I am trying to searching this particular file across all lines and look for this regex expression and limit to three computer names. I know the computer name piece works but I can’t seem to get the fixlet to run without failure to search for these lines across the entire file instead of looking for specific lines. I tried a query previously looking for specific strings of text but the spacing or tabbing forced me into doing a regex query to eliminate that concern. Not sure how to set this in such a way to get the result i’m seeking.
if {(exists file "/tmp/Query.txt" whose (lines of it = regex("123456[[:space:]]+FE[[:space:]]+FI[[:space:]]+FO[[:space:]]+FUM[[:space:]]+0"))) AND (computer name) as lowercase contains "1" or (computer name) as lowercase contains "2" or (computer name) as lowercase contains "3"}
You can actually avoid the if/then/else by using the plural “files”. I believe you also want to check whether any lines contain the regex. I’m away from computer now and can’t test, but try
Exists matches( regex(“123456[[:space:]]+FE[[:space:]]+FI[[:space:]]+FO[[:space:]]+FUM[[:space:]]+0”)) of lines of files “/tmp/Query.txt”
So I actually think I want the if/then/else structure because I am going to be doing this several times in the same action script to look for various regex expressions and then act accordingly. Now I can use that same query you posted within the if statement but it I can tell it returns as false because it doesn’t make the changes id expect.
Hmm so it’s not erroring but it’s still falling out of the if then loop for some reason. Does this formatting look right to you?
if exists files "/tmp/Query.txt" whose (exists lines whose (it contains regex("123456[[:space:]]+FE[[:space:]]+FI[[:space:]]+FO[[:space:]]+FUM[[:space:]]+BUM[[:space:]]+0")) of it) then
I found part of my issue so this only works on windows for some reason. When I run the same statement on linux it fails. Do I need to handle regex differently between the two?
What form of Linux are you on? This works for me (on RHEL 8 with BigFix 10.0.8) , matching on both tabs and spaces… the ‘%09’ in the ‘lines of file’ result below is a tab character.
Q: if exists files "/tmp/Query.txt" whose (exists lines whose (it contains regex("123456[[:space:]]+FE[[:space:]]+FI[[:space:]]+FO[[:space:]]+FUM[[:space:]]+BUM[[:space:]]+0")) of it) then "Yes" else "No"
A: Yes
T: 249
I: string
Q: lines of files "/tmp/Query.txt"
A:
A: 123456%09 FE FI FO FUM BUM 0
Can you try the ‘lines of file’ in the qna utility ( /opt/BESClient/bin/qna ) and paste in the line that you expect should match? I wonder if there are other unprintable characters in the line, that would be represent by a %xx, that may not match against [[:space:]]
So I think I found the issue it appears because the txt file I am looking at was tab delimited it wasn’t matching but I thought that [[:space:]] would match tabbing as well as spaces and various other spacing situations. So I am still a tad confused but I will just have to change the file I am creating so it’s not being tabbed out.
[[:space:]] should match spaces, tabs, newlines, and several other whitespace characters (and on my snippet above, it did, at least on Red Hat 8.
I’d look at the output from a ‘lines of file’ query to see whether there are other unprintable characters there.
We use different regex libraries for each OS, so it’s possible to have a bug in one that behaves differently from others. Which Linux distro and version are you using?