What is regex and how to use it in LogicMonitor
Our Tech Support team occasionally received some customer's questions related toRegEx usage within LM environment, Regex can be complicated if you do not know how to use it, however, it can be a very useful tool for you here in LM. I am going to cover 4 topics in this article, they are: 1) Basic general examples on Regex 2) Regex text match for HTTP Datasource 3) Using Regex for dynamic groups 4)Using Regex to filter out results from Datasources 1) Basic general examples on Regex How to use ^' and ‘$’ Below teaches you how to use the symbols ^ and $. These symbols are to indicate start or end of the string. “^Hello" matches any string that starts with "Hello". “Percentage used$” matches a string that ends in with “Percentage used". “^def$" a string that starts and ends with "def" - effectively an exact match comparison. “Percentage Used" a string that has the text “Percentage Used" in it. You can see that if you don't use either of these two characters, you're saying that the pattern may occur anywhere inside the string -- you're not "hooking" it to any of the edges. How to use '*', '+', and ‘?' In addition, the symbols '*', '+', and '?', denote the number of times a character or a sequence of characters may occur. What they mean is: "zero or more", "one or more", and "zero or one." Here are some examples: “ab*" matches a string that has an a followed by zero or more b's ("ac", "abc", "abbc", etc.) “ab+" same, but there's at least one b ("abc", "abbc", etc., but not "ac") “ab?" there might be a single b or not ("ac", "abc" but not "abbc"). “a?b+$" a possible 'a' followed by one or more 'b's at the end of the string: Matches any string ending with "ab", "abb", "abbb" etc. or "b", "bb" etc. but not "aab", "aabb" etc. How to use Braces { } You can also use bounds, which appear inside braces and indicate ranges in the number of occurrences: “ab{2}" matches a string that has an a followed by exactly two b's ("abb") “ab{2,}" there are at least two b's ("abb", "abbbb", etc.) “ab{3,5}" from three to five b's ("abbb", "abbbb", or “abbbbb") --- Note that you must always specify the first number of a range (i.e., "{0,2}", not "{,2}"). Also, as you might have noticed, the symbols '*', '+', and '?' have the same effect as using the bounds "{0,}", "{1,}", and "{0,1}", respectively. Now, to quantify a sequence of characters put them inside parentheses: “a(bc)*" matches a string that has an a followed by zero or more copies of the sequence "bc" “a(bc){1,5}" one through five copies of "bc." How to use '|' OR operator There's also the '|' symbol, which works as an OR operator: “hi|hello" matches a string that has either "hi" or "hello" in it “(b|cd)ef" a string that has either "bef" or "cdef" “(a|b)*c" a string that has a sequence of alternating a's and b's ending in a c How to use Period (‘.') A period ('.') stands for any single character: “a.[0-9]" matches a string that has an a followed by one character and a digit “^.{3}$" a string with exactly 3 characters How to use Bracket Expressions "[ ]" Bracket expressions specify which characters are allowed in a single position of a string: “[ab]" matches a string that has either "a" or "b" (that's the same as "a|b") “[a-d]" a string that has lowercase letters 'a' through 'd' (that's equal to "a|b|c|d" and even "[abcd]") “^[a-zA-Z]" a string that starts with a letter “[0-9]%" a string that has a single digit before a percent sign ",[a-zA-Z0- 9]$”a string that ends in a comma followed by an alphanumeric character You can also list which characters you DON'T want -- just use a '^' as the first symbol in a bracket expression (i.e., "%[^a- zA-Z]%" matches a string with a character that is not a letter between two percent signs). In order to be taken literally, you must escape the characters "^.[$()|*+?{\" with a backslash ('\'), as they have special meaning. On top of that, you must escape the backslash character itself in PHP3 strings, so, for instance, the regular expression "(\$|A)[0-9]+" would have the function call: ereg("(\\$|A)[0-9]+", $str) (what string does that validate?) Just don't forget that bracket expressions are an exception to that rule--inside them, all special characters, including the backslash ('\'), lose their special powers (i.e., "[*\+?{}.]" matches exactly any of the characters inside the brackets). And, as the regex manual pages tell us: "To include a literal ']' in the list, make it the first character (following a possible '^'). To include a literal '-', make it the first or last character, or the second endpoint of a range." --------------------------------------------------------- 2) Regex text match for HTTP Datasource Below is an example of a regex text match case I attended before. In this case, thedatasource will look for the specific text in that webpage and will return a 1 of the text exist or return a 0 if there are no text. --------------------------------------------------------- 3) Using Regex for dynamic groups You can create a group that filters out a specific range of IP address based on the Regex given: /monthly_2017_04/Pic3.png.5cfeea779bc77c9b10050a0d15d9d810.png" rel=""> Based on this expression it filters out 7 devices. Using a regex calculator to test this expression. However do note in Lm it must be formatted as join(system.ips,",") =~ “10\\.15\\.20[01]\\." \\ we do not accept just a single \ --------------------------------------------------------- 4)Using Regex to filter out results from datasources You can use regexMatch to filter out different types of windows services so that you do not need to display all the unwanted services that are not required. ---------------------------------------------------------200Views2likes0CommentsMulti-lines event log file monitoring via Regex
Hi, Recently I had a chance to chat with LogicMonitor support team & they recommend a new feature request to be submitted toLogicMonitor DEV team. In short, there are times when a specific exception is thrown & logged into the Tomcat log file, we would like to monitor not just that line that throw the exception but also multiple lines before and afterwards. Right now LogicMonitor can display that "exception" line only. It will be really helpful in both production and QA environment if LogicMonitor can display multiple lines before and after that exception line being monitored via Regex. Here are 2examples: 1. Production - (Pattern to match: "HTTP/1.1failed with response Service Unavailable") 2016-08-04 10:13:49,372 ERROR [NmsThumbnailProvider] GET http://10.101.84.12:8080/barco-webservice/rest/NetworkWall/proxy-source/dvi1-1-mna-2530007307/thumbnails/snapshot HTTP/1.1failed with response Service Unavailable 2016-08-04 10:13:50,733 DEBUG [NmsEventMonitor] longPollNmsEvent response [{"id":1273,"properties":{"attribute":"MODE","object":["OFFLINE"],"type":"Device","name":"NETVIZDONGLE"},"value":["OFFLINE"],"values":["OFFLINE"],"affectedAttributes":["MODE"],"uuid":"d9b13d40-0870-1c02-e000-0004a5281cd0","elementID":"d9b13d40-0870-1c02-e000-0004a5281cd0","source":null,"device":true}] code 200 2016-08-04 10:13:50,733 INFO [RoutingEventServiceImpl] got NMS event: [{"id":1273,"properties":{"attribute":"MODE","object":["OFFLINE"],"type":"Device","name":"NETVIZDONGLE"},"value":["OFFLINE"],"values":["OFFLINE"],"affectedAttributes":["MODE"],"uuid":"d9b13d40-0870-1c02-e000-0004a5281cd0","elementID":"d9b13d40-0870-1c02-e000-0004a5281cd0","source":null,"device":true}] 2016-08-04 10:13:50,733 INFO [RoutingServiceImpl] onDeviceChanged: controller = 10.101.84.12Production: 2. QA testing - (Pattern to match: "Caused by: java.lang.NullPointerException") at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:992) at java.lang.Thread.run(Thread.java:724) Caused by: java.lang.NullPointerException at com.arthrex.synergy.routing.nexxis.RoutingControllerServiceImpl.attemptToTelnetRoutingController(RoutingControllerServiceImpl.java:66) at com.arthrex.synergy.routing.nexxis.RoutingControllerServiceImpl.tenetToNmsService(RoutingControllerServiceImpl.java:46) Please let me know whether this can be turn into a feature for future release. It will help reducingamount of troubleshooting time. Thanks & Best Regards, Horace Cheung10Views0likes0Comments