_filesize = 20M
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
user_dir =
variables_order = "GPCS"
y2k_compliance = On
zlib.output_compression = Off


Here's the output of the mysql:

^C[root@nagios-b ~]# echo "SELECT table_name AS 'Table', round(((data_length + index_length) / 1024 / 1024), 2) 'Size in MB' FROM information_schema.TABLES WHERE table_schema IN ('nags', 'nagiosql', 'nagiosxi');" | mysql -h 127.0.0.1 -uroot -pnagiosxi --table
+--------------------------------------------+------------+
| Table | Size in MB |
+--------------------------------------------+------------+
| nagios_acknowledgements | 0.84 |
| nagios_commands | 0.02 |
| nagios_commenthistory | 12.16 |
| nagios_comments | 0.19 |
| nagios_configfiles | 0.01 |
| nagios_configfilevariables | 0.01 |
| nagios_conninfo | 0.76 |
| nagios_contact_addresses | 0.01 |
| nagios_contact_notificationcommands | 0.03 |
| nagios_contactgroup_members | 0.01 |
| nagios_contactgroups | 0.00 |
| nagios_contactnotificationmethods | 6.74 |
| nagios_contactnotifications | 7.11 |
| nagios_contacts | 0.02 |
| nagios_contactstatus | 0.02 |
| nagios_customvariables | 3.89 |
| nagios_customvariablestatus | 4.02 |
| nagios_dbversion | 0.00 |
| nagios_downtimehistory | 0.14 |
| nagios_eventhandlers | 0.06 |
| nagios_externalcommands | 7.10 |
| nagios_flappinghistory | 15.39 |
| nagios_host_contactgroups | 0.02 |
| nagios_host_contacts | 0.04 |
| nagios_host_parenthosts | 0.00 |
| nagios_hostchecks | 0.12 |
| nagios_hostdependencies | 0.00 |
| nagios_hostescalation_contactgroups | 0.00 |
| nagios_hostescalation_contacts | 0.00 |
| nagios_hostescalations | 0.00 |
| nagios_hostgroup_members | 0.04 |
| nagios_hostgroups | 0.00 |
| nagios_hosts | 0.08 |
| nagios_hoststatus | 0.19 |
| nagios_instances | 0.00 |
| nagios_logentries | 1389.42 |
| nagios_notifications | 42.15 |
| nagios_objects | 11.09 |
| nagios_processevents | 0.34 |
| nagios_programstatus | 0.00 |
| nagios_runtimevariables | 0.00 |
| nagios_scheduleddowntime | 0.00 |
| nagios_service_contactgroups | 2.59 |
| nagios_service_contacts | 1.80 |
| nagios_service_parentservices | 0.00 |
| nagios_servicechecks | 9.48 |
| nagios_servicedependencies | 0.00 |
| nagios_serviceescalation_contactgroups | 0.00 |
| nagios_serviceescalation_contacts | 0.00 |
| nagios_serviceescalations | 0.00 |
| nagios_servicegroup_members | 1.16 |
| nagios_servicegroups | 0.00 |
| nagios_services | 9.36 |
| nagios_servicestatus | 21.54 |
| nagios_statehistory | 224.09 |
| nagios_systemcommands | 0.04 |
| nagios_timedeventqueue | 0.00 |
| nagios_timedevents | 0.00 |
| nagios_timeperiod_timeranges | 0.07 |
| nagios_timeperiods | 0.02 |
| tbl_command | 0.04 |
| tbl_contact | 0.03 |
| tbl_contactgroup | 0.01 |
| tbl_contacttemplate | 0.01 |
| tbl_domain | 0.01 |
| tbl_host | 0.07 |
| tbl_hostdependency | 0.00 |
| tbl_hostescalation | 0.00 |
| tbl_hostextinfo | 0.00 |
| tbl_hostgroup | 0.01 |
| tbl_hosttemplate | 0.01 |
| tbl_info | 0.13 |
| tbl_lnkContactToCommandHost | 0.00 |
| tbl_lnkContactToCommandService | 0.00 |
| tbl_lnkContactToContactgroup | 0.00 |
| tbl_lnkContactToContacttemplate | 0.01 |
| tbl_lnkContactToVariabledefinition | 0.00 |
| tbl_lnkContactgroupToContact | 0.00 |
| tbl_lnkContactgroupToContactgroup | 0.00 |
| tbl_lnkContacttemplateToCommandHost | 0.00 |
| tbl_lnkContacttemplateToCommandService | 0.00 |
| tbl_lnkContacttemplateToContactgroup | 0.00 |
| tbl_lnkContacttemplateToContacttemplate | 0.00 |
| tbl_lnkContacttemplateToVariabledefinition | 0.00 |
| tbl_lnkHostToContact | 0.02 |
| tbl_lnkHostToContactgroup | 0.01 |
| tbl_lnkHostToHost | 0.00 |
| tbl_lnkHostToHostgroup | 0.01 |
| tbl_lnkHostToHosttemplate | 0.01 |
| tbl_lnkHostToVariabledefinition | 0.01 |
| tbl_lnkHostdependencyToHost_DH | 0.00 |
| tbl_lnkHostdependencyToHost_H | 0.00 |
| tbl_lnkHostdependencyToHostgroup_DH | 0.00 |
| tbl_lnkHostdependencyToHostgroup_H | 0.00 |
| tbl_lnkHostescalationToContact | 0.00 |
| tbl_lnkHostescalationToContactgroup | 0.00 |
| tbl_lnkHostescalationToHost | 0.00 |
| tbl_lnkHostescalationToHostgroup | 0.00 |
| tbl_lnkHostgroupToHost | 0.01 |
| tbl_lnkHostgroupToHostgroup | 0.00 |
| tbl_lnkHosttemplateToContact | 0.00 |
| tbl_lnkHosttemplateToContactgroup | 0.00 |
| tbl_lnkHosttemplateToHost | 0.00 |
| tbl_lnkHosttemplateToHostgroup | 0.00 |
| tbl_lnkHosttemplateToHosttemplate | 0.00 |
| tbl_lnkHosttemplateToVariabledefinition | 0.00 |
| tbl_lnkServiceToContact | 0.84 |
| tbl_lnkServiceToContactgroup | 0.99 |
| tbl_lnkServiceToHost | 1.11 |
| tbl_lnkServiceToHostgroup | 0.00 |
| tbl_lnkServiceToServicegroup | 0.01 |
| tbl_lnkServiceToServicetemplate | 1.36 |
| tbl_lnkServiceToVariabledefinition | 1.08 |
| tbl_lnkServicedependencyToHost_DH | 0.00 |
| tbl_lnkServicedependencyToHost_H | 0.00 |
| tbl_lnkServicedependencyToHostgroup_DH | 0.00 |
| tbl_lnkServicedependencyToHostgroup_H | 0.00 |
| tbl_lnkServicedependencyToService_DS | 0.00 |
| tbl_lnkServicedependencyToService_S | 0.00 |
| tbl_lnkServicedependencyToServicegroup_DS | 0.02 |
| tbl_lnkServicedependencyToServicegroup_S | 0.02 |
| tbl_lnkServiceescalationToContact | 0.00 |
| tbl_lnkServiceescalationToContactgroup | 0.00 |
| tbl_lnkServiceescalationToHost | 0.00 |
| tbl_lnkServiceescalationToHostgroup | 0.00 |
| tbl_lnkServiceescalationToService | 0.00 |
| tbl_lnkServiceescalationToServicegroup | 0.02 |
| tbl_lnkServicegroupToService | 1.23 |
| tbl_lnkServicegroupToServicegroup | 0.00 |
| tbl_lnkServicetemplateToContact | 0.00 |
| tbl_lnkServicetemplateToContactgroup | 0.00 |
| tbl_lnkServicetemplateToHost | 0.00 |
| tbl_lnkServicetemplateToHostgroup | 0.00 |
| tbl_lnkServicetemplateToServicegroup | 0.00 |
| tbl_lnkServicetemplateToServicetemplate | 0.01 |
| tbl_lnkServicetemplateToVariabledefinition | 0.00 |
| tbl_lnkTimeperiodToTimeperiod | 0.00 |
| tbl_logbook | 0.00 |
| tbl_mainmenu | 0.00 |
| tbl_permission | 0.02 |
| tbl_permission_inactive | 0.02 |
| tbl_service | 6.54 |
| tbl_servicedependency | 0.00 |
| tbl_serviceescalation | 0.00 |
| tbl_serviceextinfo | 0.00 |
| tbl_servicegroup | 0.01 |
| tbl_servicetemplate | 0.02 |
| tbl_session | 0.01 |
| tbl_session_locks | 0.00 |
| tbl_settings | 0.00 |
| tbl_submenu | 0.00 |
| tbl_timedefinition | 0.06 |
| tbl_timeperiod | 0.04 |
| tbl_user | 0.01 |
| tbl_variabledefinition | 2.37 |
| xi_auditlog | 1.09 |
| xi_auth_tokens | 0.19 |
| xi_cmp_ccm_backups | 0.02 |
| xi_cmp_favorites | 0.03 |
| xi_cmp_nagiosbpi_backups | 1.52 |
| xi_cmp_trapdata | 0.03 |
| xi_cmp_trapdata_log | 0.03 |
| xi_commands | 0.00 |
| xi_deploy_agents | 0.02 |
| xi_deploy_jobs | 0.02 |
| xi_eventqueue | 10.38 |
| xi_events | 0.07 |
| xi_incidents | 0.00 |
| xi_meta | 1.55 |
| xi_mibs | 0.05 |
| xi_options | 0.04 |
| xi_sessions | 0.03 |
| xi_sysstat | 0.01 |
| xi_usermeta | 43.27 |
| xi_users | 0.05 |
+--------------------------------------------+------------+

Thank you,
JLu

I'm pretty sure this one is going to match everything:
Using a single line for the exclusions should be more effecient than multiple lines.

This should work:
If you wanted to use case-insensitive matching you could just use this one: