SiteScope: Monitor logfile that contains only numberical entries on each line

Hello,

 

I am trying to setup a logfile monitor that would capture certain numbers on different lines.

example:

20

21

25

22

26

3

5

27

But I cannot get the regular expressions to work as needed.

Can someone point me into the right direction to accomplish this task in a log monitor?

Any help appreicated.

Thanks in Advance.

 

Tags:

Parents
  • Hi,

    try the following expression:

    /(\d )/

    \d will match a single digit [0-9] the „ “ ensures to match one or many digits. The brackets store the matched value into a parameter which you can name using the “matched value label” field:

    Best Regards

                    Bernhard

  • Hello Bernard,

    Thank for info.

    Does the expression you gave look at each line and number?

    How does it handle number with 2 digits or even 3 digits?

    And with the expression, what If I am trying to match on a number like 22, but it has to occur in the log 20 times before I sent alert/event?

    Any help appreciated.

    Thanks.

  • Hi,

    As mentioned in my previous response, the „\d“ matches one digit [0-9] and the „\d “ will match on to many digits. Including numbers with 2 or 3 digits.

    The matching is done line by line. Therefore if you set the “run alerts” selecting to “for each log entry matched”, you’ll be able to process all numbers (one pre line) of the log file.

    You’ll need to define a threshold matching the number you are looking for. In addition you’ll need to define alerts and set the alert conditions such that it’s only triggered after the threshold condition matched the 20 times.

    However, I’m not sure if the log file monitor will be able to cover your use case. You need to be more precise with your requirement.

    Are you looking to match 20 occurrences of exactly one specific number (like 22) or do you need an alert as soon as any number occurred more than 20 times.

    Additionally, in which timeframe do you need the 20 occurrences? Is the log file ever reset? What’s your expectation if you had 18 occurrences in a row and then one monitor run without a match?

    Are you able to control what’s written to the log file? Or are you able to process the log file using a script creating another log file which already has the counts and conditions processed. This log file could then be parsed by the log file monitor.

    Best Regards

              Bernhard

Reply
  • Hi,

    As mentioned in my previous response, the „\d“ matches one digit [0-9] and the „\d “ will match on to many digits. Including numbers with 2 or 3 digits.

    The matching is done line by line. Therefore if you set the “run alerts” selecting to “for each log entry matched”, you’ll be able to process all numbers (one pre line) of the log file.

    You’ll need to define a threshold matching the number you are looking for. In addition you’ll need to define alerts and set the alert conditions such that it’s only triggered after the threshold condition matched the 20 times.

    However, I’m not sure if the log file monitor will be able to cover your use case. You need to be more precise with your requirement.

    Are you looking to match 20 occurrences of exactly one specific number (like 22) or do you need an alert as soon as any number occurred more than 20 times.

    Additionally, in which timeframe do you need the 20 occurrences? Is the log file ever reset? What’s your expectation if you had 18 occurrences in a row and then one monitor run without a match?

    Are you able to control what’s written to the log file? Or are you able to process the log file using a script creating another log file which already has the counts and conditions processed. This log file could then be parsed by the log file monitor.

    Best Regards

              Bernhard

Children
  • Bernhard,

    Thanks for info.

    I need the "log file monitor" to match any number over 20. (disregard needing 20 occurances)

    I need it to send an "Error" event/alert if  > than 20 only once (not each time)

    And "Good" event/alert when <= to 20 only once.

    See Attachments of what is currently setup for this.

    Any additonal info appreciated.

    Thanks.

     

     

    LogFile-Monitor-Screenshots-of-config.zip
  • Hi,

    ok. Some comments on your configuration.

    With the current setup (“Run alerts” – “Once after all log entries have been checked”) the variable varOne will contain the last match on your log file. The thresholds will then evaluate varOne and sent and alert only based on this last match.

    Therefore if you have the following (new entries) in your log file:

    5

    21

    5

    You will not get an alert. If you need an alert for the 21, followed by a "good" alert for the 5, you need to change the "run alert" setting!

    Additionally, I think you should change the setting of “check from the beginning” to “never”. Otherwise you’d re-evaluate the entire log file during each execution.

    The “multi-line” option is not required for your use case as well. This is only applicable if your regular expression is supposed to return matches spanning multiple lines.

    Best Regards

         Bernhard