Ad Widget

Collapse

EventLog - What's the regexp is used for?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • registration_is_lame
    Senior Member
    • Nov 2007
    • 148
    #1

    EventLog - What's the regexp is used for?

    I can't find a example for eventlog with regexp. name,<regexp> - what is the regexp trying to match? is the regexp used to match the Event ID general tab data?

    eventlog[name,<regexp>,<severity>,<source>,<eventid>,<maxli nes>,<mode>]

    name - name of event log
    regexp - regular expression describing the required pattern


    or is the regexp used here to something else?

    Event ID: 12345

    Example of a general tab data is

    "The Desktop Window Manager has exited with code (0xd00002fe)"

    And how should I use the regexp.

    Is it like

    eventlog[Application,(.*1234.*),,Information,,123]

    or

    eventlog[Application,regexp(.*1234.*),,Information,,123]
    Last edited by registration_is_lame; 01-10-2019, 09:28.
    Tags: None
    • gofree
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2017
      • 400
      #2
      Id use something like

      eventlog[Application,,Information,,12345,,skip]

      this will search for event ID 12345 from Application log with severity Information and only foe new occuring events ( skip ) - I think if you have the event ID, name of teh log, severity - even better if you know source you dont need to use regexp ( maybe for special occasions where the event ID is not unique)

      alternativelly

      eventlog[Application,.*12345.*,Information,,,,skip] - will search for log events with string 12345 - remaining option apply as above

      in general your second guess will now work

        Comment

        • registration_is_lame
          Senior Member
          • Nov 2007
          • 148
          #3
          Okay. I tested it and the regexp is really there to match the event viewer general tab (description) data. I want to figure if we can split the lines using preprocessing. The general tab has 2 lines of data. But I don't want the first line logged into zabbix. The eventlog[Application,.*12345.*,Information,,,,skip] matches the second line.

          name - name of event log
          regexp - regular expression describing the required pattern

            Comment

            Previous template Next
            Working...