some script is running on oracle server which is hosted on AIX machine. script will create a log file for every 30 mins with same name abc.log everytime , script will log below output in log file abc.log
incoming server: 10.10.10.100 current count : 100
incoming server: 10.10.10.101 current count : 98
incoming server: 10.10.10.102 current count : 245
incoming server: 10.10.10.103 current count : 10
Alert should trigger if current count increases more than 300 on any of the given 4 servers.
so let's start, i do not have a OMW to make screenshot but you should find following these steps:
1) in condition tab:
under Match Text panel, enter this: incoming server: <*.server> current count : <<#> -gt 100>
Note: this will put the server IP in a variable that you can use latter when formatting your message to OM console
Carefull, if there are several lines in the same logfile, you may want to create an alarm for every threshold exceeded, in this case there is a tick box in OMW to generate an alarm for each line matched (i do not remember the name but description is clear enough in policy wizzard to find it)
2) In message tab:
fill all information for criticity/application etc etc...
In Message Text, format your message as you want, you can use the previous variable created <server> to display the IP where counter has exceeded.
Note: variable are defined by this way <*.varname> and called this way <varname>