- 7 minutes to read

Release Notes

Configuring Correlated Events

Info
This guide teaches how to configure Monitoring of files for correlated events using the Nodinite Log File Parser Monitoring Agent.

Correlated Events (Log File Event) - Use this option to correlate events spanning one or more log files containing a date and some Identifier to use correlating the set.

Example: How to monitor correlated events

There is another option, to Monitor files based on content:
Content File - Use this option to get alerts if the specified RegEx matches data in one or more files.

Example: How to monitor file content
Example: How to monitor the IIS (W3SVC) log files
Example: How to monitor Nodinite Diagnostic files

Please use RegEx101 or a similar tool, to test your RegEx expression. You must practice RegEx to use this agent.

Add 'Correlated Events' monitoring configuration

The Correlated Events tab holds an array with one or more configuration entries for a Correlated Events Monitoring.

Here's an example on how to add and manage a 'Correlated Events' Monitoring configuration.

Press the Add button to add one (or more) log file monitoring configurations:

Here's an example of a 'Correlated Events' monitoring configuration; One accordion per entry.
Repeat this step as required by your business need.

Configuring the Correlated Events Monitoring entry

Click the Accordion to expand the configuration, then you can manage the content of the configuration.

General tab

Next, You need to enter some basic details for fields available in the General tab:

First, name the configuration, and provide some general properties for this configuration.

For each entry, the following properties can be set in the General Tab:

Enable monitoring of this Correlated Events Configuration - When checked; Log File found according to the current settings, will be monitored
Display name - A user-friendly name.
Description - Logical user-friendly short description for this configuration
Application ID - Enter the ID from the Applications tab

Path tab

Next, You need to enter some details about the folder and type of files, available in the Path tab:

Folder - The folder to look for log files to monitor. Provide a valid path reachable for the agent.
Filter - To get a specific type of file, enter a matching RegEx-based expression

Filter

Below is a table with some common RegEx examples:

Filter	Example	Comment
`\.xml$`	XML Files	All XML files with suffix ".xml"
`\.txt$`	Text Files	All text files with suffix ".txt"
`^ONLYME\.data$`	Specific file	Only this file "ONLYME.data"
`^PrefixedFileName.*\.csv$`	Matching a file name pattern	Files with prefix `^PrefixedFileName`, and suffix `.csv`

Start Match tab

Next, You need to enter some details about what to start looking for in the log files, available in the Start Match tab:

Line contains - Enter the RegEx, to check if the line contains a match, 'X' start to check for date, value and error(s)
Match date - Enter the RegEx, to extract the date and time (according to the format in the log file), for example:

([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}(\+[0-9]{2}:[0-9]{2})?)

Matched date groups - The RegEx match group numbers, or named groups (comma-separated list). In the following example, use number 1:

^([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}(\+[0-9]{2}:[0-9]{2})?)

Date Time Format (Optional)^{New 6.2} - Enter the Date Time format to use in the conversion to a DateTime, i.e yyyy-MM-dd HH:mm:ss.fffZ
Match value -Enter the RegEx to extract the value to be used to compare with the 'End Match', for example; #([0-9]{1,2})([0-9]{1,})
Matched value groups - The RegEx match should group the specified numbers, or named groups (comma-separated list). E.g. 'Loading value ([0-9A-Z]{1,}), use number 1
Error, if found on line - If the line contains a match with the specified RegEx, issue the error alert

End Match tab

Next, You need to enter some optional details about what to match next with, from the log files, available in the End Match tab:

Line contains - Enter the RegEx, to check if the line contains a match, 'X' start to check for date, value and error(s)
Match date - RegEx to extract date and time, for example:

([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}(\+[0-9]{2}:[0-9]{2})?)

Matched date groups - The RegEx group number, or named groups (comma-separated list). In the following example, use number 1:

^([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}(\+[0-9]{2}:[0-9]{2})?)

Date Time Format (Optional)^{New 6.2} - Enter the Date Time format to use in the conversion to a DateTime, i.e yyyy-MM-dd HH:mm:ss.fffZ
Match value - Enter the RegEx to extract the value to be used to compare the 'Start Match' value with the 'End Match' value. For example #([0-9]{1,2})([0-9]{1,})
Matched value groups - The RegEx match should group the specified numbers, or named groups (comma-separated list). E.g. 'Loading value ([0-9A-Z]{1,}), use number 1

As there are many options on this tab, the rest follows as below:

Error if found on Line - If the Line contains a RegEx match 'X' issue the error alert
Warning Time Span - Issue the warning alert, if the matching event (Match End) did not happen within this threshold
Error Time Span - Issue the error alert, if the matching event (Match End) did not happen within this threshold

Time Options Tab

Next, You can manage the 'Clear Date Time' field and select a Time Option for files to be included in the Monitoring.

Clear Date Time - Ignore issues that occurred before this time. Exclude files with an older created/modified time according to the 'File time option' setting and whether the files should include a date time. in ISO 8601 format (UTC or with date time offset) (yyyy-mm-ddThh:MM:ss.ms+/-timezoneoffset, for example '2019-05-17T13:37:00.123+02:00')
File time option - Select the time option for files to be included for evaluation (using the time from the file system)
File time span Time span subtracted from 'Clear Date Time' to include older files that otherwise would have been excluded
Lines have a DateTime - When checked, you can use the Clear operation to ignore previous errors on a line-by-line basis. Otherwise, the Clear operation applies to each file.
Match date - Enter the RegEx to extract the date and time (according to the format in the log file)
Matched date groups - The RegEx match group numbers, or named groups (comma-separated list). E.g. '^([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}.[0-9]{3}(+[0-9]{2}:[0-9]{2})?)', use number 1
Date Time Format (Optional) - Enter the Date Time format to use in the conversion to a DateTime, i.e 'yyyy-MM-dd HH:mm:ss.fffZ'.
Use Agent time zone - Use this setting when the date and time lack the UTC 'Z' indicator or offset. When checked, assume the date-time is in the same time zone as the agent. Otherwise, assume the date-time is UTC.

File Time Option

Created after - File time span
Created after Clear Date Time
Created after Clear Date Time - File time span - This is a helpful option for IIS Logs
Evaluate all
Last Created, one file only
Last Modified, one file only
Modified after Clear Date Time
Modified after - File time span

Next Step

Add or manage a Monitoring Agent Configuration
Add or manage Monitor View

How to monitor correlated events
How to monitor file content
How to monitor Nodinite Diagnostic files
How to monitor the IIS (W3SVC) log files

Applications
Install Log File Parser Monitoring Agent
Monitoring
Monitoring Agents
Update

Explore Nodinite for 30 days – completely free

See how Nodinite resolves your technical issues, in a

LIVE Demo!