Parse expression examples
You can match any particular field using $N notation as described previously. Other more sophisticated parsing functions exist that permit a particular field to be matched only if the field has some property such as being an integer value, or being a URL. BMC Defender Server provides multiple parsing functions that are documented in the BMC-Defender-Server-reporting.
$integer(3) | Matches any line where the third word of the line is an integer value, or contains at least one integer number. |
$alpha(4) | Matches any line where the fourth word of the line is an alpha value that is not an integer, and not a punctuation mark.For instance, the line is matched if the fourth word of the line is XYZ, but not 123. |
$basename(5) eq readme | Matches any line where the fifth word of the line has a basename of readme. For instance, the line is matched if the fifth word of the line is readme.txt or readme.hlp, but is not help.txt. |
$suffix(5) eq txt | Matches any line where the fifth word of the line has a suffix of txt. For instance, the line is matched if the fifth word is readme.txt or help.txt but not readme.doc. |
BMC Defender Server in $url(5) | Matches any line where the fifth word of the line is a URL beginning with http:// or https:// or ftp://, and the parsed url has BMC Defender Server in its content. |
$ipaddr(6) | Matches any line where the sixth word of the line is a standard IPv4 address. |
$geo(6) eq us | Matches any line where the sixth word of the line is a standard IPv4 address whose associated country code is US (that is, match a US IP address.) |
$email(7) | Matches any line where the seventh word of the line is a standard e-mail address in the form x@y.z. |
error in $delim(pipe, 7) | Match any line where the seventh field, delimited by a pipe character, contains the keyword error. |
Additional parse specifications exist, documented in BMC-Defender-Server-reporting.