Syslog Watcher uses ECMAScript regular expressions pattern syntax (similar to JavaScript's regular expression flavor). A brief syntax reference: http://www.cplusplus.com/reference/regex/ECMAScript/


Here are a few examples of the most frequently requested structures. Make sure you have Regexp selected and Whole is disabled.




Find messages that contains Word1

Word1


Find messages that begin with Word1

^Word1


Find messages that end with Word1

Word1$


Find messages that contain Word1 or Word2

Word1|Word2


Find messages that do NOT contain Word1

^((?!Word1).)*$


Find messages that contain Word1 and then Word2

Word1.*Word2


Find messages that contain Word1 and Word2 (any order)

Word1.*Word2|Word2.*Word1

or

(?=.*Word1)(?=.*Word2)


Find messages that do NOT contain Word1 and Word2

^((?!Word1|Word2).)*$


Find messages that contain Word1, but NOT Word2

^((?!Word2).)*Word1((?!Word2).)*$


We are going to extend the list of examples. Please contact us with your use cases.