DX Infrastructure Management

Tech Tip: UIM LUA script to split alarm message 

Jan 25, 2018 08:07 AM

Sharing a simple LUA script to modify the alarm message of an incoming alarm.

The use case is when the user needs to split the original message into a sub-string that only contains the text between 2 patterns.

 

if regexp (event.message, "*\"syslog_message\"\:\"*") then
new_message = string.match(event.message, "syslog_message\"\:\"(.-)\",\"tag")
event.message = "Syslog Alarm: "..new_message

return event
else
print ("The regular expression did NOT match")
return
end

 

This will transform an alarm like this:

Match found for Router_Power_Supply_Monitoring search string Power Supply var1: Failure Detected in message: {"syslog_pid":"1","raw_message":null,"origin":null,"syslog_program":"swat","syslog_severity":"notice","logtype":"syslog","file":null,"syslog_timestamp":"2018-01-25T11:12:03+0000","host":"falne02-lab70","origin_facility_code":"","origin_message_number":"","syslog_priority":5,"timestamp":"2018-01-25T11:12:03+0000","syslog_pri":"13","syslog_severity_code":5,"ip":null,"syslog_facility":"user","syslog_facility_code":1,"syslog_message":"Power Supply var1: Failure Detected","tags":null,"origin_timestamp":"2018-01-25T11:12:03+0000","syslog_hostname":"falne02-lab70","syslog_received_at":null,"received_timestamp":"2018-01-25T11:12:03+0000"}

 

into:

Syslog Alarm: Power Supply var1: Failure Detected

 

So we only extract the relevant "syslog_message" field.

 

Thanks Alquin for the samples provided.

 

Thanks,

Nestor

Statistics
0 Favorited
9 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.