One way to capture the entire block of a multiline error is to use FKM's multiline setting.
Let's use the sample error log below.
2023-03-21 04:53:21,414 | ERROR | org.dozer.MappingProcessor | mapField | 283 | org.dozer.MappingProcessor | Field mapping error -->
MapId: null
Type: null
Source parent class: quickfix.fix42.ExecutionReport
Source field name: TransactTime
Source field type: null
2023-03-21 04:53:23,115 | INFO | org.dozer.MappingProcessor | mapField | 285 | org.dozer.MappingProcessor | Field mapping info -->
Your multiline settings should look like the below to capture the timestamp as your start and end pattern.
Simple regex to capture the timestamp: \d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d,\d\d\d
You can use https://regex101.com/ to test your regex.
And your match key setting should look like below. You'll notice that 'Source field type' is defined as an end tag so only lines above 'Source field type' are displayed.
Ensure 'Parse trigger details' in the advanced tab setting is turned on.
Sample FKM dataview:
click the image to enlarge*
Notes:
The 'triggerDetails' has an internal max character limit. Please use the start and end tags to remove unnecessary data.
References:
- https://docs.itrsgroup.com/docs/geneos/current/data-collection/fkm-config.html#files__file__multiline
- https://docs.itrsgroup.com/docs/geneos/current/data-collection/fkm-config.html#tags
- https://support.itrsgroup.com/hc/en-us/articles/115004020105-Geneos-How-Do-I-Parse-FKM-s-status-and-triggerDetails-Columns-
If you have any further questions:
- Please contact our Client Services team via the chat service box available on any of our websites or via email to support@itrsgroup.com
- Make sure you provide us:
- ANY LOG FILE OR DIAGNOSTIC
- ANY SCREENSHOT
Comments
0 comments
Please sign in to leave a comment.