cancel
Showing results for 
Search instead for 
Did you mean: 
sreenu2foru
Level 8

How can I send an email alert when a specific word is logged into a logfile

Hello All,

I am new to this SolarWinds APM... We are facing a typical problem... I am trying to search for a sentence in the log file and if that sentence is found, I am trying to send out an alert stating the sentence is found in the log file... Typically, a batch file executes in Application server at Midnight and that batch file creates a log in the log file related to it... Now, When I try to create a Log Parser to look for the log that is created by the batch file, then click on edit script and click on Get Script Output, I get an error that file not found... After that error is resolved, I tried to get the Script Output again and I get to see "==============================================Message: Can't find "regex" argument. Check documentation." error...

I either get File not found OR regex argument error...

Hope I am clear enough!

Any help would be appreciated...

Thanks!

Srini

Edited:

I am now observing a small problem... When I remove the search string (I think I spelled it correct, I mean the arguments we place after ^), I am observing the regex error... If I place the search string, I am observing an error as "File not found"...

Any correct way to place the script arguments? I entered it as \\10.1.1.14\test\logs\text.log,^Error

Let me know if I should be replacing it in other way..

Thanks!

Tags (2)
0 Kudos
12 Replies
Highlighted
HerrDoktor
Level 14

Re: How can I send an email alert when a specific word is logged into a logfile

Maybe aLTeReGo​ s Script here might help you Log Parser (PowerShell)

Cheers,

Holger

0 Kudos
sreenu2foru
Level 8

Re: How can I send an email alert when a specific word is logged into a logfile

Thanks HerrDoktor... But, it did not solve my issue... Everything in that script was already done by me... But, No help!

0 Kudos
mikegale
Level 12

Re: How can I send an email alert when a specific word is logged into a logfile

I put a quick powershell together that should do what you need.

Find a string in a logfile and count matches (Powershell)

If the script works, you'll just need to create an alert that will look for the status of the component and send an email if the alert is triggered.

Hope this helps

sreenu2foru
Level 8

Re: How can I send an email alert when a specific word is logged into a logfile

Thanks Mike... Can you help me in creating a script which will trigger when a new string is found? I mean, there might be lot of entries in the log file, but, I am looking to send a trigger when a string called "Error" is found just now...

I hope you understood my question...

Thanks for your help in advance!

Srinivas Mandalika

0 Kudos
mikegale
Level 12

Re: How can I send an email alert when a specific word is logged into a logfile

I can certainly try and help but as small as that difference may seem it's quite a bit more complex. Searching from the bottom up in powershell is a little tedious but that's not the real problem. SAM doesn't alert as things happen, it polls at a given polling interval. We don't use LEM (Log & Event Manager) but maybe it can alert as files are updated and matches are found.

With SAM you are going to have to set a polling interval so it can check your log file, say every 2 minutes or something like that. The next challenge is only finding the latest entries in your log file. Do you have a timestamp at the beginning of each log entry? If so, one could find the first match from the bottom up and then check the timestamp and only alert if the timestamp on the matching row is newer than your polling interval. If you have a timestamp, copy/paste it in the reply and I'll get you hooked up. Actually, if you can copy/paste the entire line from a previous error in the reply that'd be great. Please be sure to not post any info that the world doesn't need to see.

Hopefully this makes sense.

Michael

0 Kudos
sreenu2foru
Level 8

Re: How can I send an email alert when a specific word is logged into a logfile

Okay...

Yes, We can change the Polling interval. Yes, We have the timestamp for each log entry... Below is one of the line (actually lines) from the log file which should trigger when found...

Aug 11, 2016 12:01:00 AM <abc>.<abc>Scheduler jobToBeExecuted

INFO: Job started: <abc> - test

After these two lines, there will be space for the next entry... Hope this helps!

Thanks for help Mike!

Srini

0 Kudos
mikegale
Level 12

Re: How can I send an email alert when a specific word is logged into a logfile

We're almost there. Just to clarify, the script could search for the term "Scheduler jobToBeExecuted" or could that message be anything?

Mike

0 Kudos
sreenu2foru
Level 8

Re: How can I send an email alert when a specific word is logged into a logfile

No, I am looking for "INFO: Job started: <abc> - test" and send me the trigger when this was found...

Srini

0 Kudos
mikegale
Level 12

Re: How can I send an email alert when a specific word is logged into a logfile

Sorry it took this long. Here's a solution that could work for you: Find a string in a logfile using a counter file

This script uses a counter to determine if there are more matches on the current poll than there were on the last poll.

If there's more errors on the current poll it will return a DOWN status.

I'm still working on a solution that can read the log file from the bottom up and alert using the date/time stamp versus using the count method, it's just a lot more complex.

Try the link I posted and see if it works for you.

Mike

0 Kudos