Need help to define a stream rule

Hello Community,

I have a stream with following rule,

Field message must match regular expression .*severity="warn".* 

also have set an Alert once this appear then alarm me! but I get maybe over 1000 logs like this everyday.
I want to filter this like below
rule;

if a value=  .*severity="warn".* AND "client="clear_cache_data.plx" 
then 
don't email or alarm me!

can anyone help me with this?

Thnaks

Hi Nimol,

One option would be to redirect this rule to another stream other than the one set for the alarm or to set the alarm to false when the condition you want is met. Please take a look at the following:
Help required to write a pipeline rule

Another possibility which I find faster and simpler, is to create a filter in your mail client to redirect these alerts to it.

Cheers

Are you sure you want to match this in the “message” field (and not in the “severity” or some other field)?

unfortunately yes! my input is based on RAW UDP and I have to search in messages. I have tried to lunch an syslog UDP but I don’t get any logs :neutral_face:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.