I have log that contains this value :
<0> 10/03/19 16:55:00 : Maintenance counter "UV Calibration" Value is: 31 hours.
I need to check if this value is greater than 300 for the last job
so for example if at 10.3.19 16:55:00 it was 300 and than at 10.3.19 16:56:00 it was 1 than it is not interesting me
but if at 10.3.19 16:55:00 it was 300 and than at 10.3.19 16:56:00 it was 301 i want to raise an alert and show it in table
How can i extract this field and calculate this ?
You can do a search time extraction like this:
[your search]|rex "Value\sis\:\s(?P<calibration_duration>\d+)\shours"|table _time calibration_hours
Should give you a listing of all the times, and the calibration durations
If I understand the second part, you want to trigger an alert if two consecutive events are >300 ?
sorry but i probably did not understand it correctly because this rex returns no results
what should be "calibrationduration" and "calibrationhours"?
about the second part, yes
i tried again your solution
since i have few rows that contains the string "value" im getting result of the first one which is not the correct one
<0> 25/02/19 18:41:22 : Maintenance counter "Model 2 Left Pump" Value is: 9 hours. ... 48 lines omitted ... <0> 25/02/19 18:41:22 : Maintenance counter "PM is Due" Value is: 117 hours. <0> 25/02/19 18:41:22 : Maintenance counter "UV Calibration" Value is: 12 hours.
your solution will return the value '9'
UV Calibration" Value is: 17 hours. will return this value: calibration_duration=4375
can you please explain to me what is this number?
maybe you can explain to me the meaning of the regex ?
many thanks !
Will there be logs for only one job? Are you always comparing 2 most recent job execution logs or it can be any two consecutive job execution?
well.. the log file can contain many jobs log, from many times
but i will always compare 2 recent jobs, yes
Where are the job names appear in the log? In your sample data, is 31 (which is followed by hours) is the value you want to capture/compare?
well.. i need to check with our analysts where the job name so i will get back to you but for your second Q, yes, 31 is the value i want to capture