Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Advanced Regex using EVAL

            Modified on Wed, 22 Oct at 1:10 PM

            The RegEx module has a lot of flexibility and power, but there are some use cases when it may fall short for what you are attempting to do.  An example might be a situation when you want to target a couple different Enumerated Values,   or have a few different regex patterns you wish to match.     There are also times when you may want to perform different actions on your data depending upon which regex pattern matches your data.      

            The Regex "-p" permissive flag only applies to the regex pattern itself.  It will still filter if you are attempting to search within an Enumerated Value which doesn't exist,  which can result in unexpected behavior.



            In these situations,  Eval can once again come to your rescue with the use of the Match function.    In it's most basic form, you can perform a simple regex filter through the entire entry, duplicating the functionality of the Regex module:


            eval match(DATA,"regexPattern")

            And you can reverse the behavior to filter out entries matching the pattern through the use of the Exclamation point ( ! )

            eval !match(DATA,"regexPattern")


            Where this can really start to become powerful is when you have multiple conditions you wish to match.   Rather than stringing together multiple grep or regex lines within your query,  the use of the AND ( && ) and OR ( || ) operators can allow you to check for multiple conditions within a single invocation of eval.


            eval (match(DATA,"patternA") && !match(DATA,"patternB"))

             Or checking multiple EV's for specific data,   without concern on if the EV exists or not in the entry


            eval (match(src_ip,"10\.10\.1\.\d[1,3]") || match(dst_ip,"10\.10\.12\.\d[1,3]")  && !match(action,"deny"))



            Using a RegEx match to perform additional actions


            Use of Regular Expressions can also provide opportunities to validate your data or perform additional actions based on the results of the match.     The Match function is fully supported within Eval's loop and logic check functionality as it returns a boolean True/False.


            If (match(Customer,"(?:[Ff]irst|1st).+Bank") || match(Customer,"(?:[Ff]irst|1st).+ Savings (?:and|\&) Loan"))  {
        do stuff ;
} else {
     Do something different;
}

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0