Regex in Shell Scripting to pick values

radioactive9 · January 12, 2015, 3:56am

Hi

After lot of trial and error I am really bowled out with the requirement in hand and honestly you are my last hope

Here is what I want to achieve

Values

 
 
*IF *VALUE MS_SQL_Statistics_Summary.Client_Count_Percent_Used *GT 70.00 *AND *VALUE MS_SQL_Statistics_Summary.Client_Count_Percent_Used *LE 90.00
*IF *VALUE System.Page_Scan_Rate *GE 500
*IF *VALUE Unix_Memory.Used_Swap_Space_Pct *GT 90.0
*IF *VALUE NT_System.%_Total_Processor_Time *GE 90 *AND *VALUE NT_System.%_Total_Processor_Time *LT 95
*IF *VALUE MS_SQL_Server_Enterprise_View.Total_Lock_Conflicts *GE 60 
*IF *VALUE MS_SQL_Server_Summary.Total_OS_CPU_Percent *GE 80.00 *AND *VALUE MS_SQL_Server_Summary.Time_Since_Startup *GE 10
*IF *VALUE NT_Memory.Memory_Usage_Percentage *GE 90 *AND *VALUE NT_Memory.Memory_Usage_Percentage *LT 95

I need to fill a variable with the following information

if GT or GE string is found then fill with the corresponding next number for example 70.00 for first line 500 for second line 90.0 for thirdline
Sixth line has two GE so fill with 80.00,10 that is the one which is first occurence [comma] second occurrence
There will be lines which doesn't have *GE or *GT fill nothing

Here is what I could achieve till now

formula is a variable which contains the line one by one above in a for loop

e.g
formula="*IF *VALUE MS_SQL_Server_Summary.Total_OS_CPU_Percent *GE 80.00 *AND *VALUE MS_SQL_Server_Summary.Time_Since_Startup *GE 10"

 
valueGreater=`echo $formula | sed -nr 's/.*GE|.*GT ([0-9]+).*/\1/p'`

Obviously the above line is not fetching me the right results as i would like to have
Note this is part of a huge script. I cannot change the scriptling language now

Please help with some pointers:confused:

RavinderSingh13 · January 12, 2015, 5:02am

Hello radioactive9,

Not completly sure but if you need values of string GE and GT then could you please try following and let me know if this helps, I have taken values of GE and GT as follows.

awk -vs1="GE" '{for(i=1;i<=NF;i++){if($i ~ s1){A[NR]=A[NR]?A[NR] OFS $(i+1):NR OFS $(i+1)}}}  END{for(y in A){print A[y]}}' Input_file
OR
awk -vs1="GE" '{
                for(i=1;i<=NF;i++){
                                        if($i ~ s1){
                                                        A[NR]=A[NR]?A[NR] OFS $(i+1):NR OFS $(i+1)
                                                   }
                                  }
               }
                               END{
                for(y in A)       {
                                        print A[y]
                                  }
               }
             '  Input_file

Output is as follows:

For GT values:

awk -vs1="GT" '{for(i=1;i<=NF;i++){if($i ~ s1){A[NR]=A[NR]?A[NR] OFS $(i+1):NR OFS $(i+1)}}}  END{for(y in A){print A[y]}}' Input_file
OR
awk -vs1="GT" '{
                for(i=1;i<=NF;i++){
                                        if($i ~ s1){
                                                        A[NR]=A[NR]?A[NR] OFS $(i+1):NR OFS $(i+1)
                                                   }
                                  }
               }
                               END{
                for(y in A)       {
                                        print A[y]
                                  }
               }
             ' Input_file

Output will be as follows.

1 70.00
3 90.0

Here it is giving line number and then value of string next to it, also if there are more than a single occurance of words it is taking them into a single line. Kindly let me know additional details with complete input like how you are going to use it, will be helpful for us to advise you.

EDIT: Also you can remove the highlighted code and it wouldn't show you the line number which I added to just make sure
all same line's values are on same line.

Thanks,
R. Singh

disedorgue · January 12, 2015, 7:02am

Hello,

You can try:

$ echo $formula | sed -nr 's/^[0-9.,]*//;:b;s/GE |GT ([0-9.]*)/\1\n/;tb;:c;s/([0-9.,]*)[^\n]*\n/\1,/;tc;s/^,| .*$//gp'

Regards

radioactive9 · January 12, 2015, 7:21am

Hi

Thank you R. Singh. That is hell of a code. Almost what I need.

I need GT and GE to be listed together and not separately that is if the code sees GT or GE just pick up the value next to it. If it sees both pick both

A line can be there where we will have *GE and *GT in same formula. Pick both in same variable $valueGreater with a space is OK

 
-bash-3.2$ valueGreater=`echo $formula | awk -vs1="GE" '{for(i=1;i<=NF;i++){if($i ~ s1){A[NR]=A[NR]?A[NR] OFS $(i+1):NR OFS $(i+1)}}}  END{for(y in A){print A[y]}}'`
-bash-3.2$echo $valueGreater
1 80.00 10
-bash-3.2$

---------- Post updated at 07:21 AM ---------- Previous update was at 07:10 AM ----------

Almost works perfectly for

 
 
*IF *VALUE MS_SQL_Server_Summary.Total_OS_CPU_Percent *GE 80.00 *AND *VALUE MS_SQL_Server_Summary.Time_Since_Startup *GE 10

But fails on

 
*IF *VALUE MS_SQL_Server_Summary.Total_OS_CPU_Percent *GT 80.00 *AND *VALUE MS_SQL_Server_Summary.Time_Since_Startup
 
*IF *VALUE MS_SQL_Statistics_Summary.Client_Count_Percent_Used *GT 90.00

RavinderSingh13 · January 12, 2015, 7:42am

radioactive9:

Hi

Thank you R. Singh. That is hell of a code. Almost what I need.

I need GT and GE to be listed together and not separately that is if the code sees GT or GE just pick up the value next to it. If it sees both pick both

A line can be there where we will have *GE and *GT in same formula. Pick both in same variable $valueGreater with a space is OK

Also don't want that 1 2 3 at the start
 
-bash-3.2$ valueGreater=`echo $formula | awk -vs1="GE" '{for(i=1;i<=NF;i++){if($i ~ s1){A[NR]=A[NR]?A[NR] OFS $(i+1):NR OFS $(i+1)}}}  END{for(y in A){print A[y]}}'`
-bash-3.2$echo $valueGreater
1 80.00 10
-bash-3.2$
---------- Post updated at 07:21 AM ---------- Previous update was at 07:10 AM ----------

Almost works perfectly for
 
 
*IF *VALUE MS_SQL_Server_Summary.Total_OS_CPU_Percent *GE 80.00 *AND *VALUE MS_SQL_Server_Summary.Time_Since_Startup *GE 10
But fails on
 
*IF *VALUE MS_SQL_Server_Summary.Total_OS_CPU_Percent *GT 80.00 *AND *VALUE MS_SQL_Server_Summary.Time_Since_Startup
 
*IF *VALUE MS_SQL_Statistics_Summary.Client_Count_Percent_Used *GT 90.00

Hello radioactive9,

Could you please try following and let me know if this helps, hope this will(But not tested code though).

echo $formula | awk -vs1="GE" -vs2="GT" '{for(i=1;i<=NF;i++){if($i ~ s1){A[NR]=A[NR]?A[NR] OFS $(i+1):NR OFS $(i+1)}};if($i ~ s2){D[NR]=D[NR]?D[NR] OFS $(i+1):NR OFS $(i+1)}} END{for(i in A){print A};for(j in D){print D[j]}}'

Thanks,
R. Singh

disedorgue · January 12, 2015, 7:46am

radioactive9:

Hi

Thank you R. Singh. That is hell of a code. Almost what I need.

I need GT and GE to be listed together and not separately that is if the code sees GT or GE just pick up the value next to it. If it sees both pick both

A line can be there where we will have *GE and *GT in same formula. Pick both in same variable $valueGreater with a space is OK

Also don't want that 1 2 3 at the start
 
-bash-3.2$ valueGreater=`echo $formula | awk -vs1="GE" '{for(i=1;i<=NF;i++){if($i ~ s1){A[NR]=A[NR]?A[NR] OFS $(i+1):NR OFS $(i+1)}}}  END{for(y in A){print A[y]}}'`
-bash-3.2$echo $valueGreater
1 80.00 10
-bash-3.2$
---------- Post updated at 07:21 AM ---------- Previous update was at 07:10 AM ----------

Almost works perfectly for
 
 
*IF *VALUE MS_SQL_Server_Summary.Total_OS_CPU_Percent *GE 80.00 *AND *VALUE MS_SQL_Server_Summary.Time_Since_Startup *GE 10
But fails on
 
*IF *VALUE MS_SQL_Server_Summary.Total_OS_CPU_Percent *GT 80.00 *AND *VALUE MS_SQL_Server_Summary.Time_Since_Startup
 
*IF *VALUE MS_SQL_Statistics_Summary.Client_Count_Percent_Used *GT 90.00

With this modification, it works better:

$ echo $formula | sed -nr 's/^[0-9.,]*//;:b;s/G[TE] *([0-9.]+)/\n\1/;tb;:c;s/([0-9.,]*)[^\n]*\n/\1,/;tc;s/^[^0-9]*|[^0-9]*$//gp'

radioactive9 · January 12, 2015, 8:04am

ravindersingh13:

Hello radioactive9,

Could you please try following and let me know if this helps, hope this will(But not tested code though).
echo $formula | awk -vs1="GE" -vs2="GT" '{for(i=1;i<=NF;i++){if($i ~ s1){A[NR]=A[NR]?A[NR] OFS $(i+1):NR OFS $(i+1)}};if($i ~ s2){D[NR]=D[NR]?D[NR] OFS $(i+1):NR OFS $(i+1)}} END{for(i in A){print A};for(j in D){print D[j]}}'
Thanks,
R. Singh

Now it doesn't return anything

---------- Post updated at 08:04 AM ---------- Previous update was at 08:03 AM ----------

Awesome so far so good. This one is very very complex. I have no clue how you deduced such a complex code. Thank you man.

I don't understand how it is doing. But it is doing what I want so far so good

RavinderSingh13 · January 12, 2015, 8:15am

Hello radioactive9,

Could you please try following and let me know if this helps.

awk -vs1="GE" -vs2="GT" '{for(i=1;i<=NF;i++){if($i ~ s1){A[NR]=A[NR]?A[NR] OFS $(i+1):NR OFS $(i+1)};if($i ~ s2){D[NR]=D[NR]?D[NR] OFS $(i+1):NR OFS $(i+1)}}} END{for(i in A){print "GE " A};for(j in D){print "GT " D[j]}}'  Input_file

Thanks,
R. Singh

disedorgue · January 12, 2015, 8:17am

No, It' s not work fine for line 4 and 7, so i corrected by:

sed -nr 's/^[0-9.,]*//;:b;s/G[TE] *([0-9.]+)/\n\1/;tb;:c;s/([0-9.,]*)[^\n]*\n/\1,/;tc;s/,//;s/^([0-9.,]*).*/\1/;p'

Regards.

radioactive9 · January 12, 2015, 8:48am

disedorgue:

No, It' s not work fine for line 4 and 7, so i corrected by:
sed -nr 's/^[0-9.,]*//;:b;s/G[TE] *([0-9.]+)/\n\1/;tb;:c;s/([0-9.,]*)[^\n]*\n/\1,/;tc;s/,//;s/^([0-9.,]*).*/\1/;p'
Regards.

Yes Now it looks awesome and it works for me. I wanted to go sed way as it is some what cool.

Thank You very much I have checked against vast combination of data and it is Ok for us.

Thank You R Singh as well. This one works too. Thanks for your efforts for helping me out.

You Both ROCK

radioactive9 · January 19, 2015, 9:18am

Sorry for digging this up.

Here is further what I want to do in similar lines

 *IF *VALUE System.Page_Scan_Rate *GE 500  *IF *VALUE Unix_Memory.Used_Swap_Space_Pct *GT 90.0  *IF *VALUE Unix_Memory.Used_Swap_Space_Pct *GT 90.0  *IF *VALUE KLZ_CPU.Busy_CPU *GE 95.00 *AND *VALUE KLZ_CPU.CPU_ID *EQ Aggregate  *IF ( ( *VALUE Process.Execution_State *EQ Active *AND *VALUE Process.CPU_Pct *GT 95.00 ) *OR ( *VALUE Process.Execution_State *EQ Runnable *AND *VALUE Process.CPU_Pct *GT 95.00 ) )  *IF *VALUE NT_Event_Log.Event_ID *EQ 11 *AND *VALUE NT_Event_Log.Source_U *EQ 'Disk'  *IF ( ( *VALUE NT_Event_Log.Event_ID *EQ 50 *AND *VALUE NT_Event_Log.Source_U *EQ 'Ntfs' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 55 *AND *VALUE NT_Event_Log.Source_U *EQ 'NTFS' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 57 *AND *VALUE NT_Event_Log.Source_U *EQ 'Ftdisk' ) )  *IF *VALUE KLZ_CPU.Busy_CPU *GT 90.00 *AND *VALUE KLZ_CPU.Busy_CPU *LT 95.00 *AND *VALUE KLZ_CPU.CPU_ID *EQ Aggregate  *IF *VALUE NT_System.%_Total_Processor_Time *GE 95  *IF *VALUE KLZ_VM_Stats.Net_Memory_Used_Pct *GE 85 *AND *VALUE KLZ_VM_Stats.Net_Memory_Used_Pct *LT 90  *IF ( ( *VALUE NT_Event_Log.Event_ID *EQ 17 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 24 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 25 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 29 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 40960 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 46 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 4748 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 50 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) )  *IF *VALUE Linux_Process.Total_Busy_CPU_Pct *GT 95.00 *AND *VALUE Linux_Process.State *EQ Running  *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'xinetd' )  *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'sendmail' )  *IF *VALUE Linux_VM_Stats.Swap_Pct_Used *GE 85 *AND *VALUE Linux_VM_Stats.Swap_Pct_Used *LT 90  *IF *VALUE Disk.Inodes_Used_Percent *GT 85 *AND *VALUE Disk.Inodes_Used_Percent *LE 95  *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'ntpd' )  *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'nfsd' )  *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'syslogd' )  *IF *VALUE KLZ_Network.Interface_Status *EQ DOWN  *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'crond' )  *IF *VALUE KLZ_VM_Stats.Net_Memory_Used_Pct *GT 90  *IF *VALUE Disk.Inodes_Used_Percent *GT 95  *IF *VALUE Linux_Process.State *EQ Zombie *AND *COUNT Linux_Process.State *GT 10  *IF *VALUE SMP_CPU.CPU_Busy *GT 85 *AND *VALUE SMP_CPU.CPU_Busy *LE 95 *AND *VALUE System.Load_Average_15_Min *GT 3.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate  *IF *VALUE SMP_CPU.CPU_Busy *GT 85 *AND *VALUE SMP_CPU.CPU_Busy *LE 95 *AND *VALUE System.Load_Average_15_Min *GT 3.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate  *IF *VALUE KLZ_NFS_Statistics.NFS_Null_Calls *GE 15  *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'init' )  *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'snmpd' )  *IF *VALUE NT_Memory.Memory_Usage_Percentage *GE 95  *IF *VALUE SMP_CPU.CPU_Busy *GT 95 *AND *VALUE System.Load_Average_15_Min *GT 5.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate  *IF *VALUE SMP_CPU.CPU_Busy *GT 95 *AND *VALUE System.Load_Average_15_Min *GT 5.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate  *IF *MISSING Process.Command *EQ ( '/usr/sbin/cron' )  *IF *MISSING Process.Command *EQ ( '/usr/sbin/envd' )  *IF *MISSING Process.Command *EQ ( '/usr/sbin/inetd' )  *IF *MISSING Process.Command *EQ ( 'init' )  *IF *MISSING Process.Command *EQ ( 'lvmkd' )  *IF *MISSING Process.Command *EQ ( '*netfmt' )  *IF *MISSING Process.Command *EQ ( '*nktl_daemon' )  *IF *MISSING Process.Command *EQ ( '*ntl_reader' )  *IF *MISSING Process.Command *EQ ( 'statdaemon' ) :wall: *IF *MISSING Process.Command *EQ ( 'swapper' )  *IF *MISSING Process.Command *EQ ( '/usr/sbin/syncer' )  *IF *MISSING Process.Command *EQ ( '/usr/sbin/syslogd' )  *IF *MISSING Process.Command *EQ ( 'vhand' )  *IF *VALUE System.Virtual_Memory_Percent_Used *GT 85.0 *AND *VALUE System.Virtual_Memory_Percent_Used *LT 95.0  *IF *VALUE System.Virtual_Memory_Percent_Used *GT 85.0 *AND *VALUE System.Virtual_Memory_Percent_Used *LT 95.0  *IF *MISSING Process.Command *EQ ( '/usr/sbin/xntpd' )  *IF *MISSING Process.Command *EQ ( '/usr/lib/inet/inetd' )  *IF *MISSING Process.Command *EQ ( '/sbin/init' )  *IF *MISSING Process.Command *EQ ( '/usr/sbin/syslogd' )  *IF *MISSING Process.Command *EQ ( '/usr/lib/inet/xntpd' )  *IF *VALUE System.Virtual_Memory_Percent_Used *GE 95.0  *IF *VALUE System.Virtual_Memory_Percent_Used *GE 95.0  *IF *VALUE System.Page_Scan_Rate *GE 300 *AND *VALUE System.Page_Scan_Rate *LT 500

The above is the huge list of possible formula.

Now in each line there is a *VALUE attribute.attribute (*EQ/*LT/*LE/*GT/*GE) [Some value]

I need to pick the section-

 
 
attribute.attribute (*EQ/*LT/*LE/*GT/*GE) [Some value]

e.g
var1=System.Page_Scan_Rate *GE 500 in first line

var1=Linux_VM_Stats.Swap_Pct_Used *GE 85
& var2=Linux_VM_Stats.Swap_Pct_Used *LT 90 in line marked yellow

var1=Process.Command *EQ ( 'statdaemon' ) in line with :wall:

---------- Post updated at 09:18 AM ---------- Previous update was at 09:05 AM ----------

*IF *VALUE System.Page_Scan_Rate *GE 500 
 *IF *VALUE Unix_Memory.Used_Swap_Space_Pct *GT 90.0 
 *IF *VALUE Unix_Memory.Used_Swap_Space_Pct *GT 90.0 
 *IF *VALUE KLZ_CPU.Busy_CPU *GE 95.00 *AND *VALUE KLZ_CPU.CPU_ID *EQ Aggregate 
 *IF ( ( *VALUE Process.Execution_State *EQ Active *AND *VALUE Process.CPU_Pct *GT 95.00 ) *OR ( *VALUE Process.Execution_State *EQ Runnable *AND *VALUE Process.CPU_Pct *GT 95.00 ) ) 
 *IF *VALUE NT_Event_Log.Event_ID *EQ 11 *AND *VALUE NT_Event_Log.Source_U *EQ 'Disk' 
 *IF ( ( *VALUE NT_Event_Log.Event_ID *EQ 50 *AND *VALUE NT_Event_Log.Source_U *EQ 'Ntfs' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 55 *AND *VALUE NT_Event_Log.Source_U *EQ 'NTFS' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 57 *AND *VALUE NT_Event_Log.Source_U *EQ 'Ftdisk' ) ) 
 *IF *VALUE KLZ_CPU.Busy_CPU *GT 90.00 *AND *VALUE KLZ_CPU.Busy_CPU *LT 95.00 *AND *VALUE KLZ_CPU.CPU_ID *EQ Aggregate 
 *IF *VALUE NT_System.%_Total_Processor_Time *GE 95 
 *IF *VALUE KLZ_VM_Stats.Net_Memory_Used_Pct *GE 85 *AND *VALUE KLZ_VM_Stats.Net_Memory_Used_Pct *LT 90 
 *IF ( ( *VALUE NT_Event_Log.Event_ID *EQ 17 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 24 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 25 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 29 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 40960 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 46 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 4748 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 50 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) ) 
 *IF *VALUE Linux_Process.Total_Busy_CPU_Pct *GT 95.00 *AND *VALUE Linux_Process.State *EQ Running 
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'xinetd' ) 
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'sendmail' ) 
 *IF *VALUE Linux_VM_Stats.Swap_Pct_Used *GE 85 *AND *VALUE Linux_VM_Stats.Swap_Pct_Used *LT 90 
 *IF *VALUE Disk.Inodes_Used_Percent *GT 85 *AND *VALUE Disk.Inodes_Used_Percent *LE 95 
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'ntpd' ) 
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'nfsd' ) 
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'syslogd' ) 
 *IF *VALUE KLZ_Network.Interface_Status *EQ DOWN 
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'crond' ) 
 *IF *VALUE KLZ_VM_Stats.Net_Memory_Used_Pct *GT 90 
 *IF *VALUE Disk.Inodes_Used_Percent *GT 95 
 *IF *VALUE Linux_Process.State *EQ Zombie *AND *COUNT Linux_Process.State *GT 10 
 *IF *VALUE SMP_CPU.CPU_Busy *GT 85 *AND *VALUE SMP_CPU.CPU_Busy *LE 95 *AND *VALUE System.Load_Average_15_Min *GT 3.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate 
 *IF *VALUE SMP_CPU.CPU_Busy *GT 85 *AND *VALUE SMP_CPU.CPU_Busy *LE 95 *AND *VALUE System.Load_Average_15_Min *GT 3.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate 
 *IF *VALUE KLZ_NFS_Statistics.NFS_Null_Calls *GE 15 
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'init' ) 
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'snmpd' ) 
 *IF *VALUE NT_Memory.Memory_Usage_Percentage *GE 95 
 *IF *VALUE SMP_CPU.CPU_Busy *GT 95 *AND *VALUE System.Load_Average_15_Min *GT 5.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate 
 *IF *VALUE SMP_CPU.CPU_Busy *GT 95 *AND *VALUE System.Load_Average_15_Min *GT 5.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate 
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/cron' ) 
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/envd' ) 
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/inetd' ) 
 *IF *MISSING Process.Command *EQ ( 'init' ) 
 *IF *MISSING Process.Command *EQ ( 'lvmkd' ) 
 *IF *MISSING Process.Command *EQ ( '*netfmt' ) 
 *IF *MISSING Process.Command *EQ ( '*nktl_daemon' ) 
 *IF *MISSING Process.Command *EQ ( '*ntl_reader' ) 
 *IF *MISSING Process.Command *EQ ( 'statdaemon' ) 
 *IF *MISSING Process.Command *EQ ( 'swapper' ) 
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/syncer' ) 
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/syslogd' ) 
 *IF *MISSING Process.Command *EQ ( 'vhand' ) 
 *IF *VALUE System.Virtual_Memory_Percent_Used *GT 85.0 *AND *VALUE System.Virtual_Memory_Percent_Used *LT 95.0 
 *IF *VALUE System.Virtual_Memory_Percent_Used *GT 85.0 *AND *VALUE System.Virtual_Memory_Percent_Used *LT 95.0 
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/xntpd' ) 
 *IF *MISSING Process.Command *EQ ( '/usr/lib/inet/inetd' ) 
 *IF *MISSING Process.Command *EQ ( '/sbin/init' ) 
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/syslogd' ) 
 *IF *MISSING Process.Command *EQ ( '/usr/lib/inet/xntpd' ) 
 *IF *VALUE System.Virtual_Memory_Percent_Used *GE 95.0 
 *IF *VALUE System.Virtual_Memory_Percent_Used *GE 95.0 
 *IF *VALUE System.Page_Scan_Rate *GE 300 *AND *VALUE System.Page_Scan_Rate *LT 500

RavinderSingh13 · January 19, 2015, 10:08am

Hello radioactive9,

Could you please try following and let me know if this helps.

awk '{match($0,/[a-zA-Z]+\.[a-zA-Z]+_[a-zA-Z]+_[a-zA-Z]+.*\*(EQ|LT|LE|GT|GE).*[0-9]+\.[0-9]+/);A=substr($0,RSTART,RLENGTH);if(A){print A}}'  Input_file

EDIT: Adding one more solution, could you please check both and let us know if these help you.

awk  '{match($0,/[a-zA-Z]+\.[a-zA-Z]+_[a-zA-Z]+_[a-zA-Z]+[[:space:]]\*+[(EQ)(LT)(LE)(GT)(GE)]+[[:space:]][0-9]+/);A=substr($0,RSTART,RLENGTH);if(A){print A}}'  Input_file

Thanks,
R. Singh

disedorgue · January 19, 2015, 6:38pm

With (gnu) grep:

grep -o "\w*\.\w* \*\(EQ\|LT\|LE\|GT\|GE\) \([^ ]*\|( *[^ ]* *)\)" file

Regards.

radioactive9 · January 20, 2015, 4:44am

Thanks guys

@Ravinder

formula=*IF *VALUE SMP_CPU.CPU_Busy *GT 95 *AND *VALUE System.Load_Average_15_Min *GT 5.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate

echo $formula | awk  '{match($0,/[a-zA-Z]+\.[a-zA-Z]+_[a-zA-Z]+_[a-zA-Z]+[[:space:]]\*+[(EQ)(LT)(LE)(GT)(GE)]+[[:space:]][0-9]+/);A=substr($0,RSTART,RLENGTH);if(A){print A}}'

fails nothing is returned

@disedorgue

grep -o "\w*\.\w* \*\(EQ\|LT\|LE\|GT\|GE\) \([^ ]*\|( *[^ ]* *)\)"

Works amost across all permutation and combination in our vast complicated environment.
Its my bad that i did not give one combination where it is failing. Its my fault

*IF *SCAN Log_Entries.Description_U *EQ 'Link Down Event' *UNTIL ( *TTL 0:00:15:00 )

with the above combination it returns

Log_Entries.Description_U *EQ 'Link

expected return is

Log_Entries.Description_U *EQ 'Link Down Event'

This type of formula will always have ' quotes with spaces '

I think this will suffice my boss.

Guys honestly this is great what you have done for me. I will never know whether i could ever be any help to you two. I love you guys

RavinderSingh13 · January 20, 2015, 5:46am

Hello radioactive9,

I have given previous command as per your input and it worked for me as follows.
Input_file:

cat test18
*IF *VALUE System.Page_Scan_Rate *GE 500
*IF *VALUE System.Page_Scan_Rate *EQ 12000
 *IF *VALUE Unix_Memory.Used_Swap_Space_Pct *GT 90.0
 *IF *VALUE Unix_Memory.Used_Swap_Space_Pct *GT 90.0
 *IF *VALUE KLZ_CPU.Busy_CPU *GE 95.00 *AND *VALUE KLZ_CPU.CPU_ID *EQ Aggregate
 *IF ( ( *VALUE Process.Execution_State *EQ Active *AND *VALUE Process.CPU_Pct *GT 95.00 ) *OR ( *VALUE Process.Execution_State *EQ Runnable *AND *VALUE Process.CPU_Pct *GT 95.00 ) )
 *IF *VALUE NT_Event_Log.Event_ID *EQ 11 *AND *VALUE NT_Event_Log.Source_U *EQ 'Disk'
 *IF ( ( *VALUE NT_Event_Log.Event_ID *EQ 50 *AND *VALUE NT_Event_Log.Source_U *EQ 'Ntfs' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 55 *AND *VALUE NT_Event_Log.Source_U *EQ 'NTFS' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 57 *AND *VALUE NT_Event_Log.Source_U *EQ 'Ftdisk' ) )
 *IF *VALUE KLZ_CPU.Busy_CPU *GT 90.00 *AND *VALUE KLZ_CPU.Busy_CPU *LT 95.00 *AND *VALUE KLZ_CPU.CPU_ID *EQ Aggregate
 *IF *VALUE NT_System.%_Total_Processor_Time *GE 95
 *IF *VALUE KLZ_VM_Stats.Net_Memory_Used_Pct *GE 85 *AND *VALUE KLZ_VM_Stats.Net_Memory_Used_Pct *LT 90
 *IF ( ( *VALUE NT_Event_Log.Event_ID *EQ 17 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 24 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 25 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 29 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 40960 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 46 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 4748 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) *OR ( *VALUE NT_Event_Log.Event_ID *EQ 50 *AND *VALUE NT_Event_Log.Log_Name_U *EQ 'System' ) )
 *IF *VALUE Linux_Process.Total_Busy_CPU_Pct *GT 95.00 *AND *VALUE Linux_Process.State *EQ Running
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'xinetd' )
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'sendmail' )
 *IF *VALUE Linux_VM_Stats.Swap_Pct_Used *GE 85 *AND *VALUE Linux_VM_Stats.Swap_Pct_Used *LT 90
 *IF *VALUE Disk.Inodes_Used_Percent *GT 85 *AND *VALUE Disk.Inodes_Used_Percent *LE 95
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'ntpd' )
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'nfsd' )
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'syslogd' )
 *IF *VALUE KLZ_Network.Interface_Status *EQ DOWN
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'crond' )
 *IF *VALUE KLZ_VM_Stats.Net_Memory_Used_Pct *GT 90
 *IF *VALUE Disk.Inodes_Used_Percent *GT 95
 *IF *VALUE Linux_Process.State *EQ Zombie *AND *COUNT Linux_Process.State *GT 10
 *IF *VALUE SMP_CPU.CPU_Busy *GT 85 *AND *VALUE SMP_CPU.CPU_Busy *LE 95 *AND *VALUE System.Load_Average_15_Min *GT 3.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate
 *IF *VALUE SMP_CPU.CPU_Busy *GT 85 *AND *VALUE SMP_CPU.CPU_Busy *LE 95 *AND *VALUE System.Load_Average_15_Min *GT 3.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate
 *IF *VALUE KLZ_NFS_Statistics.NFS_Null_Calls *GE 15
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'init' )
 *IF *MISSING Linux_Process.Process_Command_Name_U *EQ ( 'snmpd' )
 *IF *VALUE NT_Memory.Memory_Usage_Percentage *GE 95
 *IF *VALUE SMP_CPU.CPU_Busy *GT 95 *AND *VALUE System.Load_Average_15_Min *GT 5.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate
 *IF *VALUE SMP_CPU.CPU_Busy *GT 95 *AND *VALUE System.Load_Average_15_Min *GT 5.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/cron' )
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/envd' )
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/inetd' )
 *IF *MISSING Process.Command *EQ ( 'init' )
 *IF *MISSING Process.Command *EQ ( 'lvmkd' )
 *IF *MISSING Process.Command *EQ ( '*netfmt' )
 *IF *MISSING Process.Command *EQ ( '*nktl_daemon' )
 *IF *MISSING Process.Command *EQ ( '*ntl_reader' )
 *IF *MISSING Process.Command *EQ ( 'statdaemon' )
 *IF *MISSING Process.Command *EQ ( 'swapper' )
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/syncer' )
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/syslogd' )
 *IF *MISSING Process.Command *EQ ( 'vhand' )
 *IF *VALUE System.Virtual_Memory_Percent_Used *GT 85.0 *AND *VALUE System.Virtual_Memory_Percent_Used *LT 95.0
 *IF *VALUE System.Virtual_Memory_Percent_Used *GT 85.0 *AND *VALUE System.Virtual_Memory_Percent_Used *LT 95.0
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/xntpd' )
 *IF *MISSING Process.Command *EQ ( '/usr/lib/inet/inetd' )
 *IF *MISSING Process.Command *EQ ( '/sbin/init' )
 *IF *MISSING Process.Command *EQ ( '/usr/sbin/syslogd' )
 *IF *MISSING Process.Command *EQ ( '/usr/lib/inet/xntpd' )
 *IF *VALUE System.Virtual_Memory_Percent_Used *GE 95.0
 *IF *VALUE System.Virtual_Memory_Percent_Used *GE 95.0
 *IF *VALUE System.Page_Scan_Rate *GE 300 *AND *VALUE System.Page_Scan_Rate *LT 500

Code as follows:

awk  '{match($0,/[a-zA-Z]+\.[a-zA-Z]+_[a-zA-Z]+_[a-zA-Z]+[[:space:]]\*+[(EQ)(LT)(LE)(GT)(GE)]+[[:space:]][0-9]+/);A=substr($0,RSTART,RLENGTH);if(A){print A}}'  test18

Output will be as follows:

System.Page_Scan_Rate *GE 500
System.Page_Scan_Rate *EQ 12000
Stats.Swap_Pct_Used *GE 85
Disk.Inodes_Used_Percent *GT 85
Disk.Inodes_Used_Percent *GT 95
Statistics.NFS_Null_Calls *GE 15
Memory.Memory_Usage_Percentage *GE 95
System.Page_Scan_Rate *GE 300

Now for your variable formula it is a bit different from input file provided so only my code was not working on this, made a minor change init, hope it may help this time.

formula="*IF *VALUE SMP_CPU.CPU_Busy *GT 95 *AND *VALUE System.Load_Average_15_Min *GT 5.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate"
echo $formula | awk  '{match($0,/[a-zA-Z]+_[a-zA-Z]+\.[a-zA-Z]+_[a-zA-Z]+[[:space:]]\*+[(EQ)(LT)(LE)(GT)(GE)]+[[:space:]][0-9]+/);A=substr($0,RSTART,RLENGTH);if(A){print A}}'

Output will be as follows:

SMP_CPU.CPU_Busy *GT 95

Thanks,
R. Singh

disedorgue · January 20, 2015, 6:02am

To take account the last case:

 grep -o "\w*\.\w* \*\(EQ\|LT\|LE\|GT\|GE\) \([^ ]*\|( *[^ ]* *)\|'[^']*'\)" file

Regards.

radioactive9 · January 20, 2015, 6:42am

Hi R. Singh

This is sweet :rolleyes:.

Well for that type of formula or any other formula where we have multiple attribute and value we need all of them in separate lines / variables

formula="*IF *VALUE SMP_CPU.CPU_Busy *GT 95 *AND *VALUE System.Load_Average_15_Min *GT 5.00 *AND *VALUE SMP_CPU.CPU_ID *EQ aggregate"

what we need is

 
SMP_CPU.CPU_Busy *GT 95 
System.Load_Average_15_Min *GT 5.00 
SMP_CPU.CPU_ID *EQ aggregate

Check this command output

 
echo $formula | grep -o "\w*\.\w* \*\(EQ\|LT\|LE\|GT\|GE\) \([^ ]*\|( *[^ ]* *)\|'[^']*'\)" | tr '\n' ','

This is more like what we are looking comma separated all attributes + values

---------- Post updated at 06:42 AM ---------- Previous update was at 06:09 AM ----------

Hello

Almost ran through a huge environment with the line you provided 99 % success

 
formula=" *IF *VALUE NT_System.%_Total_Processor_Time *GE 95 "
formula= " *IF *VALUE MS_Exchange_DB.Log_Record_Stalls/sec *GT 100.00 "
formula= " *IF *VALUE MS_Exchange_Transport_Queues.Active_Non-SMTP_Delivery_Queue_Length *GT 500 *AND *VALUE MS_Exchange_Transport_Queues.Active_Non-SMTP_Delivery_Queue_Length *LE 750 "

Fails

looks like special charecter issue like _ or - or % or / in attribute.attribute

Regards

disedorgue · January 20, 2015, 7:28am

It's normal, because '\w' is equivalent as '[[:alnum:]_]' , so this below work with your input and should work in other case (not tested for other case):

grep -o "[^ ]*\.[^ ]* \*\(EQ\|LT\|LE\|GT\|GE\) \([^ ]*\|( *[^ ]* *)\|'[^']*'\)" file

I just replace '\w' by '[^ ]' .

Regards.

EDIT: better as:

grep -o "[^. ]*\.[^. ]* \*\(EQ\|LT\|LE\|GT\|GE\) \([^ ]*\|( *[^ ]* *)\|'[^']*'\)" file

RavinderSingh13 · January 20, 2015, 7:36am

Hello radioactive9,

Could you please try following codes, I am sure they may help you.
Code1 :

echo $formula | awk  -F"*AND" '{for(i=1;i<=NF;i++){sub(/^[[:space:]]/,X,$i);match($i,/[a-zA-Z]+_[a-zA-Z]+\.[a-zA-Z]+_[a-zA-Z]+[[:space:]]\*+[(EQ)(LT)(LE)(GT)(GE)].*/);A=substr($i,RSTART,RLENGTH);if(A){print A};match($i,/[a-zA-Z]+\.[a-zA-Z]+_[a-zA-Z]+_[0-9]+\_[a-zA-Z]+[[:space:]]\*+[(EQ)(LT)(LE)(GT)(GE)].*/);A=substr($i,RSTART,RLENGTH);if(A){print A};}}'

Output will be as follows.

SMP_CPU.CPU_Busy *GT 95
System.Load_Average_15_Min *GT 5.00
SMP_CPU.CPU_ID *EQ aggregate

Code2:

echo $formula | awk  -F"*AND" '{for(i=1;i<=NF;i++){gsub(/^[[:space:]]/,X,$i);print $i}}'

Output will be as follows.

*IF *VALUE SMP_CPU.CPU_Busy *GT 95
*VALUE System.Load_Average_15_Min *GT 5.00
*VALUE SMP_CPU.CPU_ID *EQ aggregate

Here we need to keep two things in mind, both codes are looking for string
*AND so it should be there in each line, now code1 is looking for 2 regex values string_string.string_string and string.string_string_digits_string
so if any value doesn't satisfy that it will not print anything,
code2 is simple looking for string *AND and printing the fields not looking for any pattern just simply prinintg fields, now according to your post#1 what I understood is you are looking for a single match and pattern so I suggested like
that let's see if these codes may help you or not, finger crossed.

Thanks,
R. Singh

radioactive9 · January 22, 2015, 5:30am

Hello

Both codes do help. But AND is something not common across all definations. Sometimes it might have a OR as well.

Infact I need to capture that portion of the string as well.

Something like this

 
 
formula="*IF ( ( *VALUE NT_System.Operating_System_Version *EQ 4.0 *AND *VALUE NT_System.%_Total_Processor_Time *GE 90 *OR *VALUE NT_System.%_Total_Processor_Time *LT 95 ) *AND ( *VALUE NT_System.Operating_System_Version *GE 5.0 *AND *VALUE NT_Processor.%_Processor_Time *LT 95 *AND *VALUE NT_Processor.Processor *EQ '_Total' *AND *VALUE NT_Processor.%_Processor_Time *GE 90 ) )"

The output for it should be

NT_System.Operating_System_Version *EQ 4.0 *AND
NT_System.%_Total_Processor_Time *GE 90 *OR
NT_System.%_Total_Processor_Time *LT 95 *AND
NT_System.Operating_System_Version *GE 5.0 *AND
NT_Processor.%_Processor_Time *LT 95 *AND
NT_Processor.Processor *EQ '_Total' *AND
NT_Processor.%_Processor_Time *GE 90

For

 
formula=" *IF ( ( *VALUE NT_System.Operating_System_Version *EQ 4.0 *AND *VALUE NT_System.%_Total_Processor_Time *GE 95 ) *OR ( *VALUE NT_System.Operating_System_Version *GE 5.0 *AND *VALUE NT_Processor.%_Processor_Time *GE 95 *AND *VALUE NT_Processor.Processor *EQ '_Total' ) )

The output should be

NT_System.Operating_System_Version *EQ 4.0 *AND
NT_System.%_Total_Processor_Time *GE 95 *OR
NT_System.Operating_System_Version *GE 5.0 *AND
NT_Processor.%_Processor_Time *GE 95 *AND
NT_Processor.Processor *EQ '_Total'

---------- Post updated at 05:30 AM ---------- Previous update was at 05:28 AM ----------

grep -o "[^. ]\.[^. ] \$EQ\|LT\|LE\|GT\|GE$ $[^ ]\|( [^ ] *)\|'[^']*'$"

This is very close just need to be able to capture *AND / *OR at the end of each line