LogUsage data source
Hello, We are having all our devices sending syslog to LM collector. Via LogUsage data source, we can monitor if the device sends syslog data or no. But the threshold to alarm on that is only 60 minutes. We would like to make the threshold longer like 1 or 2 days because some devices are quieter than others, and we want to control if we missed to configure syslog on one of the devices or it doesn't send syslog anymore due to any reason. So, i contacted LM support, they said it would be custom datasource. Any help with how to achieve that?100Views0likes3CommentsNew user - looking for information on parsing fields from Syslog message field
We’re just starting to get LogicMonitor setup on our network and, mainly to test the collector, I setup one of our HAProxy instances to forward it’s syslog to the collector and can confirm that the logs are being ingested. However, because it’s bare syslog, all I can see is the bare message field. What I’m looking for is the functionality to pull particular fields out of the message and into fields. <134>Oct 17 23:37:17 haproxy[3719288]: 69.141.121.67:11058 [17/Oct/2023:23:37:17.568] http_front_80 http_back_80/Acc-SRV01 0/0/0/32/32 200 759 - - --NI 5825/3042/52/12/0 0/0 "POST /Server/URL.asmx HTTP/1.1" For example, in the log line above, the fields are separated by a space. Among the fields included in the log line are items such as the Client IP, the FronteEnd and BackEnd which I was hoping to be able to extract into their own fields to help with reporting. I’ve been looking through the documentation and have found the LogSource section but that doesn’t seem to be adding the field. Frankly, after a few hours of searching and experimenting, I’m hoping someone could give me some guidance on how this can be done. ThanksSolved416Views19likes11Comments