logo: Ytria - Essential Tools for IBM Notes and Domino (Lotus)
Ytria Tech Lab
Articles, Tips, and Code for IBM Notes and Domino Administrators & Developers

How you can get picky with regex to isolate all Agent Manager events across multiple server logs

on 8/07/18

regex searches

Our support team recently received a pretty interesting request. The user was working in consoleEZ and trying to bring up all events that the agent manager had produced across multiple server logs. A catch was that they didn’t want to include events that contained the “will run on behalf of” AND “ran successfully” strings. To do this, they would have to dabble in regular expressions (regex).

In this quick post you’ll see a few cool regex tips and tricks in the form of real examples that you can use for your consoleEZ Log Analyzer searches and console filters. And you’ll get a look at some of the standard mechanics of regex operation, so you’ll have that much more knowledge when using regex elsewhere.

Example 1: search your log files for all events that include the “Amgr” string.

This one is very straightforward. Just pull up your Log Analyzer setup screen, select the servers you’d like to analyze, and then input the following regular expression:

Amgr

Before going any further, a word about case sensitivity: while regex is case sensitive by default, we’ve made regex searches case insensitive for your convenience across the whole portfolio of Ytria tools. However, you can turn the sensitivity back on by selecting ‘Case sensitive’ (see fig. 1).

In consoleEZ's Log Analyzer, like other Ytria tools, you can make regex case sensitive or not

Fig. 1 Regex has been made case insensitive across the Ytria tools, for your convenience. But should you want to turn case sensitivity back on, just select the ‘Case sensitive’ box.

Example 2: filter your consoles’ output to only show events containing the “Amgr” OR “Replicat” strings

 

Ever wanted to turn your consoles into powerful, real-time agent manager and replication event monitoring tools? No problem! Simply open consoles to all servers that you’re interested in, and then select ‘Consoles > Filter Consoles By’ and provide the following regex (see fig. 2):

Amgr|Replicat

consoleEZ's console filters with an AND condition in regex

Fig. 2 You can isolate agent manager and replication events in your consoles by selecting ‘Consoles > Filter Consoles By’ and then providing the regex “Amgr|Replicat”.

See that pipe character? Here that’s used as an OR operand. Logically, you can build from this and add in more events just by adding more expressions separated by the pipe character—like this:

Amgr|Replicat|Error

You can also use this very same expression for log file searches.

Note: when using regex to filter your consoles, you have the additional option to ‘Show’ or ‘Hide’ the results returned. So, in this example choosing ‘Show’ will leave only the events containing the “Amgr” or “Replicat” strings. If you were to choose ‘Hide,’ that same regex would hide all these events.

Example 3: search your server logs for all events that contain both the “Amgr” AND “cannot” strings.

Let’s say you want to locate any agents that aren’t properly signed, and therefore aren’t allowed to execute on a given server. This is a bit more complex. Because to find these, you’re going to need a search regex that will find any events containing the “Amgr” string AND part of the typical error message, for example, the “cannot” string.

Essentially, our expression needs to say “contains string A” AND “contains string B”. For adding conditions that must be true altogether, you’d use the following syntax:

^(Condition1)(Condition2).*

Quite similar to selection formulas, right? Independent conditions within parentheses.

 

How would that look in real terms?

^(?=.*Amgr)(?=.*cannot).*

Add that into your Log Analyzer regex input (see fig. 3). We’ll look a bit more at what those special characters mean in the next example.

consoleEZ's Log Analyzer with more than one condition in regex

Fig. 3 To find both the strings “Amgr” and “cannot”, enter the following into your Log Analyzer regex input ^(?=.*Amgr)(?=.*cannot).*

Example 4: search your server logs for all events that contain “Amgr” but DO NOT contain the “run on behalf” string.

When you search for all events containing the “Amgr” string, you’ll notice that a lot of non-critical info is returned. If you’re interested in those more problematic messages, you might want to cut down on the noise.

Let’s see how you can use regex to search for string “A” while excluding results that contain string “B”:

^(?=.*Amgr)(?!.*run on behalf).*

So, what’s going on here?

Example 3 and the first part of this example both contain the expression ?=.* to find what contains the string “Amgr“. And this example adds in the expression ?!.* to find what does not contain the string “run on behalf“. So, our results here will be events that contain the string “Amgr” AND that don’t contain the string “run on behalf“.

You’ll see that even with this search, you’ll still get a ton of useless messages. To further cut that down, you can add even more exclusions such as the “daily statistics” or “Start executing” strings. And since you can just keep appending more conditions by enclosing them in parentheses, let’s see how that looks (see fig. 4):

^(?=.*Amgr)(?!.*run on behalf) (?!.*daily statistics) (?!.*Start executing).*

consoleEZ's Log Analyzer with a complex, multi-condition regex

Fig. 4 Append more conditions by enclosing them in parentheses.

We hope you found this helpful. You have some quick and useful examples to help you get going with regex searches in consoleEZ’s Log Analyzer, and also a bit of a basic regex background for a couple of expressions you can use elsewhere, should you need to.

Do you have any scenarios we can help with? Shoot us a quick mail, or put your request in the comments section. We’d be happy to give you a hand with it!

Intrigued, but don’t have consoleEZ yet? Give consoleEZ a try.

Print Friendly, PDF & Email

Leave a Comment

To diplay code in your comment, put the code between these brackets: [cc]your code[/cc]. You can also put inline code by using these: [cci]your inline code[/cci]