It should be fairly straightforward to add or modify custom definitions
via either the interpreter from the dcache shell, or the admin
definition commands.
An alarm definition consists of the following:
| Property | Possible values | Required |
|---|---|---|
type | Name of this alarm type (settable only once). | YES |
keyWords | Whitespace-delimited concatenation of key field names (see below). | YES |
regex | A pattern to match the message with.
NoteIt is advisable to place the regex pattern in double quotes, e.g., "[=].[\w]*" | YES |
regex-flags | A string representation of the (Java) regex flags options,
joined by the 'or' pipe symbol: e.g.,
CASE_INSENSITIVE | DOTALL. For fuller
explanation, see the Java Tutorial on Regular
Expressions. | NO |
match-exception | True = recur over embedded exception messages when applying the regex match (default is False). | NO |
depth | Integer ≥ 0, = depth of exception trace to examine when applying match-exception; undefined means unbounded (default). | NO |
For example:
<alarmType>
<type>SERVICE_CREATION_FAILURE</type>
<regex>(.+) from ac_create</regex>
<keyWords>group1 type host domain service</keyWords>
</alarmType>
The alarm key (the property keyWords) is
the set of attributes whose values uniquely identify the alarm
instance. For example, an alarm defined using message,
but without including timestamp in its key,
would suggest that all events with exactly the same message content are
to be considered duplicates of the first such alarm. The key field names
which can be used to constitute the key include the attributes defined
for all alarms, plus the parsing of the message field into regex groups:
timestampdomainservicehostmessage (= group0)groupN
These attribute names should be delimited by (an arbitrary number
of) whitespace characters. Note that timestamp
and message derive from the logging event, while
host, domain and
service are properties added to the event’s
diagnostic context map.
The key field name groupN, where
N is an integer, means that the
Nth substring (specified by parentheses) will
be included. For N=0, group0
is identical to message, which means that the whole
message string should be included as an identifier.
Alarms that are generated by the code at the origin of the problem may carry with them other arbitrary unique identifier values, but custom definitions are limited to the values associated with these fixed fields.