Hello all,
I was wondering if some people could help me think through different approaches this can be done in SAM.
Scenario: I have a an app that is deployed throughout my environment. I want to check the log files of this system for certain strings, however these strings are slightly different at each site, but they start at the same character (10 characters) from the beginning of the line. I would like to extract the last time in the latest log file (logs are rotated daily) each unique string occurred. In many cases these unique strings might not occur for days at a time and I need to trigger an alert when any of these strings do not occur in the last 30 log files.
I am thinking that I need to write a script that writes the unique strings into a file called uniquestrings.txt, and then have another script that checks the log files for each of these strings and appends the last DateTime the string occurred and inserts that into uniquestrings.txt. Then I would have a SAM component monitor check uniquestrings.txt for any dates older than 30 days old.
Does anyone have any ideas on how to improve on this approach? Thanks