First of all I'm sorry if this post is in the wrong topic, but I couldn't really find a ipMonitor support topic so quickly.
I'm having a bit of trouble using ipMonitor, more precisely I've made a monitor that checks the eventlog of a server for specific information log files. This works great and all but when I click preview I get to see ALL the log files, while I only wanted to see the latest. I thought it best to use the %capture[timewritten]% variable but I don't really know in which syntax.
The field I use in the montior field is the following
|Exclusions by Event Text|
|if Regex Match|
So what I want is that I only get to see the latest (as sorted by time) log file. Can anyone help me with this?
The "Preview" button is simply to verify that your criteria is finding what you are looking for and it will provide you with ALL matches found within the Event Log. When monitoring, the Event Log Monitor will not notify you of matches for events that were written previous to when the Monitor is created and it will only notify you when it has found a match between the current time and the last time it has verified the log.
The %capture[timewritten]% token is used to pass the timestamp of the event to the Content Generator. More on this found here:
Hope this helps clarify things.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.