Prometheus + snmp_exporter regex - regex

I have Dell servers with iDrac 8. Monitoring: Prometheus+snmp_exporter+Grafana.
MIB: iDRAC-SMIv2
OID: 1.3.6.1.4.1.674.10892.5.4.300.40.1.8
From SNPP I get eventLogDateName in format: 20201222152131.000000+120
How can I use regex for replace 20201222152131.000000+120 to 12/22/20 15:21:31. I don't know where is I need insert my regex.
P.S.
pattern = '^(?P<YYYY>\d{4})(?P<MM>\d{2})(?P<DD>\d{2})(?P<HH>\d{2})(?P<mm>\d{2})(?P<ss>\d{2})\.(?P<SSSSSS>\d{6})(?P<ZZ>[-+]\d{3,4})$'
replacement = "${YYYY}-${MM}-${DD} ${HH}:${mm}:${ss}"

Related

Telegraf: How to extract from field using regex processor?

I would like to extract the values for connections, upstream and downstream using telegraf regex processor plugin from this input:
2022/11/16 22:38:48 In the last 1h0m0s, there were 10 connections. Traffic Relayed ↑ 60 MB, ↓ 4 MB.
Using this configuration the result key "upstream" is a copy of the initial message but without a part of the 'regexed' stuff.
[[processors.regex]]
tagpass = ["snowflake-proxy"]
[[processors.regex.fields]]
## Field to change
key = "message"
## All the power of the Go regular expressions available here
## For example, named subgroups
pattern = 'Relayed.{3}(?P<UPSTREAM>\d{1,4}\W.B),'
replacement = "${UPSTREAM}"
## If result_key is present, a new field will be created
## instead of changing existing field
result_key = "upstream"
Current output:
2022/11/17 10:38:48 In the last 1h0m0s, there were 1 connections. Traffic 3 MB ↓ 5 MB.
How do I get the decimals?
I'm quite a bit confused how to use the regex here, because on several examples in the web it should work like this. See for example: http://wiki.webperfect.ch/index.php?title=Telegraf:_Processor_Plugins
The replacement config option specifies what you want to replace in for any matches.
I think you want something closer to this:
[[processors.regex.fields]]
key = "message"
pattern = '.*Relayed.{3}(?P<UPSTREAM>\d{1,4}\W.B),.*$'
replacement = "${1}"
result_key = "upstream"
to get:
upstream="60 MB"

Using VBA and Regex to grab cost from outlook email

I would like to grab the cost shown below as a number:
478150 or 478150.00
Net Cost Budget Amount: $478,150.00 - Current Baselined Version Number - 1 - Version Name - Net
The text is found in an outlook email body and I am trying to use VBA to grab this item.
With BDGT
.Pattern = "(Net Cost Budget Amount[:] \d{1,3}(,\d{3})*(\.\d+))\n"
.Global = False
End With
Try this instead:
.Pattern = "Net Cost Budget Amount\: \$((?:\d{1,3}\,\d{3}|\d{1,3})\.\d+)"
It will match any number between (and including) 0.00 and 999,999.99, with mandatory separators.
I assume you already know how to extract matches/submatches with the vbscript.regex engine in VBA. If you don't, let me know.

RegEx for value 0.1 to 100.00

Looking at the xml file created by HitManPro I can see numerous entries like this one;
[Item type="Malware" malwareName="Trojan" score="0.0" status="None"]
This are the false positives.
I would like to replace the existing RegEX query that I use in a script (LabTech) with one that would look for anything like;
score="5.1" up to score="999.0"
I am new to Reg Ex queries, and I am having trouble building the search for digits inside the string score=" " .
Any help would be much appreciated. Below is a sample XML from hitmanPro
regards,
Oscar Romero
<br>
HitmanPro Scan Completed Successfully.
Threats Found!
<hr>
Scan Date: 2015-10-17T15:16:31<BR>
<p>"
[Log computer="computer name" windows="6.1.1.7601.X64/12" scan="Normal" version="3.7.9.246" date="2015-10-17T15:16:31" timeSpentInSecs="125" filesProcessed="15922"]
[Item type="Malware" malwareName="Malware" score="90.0" status="None"]
[Scanners]
[Scanner id="Bitdefender" name="Gen:Variant.Kazy.751212" /]
[/Scanners]
[File path="C:\Program Files (x86)\ESET\ESET Remote Administrator\Server\era.exe" hash="F7BB46D48B994539AFD400641CE8E4F85114FC7BA05A1BAA0D092F3A92817F13" /]
[Startup]
[Key path="HKLM\SYSTEM\CurrentControlSet\Services\ERA_SERVER\" /]
[/Startup]
[/Item]
[/Log]
"</p>
There must be a shorter version than this, but this should work.
score="(0\.[1-9]|[1-9]\.[0-9]|[1-9][0-9]\.[0-9]|[1-9][0-9][0-9]\.[0-9])"
Matches:
0.1
1.0
10.4
100.9
100.0
999.9
99.9
9.9
(etc.)
Does Not Match
0.0
0
(etc.)
Is regex the way to go?
As for whether regex is the right tool for the job, I probably agree with #Makoto that it isn't - unless you're doing a quick scan of the results as an FYI, rather than filtering results as part of a larger tool or application. In other words, except for the simplest cases, I agree with #Makoto that you want some xml parsing tool.
I have no idea on LabTech.
Anyway, the regex query that you can use:
\sscore="((?:5\.[1-9])|(?:[6-9]\.[0-9])|(?:[1-9]{1}[0-9]{1,2}\.[0-9]))"\s
or
\sscore="(5\.[1-9]|[6-9]\.[0-9]|[1-9]{1}[0-9]{1,2}\.[0-9])"\s
if you prefer without the (?: ... )
UPDATE:
Okay, I made further changes to support the 5.1 minimum, and max 999.9
PS: This is my first answer on StackOverflow

Powershell 2.0 - Convert Javascript object string into PS hash table?

I have a string in Powershell that is a javascript object. That is, it is a line of text stripped from a Javascript file, for instance, I might have
$theline = "{'prod_id':'123456789','prod_price':'100.00','prod_name':'Creative Software Package','prod_img':'https://mysite/images/123456789?$400x350$','prod_desc':'Software - Package - PC - Win7 - x64'};"
The Javascript elements might have values which contain more than just alphanumeric characters, and I don't think I can guarantee that they won't contain commas.
What I need to do is convert this variable into a Powershell Hash table.
First I was thinking about converting the string into a syntax that would match the ConvertFrom-StringData cmdlet. So the end result would be something like...
$convertedstr = #'
prod_id = 123456789
prod_price = 100.00
prod_name = Creative Software Package
prod_img = https://mysite/images/123456789?$400x350$
prod_desc = Software - Package - PC - Win7 - x64
'#
$table = ConvertFrom-StringData $convertedstr
$table
Name Value
---- -----
prod_desc Software - Package - PC - Win7 - x64
prod_name Creative Software Package
prod_id 123456789
prod_img https://mysite/images/123456789?$400x350$
prod_price 100.00
But I'm not sure how to go about the string replace to get that done. I also found the ConvertFrom-JSON cmdlet, but since I'm on Powershell 2.0 it isn't available to me.
I had tried something like
$theline = $theline -Replace "\{'(\w+)':'(.+)',?\};",'$1 = $2`n'
But it isn't matching it the way I'd like.
$theline
prod_name = Creative Software Package','prod_id':'123456789','prod_price':'100.00`n
I get why the regex is matching what it is, but I'm not sure how to get it to match each "element."
Any ideas for this? I'm open to something that might be easier than this string conversion and a regex replace as well.
Thanks in advance.
Trim the { from the start, and the }; from the end, and that basically leaves you with an array of Key:Value pairs. Then just create a PSCustomObject, and add members to it for each pair by splitting that array on the , and doing a RegEx match on each one.
$theline = "{'prod_id':'123456789','prod_price':'100.00','prod_name':'Creative Software Package','prod_img':'https://mysite/images/123456789?$400x350$','prod_desc':'Software - Package - PC - Win7 - x64'};"
$JavaImport = New-Object PSObject
$theline.TrimStart("{").trimend("};").split(",")|?{$_ -match "^'(.+?)':'(.+?)'$"}|%{Add-Member -InputObject $JavaImport -NotePropertyName ($Matches[1]) -NotePropertyValue ($Matches[2])}
PS C:\Users\TMTech> $JavaImport
prod_id : 123456789
prod_price : 100.00
prod_name : Creative Software Package
prod_img : https://mysite/images/123456789?$
prod_desc : Software - Package - PC - Win7 - x64
And I just realized you wanted a hashtable. My bad. Let my revise that a hair.
$theline = "{'prod_id':'123456789','prod_price':'100.00','prod_name':'Creative Software Package','prod_img':'https://mysite/images/123456789?$400x350$','prod_desc':'Software - Package - PC - Win7 - x64'};"
$JavaImport = #{}
$theline.TrimStart("{").trimend("};").split(",")|?{$_ -match "^'(.+?)':'(.+?)'$"}|%{$JavaImport.add($Matches[1],$Matches[2])}
PS C:\Users\TMTech> $JavaImport
Name Value
---- -----
prod_desc Software - Package - PC - Win7 - x64
prod_img https://mysite/images/123456789?$
prod_id 123456789
prod_price 100.00
prod_name Creative Software Package
This is already accepted, but I thought I'd comment on the origin line there. Because the OP was inputting it with double quotes we actually lost part of the URL. I ended up changing it to the following on my end:
$theline = '''prod_id'':''123456789'',''prod_price'':''100.00'',''prod_name'':''Creative Software Package'',''prod_img'':''https://mysite/images/123456789?$400x350$'',''prod_desc'':''Software - Package - PC - Win7 - x64'''
That way I could better match his desired input text. After that I stopped losing the $400x350 on the URL. Also, the RegEx escaping is a good idea, so the final solution for the user was:
$theline = '''prod_id'':''123456789'',''prod_price'':''100.00'',''prod_name'':''Creative Software Package'',''prod_img'':''https://mysite/images/123456789?$400x350$'',''prod_desc'':''Software - Package - PC - Win7 - x64'''
$JavaImport = #{}
[regex]::escape($theline).split(",")|?{$_ -match "^'(.+?)':'(.+?)'$"}|%{$JavaImport.add([regex]::unescape($Matches[1]),[regex]::unescape($Matches[2]))}

Regular expression for AQL

2011-12-01T00:43:51.251871+05:18 Dec 01 2011 00:41:32 KOC-TEJ-AMEX-ASA-5510-6 : %ASA-4-106023: Deny icmp src TCS:172.26.40.1 dst AMEX:172.26.40.187 (type 5, code 0) by access-group "TCS_access_in" [0x953d065b, 0x0]
Need to extract 2011-12-01T00:43:51.251871+05:18
My code
create view standardLogTime as
extract regex /(\d{4}\-\d{2}\-\d+\w+\:\d{2}\:\d+\.\d+\+\d+\:\d+)/ on D.text as testValue
from Document D;
-- Extracting standard log generation time.
create view standardLogTime as
extract regex /\d{4}(-\d{2}){2}T(\d{2}:){2}\d{2}\.\d+?\+\d{2}:\d{2}/ on D.text as testValue
from Document D;
output view standardLogTime;
-- Extracting incoming request Date.
create view dateView as
extract regex /(\s+\w+\s\d+\s\d{4})/ on Date.text as testDate from Document Date;
--output view dateView;
-- Extracting incoming request Time.
create view timeView as
extract regex /\s+(\d{1,2}\:\d{1,2}\:\d{1,2})/ on Time.text
as requestTime from Document Time;
--output view timeView;
-- Extracting the firewall device name.
create view deviceName as
extract regex /(\w+\-\w+\-\w+\-\w+\-\d+\-\d+)/ on Device.text
as deviceName from Document Device;
--output view deviceName;
create view combinedView as
extract pattern (<S.testValue>) (<D.testDate>) (<T.requestTime>) (<Div.deviceName>)
return group 0 as logTime and
group 1 as date and
group 2 as time and
group 3 as deviceName
from standardLogTime S,dateView D ,timeView T,deviceName Div;
output view combinedView;*/
I don't know what language that is, but in Python I would do
date = line.split()[0]
or, if I were forced to use an RE, it'd be
^(\S+)\s
\d{4}(-\d{2}){2}T(\d{2}:){2}\d{2}\.\d+?\+\d{2}:\d{2}