Creating logz.io alert with regex (or custom logic on log fields)

Question

I'm trying to create an alert that has regex in its query/filter parameters
I have the following log lines

[2022-05-01 00:00:00] [Thread-1] ERROR MyLoggerName - Iteration #0.  [123456, 456789]  -  2 missing data lines in iteration
[2022-05-01 00:01:00] [Thread-1] ERROR MyLoggerName - Iteration #1.  [234567, 567890]  -  951 missing data lines in iteration

According to the following logz.io documentation this is what i entered in the search bar:

message:/(.*) (\d{1,19}) missing data lines in iteration/

Which yielded no results. If i search for

message:"missing data lines in iteration"

I get exactly the above log lines so i thought that there was something wrong with my regex but when i tryed online regex engines - i saw that the text was matched. What is the correct way/format you can pass a regex to match log lines?

The reason for this specific regex is that i would "capture" a part of a log line (in this example, the number 2 and the number 951) and create an alert in logz.io according to some logic on these values. Is this possible? If not - i can adjust the regex to match only numbers i would like to raise an alert on.

You have a typo in the pattern `iteration` != `interation` See https://regex101.com/r/34FFbk/1 — The fourth bird, May 19 '22 at 18:20
@Thefourthbird - the typo was in the question. my log lines and regex pattern are correct (and fixed in the question) — Mr T., May 22 '22 at 06:39

score 0 · Answer 1 · answered May 28 '22 at 20:14

0

To capture only 2 and 951 you should make the first group non-capturable

(?:.*) (\d{1,19}) missing data lines in iteration

Please see the demo

answered May 28 '22 at 20:14

Artyom Vancyan

5,029
3
12
34

Creating logz.io alert with regex (or custom logic on log fields)

1 Answers1