search cancel

Escape double quote in Event Procedure with REGEX

book

Article ID: 215119

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

I am unable to find a working solution for a GetRegexp procedure to match the following fields, due to double quotes that exist in the text. 

---

Message Detail:
    5/14/21 2:33:15 PM AST
The Alert "._TESTING APM ALERT 03 Average Response Time (ms)" opened a danger alert with a target of 600:
        SuperDomain/Portal PROD|xxxx01|Tomcat|TomcatAgent-xxxx01|Servlets|XXXXXDashboard:Average Response Time (ms) = 2331

Host: xxxx01 / Process Type: Tomcat / Container/Agent Name: TomcatAgent-xxxx01

Time: Fri May 14 14:33:15 / Metric: Servlets|XXXXXXDashboard:Average Response Time (ms) / Value: 2331 / Threshold: 600
Additional Metrics Violated: 

---

I need to be extracted as a varbind on a new event. The problem is that it does not appear to match, no matter what I tried as a regular expression.

I'm using the following code procedure:

---

0xfff10001 E 50 P " \
  CreateEventWithVariables( \
    { C CURRENT_MODEL }, \ 
    { H 0xfff20001 }, \ 
      SetEventVariable( \
        GetEventVariableList(), \
        { U 125 }, \ 
        GetRegexp( \
          GetEventVariable( { U  103 } ), \ 
          { S \"The Alert\\\"(.*)\\\"\" }, \ 
          { U 103 } )))
0xfff20001 E 50 

---

Environment

Release : 10.x

Component : Spectrum Alarm & Event Management

Resolution

First I validated this REGEX at https://regex101.com/:

"([^"]*)"

Then I added three backlashes in the REGEX:

\\\"([^\\\"]*)\\\"

{S \"\\\"([^\\\"]*)\\\"\"}

This is covered in this section of the Spectrum guide:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/10-4-3/managing-network/event-configuration/about-event-disposition-files.html

So your Event Procedure should be something like this:

0xfff10001 E 50 P " \
  CreateEventWithVariables( \
    { C CURRENT_MODEL }, \ 
    { H 0xfff20001 }, \ 
      SetEventVariable( \
        GetEventVariableList(), \
        { U 125 }, \ 
        GetRegexp( \
          GetEventVariable( { U  103 } ), \ 
          {S \"\\\"([^\\\"]*)\\\"\"}, \ 

          { U 103 } )))
0xfff20001 E 50 

 

Here an example of the result:

Attachments