Ad Widget

Collapse

Count last item

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Count last item

    Hello,

    Can you please advise/hint how to count the last item from a log. Just want to check if the last log happened earlier. I can't check it using text pattern, as the logs are totally different (contains IP and name of a person, and I would like to check if the same combination of IP and name was earlier in the logs)

    Kind of {Server:logrt["...\access[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9].log",@WebmailRadu,,,skip,\1_\2].count(300,{Server:logrt["....\access[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9].log",@WebmailRadu,,,skip,\1_\2].last()})}<5
    But this doesn't work

    Thank you in advance
    Last edited by radu990; 02-04-2018, 10:54.

    #2
    Interesting problem :-) You might be able to do it with an API call, but that would probably have to be scheduled outside of the agent or server (cron). It might be possible to "discover" (LLD) a log event ([email protected]) then use the next and following event with the same discovered name to trigger the problem. The LLD forget time would control how far you look back in time. I'm thinking that is not the intended use of LLD :-)

    In the future where history can be sent to elasticsearch, it might be possible to have an event trigger an elasticsearch query to look for prior events.

    Comment


      #3
      Originally posted by LenR View Post
      Interesting problem :-) You might be able to do it with an API call, but that would probably have to be scheduled outside of the agent or server (cron). It might be possible to "discover" (LLD) a log event ([email protected]) then use the next and following event with the same discovered name to trigger the problem. The LLD forget time would control how far you look back in time. I'm thinking that is not the intended use of LLD :-)

      In the future where history can be sent to elasticsearch, it might be possible to have an event trigger an elasticsearch query to look for prior events.
      Thanks for the idea, but the solution looks too complex
      I'll simply give it away Thought there is a simpler way to count the last item.
      Thanks once again

      Comment

      Announcement

      Collapse
      No announcement yet.
      Working...
      X