Hi
in our log we get from time to time entries like
Process 33024 (glusterfsd) of user 0 killed by SIGABRT - dumping core
the Process ID 33024 can change also the service SIGABRT can change
is there a way to find it out with regex?
Hi 
So this will depend on what your're actually trying to search for.
If you want to find all entries with "glusterfsd" that have been killed, you could do something like:
msg:*glusterfsd* AND "killed by" AND "dumping core"
Replace msg with your field name.
It also might be worth looking at using a grok pattern to pull thees elements out and add them to their own fields. This will allow you to make much more efficient queries too
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.