Fwd: File content match - specific and general matches

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Fwd: File content match - specific and general matches

Vidar Normann

We have a logfile, example.log, which will contain lines with

“ALERT: <something>”

which we want to trigger an alert. Yet, there are some sub-cases of “ALERT: <something>” where we only want to

alert if they occur more than 3 times in 10 cycles, for example

“ALERT: foo”


How to only alert if X occurrences in Y cycles for certain specific matches, while still alerting for all more general matches

that do not match any of the spefific matches?


The following

​if content = "ALERT: foo" for 3 times within 10 cycles then alert

if content = "ALERT: " then alert


will generate an alert for any “ALERT: foo” entry, and using the “ignore” statement disables any matching for “ALERT: foo”, as

all ignore statements are parsed before any if statements.

Best regards,


To unsubscribe: