InstantForum 2017-1 FinalLogViewPlus Supporthttps://www.logviewplus.com/forum/LogViewPlus SupportMon, 22 Jun 2026 19:27:45 GMT20https://www.logviewplus.com/forum/post/566Hi LogViewPlus,<br/><br/>this is an idea for a new detection.<br/>We get multiple logfiles which we have to investigate. When opening a logfile then I can use templates to search for potential issues.<br/>If this could be automated that would be a great advantage.<br/><br/>My idea would be to store specific patterns inside LogViewPlus per parser. If such a pattern fits then show a message to the analyst so he can confirm if this is an issue or false positive.<br/><br/><strong>Example 1:</strong><br/>In one of our logs a synchronization start and a synchronization stop is visible. Depending on the time such a synchronization takes this could be a problem or not. We could define to throw a message in case that the synchronization takes more than 3 minutes. Then it would popup for the analysist and he can decide if this is a problem or not. The option "Calculate Elapsed" already exists in LogViewPlus and could be used for this case.<br/><br/><strong>Example 2:</strong><br/>Using the same example from "Example 1" that we check for a synchronization time. These synchronization attemps will be executed all 15 minutes in an interval. Normally the log would look as follows:<br/> - Sync start<br/> - Sync stop<br/> - Sync start<br/> - Sync stop<br/>In case that a synchronization takes more than 15 minutes the log would look as follows. The stop message is missing.<br/> - Sync start<br/> - Sync start<br/>In many logs a message is thrown when a process started and when a process stopped. If we can catch when a process was never stopped that would be great<br/><br/><strong>Example 3:</strong><br/>Throwing a message in case a specific log order is not as expected.<br/>Let's use an example for a login process on a computer and imagine that for each process a logentry will be written:<br/> - computer starts<br/> - login screen shown<br/> - credentials entered and sent by the user<br/> - local accounts will be checked and user will be logged in if available<br/> - domain accounts will be checked and user will be logged in if available<br/> - login fails<br/>For this example it could be that the login fails but the domain accounts were never be checked (maybe a network issue) so then the "login fails" message appears but one message was skipped. This could appear as a warning and gives the analyst a fast help to investigate.<br/>Please note that depending on the system there can be a lot of processes running in parallel so it must also be possible to check the process order based on a column. Within such a column there could be a Generic ID or username given which was available in the log.<br/><br/><strong>Example 4:</strong><br/>Some errors appear seldom but if they appear they do have a specific pattern.<br/>This pattern could be a single error message or a row of error messages. If such pattern is matched then a message to the analyst should be thrown.<br/><br/>I can imagine that there are many many more examples but hopefully my idea makes sense. :-)<br/>The error indicators should only be available per parser as otherwise there will be a lot of checks on logfiles where this makes no sense. This just increases CPU usage even when not needed.<br/><br/>It would also be great if per such indicator 2 more information can be given:<br/> - urgency: defines how serious such error can be as a help for the analyst who maybe never experienced this before<br/> - information field: this information field can either contain a link to a bug report or knowledgebase article or contain a small description which does help the analyst for investigation<br/><br/>Best regards,<br/>MatthiasWed, 10 Jun 2020 09:38:21 GMTMatthiasBhttps://www.logviewplus.com/forum/post/575Hi Matthias,<br/><br/>Thanks for the feedback!<br/><br/>I think this is a good vision and I would love for LogViewPlus to be able to do these things more easily.&nbsp; However, I really do not want to increase application complexity.&nbsp; It is very important for new users to be able to quickly understand the application.&nbsp; I think applications can become complicated unintentionally when big features are added too fast.<br/><br/>One feature on our backlog is "Triggers".&nbsp; Actions that take place when something happens or is detected in a log file.&nbsp; For example, "Apply a template if you see this log line".&nbsp; Triggers have a wide appeal and are easy to understand.&nbsp; I think they would be a good stepping stone toward the vision you have outlined above.&nbsp; My preference would be to revisit some of these use cases once that feature is complete.<br/><br/>Part of the power of LogViewPlus comes from the composition of simple ideas.&nbsp; I would like to move toward the vision above, but I think it needs to be done with simple building blocks - and this will take time.<br/><br/>Hope that helps,<br/><br/>TobyWed, 10 Jun 2020 09:38:21 GMTLogViewPlus Support