Hi Expert
我的环境是SCOM 2012, 我们安装了SCOM NiCE log Files MP, 用来监控log file
我创建了一个Repeated log file Rule
Rule设置中用了正则表示式去做关键字匹配,而且alert也收到了,
上图内容如下:
Context
< DataItem type =" NiCE.LogFile.Monitoring.LogFileMonitoringDataItem " time =" 2016-08-19T02:14:17.5525953Z " sourceHealthServiceId =" 1f26e700-0f2b-39a4-c157-e43de92bbbf4 " >
< LogFileDirectory > C:\OVScripts\printerMonitoring </ LogFileDirectory >
< LogFileName > printerJobsStatus.log </ LogFileName >
< FullPath > C:\OVScripts\printerMonitoring\printerJobsStatus.log </ FullPath >
< LogFileLine > Printer: test1, Printer status: Offline </ LogFileLine >
< RegexMatch >
< Group0 >
< Capture > test1, Printer status: Offline </ Capture >
</ Group0 >
< Printer >
< Capture > test1 </ Capture >
</ Printer >
< PrinterStatus >
< Capture > Offline </ Capture >
</ PrinterStatus >
</ RegexMatch >
</ DataItem >
但问题是,我想把告警中的几个变量值pritner 及 printerstatus添加到alert description中,我尝试了很多变量替换的方法,都失败了
比如
$Data/RegexMatch/Printer$
$Data/RegexMatch/PrinterStatus$
$Data[Default='']/RegexMatch/Printer$
$Data[Default='']/RegexMatch/PrinterStatus$
$Data/Context/RegexMatch/Printer$
$Data/Context/RegexMatch/PrinterStatus$
$Data/EventData/DataItem/RegexMatch/Printer$
$Data/EventData/DataItem/RegexMatch/PrinterStatus$
取的值都为空, 请教大家有什么建议,谢谢!
