Today, Log Insight system notifications consist of both informational messages and critical system alert messages. In this post, I will discuss how to only get notified for critical system alert messages when integrating Log Insight with an on-call product like PagerDuty.
Continuing with the regex theme this week, I would like to cover a corner case with regular expression matching to be aware of. The example has to do with a single event that contains multiple lines or new line characters and the use of the .* regex.
Log Insight allows for powerful and complex java-based regular expression queries. The Log Insight documentation briefly touches on regular expression examples. I would like to dig a little deeper. In this post, I would like to talk about all of the different regular expressions that are possible using Log Insight and give a few examples as well.
I have received some requests for more advanced posts regarding Log Insight so here is one for those requesting! I recently was asked how to query in Log Insight for when some subset of characters did not exist within a keyword. The specific question was in regards to Active Directory events. Let me walk you through an example and how to solve the problem.