|
The LOG File Numeric Values Extraction tool enables you to fine-tune your monitoring by searching for and extracting actual values from a LOG file and build graphs with these values.
What you can do with this tool
LOG files sometimes contain numeric values representing the value of something related to the monitored application: a queue length, a processing time, a utilization percentage, etc. Monitoring Studio Express is able to read these values in the LOG file and report them as a graph in BMC Portal. This feature is called “Numeric Value Extraction” as its purpose is to extract numeric values from a text input (a LOG file, web page, the output of a command, the result of a SQL query, etc.).
All you need to do is indicate how to find the numeric value(s) in the LOG file: First, look only in lines that match a specified regular expression, and then from those lines, extract the numeric value located in the "x" column, or located after/before a specified string. Monitoring Studio Express runs the search as per the criteria and extracts the numerical values found. Graphs are built with these values and you can set thresholds in order to trigger alerts if/when the numbers breach your specific thresholds. The numeric value extraction tool makes your monitoring more proactive and powerful.
How it works (summary)
The basic mechanism to perform a Numeric Value extraction is:
| • | Specify the string (RegExp) containing the numeric value and its expected format |
| • | Indicate the numeric value’s location i.e. before/after the string; column number etc. |
| • | Indicate which numbers are to be considered if several matching strings are found: (first value, last value, calculate average; highest value; lowest value) |
The numeric value extraction tool is integrated within the LOG File Analysis tool/application class, which enables you to add a numeric value extraction during the creation of a LOG file instance, or at any time later after creation of the instance. Alert thresholds can be set for all the numeric value extraction instances.
The numeric value extraction runs differently on LOG files – where it searches only amongst the new lines appended since the last poll; whereas for flat sources, the entire information source is searched (as per the indications specified: what; where etc).
Behind the scenes on Windows systems
When the numeric value extraction of the LOG file is performed on the managed element
| 1. | Two files: sen_ms_excerpt.exe and sen_ms_nawk.exe are copied from the RSM to the remote element and placed on %SystemRoot%\SEN_MS\. |
| 2. | The parsing is performed on the remote element and the output is temporarily stored in a file on %SystemRoot%\SEN_MS\ |
| 3. | This output is then copied to the RSM at: %RSM_HOME%\RSMxx\server\rsm\tmp\deploy\ and the file is deleted from the remote element. |
| 4. | The output is then displayed on the Portal under the parameters Value (HB and LB) and it is deleted from the RSM. |
When the numeric value extraction of the LOG file is performed on the RSM
| 1. | Just one file: sen_ms_excerpt.exe is copied from the RSM to the remote element and placed at: %SystemRoot%\SEN_MS\. |
| 2. | The parsing is performed on the remote element and the output is temporarily stored in a file at %SystemRoot%\SEN_MS\ |
| 3. | This output is then copied to the RSM at: %RSM_HOME%\RSMxx\server\rsm\tmp\deploy\; and the file is deleted from the remote element. |
| 4. | The output is displayed in the parameters Value (HB and LB) and it is deleted from the RSM. |
Behind the scenes on UNIX/Linux
When the numeric value extraction of the LOG file is performed on the managed element
| 1. | The commands "tail" and "head" are used to extract the file content up to a maximum of 10MB at each polling. |
| 2. | The command "awk" or "nawk" are used to parse the extracted content on the remote element, and only the last 1000 bytes of the parsed result is returned. |
| 3. | The returned output is then displayed on the Portal under the parameters Value (HB and LB) |
When the numeric value extraction of the LOG file is performed on the RSM
| 1. | The commands "tail" and "head" are used to extract the file content up to a maximum of 10MB at each polling. |
| 2. | The extracted file content is transferred to the RSM where the sen_ms_nawk.exe file performs the parsing on the extracted content. |
| 3. | The returned output is then displayed on the Portal under the parameters Value (HB and LB) |
 On creation of the numeric value extraction instance, Monitoring Studio Express starts the search from the end of the file. Then as new lines are appended, a maximum of 10MB of file content is parsed at each polling in order prevent network congestion and CPU overuse.
Parameters
(HB) = "Higher is Better" and (LB) = "Lower is Better". HB and LB parameters will always display the same value since, basically, both represent the same value. The purpose of having two parameters for the same value is to be able to set different alert thresholds depending on the nature of the monitored object.
For instance, an alert can be set to be triggered on the HB parameter when the value dips too low (it breaches the lower threshold of the range) and an alert can be set on the LB parameter to go off when the value rises too high. The setting of alerts is flexible and can be done on either of the two parameters, on both, or on neither; it depends entirely on nature of the monitored object and the user's specific needs.
Details of the parameters and alert conditions are stated in the Reference Guide.
| 
