12 Mar 2024 03:10 PM - last edited on 02 Oct 2024 01:34 PM by MaciejNeumann
I'm trying to add field error.type when specific messages occur within sfm records, within a custom 2.0 extension I have created. I've defined the processing rule below.
When Connection exists but no metrics have been produced for endpoints: is logged in the content it works fine, error.type of Connection exists but no metrics have been produced is added to the record. Whenever Exception occured: IO Error: The Network Adapter could not establish the connection is logged in the content, there is no error.type added. When viewing the record in grail I see null for error.type while for the other I can see the value I expect. What am I doing wrong here? I can put in the log for this error type and test it against the rule and the error.type does show, see screenshot below.
Matcher
(matchesValue(event.type, "sfm") and matchesPhrase(dt.extension.name, "custom:db.queries.oracle")
and (matchesPhrase(content, "Exception occured: ORA-01017: invalid username/password; logon denied")
or matchesPhrase(content, "Exception occured: IO Error: The Network Adapter could not establish the connection")
or matchesPhrase(content, "Failed to configure and schedule polling for endpoint")
or matchesPhrase(content, "Error in YAML or JSON configuration; Datasource has exited and will be starting shortly")
or matchesPhrase(content, "query have failed")
or matchesPhrase(content, "Connection exists but no metrics have been produced for endpoints:")
or matchesPhrase(content, "No feature set is activated for")))
Process definition
FIELDS_ADD(content, error.type:IF_THEN_ELSE(content CONTAINS("Exception occured: ORA-01017: invalid username/password; logon denied"), "Invalid username/password",
IF_THEN_ELSE(content CONTAINS("Exception occured: IO Error: The Network Adapter could not establish the connection"), "Cannot connect to database",
IF_THEN_ELSE(content CONTAINS("Failed to configure and schedule polling for endpoint"), "Failed to configure and schedule polling for endpoint",
IF_THEN_ELSE(content CONTAINS("Error in YAML or JSON configuration; Datasource has exited and will be starting shortly"), "Error in YAML or JSON configuration",
IF_THEN_ELSE(content CONTAINS("Connection exists but no metrics have been produced for endpoints:"), "Connection exists but no metrics have been produced",
IF_THEN_ELSE(content CONTAINS("No feature set is activated for"), "No feature set activated",
IF_THEN_ELSE(content CONTAINS("query have failed"), "Query failed"))))))))
20 Nov 2024 10:31 AM
Is this still an issue?
20 Nov 2024 03:39 PM
Try this based on the "CONTAINS" function rule.
Also, I would recommend reduce the matcher string into more unique values instead of the entire line of text.
FIELDS_ADD(error.type:IF_THEN_ELSE(CONTAINS(content, "Exception occured: ORA-01017: invalid username/password; logon denied"), "Invalid username/password",
IF_THEN_ELSE(CONTAINS(content, "Exception occured: IO Error: The Network Adapter could not establish the connection"), "Cannot connect to database",
IF_THEN_ELSE(CONTAINS(content, "Failed to configure and schedule polling for endpoint"), "Failed to configure and schedule polling for endpoint",
IF_THEN_ELSE(CONTAINS(content, "Error in YAML or JSON configuration; Datasource has exited and will be starting shortly"), "Error in YAML or JSON configuration",
IF_THEN_ELSE(CONTAINS(content , "Connection exists but no metrics have been produced for endpoints:"), "Connection exists but no metrics have been produced",
IF_THEN_ELSE(CONTAINS(content, "No feature set is activated for"), "No feature set activated",
IF_THEN_ELSE(CONTAINS(content, "query have failed"), "Query failed"))))))))