I’m pretty new to BigFix and I need to swap a character in my analysis results in order to interpret it with Splunk.
I’m basically listing all my Linux servers packages and versions with this property :
packages whose(if exists properties whose(it as string contains "currently installed of ") then (currently installed of it) else TRUE) of (if exists properties whose(it as string contains "debianpackage:") then debianpackages else if exists properties whose(it as string contains "rpm:") then rpms else ERROR "The operators are not defined.")
which results as a whole bunch of lines in this format: package : version
openssh-sftp-server: 1:7.2p2-4ubuntu2.6
libmcrypt4: 2.5.8-3.3
python3: 3.5.1-3
python3.5-minimal: 3.5.2-2ubuntu0~16.04.5
etc…
What I need to do is replace every semi-column “:” by pipes “|”
( “python3 | 3.5.1-3” as an example)
I’ve tried something like : concatenation "|" of (substrings separated by ":" of (packages whose(if exists properties whose(it as string contains "currently installed of ") then (currently installed of it) else TRUE) of (if exists properties whose(it as string contains "debianpackage:") then debianpackages else if exists properties whose(it as string contains "rpm:") then rpms else ERROR "The operators are not defined."))as string)
or packages whose(if exists properties whose(it as string contains "currently installed of ") then (currently installed of it) else TRUE) of (if exists properties whose(it as string contains "debianpackage:") then (concatenation "|" of (substrings separated by ":" of (debianpackages as string)) else if exists properties whose(it as string contains "rpm:") then rpms else ERROR "The operators are not defined.")
I think you’re close but may need to use parentheses to control the order of operations. I don’t have a console handy but try
(concatenation "|" of substrings separated by ":" of it) of (packages whose(if exists properties whose(it as string contains "currently installed of ") then (currently installed of it) else TRUE) of (if exists properties whose(it as string contains "debianpackage:") then debianpackages else if exists properties whose(it as string contains "rpm:") then rpms else ERROR "The operators are not defined."))as string
It parses perfectly but the result is: The operator "substrings separated by" is not defined
I’ve tried to modify it a bit, but same result :
(concatenation "|" of substrings separated by ":" of it as string) of (packages whose(if exists properties whose(it as string contains "currently installed of ") then (currently installed of it) else TRUE) of (if exists properties whose(it as string contains "debianpackage:") then debianpackages else if exists properties whose(it as string contains "rpm:") then rpms else ERROR "The operators are not defined."))
Found it ! looks like the following did the trick:
(concatenation "|" of substrings separated by ":" of (it as string)) of (packages whose(if exists properties whose(it as string contains "currently installed of ") then (currently installed of it) else TRUE) of (if exists properties whose(it as string contains "debianpackage:") then debianpackages else if exists properties whose(it as string contains "rpm:") then rpms else ERROR "The operators are not defined."))
Thanks again Jason for putting me on the right track and for helping this community !