You can test a string or variable against a pattern, and define an output string that is conditional on the result. You can do this using $MATCH
, which has the following syntax:
$MATCH(string, pattern, true, [false])
Specify the parameters as follows:
string
TEST STRING
) or a policy variable (for example <$LOGPATH>
). pattern
true
and false
. The pattern is case sensitive. true
false
Separate each parameter with a comma (,). To specify a comma within a parameter, you must precede it with two backslashes (\\).
You can use $MATCH
within your policies in the following event attributes:
Application
Automatic command
Category
Custom message attribute values
Message key
Message type
Object
Service ID
Title
Note: You can use $MATCH only once in each message attribute. You cannot use $MATCH recursively.
A policy can read a number of log files. The name of the path of the log file is available in the policy variable <$LOGPATH>
. If part of the log file path corresponds to an application name, you can use $MATCH to set the application event attribute as follows:
$MATCH(<$LOGPATH>,<@.application>.log, <application>, Unknown)