Resolve an event with an overwriting log file
Hey guys.
I have this CSV log file that is generated by a script and it is overwritten on every run, meaning it is not incremented. Every time the scheduled script runs, new lines overwrite the data.
The content looks something like this.
I've created a simple log item that captures all the file data.
With this, a trigger can create an event for each line with a severity of "critical", the 8th column.
Now I need to resolve the event when the same line is added again with a severity of "normal", however many cycles later.
For example:
The following line appears in the log file with a "critical" severity in the 8th column, so it should trigger an event.
Ignoring the timestamp, if the same line (with the same data) appears after some cycles with a "normal" severity in the 8th column, the event should be resolved.
I'm having trouble resolving the event.
It is not a simple "find()" function as I have to consider the log history.
Any thoughts on this matter?
I have this CSV log file that is generated by a script and it is overwritten on every run, meaning it is not incremented. Every time the scheduled script runs, new lines overwrite the data.
The content looks something like this.
Code:
20240726 23:09:00;error1;database 1;other;object1;value 1;host1,host2;critical 20240726 23:13:00;error2;database 1;other;object2;value 2;host1,host2;normal 20240726 23:13:01;error2;database 4;backup;object1;value 2;host3;critical (...)
I've created a simple log item that captures all the file data.
Code:
log[/path/to/file.log,"(.*)",,,skip,\1]
Code:
find(/host/log[/path/to/file.log,"(.*)",,,skip,\1],1#,"regexp","critical")
Now I need to resolve the event when the same line is added again with a severity of "normal", however many cycles later.
For example:
The following line appears in the log file with a "critical" severity in the 8th column, so it should trigger an event.
Code:
20240726 23:09:00;error1;database 1;other;object1;value 1;host1,host2;critical
Code:
20240728 23:20:00;error1;database 1;other;object1;value 1;host1,host2;normal
I'm having trouble resolving the event.
It is not a simple "find()" function as I have to consider the log history.
Any thoughts on this matter?
Someone with actual experience of similar cases please chime in.
Comment