Extending patterns
Using regular expressions and name similarity, you can enable the discovery of a pattern instance on more than one resource.
By default, live events are processed for inclusion in event patterns by means of Exact matching of the resource or resources associated with that event. This means that the resource (or resources) associated with that event are checked against the resource values in the pattern. For each resource column, there must be an exact match between the resource column value in the live event and the expected resource value in the pattern.
- Regular expressions
- Name similarity
Regular expressions
Using regular expressions you can define a regular expression to apply to the contents of the resource field or fields during pattern matching. Resource names that match the regular expressions are candidates to be included in a single pattern. You can optionally specify a regular expression when you create a pattern.
Name similarity
- When patterns are suggested, as described in Suggested patterns.
- When live events are correlated to identify pattern instances, as described in Examples of name similarity.
Node
column (or whichever columns are used to store resource
values) holds IP addresses then the IP address must match down to the subnet value. In an IPv4
environment, this means the first, second and third octets must be the same. For example, the
following two IP addresses will match for the purposes of name similarity:123.456.789.10
123.456.789.11
123.456.789.10
123.456.788.11
Using the methods together
- Exact match
- Regular expression
- Name similarity