[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: File content match - specific and general matches

From: Vidar Normann
Subject: Fwd: File content match - specific and general matches
Date: Fri, 4 Aug 2017 08:10:37 +0200

We have a logfile, example.log, which will contain lines with

“ALERT: <something>”

which we want to trigger an alert. Yet, there are some sub-cases of “ALERT: <something>” where we only want to

alert if they occur more than 3 times in 10 cycles, for example

“ALERT: foo”


How to only alert if X occurrences in Y cycles for certain specific matches, while still alerting for all more general matches

that do not match any of the spefific matches?


The following

​if content = "ALERT: foo" for 3 times within 10 cycles then alert

if content = "ALERT: " then alert


will generate an alert for any “ALERT: foo” entry, and using the “ignore” statement disables any matching for “ALERT: foo”, as

all ignore statements are parsed before any if statements.

Best regards,


reply via email to

[Prev in Thread] Current Thread [Next in Thread]