I have the following logfile structure:
In order not to bother with \( and \) in the following I use X instead just for readability.
It's easy to define the multiline format with Start-Expression /Begin/ and End-Expression /End/
But I coulnt it figure out, how to capture the content within the ( ), which should be variable1 and variable2.
Something like /abcX(.*)Xdef\nghiX(.*)X/ doesnt work. Also no success with the / /s modifier.
The problem is that sometimes there may be three lines between Begin and End and the second capture might be on
the third line.
Everything works fine as long as I search only for one capture, e.g Y(.*)Y . This matches regardless of the linenumber..
But I couldnt it get working matching two captures (resulting in two variables) on different lines.
Any ideas or (much appreciated) examples ?
Not sure how this Regex will look once I post it but I believe the follwing will work for you:
The screen will also so this regex at the box. I think this is what you are looking for.
Many thanks for your endeavour.
Unfortunately this doesnt work either.
It works within a pure perl environment but not within logmon.
I did a lot of tries without success with logmon, e.g. / /s , even something like [\D\d]* instead of .* , all of which worked perfectly in pure perl.
The problem might be, that within the logmon probe we do not have one variable (including corresponding \n) but for each line a different single variable. Perhaps someone of Nimbus can jump in and give some comment.
Thank you once more
p.s. also thank you for the very useful url in your attachement.
has anyone a solution for multi-line-refex in logmon?
I need to scan oracle-xml logs with logmon.
As there are multi-line entries I do not ge ahook on it.
<msg time='2014-03-11T05:26:28.049+01:00' org_id='oracle' comp_id='rdbms' client_id='' type='UNKNOWN' level='16' host_id='rzdbp002' host_addr='10.100.50.95' module='MMON_SLAVE' pid='14105'> <txt>Errors in file /u01/diag/diag/rdbms/nisp/NISP/trace/NISP_m000_14105.trc:ORA-19815: WARNING: db_recovery_file_dest_size of 4294967296 bytes is 93.38% used, and has 284164096 remaining bytes available. </txt></msg>
If I get a match on ORA-19815 I need to get the full text in the <txt>-tag.
Has anyone any idea?
I have a logfile with similiar textblocks and tried to capture the textblocks with a regex that is cabable of capturing multiline entries. I didn't get the multiline regex to work either and raised a support ticket.
I received confirmation from backline support that logom doesn't support multiline regular expressions. I was told to raise feature request if I want logmon to support multiline regex which I did.
Please promote that idea/feature request if you need this feature in logmon as well.
Ideas related to multiline regexp: