We have a use case for logmon where, when matching a line, we need to "look back" in the logfile and capture data from a previous line, but we do not want to use a watcher to match that previous line.

Or, we want to "look ahead" and capture additional lines beyond.

Examples may include (but are not limited to) situations such as:

- the log contains an error string, and we want to use a Watcher to detect the error string; but also, we want to look back at the previous line to see what came right before the error and capture the details to send in the alarm message.

- the log contains a block of text and we want to use a Watcher to detect a specific string in a line of the block - and then we want to capture information from a different line in the block (not the matching line)

- the log contains an Exception and we want to use a Watcher to monitor for the line that contains "Exception" but also any additional lines which may contain information about the Exception.

Is this possible?

We have tried using a multi-line regular expression but it does not seem to work.

logmon probe - any version

Currently this is not possible due to the way logmon handles blocks of text.  Even when a "format" is defined for a block, each line of the expected block is evaluated on a line-by-line basis.

This is described in more detail here:  how logmon handles multi-line formats (blocks)

Due to the way logmon goes sequentially through lines of text, it is not possible to capture information from "surrounding" lines - you can only capture information from the exact line which matches the configured Watcher.  

Even if a "block" format is defined, it is only possible to capture information from the line in the block which matches the Watcher and not the "start expression" or "end expression" of the block itself.