NiCE Generic LogFile Provider DataSource with a grouping regular expression and a negative pattern.

NiCE.Library.X.Generic.LogFile.Provider.NegativeFilter.DS (DataSourceModuleType)

Element properties:

Show References:
- DataSource Modules (1)
- Rules (5)

Type	DataSourceModuleType
Isolation	Any
Accessibility	Public
RunAs	Default
OutputType	System.Event.Data

Member Modules:

ID	Module Type	TypeId	RunAs
LogFileProvider	DataSource	Microsoft.Unix.SCXLog.Privileged.Datasource	Default
Parse	ProbeAction	NiCE.Library.X.Regex.Parse.Probe	Default
Mapper	ConditionDetection	System.Event.GenericDataMapper	Default
NegativeFilter	ConditionDetection	System.ExpressionFilter	Default

Overrideable Parameters:

ID	ParameterType	Selector	Display Name	Description
Interval	int	$Config/ProviderConfig/Interval$	Interval
SyncTime	string	$Config/ProviderConfig/SyncTime$	SyncTime
Tracing	bool	$Config/ProviderConfig/Tracing$	Tracing
NegativePattern	string	$Config/NegativePattern$	NegativePattern	The messages that match this regular expression are filtered out. The value cannot be empty. If you do not need it, just use '^$' regex to filter empty strings.

Source Code:

<DataSourceModuleType ID="NiCE.Library.X.Generic.LogFile.Provider.NegativeFilter.DS" Accessibility="Public" Batching="false">

  <Configuration>

    <IncludeSchemaTypes>

      <SchemaType>System!System.ExpressionEvaluatorSchema</SchemaType>

      <SchemaType>NiCE.Library.X.NiCEProvidersSchema</SchemaType>

    </IncludeSchemaTypes>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="ProviderConfig" type="ProviderConfigType"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="LogFileProviderConfig" type="SimpleLogFileProviderConfigType"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="RegexReplace" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="RegexReplaceWith" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="GroupPattern" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="NegativePattern" type="xsd:string"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="Interval" Selector="$Config/ProviderConfig/Interval$" ParameterType="int"/>

    <OverrideableParameter ID="SyncTime" Selector="$Config/ProviderConfig/SyncTime$" ParameterType="string"/>

    <OverrideableParameter ID="Tracing" Selector="$Config/ProviderConfig/Tracing$" ParameterType="bool"/>

    <OverrideableParameter ID="NegativePattern" Selector="$Config/NegativePattern$" ParameterType="string"/>

  </OverrideableParameters>

  <ModuleImplementation Isolation="Any">

    <Composite>

      <MemberModules>

        <DataSource ID="LogFileProvider" TypeID="Unix!Microsoft.Unix.SCXLog.Privileged.Datasource">

          <Host>$Config/ProviderConfig/TargetSystem$</Host>

          <LogFile>$Config/LogFileProviderConfig/Directory$/$Config/LogFileProviderConfig/FileNamePattern$</LogFile>

          <RegExpFilter>$Config/LogFileProviderConfig/RegexFilter$</RegExpFilter>

          <IndividualAlerts>true</IndividualAlerts>

        </DataSource>

        <ProbeAction ID="Parse" TypeID="NiCE.Library.X.Regex.Parse.Probe">

          <EventDescription>$Data[Default='']/EventDescription$</EventDescription>

          <RegexReplace>$Config/RegexReplace$</RegexReplace>

          <RegexReplaceWith>$Config/RegexReplaceWith$</RegexReplaceWith>

          <GroupPattern>$Config/GroupPattern$</GroupPattern>

          <TargetSystem>$Config/ProviderConfig/TargetSystem$</TargetSystem>

          <Tracing>$Config/ProviderConfig/Tracing$</Tracing>

        </ProbeAction>

        <ConditionDetection ID="Mapper" TypeID="System!System.Event.GenericDataMapper">

          <EventOriginId>$Target/Id$</EventOriginId>

          <PublisherId>$MPElement$</PublisherId>

          <PublisherName>EventProvider</PublisherName>

          <Channel>EventProvider</Channel>

          <LoggingComputer/>

          <EventNumber>0</EventNumber>

          <EventCategory>3</EventCategory>

          <EventLevel>0</EventLevel>

          <UserName/>

          <Description>$Data[Default='']/Property[@Name='EventDescription']$</Description>

          <Params>

            <Param>$Data[Default='']/Property[@Name='RawEventDescription']$</Param>

            <Param>$Data[Default='']/Property[@Name='EventDescription']$</Param>

            <Param>$Data[Default='']/Property[@Name='Group1']$</Param>

            <Param>$Data[Default='']/Property[@Name='Group2']$</Param>

            <Param>$Data[Default='']/Property[@Name='Group3']$</Param>

            <Param>$Data[Default='']/Property[@Name='Group4']$</Param>

            <Param>$Data[Default='']/Property[@Name='Group5']$</Param>

            <Param>$Data[Default='']/Property[@Name='Group6']$</Param>

            <Param>$Data[Default='']/Property[@Name='Group7']$</Param>

            <Param>$Data[Default='']/Property[@Name='Group8']$</Param>

          </Params>

        </ConditionDetection>

        <ConditionDetection ID="NegativeFilter" TypeID="System!System.ExpressionFilter">

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="String">EventDescription</XPathQuery>

              </ValueExpression>

              <Operator>DoesNotMatchRegularExpression</Operator>

              <Pattern>$Config/NegativePattern$</Pattern>

            </RegExExpression>

          </Expression>

        </ConditionDetection>

      </MemberModules>

      <Composition>

        <Node ID="NegativeFilter">

          <Node ID="Mapper">

            <Node ID="Parse">

              <Node ID="LogFileProvider"/>

            </Node>

          </Node>

        </Node>

      </Composition>

    </Composite>

  </ModuleImplementation>

  <OutputType>System!System.Event.Data</OutputType>

</DataSourceModuleType>