LogicMonitor seeks to disrupt AI landscape with $800M strategic investment at $2.4B valuation to revolutionize data centers.

Learn More

Script EventSources

Last updated on 20 March, 2023

Overview

You can use the Script EventSource collection method to detect and alert on any event.  This may be useful if you have custom logging that can’t be monitored with the other EventSource collection methods (log files, windows event logs, SysLogs, and SNMP traps).

To create an EventSource using this collection method, set the EventSource Type field to ‘Script Event’ and either upload an external script or enter an embedded Groovy script.

Note: A maximum of 50 events can be discovered per script execution and a maximum of 100 events can be discovered per collector per minute.

Script Output Format

Regardless of whether it is an embedded or external script, the output needs to be a JSON object with an array of one or more events, like this:

{
    "events" : [
                  {
                     "happenedOn":"Fri Jun 05 09:17:47 UTC 2015", 
                     "severity":"Warn", 
                     "message":"This is the first event's message", 
                     "Source":"This is the source of the first event"
                   },
                   {
                     "happenedOn":"Fri Jun 07 09:27:37 UTC 2015", 
                     "severity":"critical", 
                     "message":"This is the second event's message", 
                     "Source":"This is the source of the second event"
                   }
               ]
} 

The following fields can be used to describe an event in the script output:

Attribute Required? Description
happenedOn Yes The date/time of the event
severity Yes The severity of the alert that will be triggered by the event (warn | error | critical)
message Yes The message of the event. Maximum 2,000 characters
customAttribute No Add any custom attribute you’d like to be associated with your event. The custom attribute will be a key-value pair, e.g. “thread.number” : “30”. 

NOTES:

  • If your data structure is not JSON, you can use groovy JSON tools (e.g. JSONBuilder) to convert it.  If you do use these tools, make sure to include this import statement in your script: import groovy.json.* 
  • Severity levels (warn | error | critical) are not case sensitive. 
  • You can add multiple custom attributes per event. These will simply need to be separated by a comma and newline. In the script output example below, we included customAttributes buffer.size and thread.number:
    {
      "events": [
        {
          "severity": "warn",
          "happenedOn": "Thu Jun 01 09:50:41 2017",
          "buffer.size": "500m",
          "thread.number": 20,
          "message": "this is the first message",
          "Source": "no ival"
        },
        {
          "severity": "warn",
          "effectiveInterval": 0,
          "happenedOn": "Thu Jun 01 09:50:41 2017",
          "buffer.size": "500m",
          "thread.number": 20,
          "message": "this is the second message"
        }
      ]
    }

happenedOn

LogicMonitor supports the following logfile date/times formats:

Format Pattern Example
ISO-8601 yyyy-MM-dd’T’HH:mm:ss.SSSZZ 2016-01-06T23:48:41.445+08:00

 

 

ISO-8601 (No time zone, in milliseconds) yyyy-MM-dd’T’HH:mm:ss 2016-01-06T23:48:41
HTTP EEE, dd MMM yyyy HH:mm:ss zzz Wed, 09 Feb 1994 22:23:32 GMT
ctime(3)  EEE MMM dd HH:mm:ss zzz Thu Feb 3 17:03:55 GMT 1994
ANSI C EEE MMM dd HH:mm:ss yyyy Thu Feb 3 00:00:00 1994
RFC850 HTTP  EEEE, dd-MMM-yy HH:mm:ss zzz Tuesday, 08-Feb-94 14:15:29 GMT
RFC850 HTTP  EEEE, dd-MMM-yyyy HH:mm:ss zzz Tuesday, 08-Feb-1994 14:15:29 GMT
Common logfile format dd/MMM/yyy:HH:mm:ss Z 03/Feb/1994:17:03:55 -0700
HTTP (no weekday) dd MMM yyyy HH:mm:ss zzz 09 Feb 1994 22:23:32 GMT
RFC850 (no weekday) dd-MMM-yy HH:mm:ss zzz 08-Feb-94 14:15:29 GMT
RFC850 format (no weekday) dd-MMM-yyyy HH:mm:ss zzz 08-Feb-1994 14:15:29 GMT

Example

If the script output is:

{"events":[{"happenedOn":"Thu Jan 21 14:25:00 PST 2016","severity":"Warn","message":"This is the message of the event","source":"Custom"}]}

The following alert will be triggered for the associated device:

In This Article