Monitoring logfiles with multiple delimeters using the Universal Agent

So it will happen when you need to monitor a logfile with the Universal Agent and that logfile will have various delimeters and even data you don't care about. Here is an example based on some recent experience.

My data file started out like this:

nnn 00 nnnnnnnn ggggggg/ddd/fffffff vvv www
So in the above example I have both spaces and forward slashes as delimeters. The data seperated by slashes represent 3 distinct values. So here is a partial metafile that can handle this:

//ATTRIBUTES
DATA1 D 3
-DATA2 D 2
-DATA3 D 8
DATA4 D 7 Atomic DLM='/'
DATA5 D 3
DATA6 D 7 DLM=' '
DATA7 D 3
DATA8 D3


By default the FILE data provider uses a SPACE for a delimeter so we don't have to mention it. The DATA1 field is the first 3 characters up to the first space. The -DATA2 and -DATA3 fields are meaningless data for us, so we prefix them with a dash. This means those data fields will be skipped and we will move on to the next fields.

The DATA4 field is important to us so we set it to Atomic so we can key off of it in Situations. We also set a new delimeter using DLM='/', this has now become our default delimeter. DATA5 is next 3 characters up to the "/", DATA6 is the last piece of data connected to the slashes - so we have to reset our delimeter using DLM=' '. Then we just have our remaining DATA7 and DATA8 fields.

This approach is very usable and should be considered a hack. Too many people think customization like this is a bad thing.