Link
Zebrium Docs

© ScienceLogic, Inc. 2024

Search

TAG RULES

SERVICE GROUPS

Select one or more named service groups from the dropdown using multi-select. If no service groups are indicated, the rule may match an event from any service group; if one service group is indicated, the rule may only match an event from that service group; if more than one service group is indicated, the rule may only match an event from any one of the named service groups (a logical OR across the selections).

LABELS

Require one or more labels to match a corresponding case-sensitive substring, case-sensitive regex, or case-insensitive regex. All provided label conditions must be satisfied by the same event for that event to match the rule (a logical AND across the conditions).

The label field consists of a list of parenthesized conditions. Each parenthesized condition consists of the label name, followed by a colon, followed by one of a case-sensitive substring, a case-sensitive regex, and a case-insensitive regex.

As an example, to require the “app” label to start with the word core, case-insensitive; the “version” label to have a first digit of 6; and the “State” label to have the value of “DONE”:

(app:/^core/i)(version:/^\D*6/)(State:DONE)

Below are more details on entering each condition.

To require a case-sensitive substring match to the label value, enter something like this:

Exact Label Value Substring

To require a case-sensitive PCRE regex match to the label value, enter something like this, surrounding the regex in forward slashes:

/Label Value With Digit\d/

It is generally recommended, but not required, to escape all non-alphanumeric literal characters within your regex as a best practice, such as:

/Label\ Value\ With\ Digit\d/

To require a case-sensitive PCRE regex match to the label value, enter something like this, surrounding the regex in forward slashes:

/Label Value With Digit \d/

It is generally recommended, but not required, to escape all non-alphanumeric literal characters within your regex as a best practice, such as:

/Label\ Value\ With\ Digit \d/

To require a case-insensitive PCRE regex match to the event text, enter something like this (note the “i” after the second forward slash):

/label value with digit \d/i

It is generally recommended, but not required, to escape all non-alphanumeric literal characters within your regex as a best practice, such as:

/label\ value\ with\ digit\ \d/i

In general, any parse errors related to ambiguous patterns can be resolved by escaping all non-alphanumeric literal characters.

TEXT

Require a match on the event text, as shown in the Zebrium UI to the right of the severity, to match. There are three options: a case-sensitive substring, a case-sensitive regex match, and a case-insensitive regex match.

To require a case-sensitive substring match to the event text, enter something like this:

Exact Text to Match

To require a case-sensitive PCRE regex match to the event text, enter something like this, surrounding the regex in forward slashes:

/Matches Any Digit\: \d/

It is generally recommended, but not required, to escape all non-alphanumeric literal characters within your regex as a best practice, such as:

/Matches\ Any\ Digit\:\ \d/

To require a case-insensitive PCRE regex match to the event text, enter something like this (note the “i” after the second forward slash):

/matches any digit\: \d/i