By:
On:
In: Monitoring, Splunk

Let’s walk through how to extract meaningful fields like IP address, port, error level, and message content from a raw PHP warning log using regular expressions and Splunk’s rex command. Step 1: The Raw Log Here’s a sample of the raw log we’re working with: [client 104.23.211.100:21636] PHP Warning: Cannot assign an empty string to a string offset in /www/website.com/httpdocs/wp-includes/user.php on line 41 From this log, we want to extract: IP Address Port Error Level (e.g., Warning, Notice, etc.) Full message content after the error level Step 2: Crafting the Regex Pattern We used regexr.com to help test and refine our regular expression. After experimenting,Read More →

By:
On:
In: General, Monitoring

1. Avoid Relying Solely on Email for Alerts Email is not a reliable alerting mechanism. Alerts can be delayed, filtered as spam, or ignored due to cluttered inboxes. From a user experience perspective, email-based alerts are often messy and ineffective. Recommendation: Use a dedicated alerting app or platform that supports webhook integrations. Azure and most modern monitoring tools offer this functionality. These solutions provide more reliable and timely alerting mechanisms. 2. Be Selective and Strategic with Monitors Not all systems or services require immediate alerts. It’s important to evaluate the criticality of each component before creating alerts. Example: If a non-business-critical website goes offline atRead More →