Wmic ,all of the valid clause behind the where keyword - where-clause

I want to know the all of the valid clauses behind where keyword about wmic command.
Wmic nicconfig where DefaultIPGateway!='' get description
The above command sentence show me an error message description = invalid query
I suspect that the DefaultIPGateway is not a valid clause. So how to get the all of the valid clauses behind the where keyword.
I did the following tries.
Wmic alias get pwhere

Full list of the WQL keywords: WQL (SQL for WMI).
Win32_NetworkAdapterConfiguration class:
DefaultIPGateway
Data type: string array Access type: Read-only Qualifiers:
MappingStrings
("Win32Registry|System\CurrentControlSet\Services|Parameters|DefaultGateway")
Array of IP addresses of default gateways that the computer system uses.
Querying with WQL:
The WMI Query Language (WQL) is a subset of standard American National
Standards Institute Structured Query Language (ANSI SQL) with minor
semantic changes to support WMI.
…
Note WQL does not support queries of array datatypes.
Corollary: you cannot constitute a valid WHERE clause to narrow the wmic output by DefaultIPGateway data.
Please read http://ss64.com/nt/wmic.html to see some valid WHERE clause examples used in wmic command.
However, you can still get desired info using find or findstr commands, for instance as follows:
==> Wmic nicconfig get DefaultIPGateway, description | find "{"
{"192.168.11.1"} Realtek PCIe GBE Family Controller

Related

Splunk field extractor unable to extract all values

I want to extract 4 values out of one field, called msg, from a Splunk query; and the msg is in the form of:
msg: "Service call successful k1=v1 k2=v2 k3=v3 k4=v4 k5=v5 something else can be ignored"
keys are always static but values are not, for instance, v2 could be XXX or XXYYZZ; similarly possible values for v3 just have unpredictable length.
I query to get some sample results and hope to use Field Extractor to generate a regex, but the regex generated can't get all the values out and I guess it's probably because values are not having the same length?
Do I need to change my logging format by separating each key=value using a common? Or I am not using the field extractor correctly?
[Update1]: A few sample data:
msg:Service call successful k1=XXX k2=BBBB k3=Something I made up k4=YYYNNN k5=do not need to retrieve this value
msg:Service call successful k1=SSSSSS k2=AAA k3=This could contain space and comma, like this one k4=YYYNNM k5=can be ignored
I could change the logging format if it makes easier to query and extract fields. Will adding a separator like dot or pipe help?
Normally Splunk will pull key-value pairs out automatically
However, when it doesn't, go try your regular expression(s) on regex101 - the field extractor is often a good[ish] start, but rarely creates efficient (or complete) regular expressions
An inline version of this would be as follows (presuming the "value" half of the key-value pair is contiguous characters):
| rex field=_raw "k1=(?<k1>\S+)\s+k2=(?<k2>\S+)\s+k3=(?<k3>\S+)\s+k4=(?<k4>\S+)\s+k5=(?<k5>\S+)"
Normally I prefer to do sequential rex calls, in case something's out of order or missing, but if your data's consistent, this will work
Once you have it the way you want it, update your props.conf and transforms.conf as appropriate for the sourcetype
EDIT for updated sample data / comment response:
...
| rex field=_raw "k3=(?<k3>.+)\s+k4="
| rex field=_raw "k4=(?<k4>.+)\s+k5="
...

Why does my online SQL editor not understand group_concat_max_len?

I don't have extensive experience in sql but I know basic.
I use online sql executor to receive the json file which will be prodiced from this sql query.
SET group_concat_max_len=18446744073709547520;
SELECT
CONCAT(
'[',
GROUP_CONCAT(
JSON_OBJECT(
'id',messages.message_id,
'mailing_list_url',messages.mailing_list_url,
'type_of_recipient',messages_people.type_of_recipient,
'email_address',messages_people.email_address,
'message_body',messages.message_body,
'is_response_of',messages.is_response_of
) SEPARATOR ',\r'),
']') AS list
FROM messages
LEFT JOIN messages_people
ON messages.message_id = messages_people.message_id
AND messages.mailing_list_url = messages_people.mailing_list_url
WHERE email_address IN ('dr#gorsvet.kz', 'mathews#uk2.net', 'd.jentsch#fu-berlin.de', 'atul.soman#microfocus.com', 'kkrugler_lists#transpac.com', 'hcorg#minions.org.pl', 'bruno.ronchetti#mac.com', 'christophe.thiebaud#sap.com', 'kc.baltz#copart.com', 'havanki4j#gmail.com', 'joseph.obernberger#ngc.com', 'goran#roseen.se', 'hboutemy#apache.org', 'johann#gyger.name', 'fredrik#jonson.org', 'jose-marcio.martins#mines-paristech.fr', 'dmytro.kostiuchenko#gmail.com', 'jochen.wiedmann#softwareag.com', 'guyskk#qq.com', 'alejandroscandroli#gmail.com', '1983-01-06#gmx.net', 'jstrayer#proofpoint.com', 'daniel#degu.cl', 'hontvari#flyordie.com', 'david#andl.org', 'gholmes#pinsightmedia.com', 'dennis.geurts#luminis.eu', 'carlspring#gmail.com', 'jozef.koval#protonmail.ch', 'gabriele.ctn#gmail.com', 'ashish.disawal#evivehealth.com', 'aarslan2#anadolu.edu.tr', 'kshukla#yahoo-inc.com', 'alex.huang#gmail.com', 'markus#openindex.io', 'marohn#sipgate.de', 'ea#apache.org', 'krzysztof.szalast#gmail.com', 'kfoskey#tpg.com.au', 'krauss#in.tum.de', 'kenhans#hotmail.co.uk', 'jokin.c#odeian.com', 'eitch#eitchnet.ch', 'm.kristian#web.de', 'bob.sandiford#sirsidynix.com', 'asandstrom2#eastlink.ca', 'kelly#apache.org', 'antony.blakey#linkuistics.com.au', 'ashawki#hotmail.com', 'h.klocker-mark#tsn.at');
However from the first line I receive error.
As instructions are not friendly for me please can you help me how could I take the final file?
I had no clue that there are such things as online sql executors. Basically SQL injections as a service, nice.
Anyways, the command:
SET group_concat_max_len=18446744073709547520;
is not part of the official SQL standard and specific to the database server you are using (here MYSQL). From the manual for group_concat_max_len:
The maximum permitted result length in bytes for the GROUP_CONCAT() function. The default is 1024.
For this very reason a "online SQL executor" (wow, I am still puzzled) won't be able to run this. Anyways if you need this, you probably won't get around setting up a MYSQL server yourself. Or you could just use a container.

react-native-realm pattern matching causes invalid predicate

I have this line of code:
realm.objects('Users').filtered("profile LIKE '%athletic%'")
and I tried this line of code:
realm.objects('Users').filtered("profile LIKE '*athletic*'")
It gave the error profile LIKE '%athletic%':1:0: Invalid predicate when running the program. I am unable to find documentation for pattern matching in react-native-realm. How do I find records that return users who have profiles with the string athletic in it?
For that kind of query, you can use CONTAINS
realm.objects('Users').filtered("profile CONTAINS 'athletic'")
See more on the query language used in Realm-JS here

Issues with a query on the AS/400 with LIKE clause

We are using Hibernate to connect to AS/400. We are having issues with a query on the AS/400
with the LIKE clause.
The following error is shown:
java.sql.SQLException: [SQL0131] Operands of LIKE not compatible or not valid
My query is its auto generated by Hibernate:
select tab_parame0_.C1IMCD as C1_560_, tab_parame0_.C1NINB as C2_560_,
tab_parame0_.C1JXCD as C3_560_, tab_parame0_.C1HLTX as C4_560_, tab_parame0_.C1HMTX as C5_560_,
tab_parame0_.C1HDST as C6_560_, tab_parame0_.C1NGNB as C7_560_, tab_parame0_.C1NJNB as C8_560_,
tab_parame0_.C1NFNB as C9_560_, tab_parame0_.C1NHNB as C10_560_, tab_parame0_.C1HCST as C11_560_
from RYC1REP tab_parame0_
where lower(tab_parame0_.C1HLTX) like lower(?)
order by tab_parame0_.C1IMCD asc
fetch first 10 rows only
SQL0131 indicates a type mismatch.
What datatype is tab_parame0_.C1HLTX? What datatype is your query parameter?
Please include your HQL/JPQL query source code for comparison.
You may have to set up an SQL trace to see exactly what the AS/400 is receiving.
See How do I obtain trace information from my Java program using the Toolbox?
I recommend you change LIKE LOWER(:parameter) to LIKE :parameter in your source query and use .toLowerCase() when you set the parameter and see how that works.

Modify entry in OpenLDAP directory

I have a large Openldap directory. In the directory the display name property for every is filled but i need to modify these entry and make it like "givenName + + sn". Is there are way i can do it directly in the directory just like sql queries (update query). I have read about the ldapmodify but could not find the way to use it like this.
Any help in this regard will be appreciated.
There is no way to do this with a single LDAP API call. You'll always have to use one LDAP search operation to get givenname and sn attributes, and one LDAP modify operation to modify the displayName attribute.
If you use the command line ldaptools "ldapsearch" and "ldapmodify", you can do this easily with some shell scripting, but you'll have to be careful: sometimes ldapsearch(1) can return LDIF data in base64 format, with UTF-8 strings that contain characters beyond ascii. For instance: 'sn:: Base64data' (note the double ':')
So, if I were you I would use a simple script in my language of choice, that has an LDAP API, instead of using shell commands. This would save me the troubles of base64 decoding that the ldaptools sometimes impose.
For instance, with php-cli, your script would be roughly like this (perhaps some more error checking would be appropriate):
<?php
$ldap = ldap_connect('host');
ldap_bind($ldap, ...);
$sr = ldap_search($ldap, 'ou=people,...', 'objectclass=*');
$entries= ldap_get_entries($ldap, $sr);
for($i=0; $i<$entries['count']; $i++) {
$modify = array('displayname' => $entries[$i]['givenname'] . ' ' . $entries[$i]['sn']);
ldap_modify($ldap, $entries[$i]['dn'], $modify);
}
Addendum: if you want to keep this data up to date without any intervention, you will probably need to use a specialized OpenLDAP module that keeps "virtual" attributes, or even a virtual directory, such as Penrose or Oracle Virtual Directory, on top of OpenLDAP. However this might be overkill for a simple concatenation of attributes.