EM-Event Rule Regular expression to capture part of the string to retrieve and populate on Node

jpn
Giga Contributor

‎10-31-2023 04:50 AM

Hello,

 

Can some one kindly help on how to retrieve and populate the Node field from "firstLevelContainerId": field variable of 3rd String I.e sbsv2corpinfra which is again in double quotes.when i tried with all types of expression, still posting <<unknown>> on Alert Node field and binding failure.also i need to capture message key using this combination as "SourceType"+"firstLevelContainerID" of 3rd String I,e.sbsc2corpinfra.

 

"sourceType": "Microsoft.Storage/storageAccounts/fileServices/shares",
"category": "Jobs",
"firstLevelContainerId": "Storage;RG-LENEL-PRODVM;sbsv2corpinfra",

 

PFA:Image raw Json event format from MS LogAnalytics.BackupFailure_ER.jpg

Thanks in Advance,

Prakash

0 Helpfuls
  • 290 Views
1 REPLY 1

Abbas_5
Tera Sage
Tera Sage

‎11-08-2023 08:26 PM

Hello @jpn,
Please refer to the below link:
https://www.servicenow.com/community/itom-blog/become-awesome-with-event-rules/ba-p/2274485

 

If it is helpful, please mark it as a thumbs-up and accept the correct solution.

Thanks & Regards,
Abbas Shaik

0 Helpfuls