Manualshelf

HP-UX Event ManagerAdministrator's Guide

ManualsBrandsHP ManualsSoftwareHP Event Monitoring Service Software
51525354555657585960
Using Event Manager
Introduction to Event Filters
Chapter 254
Introduction to Event Filters
This section introduces event filters and relates them to the evmshow
command examples from the previous section. Filtering technique is
described in detail in later sections of this document. The full filter
syntax is defined in EvmFilter (5).
An Event Manager event filter is a text string that informs Event
Manager which events you want to retrieve. For example, the filter
string [priority >= 600] selects events that have a priority of 600 or
higher. A filter can be very simple, but the filter language is powerful,
and with some practice you can easily build and store a filter expression
that defines precisely the set of events that you want to monitor. Filters
are used by several of the Event Manager command-line utilities, by the
Event Manager logger, and by system daemons and client applications.
The evmshow, evmget, and evmwatch commands support the -f option
which you can use to specify a filter string. You can select the events to
be displayed from the my_events file, as shown in the following example:
# export EVM_SHOW_TEMPLATE="@timestamp [@priority] @@"
# cat my_events | evmshow -f "[priority >= 600]" | more
In this example, the -f option specifies the filter, and selects events that
have a priority of 600 or higher. The command reads all events from the
file, but returns only those events that match the filter string.
If you know the names of the events you want to retrieve, you can specify
them in a filter, as shown in the following example:
# cat my_events | evmshow -f "[name
sys.unix.procsm.category.create._catname.esmd]" | more
You can use wildcard characters in place of name components as follows:
•An asterisk (*) character matches zero or more complete components
A question mark (?) matches exactly one complete component
For example, enter the following command to shorten the preceding
example command:
# cat my_events | evmshow -f '[name
*.category.create._catname.esmd]' | more