SAP IT Operations Analytics 2.0 has just been released and is available for download in SAP Software Download Center.
You can find the documentation at http://help.sap.com/itoa.
The product comes with a set of rules that are used to convert the raw syslog events into messages with attributes. If required, you can use the attribute editor to define your own rules for extracting additional attributes and then use these attributes for enhanced filtering.
Basic experience with regular expressions is required to create custom rules. The example below assumes that you have this experience and now want to get started with the attribute editor in SAP ITOA 2.0.
Example: How to create a custom rule
In our example system, we are collecting a number of metrics on the monitored hosts. The metrics are forwarded through syslog into SAP ITOA. We’ll now define a new rule to parse the “used memory” on these hosts, which we can then use to do further analytics.
In our example, the raw message is: <13>Dec 15 14:20:01 myhostname logger 217304924 used memory.
The goal is to extract the value (217304924) and add it as the attribute “usedmemory”.
From the table view, select a message containing the string you would like to use as a search pattern and click the button GET MORE INSIGHTS.
In this example, we select the message “<13>Dec 15 14:20:01 myhostname logger 217304924 used memory”.
Enter a name and a description for the new rule, and then copy (with Ctrl C, Ctrl V) the text you want to use as a basis for your regular expression to the Regular Expression field.
In the example, we have entered ‘usedmemory” for both the rule name and the rule description, and copied the snippet ‘logger 217304924 used memory’.
In the Regular Expression field, mark off where the regular expression will be with curly brackets, and then press TAB.
The curly brackets have a two-fold purpose:
- The content within them is the attribute name that will be displayed in the bucket for filtering purposes.
- They act as a placeholder for the regular expression itself.
Pressing TAB causes all the placeholders to be displayed in the table at the bottom.
Select an attribute type (in the example, we use NVARCHAR), enter a matching regular expression in the Attribute RegExp field (in the example, we use (.*)?), and then click Test to check that it matches the test string.
The identified attributes are displayed in different colors, both within the message and on the right where you see all attribute names as well as the parsed values.
To save the rule and apply it to new incoming messages, click Save (bottom right).
In the dialog box select Activate Now and click Save.
Go to the bucket when you can now filter via the new attribute.