Difference between a flat file and a LOG file

 Home  Previous  Next

Flat files are entirely updated and therefore need to be parsed entirely, as opposed to LOG files where new lines are appended at the end of the file - and hence only these new lines need to be analyzed.

TipSelecting the right file-type (Flat or LOG) is very important during the setting-up of the file monitoring, or else it will be unable to read the monitored object correctly as well as other features such as string searches will be affected, depending on the file-type.

String Searches of Flat vs LOG files

The string searching function works differently on "running sources" i.e. LOG files and never-ending OS commands; than on flat sources (flat files, OS commands, Web requests, etc.):

Running sources: LOG files

On "running sources" (LOG files and never ending OS commands), the strings are searched only in new lines since the last polling. For a string search in a running source, two graphs are built:

Number of matches since the last acknowledgement
Number of matches per minute since the last polling

In addition, for LOG files and never-ending OS commands, you can specify auto-acknowledging strings that will automatically reset the graph to the "number of matches".

Automatic acknowledgement of string search alerts (LOG files and "never-ending" command lines only)

Each time the specified strings have been found, the MatchingLineCount parameter will increase and will trigger an alert. The automatic acknowledgement feature allows you to make the MatchingLineCount graph go back to zero and reset its status to 'normal'.

WIZ_StingSearch_4AutoAck

Automatic Acknowledgement of String Search Alerts

Acknowledge alert(s) if the string below is found: Specify the string; indicate whether, or not, it is case-sensitive.
Select where to search: specify the location of the string, enter the column separators if any
Acknowledge alert(s) if a timeout of "x" minutes is reached: A timeout expires since the last matching line is found; enter the value (default is set to 120 minutes).
When this occurs, you can either specify if all alerts previously triggered by this string search should be acknowledged at one time (the MatchingLineCount parameter goes back to zero), or if only one alert should be acknowledged (the MatchingLineCount parameter is decreased by one):
When the above condition is reached:
Reset the MatchingLineCount parameter to zero (clear all previous alerts)
Decrease the MatchingLineCount by one (clear the previous alert)

Flat sources

On "flat sources" (flat files, OS commands, Web requests, database queries), the strings are searched within the entire source (the whole file, the whole standard output, the whole HTTP response, the whole dataset) every time.

String search in a flat source: Line selection.

In flat sources, you have the option to select the lines in which to search for the specified string(s):

WIZ_StingSearch_3LineDefinition

Setting Parameters for String Search on Flat Files

Search for the String(s) in all lines
Search for the String(s) only in the following line numbers: Enter the list of line numbers you wish to scan separated by ‘;’.

For a string search in a flat source, one graph is built: Number of matches at a polling.