Dear All, I'm trying to build a trigger in the last two days.., but without finding the correct way 
. What I'm trying to achieve is the following:
I have a log file with
"balblaba CAM1 bala"
"balblaba CAM1 bala"
"balblaba CAM1 bala"
"balblaba CAM2 bala"
"balblaba CAM1 bala"
"balblaba CAMn bala",
I want to trigger a problem once a day for each "n" , when "n" is fond 3 times in the log.
the key is: host:log[/var/log/syslog,"^(\d+-\d+-\d+T\d+:\d+:\d+).*CAM(\d+)",,,skip,\2,]
the trigger is using tag: CAM: {ITEM.VALUE} with formula host:key.count(1)>3 and recovery host:key.nodata(x)<>0
The recovery is working, but I see many problems not only one per n , could you please help me?
. What I'm trying to achieve is the following:I have a log file with
"balblaba CAM1 bala"
"balblaba CAM1 bala"
"balblaba CAM1 bala"
"balblaba CAM2 bala"
"balblaba CAM1 bala"
"balblaba CAMn bala",
I want to trigger a problem once a day for each "n" , when "n" is fond 3 times in the log.
the key is: host:log[/var/log/syslog,"^(\d+-\d+-\d+T\d+:\d+:\d+).*CAM(\d+)",,,skip,\2,]
the trigger is using tag: CAM: {ITEM.VALUE} with formula host:key.count(1)>3 and recovery host:key.nodata(x)<>0
The recovery is working, but I see many problems not only one per n , could you please help me?