We have the following POSIX regex and I am trying to make it Nimsoft friendly to use with the logmon probe:
(\S+) (\S+)\s+ERROR\s+\[(.*?)\] \((.*?)\) - (.*)
Here is a sample of the log we are trying to pull from:
20100304 01:09:00 ERROR [Thread-44] (JDBCExceptionReporter) - Io exception: Connection reset
What flavor of regex does Nimsoft use? Also, does anyone see anything in this expression that may break some of Nimsofts sytax rules? I suppose it may be the use of capture groups that may be messing things up.