I have a stream with following rule,
Field message must match regular expression .*severity="warn".*
also have set an Alert once this appear then alarm me! but I get maybe over 1000 logs like this everyday.
I want to filter this like below
if a value= .*severity="warn".* AND "client="clear_cache_data.plx"
don't email or alarm me!
can anyone help me with this?
One option would be to redirect this rule to another stream other than the one set for the alarm or to set the alarm to false when the condition you want is met. Please take a look at the following:
Help required to write a pipeline rule
Another possibility which I find faster and simpler, is to create a filter in your mail client to redirect these alerts to it.
Are you sure you want to match this in the “message” field (and not in the “severity” or some other field)?
unfortunately yes! my input is based on RAW UDP and I have to search in messages. I have tried to lunch an syslog UDP but I don’t get any logs
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.