Hello Community,
I have a stream with following rule,
Field message must match regular expression .*severity="warn".*
also have set an Alert once this appear then alarm me! but I get maybe over 1000 logs like this everyday.
I want to filter this like below
rule;
if a value= .*severity="warn".* AND "client="clear_cache_data.plx"
then
don't email or alarm me!
can anyone help me with this?
Thnaks
Hi Nimol,
One option would be to redirect this rule to another stream other than the one set for the alarm or to set the alarm to false when the condition you want is met. Please take a look at the following:
Help required to write a pipeline rule
Another possibility which I find faster and simpler, is to create a filter in your mail client to redirect these alerts to it.
Cheers
Are you sure you want to match this in the “message” field (and not in the “severity” or some other field)?
unfortunately yes! my input is based on RAW UDP and I have to search in messages. I have tried to lunch an syslog UDP but I don’t get any logs 
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.