carl

REGEX: Part 1 - The Basics

Discussion created by carl on Aug 28, 2012
Latest reply on Aug 29, 2012 by golden2

We get a lot of cases logged with regards to Regex and it's usage, for those who may not have used regex before here is a little guide:

 

Regex is a powerful pattern matching language used as part of many of the Nimsoft Probes and Tools, the following is a brief introduction to Regex and it’s usage within the Nimsoft NMS software.

 

The first point to make is Nimsoft implementation regex is based around Perl’s implementation (Other flavors use differing syntax).

 

When specifying a pattern match using REGEX in NMS we need to tell the NMS software we want to use Regex, we do this by opening and closing the syntax with / [Forward-slash] as in the following example.

 

/<regex syntax goes here>/

 

The next most basic usage is the “match all” characters statement:

 

.*            (Dot Asterisk) – Dot represents any alpha-numeric, character or special character. Asterisk represents “Any number of times”. The two used in conjunction create the expression match anything any number of times (everything!)

 

|              (pipe Symbol) Is used as an OR operator

 

\              (Back-slash) Is the escape character operator and is used to escape special characters. As a example if you wanted to match a back-slash in an expression, it has a special meaning in regex and hence has to be escaped like \\

 

\s            Matches white spaces, ie breaks between words

 

 

 

Let’s take a look at a very simple REGEX statement to match an alarm with the message of:

 

Average (5 samples) total cpu is now 82.61%, which is above the warning threshold (75%)

 

 

/.*total\scpu.*above.*threshold./

 

The above expression would match an alarm that comes into the NAS wich states total cpu is above its defined threshold. Using the example and syntax definitions try to work out how this works.

 

 

Now let’s imagine we would like to match a similar alarm but for memory:

 

Average (5 samples) total cpu is now 82.61%, which is above the warning threshold (75%)

 

 

We could write a similar expression as to the one previous, however in some cases it might make more sense to have one regex rule match both alarms we do this by using “grouping” syntax and the | (pipe) [OR] operator.

 

()             (Open, Close Parenthesis) Wrapping syntax in parenthesis creates a “group” this is useful to us in two ways. It allows us to isolate certain parts of our syntax and hence use operators local to that part of the expression or use references to those “groups” in the NMS software (The logmon probe is a good example of addressing groups). In the following example we use a “group” to isolate part of our syntax so we can use the OR operator on just that section of the expression.

 

/.*total\s(cpu|memory).*above.*threshold.*/

 

Notice the group (cpu|memory) section which essentially states if the string matches cpu OR memory then match. Grouping this section is very important without the parenthesis the expression would say match the string:

 

total cpu

OR

Memory above threshold

 

So that’s the basics covered and you should now be able to create pattern matches based on regular expressions within the Nimsoft NMS Software. You will find these techniques especially useful then using the NAS Auto-Operators and probes such as Logmon.

Outcomes