Troubleshooting
Problem
Attempts to monitor a log using the IBM Tivoli Log File agent results in no events being captured or viewed in the Tivoli Enterprise Portal
Symptom
When parsing a log using the log file agent, none of the events from the log are displayed in the Tivoli Portal. Further review also shows that if an unmatch log is used, that log is empty. The agent log shows that it successfully connected to the management server
Cause
This condition usually points to a problem with the regular expression. If you have the following line in your log that you are parsing:
09/18/2012 11:12:14 Some kind of message.
And your regular expression is as follows:
([0-9]{2}\/[0-9]{2}\/[0-9]{4}) ([0-9]{2}:[0-9]{2}:[0-9]{2}) (.*)
Testing this regular expression with a string in a regex tester will show that it matches. However, one key element that is missing in the regular expression is the caret (^) at the beginning. This is translated to assert position at start of the string.
And your regular expression
Resolving The Problem
By placing the caret (^) at the beginning of the regular expression, the expression should now look like the following:
^([0-9]{2}\/[0-9]{2}\/[0-9]{4}) ([0-9]{2}:[0-9]{2}:[0-9]{2}) (.*)
Was this topic helpful?
Document Information
Modified date:
21 June 2018
UID
swg21686662