topic Re: Help in RegEx to get a separate values in Getting Data In

Help in RegEx to get a separate values

jerinvarghese — Mon, 03 Feb 2020 14:05:05 GMT

Need help in formatting a regex comand output.

Program that I created:

index=opennms  "bigipServiceDown"
  | rex field=eventlogmsg "bigipNotifyObjMsg=(?<POOL>.+down. )"
  | table POOL, nodelabel

Output :

POOL    nodelabel
Pool /Common/tiger.exxonmobil.com-443-pl member /Common/10.159.217.11:443 monitor status down. [ /Common/https-vdi-connection_manager: down;    INMCOIGW-APNADC003
Pool /Common/tiger.exxonmobil.com-443-pl member /Common/10.159.217.11:443 monitor status down. [ /Common/https-vdi-connection_manager: down;    INMCOIGW-APNADC003
Pool /Common/tiger.exxonmobil.com-443-pl member /Common/10.159.217.11:443 monitor status down. [ /Common/https-vdi-connection_manager: down;    INMCOIGW-APNADC003

Expected output :

POOL    Monitor VDI nodelabel
tiger.exxonmobil.com-443-pl member  10.159.217.11:443 monitor status down   Common/https-vdi-connection_manager: down   INMCOIGW-APNADC003
leopard.exxonmobil.com-443-pl member    Common/vdi-pnh.ap.xom.com:443 monitor status down   Common/https-vdi-connection_manager-pnh: down   INMCO-APNADC104

RAW Data :

eventlogmsg=""<p>
    bigipServiceDown trap received
    bigipNotifyObjMsg=Pool /Common/leopard.exxonmobil.com-443-pl member /Common/vdi-pnh.ap.xom.com:443 monitor status down. [ /Common/https-vdi-connection_manager-pnh: down; last error: /Common/https-vdi-connection_manager-pnh:  Response Code: 404 (Not Found) @2020/02/03 07:06:46.  ]  [ was up for 0hr:49mins:15sec ] (slot2)
    bigipNotifyObjNode=/Common/vdi-pnh.ap.xom.com
    bigipNotifyObjPort=443</p>""

Re: Help in RegEx to get a separate values

jbrocks — Mon, 03 Feb 2020 14:26:24 GMT

You can use the following regex to extract the 3 fields POOL, Monitor and VDI. You can try this regex in regex101 to check what exactly is happening:

"bigipNotifyObjMsg=Pool\s+.*?(?<POOL>[^\/]+)(?=\s+)\s+.*?(?<Monitor>[^\/]+)(?=\.\s+\[)\.\s+\[\s+(?<VDI>[^;]+);"

Re: Help in RegEx to get a separate values

jerinvarghese — Wed, 30 Sep 2020 04:01:20 GMT

Sorry that didnt worked, its not giving a result.

Raw Data:

eventlogmsg=""

bigipServiceDown trap received
bigipNotifyObjMsg=Pool /Common/leopard.exxonmobil.com-443-pl member /Common/vdi-pnh.ap.xom.com:443 monitor status down. [ /Common/https-vdi-connection_manager-pnh: down; last error: /Common/https-vdi-connection_manager-pnh: Response Code: 404 (Not Found) @2020/02/03 07:06:46. ] was up for 0hr:49mins:15sec
bigipNotifyObjNode=/Common/vdi-pnh.ap.xom.com
bigipNotifyObjPort=443