String Search

The String Search Monitor allows you to search for a specific string in the information sources that you previously configured (flat or log files, output of a Web request or a database query, OID content, etc). A typical usage is to search for the Failure or Error string in a log file to be informed as soon as a problem occurs and to have Monitoring Studio X acknowledge the alert when the Success string is found.

To find string(s), you need to indicate to Monitoring Studio X:

the string(s) to be searched
where the string(s) should be found (anywhere in the line, at character offset, or in a specific column number)
how alerts should be acknowledged (after a certain time or when another string is found) and the operation to be performed.

If the file to be parsed is a multi-line, XML, JSON, or HTML content, you may have to first pre-process its content.

Once the String Search Monitor is properly configured, Monitoring Studio X will either:

search for the string(s) in the new lines since the last polling and provide the last lines found, the number of lines matching the string search, and the number of lines matching the string search per minute. This is the operation mode for log files and never ending command lines.
or search for the string(s) in the entire source (the whole file, the whole standard output, the whole HTTP response, the whole dataset, etc.) and provide the number of lines matching the string search. This is the operation mode for flat sources or any other source.

Depending on your configuration, an Alert message will either be triggered when a matching line is found or when the threshold is breached.

Refer to the table below to know how to configure the String Search Monitor.

Property	Description
Search for Lines that Contain / Do Not Contain	Enter the string (regular expression) to look for and select whether the string should be contained or not in the line (Example: `Contain Failure` or `Do Not Contain Success`). You will then have to indicate where the string should be searched. Possible values are: Anywhere In the Line (default). At Character Offset: Enter the character number (Example: 7 to search for a string that starts from the seventh character in the line). In Column Number(s): Enter the column number(s) where the string should be found (Example: 1 or 1-5 or 1,5).
Display Name	Name to identify the String Search instance in TrueSight Operations Management.
Internal ID	ID to be used to store the String Search Monitor configuration in the PATROL Agent configuration. This Internal ID is automatically generated based on the Display Name provided but can be edited if needed.
Search Options	1. (Optional) Specify a second string and indicate whether both strings should be found (AND), or if only one of the two strings is sufficient (OR). Enter the string (regular expression) to look for and select whether the string should be contained or not in the line. 2. Indicate where the string should be searched: Anywhere in the Line (default), At Character Offset or In Column Number(s). For column number(s), select the column separators.If the search applies to several columns delimited by different delimiters, including a blank space, then columns will be delimited by a blank space. Otherwise, the first delimiter saved in the configuration will be used.. 3. Indicate whether the search is case sensitive. 4. Indicate whether Monitoring Studio X will ignore blank lines. This option is particularly useful when searching for lines that do not contain a specific string, as blank lines would match this search criteria. 5. (Log File Monitoring) Indicate how the Matching Line Count parameter will report matches. Possible values are: Since Last Acknowledge (Incremental): Select this option to count the lines matching the String Search since the last time the Matching Line Count parameter was reset or since the PATROL Agent started. In the Current Collect Only: Select this option to count the lines matching the String Search during the current collect.
Auto-Acknowledge Options (Log File or Never Ending Command Line Monitoring Only)	1. First, specify how alerts should be acknowledged. You can either: Acknowledge Alert On Timeout: In this case, specify the time in minutes after which the alert will be automatically acknowledged (Default: 120 minutes). Acknowledge Alert On Another String Search: In this case, specify the string that will automatically acknowledge the alert (Example: The alert will be acknowledged when the string Success is found in the log file). 2. Specify the action you wish Monitoring Studio X to perform when acknowledging an alert. Select: Reset “Matching Line Count” to have Monitoring Studio X automatically reset the counter of the Matching Line Count parameter to zero. Decrease the “Matching Line Count” by One to have Monitoring Studio X automatically decrease the Matching Line Count parameter by one.
Trigger Alert Message for Every Match	Enable this option to trigger an Alert Message for every matching line, and not just when breaching the threshold.

Finally, for each parameter, you can define up to three alarm ranges (Alarm #1, Alarm #2 and Out-of-range) each with a minimum and a maximum value:

Use the Alarm #1 and Alarm #2 options to define the range of parameter values that triggers warnings and alarms.
Use the Out-of-range border conditions to be informed when the collected values are outside the norm (less than or greater than the defined range limits).

Refer to the Configuring Alerts for details and to Studio String Search for more information about the parameters available and the thresholds set by default.

Search Results for {{siteSearch | truncate:'50'}}

No results.