#228 closed defect (invalid)
CheckEventLog failure combining eventSource with space and an additional filter
| Reported by: | AndersB | Owned by: | mickem |
|---|---|---|---|
| Priority: | 5 | Milestone: | 0.3.4 |
| Component: | Core | Version: | 0.3.4 |
| Severity: | Bugs | Keywords: | |
| Cc: |
Description
There seems to be a problem in 0.3.4.28 with an CheckEventLog filter combining an eventSource with a space in its name, and an additional condition. For example this will not show anything:
check_log=inject CheckEventLog file=Application truncate=1000 descriptions filter=new MaxWarn=1 MaxCrit=1 "filter+eventSource=Application Error" filter+severity==error
While all these will have hits:
check_log=inject CheckEventLog file=Application truncate=1000 descriptions filter=new MaxWarn=1 MaxCrit=1 "filter+eventSource=Application Error"
check_log=inject CheckEventLog file=Application truncate=1000 descriptions filter=new MaxWarn=1 MaxCrit=1 filter+severity==error
check_log=inject CheckEventLog file=Application truncate=1000 descriptions filter=new MaxWarn=1 MaxCrit=1 "filter+eventSource=Userenv" filter+severity==error
Please check if this is a problem in the application or if I'm just losing my sanity.
Change History (3)
comment:1 Changed 5 years ago by mickem
- Owner changed from MickeM to mickem
- Status changed from new to assigned
comment:2 Changed 5 years ago by AndersB
- Resolution set to invalid
- Status changed from assigned to closed
My fault! It turned out that I had mixed up severity with eventType. Apparently my event source logged the errors with severity=success and eventType=error.
Sorry for bothering.
comment:3 Changed 23 months ago by mickem
- Version changed from 0.3.4-RC to 0.3.4
HUmm, first off you might wanna change the syntax to something useful (in this case "syntax=%source% %severity%").
Secondly you might (just to be safe) want to specify filter=in (or out), in is the default but you never know...
Anyways tried the following:
Which seemed to work fine.
Michael Medin