logsniffer
logsniffer copied to clipboard
mbok
Could you highlight ERROR message
How about hightlight specific row in logging stream for example with follow condition:
level == "WARN"
app = "mysql"
regexp = "/deadlock/"
Can I make this on current version?
Thanx for answer.
You've the possibility to use the "Severity mapping" filter in your log source definition for this purpose. This filter maps a source field value to the standard complex lf_severity field, which is natively used e.g. for highlighting of entries and for retrieval. Currently only string matching condition is supported.
See the attached screenshot with an example which maps HTTP response codes to a human readable and highlighted form.
I think it's better to make a chain processor (i.e. a few chain with different type of filtering criteria) with a variable of condition processor for choice. Let's say one of them can be a regular expression, another one is simple field comparison, a third something else ... honestly, I do not imagine all the expect options, but I sure that a flexible interface for solving any kind of problem is better a single regular expression. Another question is performans of this system and I think that there should be integration with elasticsearch query / filtering subsistem.
Let's I show example of some research request for web site operationals in pseudo SQL request with comment:
SELECT created_at, pathname, method, status_code FROM nginx_united_grid_stream
WHERE
created_at BETWEEN 2016-04-30 AND 2016-05-01 // We know about problem in selected date and time range and it first filtering
AND
status_code NOT IN [200, 301, 302] // We know about that is not good response
AND
pathname REGEXP "^/admin/manage" // We know about this is request in admin mange area
AND
form_post_data.fields.e ... // We may know about some post parameters like email of user for example
AND
cookie.session IS ... // We may know session_id of this session
ORDER BY
created_at ASC // We want always hronology order