Hello,
I'm struggling with Windows log file monitoring. I need to extract errors with specific string ( about 15 different strings - log example in attachment ). I'm wondering how to make it, because right know I use many item keys and it is inconvienent, but it works so I don't have to change it ( although if you have any recommendation how to deal with it I'd be happy
). Getting back to the topic, below I have log where occurs "error" pattern and "/maapp/v1/subscription-newsletter" pattern.
How can I create item to see in latest data in Zabbix Frontend only string POST /maapp/v1/subscription-newsletter with "error" pattern? Without the first entry with "info" instead of "error"? Regular expression? I'm looking for some kind of template, because I have another entry type:
Thank you and i'm looking forward for answer
I'm struggling with Windows log file monitoring. I need to extract errors with specific string ( about 15 different strings - log example in attachment ). I'm wondering how to make it, because right know I use many item keys and it is inconvienent, but it works so I don't have to change it ( although if you have any recommendation how to deal with it I'd be happy
). Getting back to the topic, below I have log where occurs "error" pattern and "/maapp/v1/subscription-newsletter" pattern.Code:
2021-10-20T01:41:05.494507;info;req_1158ee9bd940;Endpoint entered;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T01:45:45.892297;error;req_2eedb96e47ac;Endpoint exited with status code 200 ;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T01:43:44.079489;error;req_316851d38914;Endpoint exited with status code 200 ;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT
Code:
2021-10-20T02:28:57.424929;info;req_064f01cf0a60;Endpoint entered;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T02:29:02.442034;error;req_064f01cf0a60;Endpoint exited with status code 200 ;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T02:33:50.696151;info;req_39300bd314d7;Endpoint exited with status code 201 Created;POST /maapp/v1/confirmation-email/;API_MANAGEMENT 2021-10-20T02:31:45.173299;error;req_609739157f94;Endpoint exited with status code 200 ;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T02:33:51.282532;info;req_39300bd314d7;Sending event to ACS;confirmation-email;APP 2021-10-20T02:33:51.124712;info;req_39300bd314d7;Endpoint entered;confirmation-email;APP 2021-10-20T02:31:40.158041;info;req_609739157f94;Endpoint entered;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T02:33:50.073617;info;req_39300bd314d7;Endpoint entered;POST /maapp/v1/confirmation-email/;API_MANAGEMENT 2021-10-20T02:36:40.210872;info;req_d0fe7d7f460f;Endpoint exited with status code 201 Created;POST /maapp/v1/confirmation-email/;API_MANAGEMENT 2021-10-20T02:34:59.953919;error;req_bcde89113367;Endpoint exited with status code 200 ;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T02:36:40.444861;info;req_d0fe7d7f460f;Sending event to ACS;confirmation-email;APP 2021-10-20T02:36:40.288237;info;req_d0fe7d7f460f;Endpoint entered;confirmation-email;APP 2021-10-20T02:36:39.976444;info;req_d0fe7d7f460f;Endpoint entered;POST /maapp/v1/confirmation-email/;API_MANAGEMENT 2021-10-20T02:36:17.904232;error;req_23ce7b2dd6a7;Endpoint exited with status code 200 ;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T02:36:12.915724;info;req_23ce7b2dd6a7;Endpoint entered;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T02:34:54.947017;info;req_bcde89113367;Endpoint entered;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T02:39:28.450099;info;req_4c99b3b65c95;Endpoint entered;confirmation-email;APP 2021-10-20T02:39:28.629786;info;req_4c99b3b65c95;Sending event to ACS;confirmation-email;APP 2021-10-20T02:39:45.731398;error;req_9fa1707e8d8b;Endpoint exited with status code 200 ;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T02:39:40.758456;info;req_9fa1707e8d8b;Endpoint entered;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T02:39:27.999653;info;req_4c99b3b65c95;Endpoint entered;POST /maapp/v1/confirmation-email/;API_MANAGEMENT 2021-10-20T02:39:28.405929;info;req_4c99b3b65c95;Endpoint exited with status code 201 Created;POST /maapp/v1/confirmation-email/;API_MANAGEMENT 2021-10-20T02:42:16.221482;info;req_e22b34ca5e2e;Endpoint exited with status code 201 Created;POST /maapp/v1/confirmation-email/;API_MANAGEMENT 2021-10-20T02:42:04.020529;info;req_35a024e73725;Sending event to ACS;confirmation-email;APP 2021-10-20T02:42:16.281473;info;req_e22b34ca5e2e;Endpoint entered;confirmation-email;APP 2021-10-20T02:41:48.590722;error;req_7c7151a7c650;Endpoint exited with status code 200 ;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T02:42:03.815464;info;req_35a024e73725;Endpoint entered;confirmation-email;APP 2021-10-20T02:42:16.471830;info;req_e22b34ca5e2e;Sending event to ACS;confirmation-email;APP 2021-10-20T02:41:43.573681;info;req_7c7151a7c650;Endpoint entered;POST /maapp/v1/subscription-newsletter;API_MANAGEMENT 2021-10-20T02:42:03.591552;info;req_35a024e73725;Endpoint entered;POST /maapp/v1/confirmation-email/;API_MANAGEMENT 2021-10-20T02:42:16.049655;info;req_e22b34ca5e2e;Endpoint entered;POST /maapp/v1/confirmation-email/;API_MANAGEMENT 2021-10-20T02:42:03.779130;info;req_35a024e73725;Endpoint exited with status code 201 Created;POST /maapp/v1/confirmation-email/;API_MANAGEMENT 2021-10-20T02:46:32.959091;info;req_29fea225e9a5;Sending event to ACS;confirmation-email;APP 2021-10-20T02:46:32.762106;info;req_29fea225e9a5;Endpoint exited with status code 201 Created;POST /maapp/v1/confirmation-email/;API_MANAGEMENT 2021-10-20T02:46:32.823324;info;req_29fea225e9a5;Endpoint entered;confirmation-email;APP 2021-10-20T02:46:32.353198;info;req_29fea225e9a5;Endpoint entered;POST /maapp/v1/confirmation-email/;API_MANAGEMENT 2021-10-20T02:46:55.944993;info;req_b47c5767f1ea;Endpoint entered;confirmation-email;APP
Thank you and i'm looking forward for answer