I am trying to searching this particular file across all lines and look for this regex expression and limit to three computer names. I know the computer name piece works but I can’t seem to get the fixlet to run without failure to search for these lines across the entire file instead of looking for specific lines. I tried a query previously looking for specific strings of text but the spacing or tabbing forced me into doing a regex query to eliminate that concern. Not sure how to set this in such a way to get the result i’m seeking.
if {(exists file "/tmp/Query.txt" whose (lines of it = regex("123456[[:space:]]+FE[[:space:]]+FI[[:space:]]+FO[[:space:]]+FUM[[:space:]]+0"))) AND (computer name) as lowercase contains "1" or (computer name) as lowercase contains "2" or (computer name) as lowercase contains "3"}
You can actually avoid the if/then/else by using the plural “files”. I believe you also want to check whether any lines contain the regex. I’m away from computer now and can’t test, but try
Exists matches( regex(“123456[[:space:]]+FE[[:space:]]+FI[[:space:]]+FO[[:space:]]+FUM[[:space:]]+0”)) of lines of files “/tmp/Query.txt”
So I actually think I want the if/then/else structure because I am going to be doing this several times in the same action script to look for various regex expressions and then act accordingly. Now I can use that same query you posted within the if statement but it I can tell it returns as false because it doesn’t make the changes id expect.
Ok, then, the syntax might be
If exists files "/tmp/Query.txt" whose (exists lines whose (it contains regex(THE-REGEX)) of it) then THE-THING else THE-OTHER-THING
The key is looping through ‘lines of it’ and comparing the regex to each line
1 Like
Hmm so it’s not erroring but it’s still falling out of the if then loop for some reason. Does this formatting look right to you?
if exists files "/tmp/Query.txt" whose (exists lines whose (it contains regex("123456[[:space:]]+FE[[:space:]]+FI[[:space:]]+FO[[:space:]]+FUM[[:space:]]+BUM[[:space:]]+0")) of it) then
Yes, the format looks correct…changing it to a file I have on my system, this gives the correct results:
q: if exists files "C:\Temp\Query.txt" whose (exists lines whose (it contains regex("123456[[:space:]]+FE[[:space:]]+FI[[:space:]]+FO[[:space:]]+FUM[[:space:]]+BUM[[:space:]]+0")) of it) then "Yes" else "No"
A: Yes
I think your code is right something is just not right on my end. Ill dive into it. Thanks Jason.
1 Like
I found part of my issue so this only works on windows for some reason. When I run the same statement on linux it fails. Do I need to handle regex differently between the two?
Hm. Yes, but what I gave should have worked cross-platform.
(on Windows and a few others, we could have used \s in the place of [[:space:]] but I’d expect [[:space:]] to work on all)
What form of Linux are you on? This works for me (on RHEL 8 with BigFix 10.0.8) , matching on both tabs and spaces… the ‘%09’ in the ‘lines of file’ result below is a tab character.
Q: if exists files "/tmp/Query.txt" whose (exists lines whose (it contains regex("123456[[:space:]]+FE[[:space:]]+FI[[:space:]]+FO[[:space:]]+FUM[[:space:]]+BUM[[:space:]]+0")) of it) then "Yes" else "No"
A: Yes
T: 249
I: string
Q: lines of files "/tmp/Query.txt"
A:
A: 123456%09 FE FI FO FUM BUM 0
Can you try the ‘lines of file’ in the qna utility ( /opt/BESClient/bin/qna ) and paste in the line that you expect should match? I wonder if there are other unprintable characters in the line, that would be represent by a %xx, that may not match against [[:space:]]
edit: also what version of client is running
So I think I found the issue it appears because the txt file I am looking at was tab delimited it wasn’t matching but I thought that [[:space:]] would match tabbing as well as spaces and various other spacing situations. So I am still a tad confused but I will just have to change the file I am creating so it’s not being tabbed out.
[[:space:]] should match spaces, tabs, newlines, and several other whitespace characters (and on my snippet above, it did, at least on Red Hat 8.
I’d look at the output from a ‘lines of file’ query to see whether there are other unprintable characters there.
We use different regex libraries for each OS, so it’s possible to have a bug in one that behaves differently from others. Which Linux distro and version are you using?
Suse Linux Enterprise Server 12 SP4
Can you run this as a test
q: exists matches(regex("test[[:space:]]+test")) of "test %09 test2"