I am unable to find a working solution for a GetRegexp procedure to match the following fields, due to double quotes that exist in the text.
---
Message Detail:
5/14/21 2:33:15 PM AST
The Alert "._TESTING APM ALERT 03 Average Response Time (ms)" opened a danger alert with a target of 600:
SuperDomain/Portal PROD|xxxx01|Tomcat|TomcatAgent-xxxx01|Servlets|XXXXXDashboard:Average Response Time (ms) = 2331
Host: xxxx01 / Process Type: Tomcat / Container/Agent Name: TomcatAgent-xxxx01
Time: Fri May 14 14:33:15 / Metric: Servlets|XXXXXXDashboard:Average Response Time (ms) / Value: 2331 / Threshold: 600
Additional Metrics Violated:
---
I need to be extracted as a varbind on a new event. The problem is that it does not appear to match, no matter what I tried as a regular expression.
I'm using the following code procedure:
---
0xfff10001 E 50 P " \
CreateEventWithVariables( \
{ C CURRENT_MODEL }, \
{ H 0xfff20001 }, \
SetEventVariable( \
GetEventVariableList(), \
{ U 125 }, \
GetRegexp( \
GetEventVariable( { U 103 } ), \
{ S \"The Alert\\\"(.*)\\\"\" }, \
{ U 103 } )))
0xfff20001 E 50
---
Release : 10.x
Component : Spectrum Alarm & Event Management
First I validated this REGEX at https://regex101.com/:
"([^"]*)"
Then I added three backlashes in the REGEX:
\\\"([^\\\"]*)\\\"
{S \"\\\"([^\\\"]*)\\\"\"}
This is covered in this section of the Spectrum guide:
So your Event Procedure should be like this:
0xfff10001 E 50 P " \
CreateEventWithVariables( \
{ C CURRENT_MODEL }, \
{ H 0xfff20001 }, \
SetEventVariable( \
GetEventVariableList(), \
{ U 125 }, \
GetRegexp( \
GetEventVariable( { U 103 } ), \
{S \"\\\"([^\\\"]*)\\\"\"}, \
{ U 103 } )))
0xfff20001 E 50
Here an example of the result: