Message Analyzer Forum is Live


We have created a public forum for discussing Message Analyzer related topics. Please go to the Microsoft Message Analyzer Forum to read more. Stay tuned for more information soon.


Comments (4)

  1. kylv says:

    I’m having trouble with the DateTime format in my custom text log parser.

    I have a log file with text lines like this:

    2014-06-12T09:03:27-07:00 <30.7> sd-7-0-dev-606-1(id1) lsass[3075]: [lsass] VERBOSE:0x805b171e0:LsaSrvCacheFindObjects():lsass/server/api/memcache.c:2195: Using cache entry for sid S-1-5-21-1195855716-1269722693-1240286574-184919, updated 1 seconds ago with
    a cache id of 1.
    2014-06-12T09:03:27-07:00 <30.7> sd-7-0-dev-606-1(id1) lsass[3075]: [lsass-ipc] VERBOSE:0x805a02240:lwmsg_peer_assoc_session_handle_assoc_error():lwmsg/src/peer-assoc-session.c:599: (session:e8bf053cb31d67be-a6131aa94526a3d8) Dropping: LWMSG_STATUS_PEER_CLOSE
    2014-06-12T09:04:08-07:00 <30.5> sd-7-0-dev-606-1(id1) lsass[3075]: Log level changed to WARNING

    And a .config file with a message type like this:

    message LwisiLog with
    EntryInfo { Regex = @"(?[-:0-9T]+) (?<[.0-9]+>) (?[a-zA-Z0-9-]+)((?id[0-9]+)) (?[a-z]+)[(?[0-9]+)]: (?.*)"},
    DisplayInfo { ToText = LwisiLogToText }
    : LogEntry
    {
    DateTime Timestamp with EntryFieldInfo { IsTimestamp = true, IsLocalTime = false };
    string Unknown1;
    string Hostname;
    string Unknown2;
    string Process;
    string PID;
    string Content;

    static string LwisiLogToText(any data)
    {
    var e = data as LwisiLog;
    return e.Content;
    }
    }

    This loads and parses the log file fine, and the Timestamp shows up in the "Timestamp" column in the Analysis Grid. However, when I load up a pcap file taken at the same time, the traffic will not interleave with the log file rows. They only stack on top of
    each other.

    Furthermore, when I change the Shift Time on the log file rows nothing happens. The time in the "Timestamp" column do not appear modified. Changing the Shift Time on the pcap rows works fine.

    My best guess is this has something to do with the embedded timezone data in my log file ("-7:00").

    Any ideas?

  2. Paul E Long says:

    Yes, since they have the same name, we use the field name over the property name, which is a string and will sort differently and not listen to time shifting. Glad you got your problem sorted out. And please feel free to use the forums for future questions.

    Paul

  3. kylv says:

    So it looks like this is probably due to my use of "Timestamp" as a variable name.

    I copied the code from Cluster.config, which does the same thing:

    DateTime Timestamp with EntryFieldInfo {IsTimestamp = true, IsLocalTime = false };

    I’ve changed my variable name to "TStamp" and now both interleave and Shift Time work on my log file input.

  4. show box says:

    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    http://showboxandroids.com/showbox-apk/
    http://showboxappandroid.com/
    Latest version of Showbox App download for all android smart phones and tablets.
    http://movieboxappdownloads.com/ – It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    http://showboxappk.com/showbox-for-ipad-download/
    http://showboxappk.com/showbox-for-iphone/
    Showbox for PC articles:
    http://showboxandroids.com/showbox-for-pc/
    http://showboxappandroid.com/showbox-for-pc-download/
    http://showboxforpcs.com/
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment
    it doesn’t charge cash for watching films and recordings.
    http://www.showboxforipad.org/showbox-apk/ Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android. The above
    all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on ‘Obscure sources’.
    http://www.showboxforipad.org/
    http://movieboxappdownloads.com/moviebox-apk-android/
    http://movieboxappdownloads.com/download-moviebox-pc/
    Movie Box, an esteemed movies application in which you can find stacks of programs and films. The guide is given here to download Movie Box app to Android and to Apple iOS 9.0.2, iOS 8.4/8.3 and also for the lower versions without Jailbreak.
    http://showboxforiphone.org/
    Please do login to Showbox application with the help of Ymail. You can login in Ymail from here –
    http://ymaillogintips.com/
    Sign Up & Do registration for latest movies on Showbox application – See more at:

    http://blogs.technet.com/b/danstolts/archive/2010/09/25/configure-email-or-instant-message-im-alert-notification-in-system-center-operations-manager-2007-r2-scom.aspx#sthash.Em0aZftS.dpuf