We have a logfile, example.log, which will
contain lines with
which we want to trigger an alert. Yet,
there are some sub-cases of “ALERT: <something>” where we only want to
alert if they occur more than 3 times in 10
cycles, for example
How to only alert if X occurrences in Y
cycles for certain specific matches, while still alerting for all more general
that do not match any of the spefific matches?
if content = "ALERT: foo" for 3 times within 10 cycles then
if content = "ALERT: " then alert
will generate an alert for any “ALERT: foo” entry, and using the “ignore”
statement disables any matching for “ALERT: foo”, as
all ignore statements are parsed before any if statements.