Table of Contents
- Getting Started
- Agent-Based Management
- Common Tasks
- Data Providers
- Directory Services
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- Active Directory User Monitor Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- Account Lockout Monitor Template
- Audit Policy Monitor Template
- Logon As Monitor Template
- Logon Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Process Monitor Template
- RDP Session Monitor Template
- Registry Value Monitor Template
- Service Monitor Template
- SMART Disk Monitor Template
- System Security Monitor Template
- Windows Update Template
- WMI Query Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Database Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Schedules
- Environment Variables
- Options
- SNMP
- SSH Shell
- Syslog
- System Reset
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Terminology
Corner Bowl Server Manager
SIEM, IPS, Server Monitoring, Uptime Monitoring and Compliance Software
Define Log Entry Columns with Regular Expressions
The Columns Tab, found within both Log Consolidation and Log Monitor template properties views, enables you to extract values from log entries then, in the case of log consolidation, save those values to custom columns in your log repository database. Log Monitors use the column definitions to extract key value pairs before applying filters.
Event Log, Syslog and Text Log Consolidation and Monitor Templates all provide a list of Regular Expressions you can apply to extract the key value pairs.
To define regular expressions
- From the Regular Expressions List, click the Add
button. A new line is added to the list.
- Use the Value Text Box to enter your regular expression.
- Use the Up Button
and Down Button
to reorder your regular expressions.
Note
Multiple regular expressions enable you to test for different key value pairs. If the same key exists for multiple regular expression results, the last matching regular expression in the list is applied to the result set.
To define column definitions
Sample
Consider the following log entry:
My String,True,16,-1000,-100000,-10000000000,1000,100000,10000000000,2022-04-01,100,10.11,100.111,1000.1111,1,1024,50,75
If you apply the following regular expression to the above log entry, a key value pair is defined for each value in the log entry.
To implement the above scenario define a column for each key value pair to extract. For example: