Script EventSource
Last updated - 04 September, 2025
Use the Script EventSource collection method to detect and alert on any event. This may be useful if you don’t have LM Logs, and have custom logging that can’t be monitored with the other EventSource collection methods (for example log files, windows event logs, SysLogs, and SNMP traps.)
Format for Uploading External Script
Regardless of whether it is an embedded or external script, the output needs to be a JSON object with an array of one or more events, like this:
{
"events" : [
{
"happenedOn":"Fri Jun 05 09:17:47 UTC 2015",
"severity":"Warn",
"message":"This is the first event's message",
"Source":"This is the source of the first event"
},
{
"happenedOn":"Fri Jun 07 09:27:37 UTC 2015",
"severity":"critical",
"message":"This is the second event's message",
"Source":"This is the source of the second event"
}
]
} The following fields can be used to describe an event in the script output:
| Attribute | Required? | Description |
| happenedOn | Yes | The date/time of the event |
| severity | Yes | The severity of the alert that will be triggered by the event (warn | error | critical) |
| message | Yes | The message of the event. Maximum 2,000 characters |
| customAttribute | No | Add any custom attribute you’d like to be associated with your event. The custom attribute will be a key-value pair, for example “thread.number” : “30”. |
Notes:
- If your data structure is not JSON, you can use groovy JSON tools (for example JSONBuilder) to convert it. If you do use these tools, make sure to include this import statement in your script: import groovy.json.*
- Severity levels (warn | error | critical) are not case sensitive.
- You can add multiple custom attributes per event. These will simply need to be separated by a comma and newline. In the following script output example, we included customAttributes buffer.size and thread.number:
{
"events": [
{
"severity": "warn",
"happenedOn": "Thu Jun 01 09:50:41 2017",
"buffer.size": "500m",
"thread.number": 20,
"message": "this is the first message",
"Source": "no ival"
},
{
"severity": "warn",
"effectiveInterval": 0,
"happenedOn": "Thu Jun 01 09:50:41 2017",
"buffer.size": "500m",
"thread.number": 20,
"message": "this is the second message"
}
]
}
Date and Time Formats for “happenedOn” Field
LogicMonitor supports the following logfile date/times formats:
| Format | Pattern | Example |
| ISO-8601 | yyyy-MM-dd’T’HH:mm:ss.SSSZZ | 2016-01-06T23:48:41.445+08:00 |
| ISO-8601 (No time zone, in milliseconds) | yyyy-MM-dd’T’HH:mm:ss | 2016-01-06T23:48:41 |
| HTTP | EEE, dd MMM yyyy HH:mm:ss zzz | Wed, 09 Feb 1994 22:23:32 GMT |
| ctime(3) | EEE MMM dd HH:mm:ss zzz | Thu Feb 3 17:03:55 GMT 1994 |
| ANSI C | EEE MMM dd HH:mm:ss yyyy | Thu Feb 3 00:00:00 1994 |
| RFC850 HTTP | EEEE, dd-MMM-yy HH:mm:ss zzz | Tuesday, 08-Feb-94 14:15:29 GMT |
| RFC850 HTTP | EEEE, dd-MMM-yyyy HH:mm:ss zzz | Tuesday, 08-Feb-1994 14:15:29 GMT |
| Common logfile format | dd/MMM/yyy:HH:mm:ss Z | 03/Feb/1994:17:03:55 -0700 |
| HTTP (no weekday) | dd MMM yyyy HH:mm:ss zzz | 09 Feb 1994 22:23:32 GMT |
| RFC850 (no weekday) | dd-MMM-yy HH:mm:ss zzz | 08-Feb-94 14:15:29 GMT |
| RFC850 format (no weekday) | dd-MMM-yyyy HH:mm:ss zzz | 08-Feb-1994 14:15:29 GMT |
Creating a Script EventSource
Follow these steps to create a Script EventSource:
- Create a new Module. For more information, see DataSources Configuration.
- When entering the DataSource information, set the Collection Method field in Basic Information to ‘Script Event’
- In Collector Attributes, upload an external script or enter an embedded Groovy script.
- Save the new EventSource.
Note: This method can discover a maximum of 50 events per script execution and a maximum of 100 events per collector per minute.
Example
If the script output is:
{"events":[{"happenedOn":"Thu Jan 21 14:25:00 PST 2016","severity":"Warn","message":"This is the message of the event","source":"Custom"}]}The associated device will trigger an alert, “happenedOn: Thu Jan 21 14:25:00 PST 2016 message: This is the message of the event severity: Warn source: Custom”