LM Logs multiple capture group parsing
Ok, this is cool. I have some log data that has structured data in it (some text, then a python list of strings). I had started building out a parse statement for each member of the list, then thought I’d try just making multiple capture groups and naming multiple variables after the as fanboy. Turns out it completely works. It parses each capture group into the corresponding column with a single parse statement. I was halfway through writing out a feature request when I figured I’d give it a try only to discover that it completely works. Nice job LM Logs guys.107Views14likes2CommentsConfigSource checks by Value regex quirks?
I made a ConfigSource which applies just to our LogicMonitor Account resource object, and it tracks changes to folders, in case anyone moves things they shouldnt. It runs once an hour. I’ve got it working (with some false error in it too to test the config check) but my Arbitrary Text checks by Value which use Regex just aren’t working, but they work on regex101 and I can see the capture groups work fine. But no matter what, I could never get an error to trigger when my output started with anything other than “OK” so I was forced to just switch to a groovy script check for the presence of “ERROR CHANGE:”. But again, I’m certain my regex is correct, and I verified it on Regex 101. So I’m just wondering if there are any known “quirks” about LogicMonitor’s regex or input stream from the config source that would be “Tricky” in any sense. For example, I already consider it weird that in AppliesTo checks with =~, which supposedly use Regex, are somehow case insensitive by default in LM, but arent in regex generally. Because I cannot for the life of me get the Value option with a capture group being not equal to OK to work in any sense. But my regex groups things fine in regex101. So I almost wonder if maybe ^ and $ dont apply, maybe the whole output is considered one line or something strange under the hood. I’m grasping at straws. ^([^:]+?):.*?$ ^([^:]+):.*$ All my output lines from my ConfigSource either start with OK: or they start with ERROR: …. and I’m throwing an error when the capture group has a value that is not equal to OK. So logically, if my regex value matches at all, it should throw an error now for sure, since I have lines with both in my output (I wont bore anyone with sample output). Anyway, I got my alerts working by using the groovy script check for a hard coded value, just wondering generally if there are any known quirks with Value checks. I know its possible somehow that I’ve just done something dumb too. But more broadly I’m wondering if there are any other known weird things? Thanks!51Views3likes1CommentIs it possible to use Regex in a Group or AppliesTo filter?
Hi, I need to filter a specific number of machines into a group or datasource. The filter is any machine that has the letter ‘c’ as the second-to-last character before the first period in a name. E.g. abc1.company.com. I have some Regex that will do this ( [^.]*c[^.]\.[^.]*\.[^.] ), but when I try to use it in an AppliesTo it just fails. According to this page: https://www.logicmonitor.com/support/terminology-syntax/scripting-support/what-is-lms I should be able to use =~ or !~ but they both give errors like this: I tried putting it in quotes, parenthesis, quotes and parenthesis, and I couldn’t get it to work. I opened a ticket and they are going to look into it, but I thought I’d post here in case anyone knew if this is possible or not and how to make it work. Thanks!Solved193Views11likes3Commentshow to construct Regex datapoint statements
I am not finding much documentation on how to construct regex statements for a datapoint other than this: https://www.logicmonitor.com/support/logicmodules/datasources/datapoints/normal-datapoints My goal is to convert a string from an SNMP walk. I currently can return the OID and receive the raw value. My attempts so far have resulted in NaN: datapointName:\[^\\d]", "” datapointName:\"-.*", "" OID is .1.3.6.1.4.1.9.9.156.1.1.2.1.4.1 Raw value is 12.5.1.16900-48 Thanks for any assistance.Solved338Views8likes6CommentsWebsites > Response > This String: does it support RegEx?
So question when setting up Website profiles, we need to alert if a status page contains either "Degraded' or "Down" or a multiple different status states.. Does the Response section allow for regEx statements? In our other tool we could specify /.*(DOWN|DEGRADED).*/ but so far no regex pattern that works elsewhere works in this profile section. Does it support regEx in this response section?Solved32Views0likes2CommentsWhat is regex and how to use it in LogicMonitor
Our Tech Support team occasionally received some customer's questions related toRegEx usage within LM environment, Regex can be complicated if you do not know how to use it, however, it can be a very useful tool for you here in LM. I am going to cover 4 topics in this article, they are: 1) Basic general examples on Regex 2) Regex text match for HTTP Datasource 3) Using Regex for dynamic groups 4)Using Regex to filter out results from Datasources 1) Basic general examples on Regex How to use ^' and ‘$’ Below teaches you how to use the symbols ^ and $. These symbols are to indicate start or end of the string. “^Hello" matches any string that starts with "Hello". “Percentage used$” matches a string that ends in with “Percentage used". “^def$" a string that starts and ends with "def" - effectively an exact match comparison. “Percentage Used" a string that has the text “Percentage Used" in it. You can see that if you don't use either of these two characters, you're saying that the pattern may occur anywhere inside the string -- you're not "hooking" it to any of the edges. How to use '*', '+', and ‘?' In addition, the symbols '*', '+', and '?', denote the number of times a character or a sequence of characters may occur. What they mean is: "zero or more", "one or more", and "zero or one." Here are some examples: “ab*" matches a string that has an a followed by zero or more b's ("ac", "abc", "abbc", etc.) “ab+" same, but there's at least one b ("abc", "abbc", etc., but not "ac") “ab?" there might be a single b or not ("ac", "abc" but not "abbc"). “a?b+$" a possible 'a' followed by one or more 'b's at the end of the string: Matches any string ending with "ab", "abb", "abbb" etc. or "b", "bb" etc. but not "aab", "aabb" etc. How to use Braces { } You can also use bounds, which appear inside braces and indicate ranges in the number of occurrences: “ab{2}" matches a string that has an a followed by exactly two b's ("abb") “ab{2,}" there are at least two b's ("abb", "abbbb", etc.) “ab{3,5}" from three to five b's ("abbb", "abbbb", or “abbbbb") --- Note that you must always specify the first number of a range (i.e., "{0,2}", not "{,2}"). Also, as you might have noticed, the symbols '*', '+', and '?' have the same effect as using the bounds "{0,}", "{1,}", and "{0,1}", respectively. Now, to quantify a sequence of characters put them inside parentheses: “a(bc)*" matches a string that has an a followed by zero or more copies of the sequence "bc" “a(bc){1,5}" one through five copies of "bc." How to use '|' OR operator There's also the '|' symbol, which works as an OR operator: “hi|hello" matches a string that has either "hi" or "hello" in it “(b|cd)ef" a string that has either "bef" or "cdef" “(a|b)*c" a string that has a sequence of alternating a's and b's ending in a c How to use Period (‘.') A period ('.') stands for any single character: “a.[0-9]" matches a string that has an a followed by one character and a digit “^.{3}$" a string with exactly 3 characters How to use Bracket Expressions "[ ]" Bracket expressions specify which characters are allowed in a single position of a string: “[ab]" matches a string that has either "a" or "b" (that's the same as "a|b") “[a-d]" a string that has lowercase letters 'a' through 'd' (that's equal to "a|b|c|d" and even "[abcd]") “^[a-zA-Z]" a string that starts with a letter “[0-9]%" a string that has a single digit before a percent sign ",[a-zA-Z0- 9]$”a string that ends in a comma followed by an alphanumeric character You can also list which characters you DON'T want -- just use a '^' as the first symbol in a bracket expression (i.e., "%[^a- zA-Z]%" matches a string with a character that is not a letter between two percent signs). In order to be taken literally, you must escape the characters "^.[$()|*+?{\" with a backslash ('\'), as they have special meaning. On top of that, you must escape the backslash character itself in PHP3 strings, so, for instance, the regular expression "(\$|A)[0-9]+" would have the function call: ereg("(\\$|A)[0-9]+", $str) (what string does that validate?) Just don't forget that bracket expressions are an exception to that rule--inside them, all special characters, including the backslash ('\'), lose their special powers (i.e., "[*\+?{}.]" matches exactly any of the characters inside the brackets). And, as the regex manual pages tell us: "To include a literal ']' in the list, make it the first character (following a possible '^'). To include a literal '-', make it the first or last character, or the second endpoint of a range." --------------------------------------------------------- 2) Regex text match for HTTP Datasource Below is an example of a regex text match case I attended before. In this case, thedatasource will look for the specific text in that webpage and will return a 1 of the text exist or return a 0 if there are no text. --------------------------------------------------------- 3) Using Regex for dynamic groups You can create a group that filters out a specific range of IP address based on the Regex given: /monthly_2017_04/Pic3.png.5cfeea779bc77c9b10050a0d15d9d810.png" rel=""> Based on this expression it filters out 7 devices. Using a regex calculator to test this expression. However do note in Lm it must be formatted as join(system.ips,",") =~ “10\\.15\\.20[01]\\." \\ we do not accept just a single \ --------------------------------------------------------- 4)Using Regex to filter out results from datasources You can use regexMatch to filter out different types of windows services so that you do not need to display all the unwanted services that are not required. ---------------------------------------------------------285Views2likes0CommentsThe Globfather - Making Expressions We Can’t Refuse
A very useful featureof LogicMonitor is the support for glob expressions in fields throughout yourportal. If you’ve spent a good amount of time customizing your alert rules or dashboard widgets, chances are you’re already familiar with the usefulness of character matching. If you aren’t accustomed to using glob or are curious as to what benefits it it can provide, please read on. What is glob? Simply put, glob is the name for a process of pattern matching. Its name is derived from the fact that it’s checking against a global list of object names. If you have a look at your device tree, you’ll see that much like any filesystem you’ve used in the past, every object in your portal belongs to a path. Glob expressions are just a way of matching to the paths and namesof those objects.Any field that supports glob expressions is denoted by an asterisk in the lower right of the field. These are commonly found in Alert Rules, Dashboard widgets, and Reports. We'll Do It Live When you’re first becoming accustomed to glob matching, there may be some doubt as to whether or not your expression is valid and/or working. Luckily, glob-supported fields will display the results of your query in real time, so you can quickly check the results of your input. In the following example, I’m adding a partial group name using a wildcard, then piping in other groups and seeing that the queries are valid since the results populate correctly. Example - Wildcard matching for Corp and Corporations groups Let’s say I want to monitor all the MongoDB datasources for all Corporation groups in my portal. Before creating my alert rule, I can go through and find each group manually, then add them individually on the rule. But this requires an extra step, and I need to be absolutely sure I find them all on my own. After that, I can just add the necessary groups individually on the rule, then add the MongoDB datasource. The problem with this approach is that while I’ve accounted for the corporation groups currently in my portal, I will not be able to monitor future corporation groups without editing the rule and updating it each time there is an addition or loss.This would best be set up by instead using *Corp* as the group name. This matches any parent group folder, and any name that uses “corp” or “corporation.” I will also not need to update this rule if groups matching this are added or removed in the future. Example - 1 Alert rule for 2 datasources while omitting a group Consider the following: I need an alert rule specifically for routing Windows CPU, memory, and network alerts of all hosts in a group. Let’s say that I’d also like to exclude a particular subgroup. Since I’m a lazy guy, to avoid creating three separate rules I can use the power of glob to pipe in these datasources together while excluding the group I don’t want to route in the same rule: In this rule, you can also see how only valid hosts, datasource instances, and datapoints matching this filter are returned as valid results: Example - RTT Custom Graph Widget for 2 separate groups and multiple devices The following example demonstrates using a pipe in the Group field to call 2 groups, so that we can monitor the RTT of all devices’ ping datasource and plot each host individually on a custom graph widget: Further reading:https://www.logicmonitor.com/support/terminology-syntax/syntax/glob-expressions/412Views9likes0CommentsMulti-lines event log file monitoring via Regex
Hi, Recently I had a chance to chat with LogicMonitor support team & they recommend a new feature request to be submitted toLogicMonitor DEV team. In short, there are times when a specific exception is thrown & logged into the Tomcat log file, we would like to monitor not just that line that throw the exception but also multiple lines before and afterwards. Right now LogicMonitor can display that "exception" line only. It will be really helpful in both production and QA environment if LogicMonitor can display multiple lines before and after that exception line being monitored via Regex. Here are 2examples: 1. Production - (Pattern to match: "HTTP/1.1failed with response Service Unavailable") 2016-08-04 10:13:49,372 ERROR [NmsThumbnailProvider] GET http://10.101.84.12:8080/barco-webservice/rest/NetworkWall/proxy-source/dvi1-1-mna-2530007307/thumbnails/snapshot HTTP/1.1failed with response Service Unavailable 2016-08-04 10:13:50,733 DEBUG [NmsEventMonitor] longPollNmsEvent response [{"id":1273,"properties":{"attribute":"MODE","object":["OFFLINE"],"type":"Device","name":"NETVIZDONGLE"},"value":["OFFLINE"],"values":["OFFLINE"],"affectedAttributes":["MODE"],"uuid":"d9b13d40-0870-1c02-e000-0004a5281cd0","elementID":"d9b13d40-0870-1c02-e000-0004a5281cd0","source":null,"device":true}] code 200 2016-08-04 10:13:50,733 INFO [RoutingEventServiceImpl] got NMS event: [{"id":1273,"properties":{"attribute":"MODE","object":["OFFLINE"],"type":"Device","name":"NETVIZDONGLE"},"value":["OFFLINE"],"values":["OFFLINE"],"affectedAttributes":["MODE"],"uuid":"d9b13d40-0870-1c02-e000-0004a5281cd0","elementID":"d9b13d40-0870-1c02-e000-0004a5281cd0","source":null,"device":true}] 2016-08-04 10:13:50,733 INFO [RoutingServiceImpl] onDeviceChanged: controller = 10.101.84.12Production: 2. QA testing - (Pattern to match: "Caused by: java.lang.NullPointerException") at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:992) at java.lang.Thread.run(Thread.java:724) Caused by: java.lang.NullPointerException at com.arthrex.synergy.routing.nexxis.RoutingControllerServiceImpl.attemptToTelnetRoutingController(RoutingControllerServiceImpl.java:66) at com.arthrex.synergy.routing.nexxis.RoutingControllerServiceImpl.tenetToNmsService(RoutingControllerServiceImpl.java:46) Please let me know whether this can be turn into a feature for future release. It will help reducingamount of troubleshooting time. Thanks & Best Regards, Horace Cheung11Views0likes0Comments