Could you highlight ERROR message

mbok / logsniffer

logsniffer is a sophisticated open source web tool for parsing, viewing, monitoring and analyzing log data - smarter, collaborative and easier. [No longer maintaned]

GNU Lesser General Public License v3.0

104 stars 47 forks source link

Could you highlight ERROR message #68

Open vit1251 opened 8 years ago

vit1251 commented 8 years ago

How about hightlight specific row in logging stream for example with follow condition:

level == "WARN"
app = "mysql"
regexp = "/deadlock/"

Can I make this on current version?

Thanx for answer.

mbok commented 8 years ago

You've the possibility to use the "Severity mapping" filter in your log source definition for this purpose. This filter maps a source field value to the standard complex _lfseverity field, which is natively used e.g. for highlighting of entries and for retrieval. Currently only string matching condition is supported. severity-mapping-filter See the attached screenshot with an example which maps HTTP response codes to a human readable and highlighted form.

vit1251 commented 8 years ago

It workaround but it may be usable.

mbok commented 8 years ago

Would a regex condition meat your requirements better?

vit1251 commented 8 years ago

I think it's better to make a chain processor (i.e. a few chain with different type of filtering criteria) with a variable of condition processor for choice. Let's say one of them can be a regular expression, another one is simple field comparison, a third something else ... honestly, I do not imagine all the expect options, but I sure that a flexible interface for solving any kind of problem is better a single regular expression. Another question is performans of this system and I think that there should be integration with elasticsearch query / filtering subsistem.

vit1251 commented 8 years ago

Let's I show example of some research request for web site operationals in pseudo SQL request with comment:

SELECT created_at, pathname, method, status_code FROM nginx_united_grid_stream
WHERE
        created_at BETWEEN 2016-04-30 AND 2016-05-01   // We know about problem in selected date and time range and it first filtering
    AND
         status_code NOT IN [200, 301, 302] // We know about that is not good response
    AND
         pathname REGEXP "^/admin/manage"  // We know about this is request in admin mange area
    AND
         form_post_data.fields.e ...  // We may know about some post parameters like email of user for example
    AND
         cookie.session IS ... // We may know session_id of this session
ORDER BY
    created_at ASC  // We want always hronology order