How to automate monitoring of correlated events

Take control of your log file monitoring with Nodinite Log File Parser Monitoring Agent. This guide shows you how to:

• ✅ Instantly detect missing or late correlated events across multiple log files
• ✅ Automate real-time alerts for business-critical processes
• ✅ Leverage powerful RegEx for flexible, custom monitoring scenarios
• ✅ Gain end-to-end visibility and reduce manual troubleshooting

With Nodinite, you automatically detect and alert on missing or delayed records. You ensure seamless process visibility and operational excellence for integration experts and decision-makers.

Let's explore a practical example. Imagine you have a text-based log file where an ORDER with Id 456 lacks its corresponding ORDERRESPONSE 456. Such gaps disrupt business operations, but Nodinite detects and alerts on these issues for you. The Log File Parser Monitoring Agent uses RegEx, so you monitor virtually any entity or event pattern relevant to your business.

2019-04-10 13:37:00.000 ORDERS #123
2019-04-10 13:39:00.123 ORDERS #456
2019-04-10 14:12:34.456 ORDERRESPONSE #123

Example: The order response for order 456 is missing

Before you begin

Ensure you meet the prerequisites and have installed the Nodinite Log File Parser Monitoring Agent.

Step 1: Add a new monitoring configuration

To add a new monitoring entry, click the Add button from the Log File Events tab.

The Log File Events tab where you add new monitoring entries.

1. Name the configuration
2. Provide an optional description
3. Set the Application ID (ensure a matching entry exists in the Applications Tab)

General configuration tab for correlated event monitoring.

Step 2: Set the monitor path

Enter the path to the log files containing the events you want to correlate (e.g., C:\Temp\Log File Parser).

1. Enter the path
2. Enter the RegEx-based filter (e.g., \.txt$)

Specify the folder and file filter for log file monitoring.

Common RegEx file filter examples:

Filter	Example	Comment
\.xml$	XML Files	All XML files with suffix ".xml"
\.txt$	Text Files	All text files with suffix ".txt"
^ONLYME\.data$	Specific file	Only this file "ONLYME.data"
^PrefixedFileName.*\.csv$	Matching a file name pattern	Files with prefix ^PrefixedFileName, and suffix .csv

Step 3: Set the start match

Configure the start match to define the beginning of a correlation:

1. Line contains (e.g., ORDERS)
2. Match date (RegEx for date format): ([0-9]{4}-[0-9]{2}-[0-9]{2}[T\\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\\.[0-9]{3}(\\+[0-9]{2}:[0-9]{2})?)
3. Leave 'Date Time Format (Optional)' empty for this example
4. Matched date groups: 1
5. Match value (e.g., number after #): #([0-9]{1,})
6. Matched value groups: 1
7. (Optional) Additional RegEx for other content (leave empty in this example)

Configure the start match for correlation.

Step 4: Set the end match

Define the end match to complete the correlation:

1. Line contains (e.g., ORDERRESPONSE)
2. Match date: ([0-9]{4}-[0-9]{2}-[0-9]{2}[T\\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\\.[0-9]{3}(\\+[0-9]{2}:[0-9]{2})?)
3. Matched date groups: 1
4. Match value (e.g., number after #): #([0-9]{1,})
5. Matched value groups: 1
6. (Optional) Additional RegEx (leave empty in this example)

Configure the end match for correlation.

Set the time-span format as days.hours:minutes:seconds (e.g., 0.00:10:00 for ten minutes).

7. Warning Time-Span: Enter the allowed time before a Warning alert (e.g., 0.00:10:00)
8. Error Time-Span: Enter the allowed time before an Error alert (e.g., 0.00:30:00)

Step 5: Set the time-related options

Choose which files to include in monitoring:

1. Leave the Clear Date Time field empty (populated by the system when clearing previous problems)
2. Select the time option (Modified after clear date-time)

Example of the 'Time options' tab.

Save

Click 'Save' or 'Save and close' to persist your changes. The new settings and thresholds are evaluated on the next synchronization cycle.

Save or save and close to apply your configuration.

Note

The delay in presenting the new evaluated state depends on the monitoring agent's synchronization interval

Save and close: Save and close the dialog. Cancel: Close the dialog without saving changes.

Step 6: Configure the Monitor View

Add the named Resource to a Monitor View for centralized visibility and management.

• Follow the 'Add or manage Monitor View' user guide.

Example of a Monitor View with errors detected in correlated log files.

Review error details by clicking the Actions button, then Error Report.

Access the Error Report for detailed insights.

A modal displays all log files where an error is still active (> last clear date-time).

Error Report modal with active issues.

Expand a row for additional information.

Correlation may span multiple files!

Tip

You can ignore old errors by clicking Clear Errors in the Actions menu. The Resource returns to OK state until a new entry matches the configuration.

---

Next Step

• How to monitor file content
• How to monitor the IIS (W3SVC) log files

Related Topics

Nodinite File Monitoring Agent