Hi,
I'm new to Log Insight looking at how to streamline monitoring of one of our applications.
I have a couple of servers that write 1 log file when it does a process between 00:00 and 01:00 in the morning, the log file is written over this period with each step and it status
example:
Step 1: step name
Step 1 Status : OK : step task
Info: additional info of task
Step 1 Status : OK : step task
Info: additional info of task
Step 2: step name
Step 2 Status : OK : step task
Step 2 Status : OK : step task
Info: additional info of task....
each step and step task is written as it is completed.
I have a regex which is just looking for the Step [1-9] for each line so i get a log entry for each line along with the info line
I then have an alert query which looks for "error" in the entry and sends an email alert
The issue is I only get the one specific line with info the error is on but I would like to get the entire step - so if the error is for the 2nd step task in Step 2 i would like the alert to have all the log entries for Step 2 or the previous lets say 5 events before the error occurred.
Possible solution i need assistance with:
1 - is it possible to set the LI agent folder monitor to only collect logs at a certain time? - I can then set it to monitor after 01:00 and change the Regex to collect the entirety of each step
2 - Is it possible to get LI to combine multiple events based on a field or set an alert to send an alert based on a query + the previous 5 events?
Regards,
Anthony