×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC PATROL for Log Management 2.7 Configuring after installation

Defining multiple search criteria for a text instance

The /PMG/CONFIG/ instanceName /actPatterns pconfig branch enables you to define multiple search criteria for a text instance. Each search criterion has a unique identifier (key) and collection of fields (value).

The key-value pair represents a search criterion. Each field in a search criterion is separated by the <Ctrl+B> character, as follows:

Not<Ctrl+B> string1 <Ctrl+B>Not<Ctrl+B> string2 <Ctrl+B> threshold#1 <Ctrl+B> state1 <Ctrl+B> threshold#2 <Ctrl+B> state2 <Ctrl+B> overrideDefSetting <Ctrl+B> customEventOrigin <Ctrl+B> customEventMsg <Ctrl+B> numRegEx <Ctrl+B> IgnoreDuplicateEventsForMinutes <Ctrl+B> pollingIntrvl

In the preceding format, numRegEx refers to a collection of fields that are separated by commas. The fields include:

  • firstNum
  • Op1
  • BeginToken
  • EndToken
  • Op2
  • SecondNum

For example, you configure search criterion for a text instance through the GUI having the following settings:

  • String1 ( string1): ERROR\\|INFO
    |SEVERE
  • String2 ( string2): Server.*, Not is selected for String2
  • Threshold#1 (threshold#1): 2 and the corresponding state is WARN
  • Threshold#2 (threshold#2): 6 and the corresponding state is ALARM
  • Custom Event Message (customEventMsg): This is a custom event %1-.
  • Custom Event Origin ( customEventOrigin): %APPCLASS%. %INSTANCE%.%SEARCHID%
  • First Number (firstNum): 15
  • Op1 (Op1): >=
  • Begin token (BeginToken ): 1
  • End token ( EndToken): 3
  • Op2 (Op2): >
  • Second Number ( SecondNum): 10
  • Ignore Duplicate Events For ... Minutes ( IgnoreDuplicateEventsForMinutes): 5
  • Polling Interval (Generate ALARM when pattern not found within ... polling intervals) ( pollingIntrvl): 2

You can configure the preceding search criterion for the text instance by using the following pconfig variable format:

0<Ctrl+B>ERROR\\|INFO
|SEVERE<Ctrl+B>1<Ctrl+B>Server.<Ctrl+B>2<Ctrl+B>3<Ctrl+B>6<Ctrl+B>4<Ctrl+B>1<Ctrl+B>%APPCLASS%.%INSTANCE%.%SEARCHID%<Ctrl+B> This is a custom event %1-<Ctrl+B>15,4,1,3,1,10<Ctrl+B>5<Ctrl+B>2

Using the preceding pconfig variable format, the lines that contain the regular expression, ERROR\\|INFO
|SEVERE, and that do not contain the regular expression, Server., are matched only if the lines contain a number that is greater than 10 and less than 15 between first and third columns (including both first and third).

If the number of matches found is between 2 and 5, WARNING events are generated. If the number of matches is 6 or more, ALARM events are generated. Generated custom events contain the custom event message.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Shweta Patil on Jul 13, 2016

Comments

Log in or register to comment.

Understanding the Log Monitoring monitoring profile
PATROL Agent configuration variables
© Copyright 2011 - 2017, 2019, 2020 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.