**CMK version:Enterprise Edition 2.1.0p17
Hey yall. Im pretty new in IT and prettier new in CheckMK.
I got the task to catch some error logs from different Win20 Server, what worked suprisingly well with an Ansible script.
I created my Overview for about 50 Server and made rules to tell the logview what I want to catch. Everything worked well untill there. Our Logfiles write errors in a 5min tact and so I get my error messages every 5 minutes. What is kinda annoying and makes the actuall reading of the logs pretty annoying. I’ve seen that you can say ansible to get error messages only one but it didnt work. Because the timestamp before every message changes!?
I’ve checked the “Duplicated messages management” as well as “Filter out consecutive duplicated messages in the agent output”.
One example how I tried to filter out the timestamp:
Regular expressions for message classification:
State: “Warning” Pattern:
“[WARNING]\s*(.*)$”
State: “Rewrite” Pattern: “\1”
So I have expected that this only gives me the actuall warning and filters out the timestamp, so I dont get multiple messages about the same error. It doesnt work.
Another example, a little bit more exessive:
State: “Warning” Pattern:
“^\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2},\d{3}\s[(?:MESSAGE:\s\d+)]\sWARNING\s(.+)”
State: “Rewrite” Pattern: “\1”
Didn’t work either. Do I have a simple thinking error, or doing something wrong here? Or cant CheckMK do what I want it to ?
Sorry for my bad writing, I am not a native english speaker and trying to get better, why I write and communicate online only in english.
And thanks for every hint I get 