When monitoring log files with the logmon probe, users may need to expand a profile to include multiple additional search strings (e.g., error messages or failure notifications). This article clarifies whether these strings can be added to an existing watcher or if separate watchers are required.

DX Unified Infrastructure Management (UIM) - Any Version
logmon probe (any version)

You can monitor multiple strings in logmon using two primary methods, depending on whether you require unique alarm messages or unified alerting.

Method 1: Use a Single Watcher with Regular Expressions (OR Logic)

If all strings should trigger the same alarm severity and use the same message template, you can combine them into one watcher using the pipe (`|`) operator.

Example Match Expression:
/.*(Merge Agent encountered an error|Merge Agent failed to execute|The Merge Agent failed|server could not be contacted|Failed to allocate a new identity range for subscription).*/

Method 2: Create Separate Watchers Within the Same Profile

If you require different alarm levels (e.g., Critical for "failed to execute" and Warning for "could not be contacted") or specific troubleshooting instructions in the alarm message, create a separate watcher for each string within the same profile.

Which method you choose depends on your specific alerting requirements and the need for administrative granularity.

If your primary goal is to simply ensure that any of these strings generate a notification regardless of the specific error type, Method 1 is the most efficient choice as it minimizes configuration overhead. However, if you need to distinguish between critical failures and minor connectivity issues, or if you want to provide unique resolution steps for different errors, Method 2 is the preferred approach.

Considerations

Administrative Overhead: Method 1 is easier to maintain if all strings share the same severity. Method 2 requires more manual effort to configure but provides greater control how logmon handles multi-line formats (blocks).
Alarm Specificity: Choose Method 2 if you need to use unique suppression IDs or specific custom variables to extract data from the log line for more detailed alarm messages How to configure threshold for a variable in logmon probe.
Evaluation Logic: Keep in mind that logmon evaluates each line against every watcher in the profile. If a single line contains content that matches more than one watcher in Method 2, multiple alarms will be generated for that single line