Find values inside parenthesees and put it into an array

Roberto_B · March 31, 2021, 3:55pm

Hi all,

i have this problem , i have this kind of value into a field:

Update for Windows Server 2012 R2 (KB3013410)"", Update for Windows Server 2012 R2 (KB3033446), Update for Windows Server 2012 R2 (KB3024751), Update for Windows Server 2012 R2 (KB3123245), Update for Windows Server 2012 R2 (KB3134815), Update for Windows Server 2012 R2 (KB3084905), Update for Windows Server 2012 R2 (KB3134179), Update for Windows Server 2012 R2 (KB3036612), Update for Windows Server 2012 R2 (KB3091297), Update for Windows Server 2012 R2 (KB3030947), Update for Windows Server 2012 R2 (KB3044673), Update for Windows Server 2012 R2 (KB3012702), Update for Windows Server 2012 R2 (KB3140219), Update for Windows Server 2012 R2 (KB3054169)

I need to insert in an array only the code into the paratheses , obviously the field haven't the same pattern . Maybe i have to use regex?!

A coffee to the first good advice!

Roberto

Badger · March 31, 2021, 5:02pm

input { generator { count => 1 lines => [ 'Update for Windows Server 2012 R2 (KB3013410)"", Update for Windows Server 2012 R2 (KB3033446), Update for Windows Server 2012 R2 (KB3024751), Update for Windows Server 2012 R2 (KB3123245), Update for Windows Server 2012 R2 (KB3134815), Update for Windows Server 2012 R2 (KB3084905), Update for Windows Server 2012 R2 (KB3134179), Update for Windows Server 2012 R2 (KB3036612), Update for Windows Server 2012 R2 (KB3091297), Update for Windows Server 2012 R2 (KB3030947), Update for Windows Server 2012 R2 (KB3044673), Update for Windows Server 2012 R2 (KB3012702), Update for Windows Server 2012 R2 (KB3140219), Update for Windows Server 2012 R2 (KB3054169)' ] } }
filter {
    ruby { code => 'event.set("patches", event.get("message").scan(/\(\w+\)/))' }
}

will produce

   "patches" => [
    [ 0] "(KB3013410)",
    [ 1] "(KB3033446)",
    [ 2] "(KB3024751)",
    [ 3] "(KB3123245)",
    [ 4] "(KB3134815)",
    [ 5] "(KB3084905)",
    [ 6] "(KB3134179)",
    [ 7] "(KB3036612)",
    [ 8] "(KB3091297)",
    [ 9] "(KB3030947)",
    [10] "(KB3044673)",
    [11] "(KB3012702)",
    [12] "(KB3140219)",
    [13] "(KB3054169)"
],

Roberto_B · April 1, 2021, 8:26am

IT WORKS !!!!

Another thing, sometime i have in input [ ]
(an empty list) in order to avoid Invalid Reference '[ ]' error I use:

filter{
	ruby {
  code => "
	if event.get('Patches available').nil?
		event.remove('[Patches available]')
	end
  "
	}
}

is it right?

system · April 29, 2021, 8:26am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.