Need help in formatting a regex comand output.
Program that I created:
index=opennms "bigipServiceDown"
| rex field=eventlogmsg "bigipNotifyObjMsg=(?<POOL>.+down. )"
| table POOL, nodelabel
Output :
POOL nodelabel
Pool /Common/tiger.exxonmobil.com-443-pl member /Common/10.159.217.11:443 monitor status down. [ /Common/https-vdi-connection_manager: down; INMCOIGW-APNADC003
Pool /Common/tiger.exxonmobil.com-443-pl member /Common/10.159.217.11:443 monitor status down. [ /Common/https-vdi-connection_manager: down; INMCOIGW-APNADC003
Pool /Common/tiger.exxonmobil.com-443-pl member /Common/10.159.217.11:443 monitor status down. [ /Common/https-vdi-connection_manager: down; INMCOIGW-APNADC003
Expected output :
POOL Monitor VDI nodelabel
tiger.exxonmobil.com-443-pl member 10.159.217.11:443 monitor status down Common/https-vdi-connection_manager: down INMCOIGW-APNADC003
leopard.exxonmobil.com-443-pl member Common/vdi-pnh.ap.xom.com:443 monitor status down Common/https-vdi-connection_manager-pnh: down INMCO-APNADC104
RAW Data :
eventlogmsg=""<p>
bigipServiceDown trap received
bigipNotifyObjMsg=Pool /Common/leopard.exxonmobil.com-443-pl member /Common/vdi-pnh.ap.xom.com:443 monitor status down. [ /Common/https-vdi-connection_manager-pnh: down; last error: /Common/https-vdi-connection_manager-pnh: Response Code: 404 (Not Found) @2020/02/03 07:06:46. ] [ was up for 0hr:49mins:15sec ] (slot2)
bigipNotifyObjNode=/Common/vdi-pnh.ap.xom.com
bigipNotifyObjPort=443</p>""
You can use the following regex to extract the 3 fields POOL, Monitor and VDI. You can try this regex in regex101 to check what exactly is happening:
"bigipNotifyObjMsg=Pool\s+.*?(?<POOL>[^\/]+)(?=\s+)\s+.*?(?<Monitor>[^\/]+)(?=\.\s+\[)\.\s+\[\s+(?<VDI>[^;]+);"
Sorry that didnt worked, its not giving a result.
Raw Data:
eventlogmsg=""
bigipServiceDown trap received
bigipNotifyObjMsg=Pool /Common/leopard.exxonmobil.com-443-pl member /Common/vdi-pnh.ap.xom.com:443 monitor status down. [ /Common/https-vdi-connection_manager-pnh: down; last error: /Common/https-vdi-connection_manager-pnh: Response Code: 404 (Not Found) @2020/02/03 07:06:46. ] was up for 0hr:49mins:15sec
bigipNotifyObjNode=/Common/vdi-pnh.ap.xom.com
bigipNotifyObjPort=443