$match (key-phrase, parse-spec) function

This function requires two arguments: the first argument specifies a match keyword or phrase and the second argument is a parse specification. The function returns the results of the parse specification only if the key-phrase appears somewhere in the message content. Otherwise, the parse specification is not matched.

The following examples show target strings, parse expressions, and return values:

Target string

Parse expression

Return value

User admin has logged into location dev001 system.

$match (admin, $7)

dev001

User admin has logged into location dev002 system.

$match (admin, location *)

dev002

The admin user test001 has logged on.

$match (admin*logged, user *)

test001

Device=dev001 User=root has logged in.

$match (device=, user=*)

root

Device=dev001 User=root has logged in.

$match (dev002, user=*)

No match

Explanation: No value is returned because the keyword first argument dev002 does not exist in the message.

Workstation dev002 shutdown.

$match (dev002, device *)

No match

Explanation: No value is returned because the parse expression does not match the string. 

Related topic

Parse-expressions


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*