I am new to this SolarWinds APM... We are facing a typical problem... I am trying to search for a sentence in the log file and if that sentence is found, I am trying to send out an alert stating the sentence is found in the log file... Typically, a batch file executes in Application server at Midnight and that batch file creates a log in the log file related to it... Now, When I try to create a Log Parser to look for the log that is created by the batch file, then click on edit script and click on Get Script Output, I get an error that file not found... After that error is resolved, I tried to get the Script Output again and I get to see "==============================================Message: Can't find "regex" argument. Check documentation." error...
I either get File not found OR regex argument error...
Hope I am clear enough!
Any help would be appreciated...
I am now observing a small problem... When I remove the search string (I think I spelled it correct, I mean the arguments we place after ^), I am observing the regex error... If I place the search string, I am observing an error as "File not found"...
Any correct way to place the script arguments? I entered it as \\10.1.1.14\test\logs\text.log,^Error
Let me know if I should be replacing it in other way..
Thanks HerrDoktor... But, it did not solve my issue... Everything in that script was already done by me... But, No help!
I put a quick powershell together that should do what you need.
If the script works, you'll just need to create an alert that will look for the status of the component and send an email if the alert is triggered.
Hope this helps
Thanks Mike... Can you help me in creating a script which will trigger when a new string is found? I mean, there might be lot of entries in the log file, but, I am looking to send a trigger when a string called "Error" is found just now...
I hope you understood my question...
Thanks for your help in advance!
I can certainly try and help but as small as that difference may seem it's quite a bit more complex. Searching from the bottom up in powershell is a little tedious but that's not the real problem. SAM doesn't alert as things happen, it polls at a given polling interval. We don't use LEM (Log & Event Manager) but maybe it can alert as files are updated and matches are found.
With SAM you are going to have to set a polling interval so it can check your log file, say every 2 minutes or something like that. The next challenge is only finding the latest entries in your log file. Do you have a timestamp at the beginning of each log entry? If so, one could find the first match from the bottom up and then check the timestamp and only alert if the timestamp on the matching row is newer than your polling interval. If you have a timestamp, copy/paste it in the reply and I'll get you hooked up. Actually, if you can copy/paste the entire line from a previous error in the reply that'd be great. Please be sure to not post any info that the world doesn't need to see.
Hopefully this makes sense.
Yes, We can change the Polling interval. Yes, We have the timestamp for each log entry... Below is one of the line (actually lines) from the log file which should trigger when found...
Aug 11, 2016 12:01:00 AM <abc>.<abc>Scheduler jobToBeExecuted
INFO: Job started: <abc> - test
After these two lines, there will be space for the next entry... Hope this helps!
Thanks for help Mike!
We're almost there. Just to clarify, the script could search for the term "Scheduler jobToBeExecuted" or could that message be anything?
No, I am looking for "INFO: Job started: <abc> - test" and send me the trigger when this was found...
Sorry it took this long. Here's a solution that could work for you: Find a string in a logfile using a counter file
This script uses a counter to determine if there are more matches on the current poll than there were on the last poll.
If there's more errors on the current poll it will return a DOWN status.
I'm still working on a solution that can read the log file from the bottom up and alert using the date/time stamp versus using the count method, it's just a lot more complex.
Try the link I posted and see if it works for you.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.