afraid If I am boring you but I am not expert at all with regexp.
I have a log file formatted in this way:
2015-09-09-220.127.116.114823+120 E311002400E915 LEVEL: Error
PID : 17204 TID : 140039667078912 PROC : db2acd 0
INSTANCE: db2inst1 NODE : 000 DB : ICMPLSDB
APPID : *LOCAL.db2inst1.150909112533
FUNCTION: DB2 UDB, Administrative Task Scheduler, AtsDbInfo::cleanupStaleEntries, probe:400
MESSAGE : ZRC=0xFFFFFDD9=-551
SQL0551N The statement failed because the authorization ID does not
have the required authorization or privilege to perform the
operation. Authorization ID: "". Operation: "". Object: "".
within this multilines I have to match "LEVEL: Error" and return as message the lines from MESSAGE until the end.
So I think I should on format rules set a regexp for the start expression that can match the date or just 2015 and on the end rule set blankline.
After that I should set watcher rules to match LEVEL: Error. So first of all i would need this two regexp... and then how can send on the message this multiline message? is it supported?
thank you for support
I tried setting as format rules start expression: *2015* and end rule: blankline
then on watcher rules I set *Error* and create a variable selecting "text block" as message to send.
but it doesn't match anything
No one have an idea on how do that?
Ideas related to multiline regexp:
There is a Probe Document for Logmon Hints & Examples section which actually has some useful information on using Regular Expressions with this Probe.
logmon Hints and Examples - CA Unified Infrastructure Management Probes - CA Technologies Documentation