I was helping a customer with a process classifier this past week. They discovered that their Windows processes were sometimes upper case, sometimes lower case, and possibly mixed case too.

The original process classifier has a classification criteria:

command contains myapp.exe

That's all find and dandy if you're certain the other admins in your enterprise are typing "C:\somefolder\bin\myapp.exe", but some were starting "C:\SOMEFOLDER\BIN\MYAPP.EXE" and we can only wonder if some were starting "C:\SomeFolder\MyApp.EXE".

We found that the process classifier has an operator "regex matches" which works with Java regular expressions. I won't get in to the full details of regular expressions here - think of them as wildcards on steroids. You can match patterns, or regular expressions, in the text you are looking for. Very powerful. Here's one starting point: http://www.regular-expressions.info/java.html

The key to our classification criteria was to use the (?i) prefix to enable the case-insensitive search. Like this

command regex matches (?i)myapp.exe

That's was close, but the "." is a special character in regular expressions. (It will match any single character. e.g. myapp4exe would match). The other challenge is that the command returned in the ECC queue input record says "C:\somefolder\bin\myapp.exe". Key: "Regex matches" is a match, not a "contains".

The full string looks like this now:

command regex matches (?i)^.*myapp\.exe.*$

Here's the breakdown of that seemingly incomprehensible series of characters:

(?i) - Ignore case of everything after this
^ - indicates the start of the string
.* - Match any single character (.), zero or more times (*) - i.e. never mind any arbitrary path before the command
myapp\.exe - find "myapp.exe" in the string. The Backslash "escapes" the dot's special meaning, treating it literally
.* - Match any single character (.), zero or more time (*) - i.e. never mind any arbitrary stuff after the command
$ - indicates the end of the string

This expression will work well with the following examples:

C:\chuck\myapp.exe
C:\CHUCK\APPS\BIN\MYAPP.EXE
C:\CHUCK\APPS\BIN2\MyApp.exe -Dhost

I hope to start seeing "regex matches" in more string matching situations within Service-now.com. They require a bit of skill to use effective, but they are very flexible and powerful.