I have a single line file structure, we are matching on "error", I now have request that when alarm is created to send 2 lines before match. Is this possible with logmon probe.
I have never seen a feature like this in the logmon probe. You might be able to make something like this work with a very clever format rule, but I suspect that would be tricky if at all possible. Of coure, I have never been all that comfortable with how to use format rules properly.
A format rule would be the method to use. The question is; Does the file have a consistent entry two lines above the error line and a consisten entry one line below? A format rule isn't anything much more than a Watcher rule. You are telling the probe what the pattern/regex is to recognize that will be considered the start point of the line and the pattern to use to identify the endpoint of the line. This provides a logical line for the watcher rule to look at. The format rule patterns would have to becreated to match two lines ahead of the error and one line after the error. then you create variables and use the Source line numbers like this;
var1 = Source Line 1, character position 1 to end of line
var2= Source line 2, character position 1 to end of line
var3 = Source line3, character position 1 to end of line (note: this should be the line containing the word error)
These variables can then be used in the alarm message.
Retrieving data ...