Regex Builder

Functional overview


This module allows you to define the grammar of an incoming message in a simple and ergonomic way. Indeed, the definition of a Regex to process an incoming message can be complex in terms of usability even for an experienced person.

To achieve this simplistic objective, this module offers the following functionalities:

  • Selection of the message model
  • Creation of the message grammar using selection highlighted buttons for Keyword, Word, Optional word and Phrase
  • Provide your pre-build Regex Rule
  • Button to test the grammar and visually see match information values that have been extracted
  • Association of the extracted values to the CEF fields or transformation of the message into a structured event
  • Real-time consideration of this new Regex rule by a specific selection or all AIOpsCell
  • Possibility to deactivate a rule with real-time consideration by the AIOpsCell

Regex rules list:


Controls description:


Create new Regex rule

When you click on New Regex, the following window is displayed:


Log section, here you should provide: * The name of the Regex rule * You can enable or disable the Regex * You must provide a delimiter which can be a space as an example * You can select the list of AIOpsCell which will take in account and manage this Regex * Then provide the message model and click Next

Note

All AIOpsCell configured are available whatever their status.

When you click on Next, the following Groups Identification window is displayed:


You have 2 options: * Rely on Highlighter * Or just provide your pre-buid regex by disabling Highlighter

During your regex building, watchdogs will help you with messages notification to prevent Regex inconstancies. As an example, you could not select a phrase with spaces while you specified a space as a delimiter. You have also buttons in blue to allow you Cancel or Re-Apply to manage your modifications and a button Reset in red to restart from scratch.

Please find below an example of Regex builder with Highlighter:

Start by specifying the Keyword


As you can see the first group has been created on the right in the Matching Information section.

Note: We recommend you as best practices to define on each Regex at least one Keyword to prevent any performance degradation on Regex analysis by the AIOpsCell engine.

Specifying Word


Note

If you select several keywords, the larger one will be used as pre-filter on AIOpsCell.

Specifying Optional Word


When you have finished your Regex with all needed Group information, then you click Next.

On the left side you have the list of the Group coming from the previous panel with Highlighted feature.

In the middle, you have the list of Common Event Fields (CEF) which have been defined as Regexable.

On the right side, you have the possibility to define a constant value or predefined value like the severity.

Then you can start your mapping policy by selecting the Group and the related field.

Then you save your Regex rule with the button Finish.

This new rule will be applied on all AIOpsCell selected in real time or in the next restart if down.