Hello,
I am using Zabbix 5.4, standalone server.
Can somebody help me on how can I capture next two lines of a matched keyword in a log file. I am still a beginner so it would be nice if you can share detailed steps.
Log files are being rotated on daily basis. Following are the content of log file:
[TIME]=2022/03/29 08:01:47
[TYPE]=E
[MSG]
Machine : WS-A01, Module: CTS RequestProcessing, generation Time :Tue Mar 29 08:57:47 XYZ 2022, Message :Long Processing Time: 2036 ms-MessageType: ABC EFG LOOKS LIKE A SYSTEM ERROR-GId: 2341-RequestId: WS-A01~REPORT~1234b14d72e912:2437ce83
[ACTION]
So I am considering '=E' as keyword. Where ever [TYPE]=E will be found in the logs, it should capture all the lines below [TYPE]=E from log contents.
Type: Zabbix agent (active)
Type of information: Log
Key: logrt[c:\temp\logs\.alr$,(=E\n)(?sx).*,,,,skip,,]
But this is not providing any value. I don't know where I am making mistake. Can someone help me please.
Thanks in advance.
Rak
I am using Zabbix 5.4, standalone server.
Can somebody help me on how can I capture next two lines of a matched keyword in a log file. I am still a beginner so it would be nice if you can share detailed steps.
Log files are being rotated on daily basis. Following are the content of log file:
[TIME]=2022/03/29 08:01:47
[TYPE]=E
[MSG]
Machine : WS-A01, Module: CTS RequestProcessing, generation Time :Tue Mar 29 08:57:47 XYZ 2022, Message :Long Processing Time: 2036 ms-MessageType: ABC EFG LOOKS LIKE A SYSTEM ERROR-GId: 2341-RequestId: WS-A01~REPORT~1234b14d72e912:2437ce83
[ACTION]
So I am considering '=E' as keyword. Where ever [TYPE]=E will be found in the logs, it should capture all the lines below [TYPE]=E from log contents.
Type: Zabbix agent (active)
Type of information: Log
Key: logrt[c:\temp\logs\.alr$,(=E\n)(?sx).*,,,,skip,,]
But this is not providing any value. I don't know where I am making mistake. Can someone help me please.
Thanks in advance.
Rak
Comment