• Spaces
  • Collections
  • Help
    • ×
     
     
    •  
    BMC TrueSight IT Data Analytics 1.1

    Page tree

    The following table lists the default data patterns available with the BMC TrueSight IT Data Analytics product.

    You can use these data patterns while creating data collectors. You can even clone these data patterns and customize them depending on your needs. For more information, see Managing data patterns.

    Related topics
    Managing data patterns

    Default data patterns

    NameDate FormatPrimary pattern
    Application
    Hadoop
    yyyy-MM-ddHH:mm:ss,SSS
    %{HadoopTimestamp:timestamp}\s+
    %{HadoopLevel:debuglevel}\s+
    %{Data:component}:\s+
    %{MultilineEntry:details}
    Log4j
    EEE MMM dd HH:mm:ss Z yyyy
    %{Log4JTimestamp:timestamp}\s+:?\s+
    %{MultilineEntry:details}
    Application Server
    Apache Tomcat
    MMM dd, yyyy hh:mm:ss a
    %{ApacheTomcatTimestamp:timestamp}\s+
    %{Data:classname}\s+
    %{Data:actiontype}(?:|\s+
    %{Data:msgtype}:(?:%{Data:message1}
    \[%{Uri:location}\]\.\s+%{Data:message2}
    |\s%{MultilineEntry:details}))
    IBM WebSphere - Activity
    yyyy-MM-dd HH:mm:ss
    [-]+\s*ComponentId:\s*
    %{Data:componentid}\
    s*ProcessId:\s*%{Data:processid}
    \s*ThreadId:\s*%{Data:threadid}
    \s*ThreadName:\s*%{Data:threadname}\
    s*Alarm\s*:\s*%{Data:alarm}\s*SourceId:\
    s*%{Data:sourceid}\s*ClassName:
    %{Data:classname}\s*MethodName:
    %{Data:methodname}\s*Manufacturer:\
    s*%{Data:manufacturer}\s*Product:\s*
    %{Data:product}\s*Version:\s*%{Data:version}
    \s*ServerName:\s*%{Data:servername}\
    s*TimeStamp:\s*
    %{WsActivityTimestamp:timestamp}\
    s*UnitOfWork:%{Data:unitofwork}\s*Severity:\
    s*%{Data:severity}\s*Category:\s*
    %{Data:category}\s*PrimaryMessage:\s*
    %{Data:primarymessage}
    \s*ExtendedMessage:\s*
    %{Data:extendedmessage}\
    s*[-]+(?:|%{MultilineEntry:details})
    IBM WebSphere - SystemError
    MM/dd/yy HH:mm:ss:SSS Z
    \[%{IbmWebsphereTimestamp:timestamp}\]
    \s%{Data:groupid}\sSystemErr\s+
    %{Data:level}\s+
    (?:at\s+%{GreedyData:class}\.
    %{Data:function}\
    ((?:.*:%{Data:linenum}|.*)\)|
    %{MultilineEntry:details})
    IBM WebSphere - SystemOut
    MM/dd/yy HH:mm:ss:SSS Z
    \[%{IbmWebsphereTimestamp:timestamp}\]\s
    %{Data:groupid}\s%{Data:component}\s+
    %{Data:level}\s+%{MultilineEntry:details}
    Microsoft SharePoint
    dd/MM/yyyy HH:mm:ss.SS
    %{SharepointTimestamp:timestamp}\s*\t
    %{Data:processingfileinfo}\s*\t
    %{Data:tid}\s*\t
    %{Data:sharepoint}\s*\t
    %{Data:category}\s*\t
    %{Data:eventid}\s*\t
    %{Data:tracelevel}\s*\t(?:|
    %{MultilineEntry:details})
    Oracle WebLogic
    MMM dd, yyyy hh:mm:ss a z
    [#]+<%{WeblogicTimestamp:timestamp}>
    \s<%{Data:level}>
    \s<%{Data:server}>\s<%{Data:data1}>
    \s<%{Data:user}>
    \s<%{Data:thread}>\s<%{Data:kernel}>
    \s<%{Data:data2}>\s<%{Data:data3}>
    \s<HostName:\s%{Ip:hostname},
    \smaps\sto\smultiple\sIP\saddresses:
    %{Data:ipaddresses}>
    (?:|%{MultilineEntry:details})
    Xen App Server
    yyyy-MM-dd HH:mm:ss
    %{SqlAgentTimestamp:timestamp},
    %{PosInt:utc}\s+
    %{MsgType:messagetype}\s+
    %{MultilineEntry:details}
    Database
    IBM DB2 - Diagnostics
    yyyy-MM-dd-HH.mm.ss.SSS
    %{Db2Timestamp:timestamp}[0-9]{3}
    (?:|\+%{PosInt:utcdiffminutes}|
    %{UtcMinus:utcdiffminutes})\s+
    %{Data:recordid}\s+
    %{MultilineEntry:details}
    Microsoft SQLServer
    yyyy-MM-dd HH:mm:ss.SS
    %{SqlTimestamp:timestamp}\s+
    %{Data:component}\s+
    %{MultilineEntry:details}
    Microsoft SQLServer - Agent
    yyyy-MM-dd HH:mm:ss
    %{SqlAgentTimestamp:timestamp}\s+-?\s+
    %{Data:loglevel}\s+
    \[%{Data:resourceid}\]\s+
    %{MultilineEntry:details}
    MySQL - Error
    yyMMdd HH:mm:ss
    %{MysqlErrorTimestamp:timestamp}\s+
    %{Data:message}\s*Version:
    %{Data:version}\s+socket:\s*
    %{Data:socket}\s+port:\s*
    %{Port:portnumber}\s
    %{MultilineEntry:details}
    Oracle Database - Alert
    EEE MMM dd HH:mm:ss yyyy
    %{OracleDbAlertTimestamp:timestamp}\s*
    %{MultilineEntry:details}
    Oracle Database - XML
    yyyy-MM-dd'T'HH:mm:ss.SSS
    <msg\stime\='
    %{OracleDbXmlTimestamp:timestamp}
    [\-\+]%{ExtraDigits:_ignore}:
    %{ExtraDigits:_ignore}'\s*
    %{MultilineEntry:details}
    Internal
    ITDA
    MMM dd, yyyy hh:mm:ss a
    %{ITDATimestamp:timestamp}\s+
    %{Data: class }\s+
    %{Data:function}\(\):
    %{Int:linenum}\s+\n*
    (?:%{ITDADebugLevel:level}:\s*
    %{MultilineEntry:details})?
    ITDA Metrics
    yyyy-MM-dd HH:mm:ss.SSS
    \[%{ITDAMetricsTimestamp:timestamp}\]
    \s\[%{Engine:engine}\]\s\
    [%{Data:collectorid}\]\
    s\[%{MultilineEntry:details}\]
    Networking
    Cisco Syslog
    MMM dd yyyy HH:mm:ss
    %{CiscoTimestamp:timestamp}:\s\%
    %{TGenerator:generator}-%{PosInt:level}-
    %{PosInt:messagenumber}:\s*
    (?:|%{MultilineEntry:details})
    F5 Load Balancer
    MMM dd HH:mm:ss
    %{F5LBDTimestamp:timestamp}\s+
    %{Data:hostname}\s+
    %{Data:eventtype}\s+
    %{Data:userdata1}\s+
    %{Data:userdata2}\s+
    %{MultilineEntry:details}
    Web Servers
    Access Log - Combined
    dd/MMM/yyyy:HH:mm:ss z
    %{Data:info}\s%{IpOrHost:ip}\s
    %{Data:rfc931}\s
    %{Data:username}\s\
    [%{AccessCombinedTimestamp:timestamp}\]
    \s%{Data:request}\s%{PosInt:statuscode}\
    s%{PosInt:bytes}\s%{Data:referrer}\s%
    {AnyStringInQuotes:useragent}\s%{Data:cookie}
    (?:|%{MultilineEntry:details})
    Access Log - Common
    dd/MMM/yyyy:HH:mm:ss z
    %{IpOrHost:ipaddress}\s+%{Data:rfc931}\s+
    %{Data:username}\s+\
    [%{AccessCommonTimestamp:timestamp}\]
    \s+ "%{RequestType:type}\s+
    %{GreedyData:imageurl}\s+
    %{Data:protocol}" \s+
    %{PosInt:statuscode}\s+
    %{PosInt:size}
    (?:|\s*%{MultilineEntry:details})
    Apache Access
    dd/MMM/yy:HH:mm:ss
    %{IpOrHost:clientip} %{User:ident} 
    %{User:auth} \
    [%{HttpTimestamp:timestamp}\] 
     "%{Word:verb} 
    %{UriPathParam:request} HTTP/
    %{Number:httpversion}" %{Number:response} 
    (?:%{Number:bytes}|-) (?: "%{Uri:referrer}" 
    |%{QuotedString:referrer}| "-" ) 
    %{QuotedString:agent}
    (?: (?:%{Number:num1}|-) 
    (?:%{Number:num2}|-))?
    Apache Http Server - Error
    yyyy-MM-dd HH:mm:ss
    %{HttpdErrTimestamp:timestamp}\s+
    %{Ip:cip}\s+%{Port:cport}\s+
    %{Ip:sip}\s+%{Port:sport}\s+
    %{HttpdErrCsVersion:csversion}\s+
    %{HttpdErrCsMethod:csmethod}\s+
    %{HttpdErrCsUri:csuri}\s+
    (?:%{PosInt:csstatus}|-)\s+
    (?:%{PosInt:ssiteid}|-)\s+
    %{HttpdErrsReason:sreason}\s+
    %{HttpdErrsSequence:ssequence}
    Microsoft IIS
    HH:mm:ss
    %{MicrosoftIISTimestamp:timestamp}\s+
    %{Ip:cip}\s+%{Data:csmethod}\s+
    %{Data:csuristem}\s+
    %{MultilineEntry:csstatus}
    Microsoft IIS - Extended
    yyyy-MM-dd HH:mm:ss
    %{WsActivityTimestamp:timestamp}\s+
    %{Data:sitename}\s+%{Ip:sip}\s+
    %{Data:csmethod}\s+%{Data:csuristem}\s+
    %{Data:csuriquery}\s+%{Port:sport}\s+
    %{Data:csusername}\s+%{Ip:cip}\s+
    %{Data:csuseragent}\s+%{Data:scstatus}\s+
    %{PosInt:scsubstatus}\s+
    %{MultilineEntry:scwin32status}
    Others

    Free Text

    None

    Note: The date-time stamp need not be a part of the event data as the product adds a timestamp to the events at the time of indexing. For more information, see the section on "How do I know which data pattern is appropriate for my data file" at Managing data patterns.

    None

    Note: All events that are processed using this data pattern are assumed to be a single line of  data with a line terminator at the end of the event.

    © Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.