How to configure Clear Key to match multiple keywords in the log for FKM plugin

Context Copied

• In the FKM plugin, the Clear Key option allows users to configure patterns that will remove detected triggers automatically. The patterns support regular expression syntax, making it more flexible to match various log files.

• This article provides an example to illustrate how users can make use of dollar references and capture groups in regular expressions.

Sample Error Pattern Copied

2024/01/24 12:00:03<110827> Report 233DSSA23dFGS2sdgjaasdss2zxzxcsdawwf12hd (FKM SBR_JVL) error. Queued time: 2024/1/24 12:0:3; Status: QUEUING

Sample Resume Pattern Copied

2024/01/24 12:00:09<110827> Report 233DSSA23dFGS2sdgjaasdss2zxzxcsdawwf12hd (FKM SBR_JVL) running on LB LC_LC300_SQL/jvmous1 ended. Queued time: 2024/1/24 12:0:3; Started time: 2024/1/24 12:0:3; Ended time: 2024/1/24 12:0:9; Status: RECONNECTED

User wanted to configure FKM plugin such that:

• When the patterns “Report” and “error” are detected, it should raise an alert. It should also record the Report IDs as variables. Because of the bracket characters, it may need to store it as multiple variables.
• When the patterns “Report” and “RECONNECTED” are detected, cross check the Report IDs and clear the original alert as appropriate.

If the FKM sampler is set up to record the previously mentioned log entry, the dataview would resemble this:

For example, to clear the trigger above:

• The Set key value is Report (.*) ((.*)) error
• The Clear key value is Report ${1} (${2}) .*RECONNECTED$

Further Information Copied

• File Keyword Monitor configuration documentation