- 0 minutes to read

Release Notes

Configuring Correlated Events

Take control of your business event monitoring with the Nodinite Log File Parser Monitoring Agent. This guide shows you how to configure correlated event monitoring so you can:

✅ Instantly detect missing or late correlated events across multiple log files
✅ Automate real-time alerts for business-critical processes
✅ Leverage RegEx for flexible, custom monitoring scenarios
✅ Reduce manual troubleshooting and ensure operational excellence

Info
This guide teaches you how to configure monitoring of files for correlated events using the Nodinite Log File Parser Monitoring Agent.

Correlated Events (Log File Event) - Use this option to correlate events spanning one or more log files containing a date and an identifier for end-to-end tracking.

Example: How to monitor correlated events

Alternatively, monitor files based on content:

Content File - Use this option to get alerts if the specified RegEx matches data in one or more files.

Example: How to monitor file content
Example: How to monitor the IIS (W3SVC) log files
Example: How to monitor Nodinite Diagnostic files

Practice and test your RegEx expressions using RegEx101 or a similar tool. Master RegEx to maximize the value of this agent.

Add 'Correlated Events' monitoring configuration

The Correlated Events tab holds an array with one or more configuration entries for a Correlated Events Monitoring.

Correlated Events tab showing configuration management interface.

Press the Add button to add one (or more) log file monitoring configurations:

Accordion view of Correlated Events monitoring configuration entry.

Repeat this step as required by your business need.

Configuring the Correlated Events Monitoring entry

Click the Accordion to expand the configuration, then you can manage the content of the configuration.

General tab

Next, enter the essential details for fields available in the General tab:

General tab configuration showing name, description, and application association fields.

For each entry, the following properties can be set in the General Tab:

Enable monitoring of this Correlated Events Configuration - Check this to actively monitor log files found according to the current settings
Display name - Enter a user-friendly name
Description - Add a logical, user-friendly short description for this configuration
Application ID - Enter the ID from the Applications tab

Path tab

Enter details about the folder and type of files in the Path tab:

Path tab showing folder location and file filter configuration.

Folder - Specify the folder where the agent should look for log files to monitor
Filter - Enter a matching RegEx-based expression to target specific file types

Filter

Use these common RegEx examples:

Filter	Example	Comment
`\.xml$`	XML Files	All XML files with suffix ".xml"
`\.txt$`	Text Files	All text files with suffix ".txt"
`^ONLYME\.data$`	Specific file	Only this file "ONLYME.data"
`^PrefixedFileName.*\.csv$`	Matching a file name pattern	Files with prefix `^PrefixedFileName`, and suffix `.csv`

Start Match tab

Enter details about what to start looking for in the log files in the Start Match tab:

Start Match tab for configuring initial event detection in correlated event monitoring.

Line contains - Enter the RegEx to check if the line contains a match. Use 'X' to start checking for date, value, and error(s)
Match date - Enter the RegEx to extract the date and time (according to the format in the log file), for example:

([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}(\+[0-9]{2}:[0-9]{2})?)

Matched date groups - Specify the RegEx match group numbers, or named groups (comma-separated list). In the following example, use number 1:

^([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}(\+[0-9]{2}:[0-9]{2})?)

Date Time Format (Optional) - Enter the Date Time format to use in the conversion to a DateTime, i.e. yyyy-MM-dd HH:mm:ss.fffZ
Match value - Enter the RegEx to extract the value to compare with the 'End Match', for example: #([0-9]{1,2})([0-9]{1,})
Matched value groups - Specify the RegEx groups for the value (comma-separated list). For example, 'Loading value ([0-9A-Z]{1,}), use number 1'
Error, if found on line - If the line matches the specified RegEx, the agent issues an error alert

End Match tab

Enter details about what to match next in the log files in the End Match tab:

End Match tab for configuring completion event detection and correlation.

Line contains - Enter the RegEx to check if the line contains a match. Use 'X' to start checking for date, value, and error(s)
Match date - Enter the RegEx to extract date and time, for example:

([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}(\+[0-9]{2}:[0-9]{2})?)

Matched date groups - Specify the RegEx group number, or named groups (comma-separated list). In the following example, use number 1:

^([0-9]{4}-[0-9]{2}-[0-9]{2}[T\s]?[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}(\+[0-9]{2}:[0-9]{2})?)

Date Time Format (Optional) - Enter the Date Time format to use in the conversion to a DateTime, i.e. yyyy-MM-dd HH:mm:ss.fffZ
Match value - Enter the RegEx to extract the value to compare the 'Start Match' value with the 'End Match' value. For example: #([0-9]{1,2})([0-9]{1,})
Matched value groups - Specify the RegEx groups for the value (comma-separated list). For example, 'Loading value ([0-9A-Z]{1,}), use number 1'

As there are many options on this tab, continue as follows:

End Match tab threshold settings for warning and error timeouts.

Error if found on Line - If the line matches the RegEx 'X', the agent issues an error alert
Warning Time Span - The agent issues a warning alert if the matching event (Match End) does not happen within this threshold
Error Time Span - The agent issues an error alert if the matching event (Match End) does not happen within this threshold

Time Options Tab

Configure time-based filtering to control which files are included in correlation monitoring.

Time Options tab showing Clear Date Time and file time filtering settings.

Clear Date Time - Leave empty for initial setup. This field allows you to ignore correlated events that occurred before a specific timestamp. Set this value through the Clear Errors action to reset monitoring after investigating issues. Use ISO 8601 format (UTC or with date time offset), e.g., 2019-05-17T13:37:00.123+02:00
File time option - Select the time option for files to be included for evaluation (using the time from the file system)

Note
For Correlated Events, date and time extraction is configured in the Start Match and End Match tabs, not in the Time Options tab.

File Time Option

Available file time filtering options for controlling which files are monitored.

Modified after Clear Date Time
Created after Clear Date Time
Modified after - File time span
Created after - File time span
Created after Clear Date Time - File time span - This is a helpful option for IIS Logs
Last Modified, one file only
Last Created, one file only
Evaluate all

Next Step

Add or manage a Monitoring Agent Configuration
Add or manage Monitor View
How to monitor correlated events
How to monitor file content
How to monitor Nodinite Diagnostic files
How to monitor the IIS (W3SVC) log files

Applications
Install Log File Parser Monitoring Agent
Monitoring
Monitoring Agents
Update

Explore Nodinite for 30 days – completely free

See how Nodinite resolves your technical issues, in a

LIVE Demo!