This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
david_auquiere
Cadet 1st Class
Cadet 1st Class
‎2018-03-27 08:44
1101 views

search criteria - regex usage

Hello,

I would like to make a search based on regex...but it does not work. The idea is to select only Initiator User Name (sun) formatted a follows: 2 alphanumerical characters and 5 numerical (e.g. A000005 or FR00001). I try the following criteria but it seems not working...

AND (sun match regex("\w{2}\d{5}"))

I have try the regex and it seems the syntax is ok. Could you help me to find the good way to express regex expression in sentinel (for search criteria)

Thanks,

david
Tags (2)
0 Likes
Reply
Report Inappropriate Content
5 Replies
david_auquiere
Cadet 1st Class
Cadet 1st Class
‎2018-03-27 12:16

I see in documentation sun:"/\w{2}\d{5}/" but same result...
0 Likes
Reply
Report Inappropriate Content
aburgemeister
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2018-03-27 19:05

Which version and SP of Sentinel are you using?

Could you show us an exported event that you are trying to match?

What happens if you go to something insanely simple as a regex, like .*
instead of the word/digit stuff you have?


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Reply
Report Inappropriate Content
ScorpionSting
Absent Member.
Absent Member.
‎2018-03-27 21:09

I've found that \x doesn't work....but [0-9] (etc) does....and drop quotes

AND (sun:/[A-Za-z]{2}[0-9]{5}/)

Visit my Website for links to Cool Solution articles.
0 Likes
Reply
Report Inappropriate Content
david_auquiere
Cadet 1st Class
Cadet 1st Class
‎2018-03-28 09:11

ScorpionSting;2478145 wrote:
I've found that \x doesn't work....but [0-9] (etc) does....and drop quotes

AND (sun:/[A-Za-z]{2}[0-9]{5}/)


it is working...Many thanks for your help,
0 Likes
Reply
Report Inappropriate Content
klasen
Micro Focus Expert
Micro Focus Expert
‎2018-03-29 08:09

On 2018-03-27 13:24, david auquiere wrote:
>
> I see in documentation sun:"/\w{2}\d{5}/" but same result...
>
>

https://www.netiq.com/documentation/sentinel-81/user/data/b19fn1ir.html
> These queries must be enclosed in quotation marks (“ “) and forward
slash (/).

Bug 1080046 - Sentinel 8.1 documentation shows wrong example for Regular
Expression Queries

The part about the quotes ss wrong. Do not quote the expression by
putting quotation marks around it.


--
Norbert
--
Norbert
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.