Processor: Match String¶
The Max String processor checks that a string matches a regular expression. It accepts text series on input, for each series it configures a check that verifies if the input value matches the configured regular expression. Regular expression syntax is PCRE-compatible. Note that regexp matching is done in a partial mode, so if the full match is needed, regular expression needs to be specified accordingly. The output series contains anomaly values, such as ‘false’ and ‘true’.
Input Types - Time-Series (TS), TSTS
Output Types - Discrete-State-Set (DSS)
- Graph Query (graph_query)
One or more queries on graph specified as strings, or a list of such queries. (String will be deprecated in a future release.) Multiple queries should provide all the named nodes referenced by the expression fields (including additional_properties). Graph query is executed on the “operation” graph. Results of the queries can be accessed using the “query_result” variable with the appropriate index. For example, if querying property set nodes under name “ps”, the result will be available as “query_result[“ps”]”.
In collector processors (
if_counter) it is used to choose a set of nodes for further processing (for example, all leafs, or all interfaces between leaf and spines)
In other processors it is used for general parameterization and it is only supported as a list of queries.graph_query: "node("system", role="leaf", name="system"). out("hosted_interfaces"). node("interface", name="iface").out("link"). node("link", role="spine_leaf")"graph_query: ["node("system", role="leaf", name="system")", "node("system", role="spine", name="system")"]
Non-collector processors containing the
graph_queryconfiguration parameter, can be parameterized to use data from arbitrary nodes in the graph, such as property set nodes (as of version 3.0). Property sets allow you to parameterize macro level SLAs for individual business units. In the example below,
graph_querymatches a node of type
probe_propset. It’s accessed using the special
query_resultvariable, where Index
0means it’s the first node in query results. If a query returned
Nnodes, they could be accessed using indices starting from
psis what the actual node is referred to in the query; the rest depends on the structure of the node. The
int()casting is required because values of
property_setnodes are strings. Here it’s assumed that a property set node has the label
probe_propsetand that the value
accumulate_durationwas already created.graph_query: [node("property_set", label="probe_propset", name="ps")] duration: int(query_result["ps"].values["accumulate_duration"])
Another example is a that probes can validate a compliance requirement; the compliance value may change over time and/or it can be used by more than one probe. Also, a probe can validate NOS versions on devices. In this case, property sets can be used to define the current NOS version requirement. If it changes tomorrow: change the property set value, instead of going under the probe stage.
- Regular Expression (regexp)
- Expression that evaluates to a PCRE-compatible regular expression.
- Anomaly MetricLog Retention Duration
- Retain anomaly metric data in MetricDb for specified duration in seconds
- Anomaly MetricLog Retention Size
- Maximum allowed size, in bytes of anomaly metric data to store in MetricDB
- Anomaly Metric Logging
- Enable metric logging for anomalies
- Enable Streaming (enable_streaming)
- Makes samples of output stages streamed if enabled. An optional boolean that defaults to False. If set to True, all output stages of this processor are streamed in the generic protobuf schema.
- Raise Anomaly (raise_anomaly)
- Outputs “true” and “false” values, “true” meaning an appropriate item is anomalous, and “false” meaning the item is not anomalous. When Raise Anomaly is set to True, an actual anomaly is generated in addition to a sample in the output.
Match String Example¶
Sample Input (TS)
[device=leaf1,os_version_pattern=^4.[7-9].[0-9]+$] : 4.1 [device=leaf2,os_version_pattern=^4.[7-9].[0-9]+$] : 4.7
Sample Output (DSS):
[device=leaf1,os_version_pattern=^4.[7-9].[0-9]+$,regex=^4.[7-9].[0-9]+$] : "true" [device=leaf2,os_version_pattern=^4.[7-9].[0-9]+$,regex=^4.[7-9].[0-9]+$] : "false"