21 Apr 2024 04:02 PM - last edited on 22 Apr 2024 08:02 AM by MaciejNeumann
content="ORA-128 error "
content="dynatrace alert ORA-128"
We want to generate alert if "ORA-" starting of the line in log file , not in the middle. How do we do it?.
Solved! Go to Solution.
21 Apr 2024 06:09 PM
Hi sundarv1,
Easiest way is to add a processing rule: If content starts with ORA-, add a field ora.error = "TRUE", like this:
USING(content)
| FIELDS_ADD(ora.error:IF_THEN(STARTS(content,"ORA-"),"TRUE"))
Based one that field, you can create an events extraction referencing ora.error="TRUE" in log query.
Hope that helps.
Best,
Attila
21 Apr 2024 06:17 PM
Thanks. Where I do create processing rule. Do I need this condition in the event extraction?
21 Apr 2024 06:26 PM - edited 21 Apr 2024 06:27 PM
You can create processing rule under settings/Log monitoring/Processing, you should put the code in processor definition.
If the code works, then you can set up Events extraction.
22 Apr 2024 10:31 AM
1. How to add to Mutiple logs in the matcher condition.?
2. How to create event extraction based on the processing rule?
3. Do we still needs to create log ingest rules and custom log sources?.
23 Apr 2024 09:35 AM
Hi,
Custom log source: You need to add custom log source, if you can not see the log under the Host's Log source dashlet. DT automatically recognize log files, but not all are automatically recognized.
Ingestion rules: If you want to analyze logs with DT, you have to add log ingest rule, to tell DT, that it should analyze the log file. After log ingest rule enabled, you can see the log content in DT's Logs dashboard. Otherwise DT won't analyze the log.
Processing rules: If you want to process the log you captured (for example extract additional attributes, values from content) you have to create processing rules. You can add multiple matcher definitions using AND or OR operators.
Event or Metric extraction: Using attributes you can create Events, alerts, or metrics from the processed log.
This is just a short intoduction to the topic, please refer the documentation.
https://docs.dynatrace.com/docs/observe-and-explore/log-monitoring
Best,
Attila
23 Apr 2024 10:04 AM
Thanks. How to add multiple log file in the log watcher?
24 Apr 2024 04:29 PM
Thanks Sattilas. solution worked.
FIELDS_ADD(ora.error:IF_THEN(STARTS(content,"ORA-"),"TRUE"))
one more request - If it starts with ORA and but if it is ORA-1013 - don;t create alert.
How do we do this.
24 Apr 2024 07:35 PM
Hi,
I'm glad I could help 🙂
The solution to your last question, if it starts with "ORA-", except "ORA-1013" is:
FIELDS_ADD(ora.error:IF_THEN(STARTS(content,"ORA-") AND NOT STARTS(content,"ORA-1013"),"TRUE"))
Best,
Attila
14 May 2024 05:45 AM
Hi Sattilas
How do we display host IP Address in the Log Monitoring incdients. Currently we are getting Host name only
Thanks
Sundar.v
10 Jul 2024 04:07 PM
How do we map to Servicenow Group to the log monitoring so that incident directly assign to group for log events?