Where are variables in splunk defined - splunk

I have an alert setup in splunk which uses below search string.
index="someapp" sourcetype = "some:app" "some_scheduler" "ERROR"
| regex source = "(lambda:prod)"
I am not able to find where (lambda:prod) is defined. This search query works globally so I am assuming it's not something defined at app level or something.

(lambda:prod) is not defined anywhere. It is a literal string interpreted as a regular expression. That regex is used to match against the results returned by the commands prior to regex. Any event with a source field which matches the regex will be included in the results and all other events will be filtered.

Related

Is there an or keyword for GetDirectories searchPattern parameter?

I am using Directory.GetDirectories() to get a list of folders that meet a certain criteria by using its searchPattern parameter.
I am only looking for any folders containing a specific word, say alphabet, my code is as follows:
Directory.GetDirectories(rootToSearch, "*alphabet*")
But, there is a common abbreviation that I know to expect for this word, say abc. If I was searching in Windows File Explorer I could search for *alphabet* OR *abc* and it would work as expected, however putting this as the searchPattern results in the function finding no folders, presumably because it is taking it as one search term including OR as a literal, instead of 2 terms delineated with OR.
Is there any way to achieve an OR statement in the search pattern? The MSDN says:
The search string to match against the names of subdirectories in path. This parameter can contain a combination of valid literal and wildcard characters, but it doesn't support regular expressions.
So I know that I can't use Regular Expressions. I tried using |, but that results in an Illegal characters in path error.
As per this question you can use LINQ to filter an array of all directories on the root, instead of using the searchPattern
But that question used GetFiles() and there are certain things to take into account when using the solution for GetDirectories()
To ensure that your search pattern is indeed being used only against the folder name rather than the entire path, use DirectoryInfo
LCase() is also used to mimic GetDirectories() accordingly.
Dim folders = Directory.GetDirectories(rootToSearch) _
.Where(Function(s)
Return LCase(New DirectoryInfo(s).Name).Contains("abc") Or LCase(New DirectoryInfo(s).Name).Contains("alphabet")
End Function)

URL-parameters input seems inconsistent

I have review multiple instructions on URL-parameters which all suggest 2 approaches:
Parameters can follow / forward slashes or be specified by parameter name and then by parameter value. so either:
1) http://numbersapi.com/42
or
2) http://numbersapi.com/random?min=10&max=20
For the 2nd one, I provide parameter name and then parameter value by using the ?. I also provide multiple parameters using ampersand.
Now I have see the request below which works fine but does not fit into the rules above:
http://numbersapi.com/42?json
I understand that the requests sets 42 as a parameter but why is the ? not followed by the parameter name and just by the value. Also the ? seems to be used as an ampersand???
From Wikipedia:
Every HTTP URL conforms to the syntax of a generic URI. The URI generic syntax consists of a hierarchical sequence of five components:
URI = scheme:[//authority]path[?query][#fragment]
where the authority component divides into three subcomponents:
authority = [userinfo#]host[:port]
This is represented in a syntax diagram as:
As you can see, the ? ends the path part of the URL and starts the query part.
The query part is usually a &-separated string of name=value pairs, but it doesn't have to be, so json is a valid value for the query part.
Or, as the Wikipedia articles says it:
An optional query component preceded by a question mark (?), containing a query string of non-hierarchical data. Its syntax is not well defined, but by convention is most often a sequence of attribute–value pairs separated by a delimiter.
It is also fairly common for request processors to treat a name=value pair that is missing the = sign, as if the it was name=.
E.g. if you're writing Servlet code and call servletRequest.getParameter("json"), it would return an empty string ("") for that last URL in the question.

How to search a string with pattern in all the files of a project in intelj?

We have used this option( Edit -> Find -> Find in Path) to search a string using IntelliJ. Currently, if we type to search a string, it will return the lines which contain the given string. But I want to find the lines which contain the given string and/or some pattern. Is there such a facility available in IntelliJ Idea?
Assume, We are going to search a string from the below lines
Test123456
Test12345
Sampletest12356
Search String: test*6
Expected output: Test123456
Search String: *test*6
Expected output: Test123456 , Sampletest12356
You should turn on the "Regex" checkbox and type in a proper regular expression in the search field, that's all. If I understood correctly, for your examples the correct requests would be test.*6 and .*test.*6 respectively.

How i get a continuation of a value with Extractor (JMETER)?

I am trying to take the Information from an element from the middle on.
And this value is only displayed this way
see image:
It would be the value "info_se"
You need to escape ? sign (as well as other meta characters) in your regular expression with a back slash so the whole expression would be something like:
a href="#" data-url="Cervello/Release.aspx\?info_s=(.+?)"
Demo:
References:
JMeter Regular Expressions
Using RegEx (Regular Expression Extractor) with JMeter
Perl 5 Regex Cheat sheet
Use regular expression extractor under your sampler that return the full html. Save in reference name as info and then use it later ${info}
info_s=(\S+)"
Template $1$
Match No. 1
My error was another, this "info_s" field was decoded, so the system needs this coded encoding.
I managed to find several that stored this value, and in the parameters of HTTP request, I was informed to code the extracted value of the Extractor
I get, finding in the html the field that stored this value "info_s", decoded, then using the encoder option of jmeter, I was able to capture the correct value.

Orient-db regex modifiers

I'm working with orient-db database, and I've issues with regex pattern matching. I really need case-insensitive modifier to be present in the request, but somehow it doesn't work as I'm expecting.
Query:
select from UserAccounts where email MATCHES '^ther.*'
Returns as expected matches in lowercase.
Whenever I try to add a modifier, outside delimiters i.e.
select from UserAccounts where email MATCHES '\^ther.*\i'
I get an empty collection. Actually the query returns an empty collection whenever delimiters are present.
If there is no way to attach modifiers I could probably replace each 'alpha' char to an expression in square brackets i.e.
select from UserAccounts where email MATCHES "^[tT][hH][eE][rR].*"
But I'm not really happy with this solution.
Using the Java case-insensitive regex modifier (from Pattern's special constructs) works in OrientDB 1.7.9 - for your example:
select from UserAccounts where email MATCHES '(?i)^ther.*'
(See also: Pattern - Special Constructs)
I've added a comment to the corresponding OrientDB issue as well.
Unfortunately there is no way to specify modifiers for regex in matches operator.
For now the good solution would be to create a custom function, where you can use whole power of JS regexps.
But we definitely should add ability to specify modifiers in MATCHES, could you create a feature request?