AnsweredAssumed Answered

Need help with Regexp on logmon

Question asked by itadminintel on Sep 9, 2015
Latest reply on Mar 14, 2016 by Mike.Arnone

hello,

afraid If I am boring you but I am not expert at all with regexp.

I have a log file formatted in this way:

 

2015-09-09-13.25.29.934823+120 E311002400E915 LEVEL: Error

PID : 17204 TID : 140039667078912 PROC : db2acd 0

INSTANCE: db2inst1 NODE : 000 DB : ICMPLSDB

APPID : *LOCAL.db2inst1.150909112533

HOSTNAME: ulxxpcmls1

FUNCTION: DB2 UDB, Administrative Task Scheduler, AtsDbInfo::cleanupStaleEntries, probe:400

MESSAGE : ZRC=0xFFFFFDD9=-551

  SQL0551N The statement failed because the authorization ID does not

  have the required authorization or privilege to perform the

  operation. Authorization ID: "". Operation: "". Object: "".

 

within this multilines I have to match "LEVEL: Error" and return as message the lines from MESSAGE until the end.

So I think I should on format rules set a regexp for the start expression that can match the date or just 2015 and on the end rule set blankline.

After that I should set watcher rules to match LEVEL: Error. So first of all i would need this two regexp... and then how can send on the message this multiline message? is it supported?

thank you for support

Outcomes