Hi,
I'm pretty new to this but if anyone could help, I'd really appreciate it
I have the following expression:
{server1:log[c:\logfile.log,"<tr:IssueID ref=","UTF-8",100].str("<tr:IssueID")}=1 and {server1:log[c:\logfile.log,"<tr:IssueID ref=","UTF-8",100].nodata(30)}=0
The problem is I'm getting hundreds of emails, as the log file contains many instances of:
<tr:IssueID ref="9832903"/>
But during the day we may only have three unique errors in the logfile:
<tr:IssueID ref="9832903"/>
<tr:IssueID ref="5464354"/>
<tr:IssueID ref="2433343"/>
My question, is would it be possible to get only three email alerts for the three unique errors, and not an email alert for each instance of the error?
I hope my question makes sense, and thank you in advance for any help with this.
Thanks,
Darren
I'm pretty new to this but if anyone could help, I'd really appreciate it
I have the following expression:
{server1:log[c:\logfile.log,"<tr:IssueID ref=","UTF-8",100].str("<tr:IssueID")}=1 and {server1:log[c:\logfile.log,"<tr:IssueID ref=","UTF-8",100].nodata(30)}=0
The problem is I'm getting hundreds of emails, as the log file contains many instances of:
<tr:IssueID ref="9832903"/>
But during the day we may only have three unique errors in the logfile:
<tr:IssueID ref="9832903"/>
<tr:IssueID ref="5464354"/>
<tr:IssueID ref="2433343"/>
My question, is would it be possible to get only three email alerts for the three unique errors, and not an email alert for each instance of the error?
I hope my question makes sense, and thank you in advance for any help with this.
Thanks,
Darren
Comment