Regular expression to match if X strings containing a word?

Question

I'm dealing with a problem that i don't know if is possible to solve this way, hope you can help me, Let's see:

I'm using Monit to monitor some log files, and i want it to look for a certain expression, but I only want a positive match if that expression appears more than, let's say 3 times.

The log file in question looks like this:

[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   [SEVERE]     :: Exception was caught: Could not bind to port.. Exiting.
[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   [SEVERE]     :: Exception was caught: Could not bind to port.. Exiting.
[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   [SEVERE]     :: Exception was caught: Could not bind to port.. Exiting.
[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   Configurator :: FillSensor()
[2013/03/12-16:07:06]   [SEVERE]     :: Exception was caught: Could not bind to port.. Exiting.
[2013/03/12-16:07:06]   Configurator :: FillSensor()

And I'm looking for the "[SEVERE]" expression.

I want a match if that expression appears more than 3 times.

I know that .*\[SEVERE\].* gives me all the lines matching that expression, but I want to only match if that number of lines is 3 or more. Is there a way to do it with regular expressions? Or an alternative to do it with Monit perhaps?

Read in each line of your log file individually, and then when you get 3 matches, return the entire file as a match. — Michael, Mar 13 '13 at 18:17
Another way is to use `grep` to pick out the lines, then use `wc` to count the lines matching the words. — nhahtdh, Mar 13 '13 at 18:34
I think that unfortunately those options go beyond the scope of Monit, am I wrong? — catteneo, Mar 13 '13 at 18:46
`grep SEVERE somelogfile.txt | tail -n +3`. If there's no output, there were 3 or fewer lines containing `SEVERE`. If there is output, there were more, but the first three will be missing... — twalberg, Mar 13 '13 at 19:04

Jace Browning · Accepted Answer · 2013-03-14T00:02:28.137

2

If you can access your log files in a capable shell:

[ $(cat LOG.txt | grep "\[SEVERE\]" | wc -l) -ge 3 ]

This pipes the file's contents to grep which searches for lines that contain "[SEVERE]" then wc counts the number of lines and the expression returns 0 if the number of lines is greater than or equal to 3.

edited Mar 14 '13 at 00:02

answered Mar 13 '13 at 19:36

Jace Browning

11,699
10
66
90

Yeah, I guess the best option to do this is outside of Monit, with something like your solution. Thanks – catteneo Mar 14 '13 at 14:48

Regular expression to match if X strings containing a word?

1 Answers1