> From: Peter Kravtsov
> Subject: [Simple-evcorr-users] Threshold rules based on regexp count of a
> matched keyword
> To: "Simple-evcorr-users@lists.sourceforge.net"
>
> Date: Thursday, April 16, 2009, 9:04 PM
>
>
> Threshold rules based on regexp count of a matched
> keyword
>
>
> Exam
Example:
foo A
foo B
foo B
Desired:
Match when foo X occurs N times over time window, but the matching line needs
to remember the keyword matched on. So if the threshold is 2 times, then raise
an event on a second "foo B" -- not on the first one.
Is this possible?
--
Hey Folks,
I need to create a context if it doesn't exist, but it seems like the
only way to do this without emptying it is with add.
The problem is that I'm using an eval to determine the contents of the
event store and by using add I have to do extra work to remove the
data I added.
Does anyone
Michael Hale wrote:
> Hello,
...
> BTW, are there searchable archives of this mailing list available? It
> doesn't appear the SourceForge archives for this list allow searching?
...and your second question - I am missing the search feature, too, I
don't know why it has not been implemented, be
Michael Hale wrote:
> Hello,
>
> I was wondering if there was a way to alarm if a certain output is NOT
> seen after a certain amount of time.
>
> For example, I have a logfile which lists transaction processing - I
> want to alarm when nothing is written to that file for a certain
> amount
Hello,
I was wondering if there was a way to alarm if a certain output is NOT
seen after a certain amount of time.
For example, I have a logfile which lists transaction processing - I
want to alarm when nothing is written to that file for a certain
amount of time, or alternately, when eithe
