|
The String Search Monitor allows you to run fast and powerful searches for strings on the information sources that you previously configured (flat or log files, output of a Web request or a database query, OID content, etc).
Please note that the String Search Monitor works slightly differently on "running sources" (Log files) than on flat sources (flat files, command lines, Web requests, etc.):
| • | On "running sources" (Log files): |
| ▪ | the strings are searched only in new lines since the last polling. For a String Search in a running source, two graphs are built: |
| ✓ | Number of matching lines since the last acknowledgment or Number of matches for the current collect. |
| ✓ | Number of matches per minute since the last polling. |
| ▪ | you can specify auto-acknowledging strings that will automatically reset the graph to the "number of matches". |
 Refer to the String Searches for log Files chapter for detailed information.
| • | On "flat sources" (any other source): |
| ▪ | the strings are searched in the entire source every time (the whole file, the whole standard output, the whole HTTP response, the whole dataset). For a String Search in a flat source, one graph is built: Number of matches at the current polling. |
| ▪ | you cannot specify auto-acknowledging strings since the attribute is recalculated from "0" at each polling. |
| ▪ | you can specify where information should be searched in the file (n lines, pre-filter, etc.). |
To search for a specific string
| 1. | Log on to Central Monitoring Administration. |
| 2. | Create (or edit) a Policy that will be deployed on the PATROL Agents that share the same specified tag or according to their IP address, hostname, etc. |
| 3. | Click the Monitor Configuration link and click the  (or  ) button. |
| 4. | In the Monitoring Solution field, select Monitoring Studio. The related Monitoring Profile, Version and Monitor Type information is automatically displayed. |
| 5. | Select the Monitoring Studio Monitor Type and click . |
| 6. | Select the Monitoring Studio Monitoring Solution. |
| 7. | From a specific Monitors panel (command lines, files, queries, etc.), click the String Searches button. |
| 8. | The String Searches panel is displayed to define the String Search settings. |
| 9. | Provide the String Search information: |
String Search — Settings
| ▪ | Considered Line Numbers: By default, the string(s) will be searched for in all the lines of the specified source but you can also specify the line numbers to be scanned. Line numbers are specified as follows: |
| • | x-y: all lines from x to y inclusive |
| • | x-: all lines from x to the end of the file inclusive |
| ▪ | Count Lines Matching With: Enter the regular expression that needs to be found for the line to be counted. |
| ▪ | But Exclude Those Matching With: Enter the regular expression that needs to be found for the line NOT to be counted. |
| 10. | Define the Monitor Settings: |
String Search — Monitor Settings
| ▪ | Internal ID: Enter an ID to identify the managed String Search instance in TrueSight Operations Management. |
| ▪ | Display Name: Enter a name to identify the managed String Search instance in TrueSight Operations Management. |
| ▪ | Optional — Alert Actions: Define the action(s) Monitoring Studio needs to perform when the thresholds for this String Search instance is breached. |
| 11. | Click the Add to List button to complete the creation of the String Search instance. |
|
