6.2 Monitoring - Find in Files

Since only those log records are retrieved which match the filter criteria Find in Files is a good method to deal with large log files.

File monitoring configuration
File monitoring configuration

When you want to monitor log records that match a certain filter from log files which are periodically updated (new log records are added while the file is open in Ascolog Insight) the command Find in Files is the best way to do this. Find in Files opens a configuration dialog which provides a convenient way to configure monitoring log records. Go to the Edit menu and select the Find in Files command to open the Find in Files dialog which is shown in figure File monitoring configuration. When you press the Find button in the Find in Files dialog Ascolog Insight registers all files that match the file filter and from these files it loads those log records that match the search criteria. Enter the search term in the edit control Find what. You can specify options to refine your monitoring in the Find options. You can combine these options if the combination makes sense.

  • Match case

  • Match whole world

  • Regular expression

You can also specify a record filter so that only log records that match this filter are searched (e.g. log records that contain the string “abc”). Existing record filters from the Functions tree can be used by pressing the Apply Active Record Filter button. Strings must be encompassed by double quotes (i.e. “abc” and NOT abc) in a filter expression.

In the Look in edit control you specify the folder where to look for files that should be included in the monitoring. However, you can also specify a file. Check the Include sub-folders box to include sub folders in the monitoring. The type of the files to be monitored is provided in the Look at these file types field. You can specify several file types by separating them with a semi-colon.

If Tail is set to zero the complete file is monitored. If Tail is set to a positive value N only the last N mega-bytes of the files are considered.

Find in Files works closely together with the refresh feature of Ascolog Insight so in order to process log records which were added to monitored files after the start of the monitoring open the File menu and select the Refresh command or you can also schedule a refresh task as described in 9 Task Scheduling. Using the Find in Files dialog again instead of Refresh won't work. When a file is already loaded in Ascolog Insight it will be ignored after pressing the Find button of the Find in Files dialog. The File Information dialog shown in figure File Information dialog will pop-up to inform you about this. You must confirm that the file is ignored by pressing the Ignore button. When you want to make this confirmation for all loaded files press the Ignore All button. When you press the Abort button Find in Files is aborted.

If you want to change the monitoring configuration for loaded files (e.g. a different value in the Find What field) you must first unload these files.

File Information dialog
File Information dialog

All loaded (registered) files are listed in the Files window. You will find useful information about the monitored log records there. In the Retrieved Records column of the Files window you will see the number of log records that were loaded from a file. When a file was loaded due to Find in Files the value in the Retrieved Records column is equal to the number of log records that contain the search term (the number is zero when no log record matches the Find What criteria). The Processed Records column will display the total number of log records in a loaded file. The Files window will show all files that match the file criteria even if the search term was not found in some of the files.