Check_eventlog filters using 'in' and 'regexp' not producing expected results when filtering on ID.
Filter using 'in' expression does not work when multiple id's are supplied
Filter using 'regexp' does not work on id
Working with id = '35264'
./check_nsc_web -u https://10.241.175.12:18443/ -p 'xxxxxxxx' -k -t 30 check_eventlog "filter=log = 'Application' and source regexp 'MSSQL.*' and id = '35264'" scan-range=-2w show-all "warn=count gt 0" "critical=written > -5m" "unique=1"
WARNING: 1 message(s) warning(Application MSSQL$APP2 (Always On Availability Groups data movement for database 'uniflow' has been suspended for the following reason: "system" (Source ID 4; Source string: 'SUSPEND_FROM_APPLY'). To resume data movement on the database, you will need to resume the database manually. For information about how to resume an availability database, see SQL Server Books Online.)), Application MSSQL$APP2 (Always On Availability Groups data movement for database 'uniflow' has been suspended for the following reason: "system" (Source ID 4; Source string: 'SUSPEND_FROM_APPLY'). To resume data movement on the database, you will need to resume the database manually. For information about how to resume an availability database, see SQL Server Books Online.) |'Application_MSSQL$APP2_written'=1643871303;0;1644406903;; 'count'=1;0;0;;
Not working with id regexp '35264'
./check_nsc_web -u https://10.241.175.12:18443/ -p 'xxxxxxxxx' -k -t 30 check_eventlog "filter=log = 'Application' and source regexp 'MSSQL.*' and id regexp '35264'" scan-range=-2w show-all "warn=count gt 0" "critical=written > -5m" "unique=1"
OK: No entries found |'count'=0;0;0;;
Working with id in ('35264')
./check_nsc_web -u https://10.241.175.12:18443 -p 'xxxxxxxxx' -k -t 30 check_eventlog "filter=log = 'Application' and source regexp 'MSSQL.*' and id in ('35264')" scan-range=-2w show-all "warn=count gt 0" "critical=written > -5m" "unique=1"
WARNING: 1 message(s) warning(Application MSSQL$APP2 (Always On Availability Groups data movement for database 'uniflow' has been suspended for the following reason: "system" (Source ID 4; Source string: 'SUSPEND_FROM_APPLY'). To resume data movement on the database, you will need to resume the database manually. For information about how to resume an availability database, see SQL Server Books Online.)), Application MSSQL$APP2 (Always On Availability Groups data movement for database 'uniflow' has been suspended for the following reason: "system" (Source ID 4; Source string: 'SUSPEND_FROM_APPLY'). To resume data movement on the database, you will need to resume the database manually. For information about how to resume an availability database, see SQL Server Books Online.) |'Application_MSSQL$APP2_written'=1643871303;0;1644846132;; 'count'=1;0;0;;
Not working with id in ('893,'35264')
./check_nsc_web -u https://10.241.175.12:18443 -p 'xxxxxxx' -k -t 30 check_eventlog "filter=log = 'Application' and source regexp 'MSSQL.*' and id in ('893','35264')" scan-range=-2w show-all "warn=count gt 0" "critical=written > -5m" "unique=1"
OK: No entries found |'count'=0;0;0;;
Expected Behavior
Each of the above filters should return the EventID '35264'
Actual Behavior
Regexp filter returns no events when '35264' is specified
In filter only works with a single ID in the filter, adding a second ID to the Filter list returns no events
Issue and Steps to Reproduce
Check_eventlog filters using 'in' and 'regexp' not producing expected results when filtering on ID.
Filter using 'in' expression does not work when multiple id's are supplied
Filter using 'regexp' does not work on id
Expected Behavior
Each of the above filters should return the EventID '35264'
Actual Behavior
Regexp filter returns no events when '35264' is specified In filter only works with a single ID in the filter, adding a second ID to the Filter list returns no events
Details
Additional Details
NSClient++ log: