24 May 2024 03:20 PM
Hi Team
From java application server's log (Linux) I want to capture only the rows related to START and END events of some batch.
To do this, I defined a "Log Ingest rule":
but when I check the result of this rule In the log viewer, I see that "log content" contains other lines other than the START events (bolded).
This is the entire log content with multiple lines:
I expect to have only one line and I don't have an explanation for this behavior considering that at the end of each line there is a carriage return (\n) character.
Could you please verify what is wrong ?
Thanks and Regards
Antonello Chiaravalle
24 May 2024 04:51 PM - edited 24 May 2024 04:51 PM
Hi @a_chiaravalle,
Ingest rules is not a filter. With this rule you ingested the entire log file which conatins your START value from the choosen processes.
I order to drop the unnecessary lines you should set a log drop rule (carefully) to this log ingest rule.
In the log drop rule matcher you should put your log.source and a nagate content filter. In the log viewer you can check the result. You should see only the unwanted loglines in the result. This expession should be in the log drop rule.
Example:
I hope it helps.
Best regards,
Mizső