- 7 minutes to read

Release Notes

Configuring Correlated Events

Take control of your business event monitoring with the Nodinite Log File Parser Monitoring Agent. This guide shows you how to configure correlated event monitoring so you can:

✅ Instantly detect missing or late correlated events across multiple log files
✅ Automate real-time alerts for business-critical processes
✅ Leverage RegEx for flexible, custom monitoring scenarios
✅ Reduce manual troubleshooting and ensure operational excellence

Info
This guide teaches you how to configure monitoring of files for correlated events using the Nodinite Log File Parser Monitoring Agent.

Correlated Events (Log File Event) - Use this option to correlate events spanning one or more log files containing a date and an identifier for end-to-end tracking.

Example: How to monitor correlated events

Alternatively, monitor files based on content: Content File - Use this option to get alerts if the specified RegEx matches data in one or more files.

Example: How to monitor file content
Example: How to monitor the IIS (W3SVC) log files
Example: How to monitor Nodinite Diagnostic files

Practice and test your RegEx expressions using RegEx101 or a similar tool. Master RegEx to maximize the value of this agent.

Add 'Correlated Events' monitoring configuration

The Correlated Events tab holds an array with one or more configuration entries for a Correlated Events Monitoring.

Here's an example on how to add and manage a 'Correlated Events' Monitoring configuration.

Press the Add button to add one (or more) log file monitoring configurations:

Here's an example of a 'Correlated Events' monitoring configuration; One accordion per entry.
Repeat this step as required by your business need.

Configuring the Correlated Events Monitoring entry

Click the Accordion to expand the configuration, then you can manage the content of the configuration.

General tab

Next, enter the essential details for fields available in the General tab:

First, name the configuration, and provide some general properties for this configuration.

For each entry, the following properties can be set in the General Tab:

Enable monitoring of this Correlated Events Configuration - Check this to actively monitor log files found according to the current settings
Display name - Enter a user-friendly name
Description - Add a logical, user-friendly short description for this configuration
Application ID - Enter the ID from the Applications tab

Path tab

Enter details about the folder and type of files in the Path tab:

Example of the Path tab for correlated events monitoring.

Folder - Specify the folder where the agent should look for log files to monitor
Filter - Enter a matching RegEx-based expression to target specific file types

Filter

Use these common RegEx examples:

Filter	Example	Comment
`\.xml$`	XML Files	All XML files with suffix ".xml"
`\.txt$`	Text Files	All text files with suffix ".txt"
`^ONLYME\.data$`	Specific file	Only this file "ONLYME.data"
`^PrefixedFileName.*\.csv$`	Matching a file name pattern	Files with prefix `^PrefixedFileName`, and suffix `.csv`

Start Match tab

Enter details about what to start looking for in the log files in the Start Match tab:

Example of the Start Match tab for correlated events monitoring.

Line contains - Enter the RegEx to check if the line contains a match. Use 'X' to start checking for date, value, and error(s)
Match date - Enter the RegEx to extract the date and time (according to the format in the log file), for example:

([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}(\+[0-9]{2}:[0-9]{2})?)

Matched date groups - Specify the RegEx match group numbers, or named groups (comma-separated list). In the following example, use number 1:

^([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}(\+[0-9]{2}:[0-9]{2})?)

Date Time Format (Optional) - Enter the Date Time format to use in the conversion to a DateTime, i.e. yyyy-MM-dd HH:mm:ss.fffZ
Match value - Enter the RegEx to extract the value to compare with the 'End Match', for example: #([0-9]{1,2})([0-9]{1,})
Matched value groups - Specify the RegEx groups for the value (comma-separated list). For example, 'Loading value ([0-9A-Z]{1,}), use number 1'
Error, if found on line - If the line matches the specified RegEx, the agent issues an error alert

End Match tab

Enter details about what to match next in the log files in the End Match tab:

Example of the End Match tab for correlated events monitoring.

Line contains - Enter the RegEx to check if the line contains a match. Use 'X' to start checking for date, value, and error(s)
Match date - Enter the RegEx to extract date and time, for example:

([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}(\+[0-9]{2}:[0-9]{2})?)

Matched date groups - Specify the RegEx group number, or named groups (comma-separated list). In the following example, use number 1:

^([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}(\+[0-9]{2}:[0-9]{2})?)

Date Time Format (Optional) - Enter the Date Time format to use in the conversion to a DateTime, i.e. yyyy-MM-dd HH:mm:ss.fffZ
Match value - Enter the RegEx to extract the value to compare the 'Start Match' value with the 'End Match' value. For example: #([0-9]{1,2})([0-9]{1,})
Matched value groups - Specify the RegEx groups for the value (comma-separated list). For example, 'Loading value ([0-9A-Z]{1,}), use number 1'

As there are many options on this tab, continue as follows:

Additional End Match tab options for correlated events monitoring.

Error if found on Line - If the line matches the RegEx 'X', the agent issues an error alert
Warning Time Span - The agent issues a warning alert if the matching event (Match End) does not happen within this threshold
Error Time Span - The agent issues an error alert if the matching event (Match End) does not happen within this threshold

Time Options Tab

Manage the 'Clear Date Time' field and select a Time Option for files to include in monitoring.

Example of the Time Options tab for correlated events monitoring.

Clear Date Time - Ignore issues that occurred before this time. Exclude files with an older created/modified time according to the 'File time option' setting and whether the files should include a date time. Use ISO 8601 format (UTC or with date time offset), e.g., '2019-05-17T13:37:00.123+02:00'
File time option - Select the time option for files to include for evaluation (using the time from the file system)
File time span - Subtract this time span from 'Clear Date Time' to include older files that otherwise would be excluded
Lines have a DateTime - Check this to use the Clear operation to ignore previous errors on a line-by-line basis. Otherwise, the Clear operation applies to each file.
Match date - Enter the RegEx to extract the date and time (according to the format in the log file)
Matched date groups - Specify the RegEx match group numbers, or named groups (comma-separated list). For example: '^([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{3}(+[0-9]{2}:[0-9]{2})?)', use number 1
Date Time Format (Optional) - Enter the Date Time format to use in the conversion to a DateTime, i.e. 'yyyy-MM-dd HH:mm:ss.fffZ'.
Use Agent time zone - Check this when the date and time lack the UTC 'Z' indicator or offset. When checked, the agent assumes the date-time is in the same time zone as the agent. Otherwise, the agent assumes the date-time is UTC

File Time Option

File Time Option settings for correlated events monitoring.

Created after - File time span
Created after Clear Date Time
Created after Clear Date Time - File time span - This is a helpful option for IIS Logs
Evaluate all
Last Created, one file only
Last Modified, one file only
Modified after Clear Date Time
Modified after - File time span

Next Step

Add or manage a Monitoring Agent Configuration
Add or manage Monitor View

How to monitor correlated events
How to monitor file content
How to monitor Nodinite Diagnostic files
How to monitor the IIS (W3SVC) log files

Applications
Install Log File Parser Monitoring Agent
Monitoring
Monitoring Agents
Update

Explore Nodinite for 30 days – completely free

See how Nodinite resolves your technical issues, in a

LIVE Demo!