I want to setup log monitoring in such a way that only the latest updated lines in the logs are read. I have actually configured a keyword search for log monitoring. The problem is once the keyword triggers an alert, the alert keeps repeating which implies that the logs are read from the start. Please suggest.
Asked
Active
Viewed 3,627 times
3 Answers
0
You can do right click on the alert and say Accept file. Once you do that, the alert will go away and start from updated lines again.
Mohammad Nadeem
- 9,134
- 14
- 56
- 82
0
You need to have a look to the advance tab. You will find there the option Trigger mode. I think you need to set the option Multiple.
The official documentation says:
MULTIPLE
In multiple trigger mode, FKM will show a new trigger row for each detected key. Detected keys for each file are then indexed by increasing number starting at 0. Later numbers indicate later detected keys.
Kumar Saurabh
- 2,297
- 5
- 29
- 43
AlexandrosV
- 1
- 1
0
Go to FKM Configuration in Basic tab scroll to the right and there is an option Rewind. Make sure this option is not enabled. If it is enabled during each change in configuration FKM will start read from the start of the file, not from EOF.
sree
- 1
- 2