I have a multi-line log file that I am trying to parse but I am having some issues with the parser template. Here is an example of the log file:
2012-01-15 @ 04:22 SQL Error encountered.Application: BRMServiceError State: S1T00Vendor: MicrosoftDriver: ODBC SQL Server DriverError: Timeout expiredLast SQL String: SELECT COUNT(*) FROM master.dbo.sysdatabases WHERE name = 'BusRuleMonitor'Last ODBC Command: Function: SQLDriverConnect 2012-01-27 @ 23:10 SQL Error encountered.Application: BRMServiceError State: 08001Vendor: MicrosoftDriver: SQL Server Native Client 10.0Error: Named Pipes Provider: Could not open a connection to SQL Server [2]. Last ODBC Command: Function: SQLDriverConnect
The only thing I am interested in monitoring is the Error State. I will monitor that error state and if it matches a certain value the alarm will be raised. I am struggling with creating a template for this parser. I was thinking that just Error State: $errorstate$ would do the trick, but i can't seem to get it to work. Any help would be appreciated.
Thanks
Hi jsnair
I think you'll need to set up your Log Parser to read the format of the log file at least up to the portion that you're interested in. It's extra work but the Log Parser is dumb and it's unable to guess which portion of the log file you're interested in unless you do it that way. For example, in the log file you posted you'd want something like:
#DateVariable#
Application: #ServiceVariable#
Error State: #StateVariable#
That's the minimum you'd need to get you the info you're looking for - in this case the state variable.
Needless to say, the Help file is pretty basic and useless. It took some digging but I did find this document which is far more helpful when working with Log Parsers.
help.kaseya.com/.../EN_LogParsers62.pdf
Try this :
Kind regards,
Sloeber70
iVITa Admin at eurosys.be