How to have 2 different ntevl profiles to strict match on specific event id ?
search cancel

How to have 2 different ntevl profiles to strict match on specific event id ?

book

Article ID: 135515

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

Having a challenge on how not to trigger duplicate profiles.
For example, there are 2 similar ntevl profiles as follows. How do I not send Profile 01 when criteria of Profile 02 is satisfied ?

[Profile 01]

Source = A Severity = error ID = * Other criteria set as *

[Profile 02]

Source = A Severity = error ID = 100 message = *TEST*

Environment

ntevl probe

Resolution

This is one example how to exclude using event id.

[Profile 01]

Source = A Severity = error ID = 1-99,101-99999 Other criteria set as *

[Profile 02]

Source = A Severity = error ID = 100 Message = *TEST*

Outcome : New event (event id = 100, message contains TEST) will fire Profile 02 only.


Additional Information

Product documentation related to the topic.

https://docops.ca.com/ca-unified-infrastructure-management-probes/ga/en/alphabetical-probe-articles/ntevl-nt-event-log-monitoring/ntevl-im-configuration#ntevlIMConfiguration-CreateProfiles

Event ID: defines the Event ID you are monitoring. Use * to monitor all events of the selected log file. You can use exact numeric match, range( example, 1-5) and multiple comma separated event IDs. You can also use both ranges and commas in the same entry, such as 1-5, 9-20. The field does not support any other regular expression.

Powered by Wolken Software