Match pattern column to stringToMatch column and assigning tags based on a match.

Command line strings are input to a function, which tokenizes the command line arguments. Distinguishes between command line arguments and the values passed into the arguments. Then interprets metadata about the arguments and values.

The first step is properly parsing command line parameters the way the shell interpreter would parse them for interpretation before they are handed to the executable that will operate on those arguments.

Operator Usage in Easy Mode

Click + on the parent node.
Enter the Markup Jira Text operator in the search field and select the operator from the Results to open the operator form.
In the Table drop-down, enter or select the table containing the data to run this operator on.
In the Mask Table drop-down, enter or select the table that you want to mask.
In the Keyword Column drop-down, enter or select the keyword column in a mask table to be replaced.
In the Replace Column drop-down, enter or select the column name of a value that will replace the keyword in a mask table.
Click Run to view the result.
Click Save to add the operator to the playbook.
Click Cancel to discard the operator form.

Usage Details

LQL Command

matchPattern(table:TableReference, stringToMatch:String, patternTable:TableReference, pattern:String, tags:String, matchType:String)

Parameters:
table(TableReference)-The table to which the operate is applied
stringToMatch(String)-Column in a 'table' to match to pattern
patternTable(TableReference)-Table that contains patterns, tags and a matchType columns
pattern(String)-pattern column in a patternTable
tags(String)-tags column to assign after pattern matches
matchType(String)-match type of a pattern: '0'-> string match on each tokens in a string, '1'-> regex match on a tokens, '2'-> regex match on a whole string without tokenization.

Returns:
Input table with additional commandline_tags column is returned. Please read documentation page for usage of this operator

Shortly, this operator does following procedures, for each row in a table it will do regex matching to each of the pattern column values inside patternTable, and if it matches then assigns the tag that you provided in tags column.

Example

Input
table that contains the command lines for auto tagging (commandsTable)

command_line
powershell.exe abc:emil user
cmd.exe word /progfiles
ls.exe -a -f -n20

table that contains patterns (patternTable)

pattern	tag	type
[-/]([0-9a-z]+)	arg_%s	1
:([0-9a-z]+)	user_%s	1
([0-9a-z]+)	purearg_%s	1

LQL command

matchPattern(commandsTable, "command_line", patternsTable, "pattern", "tags", "type")

Output

it should produce the following output.

field1	field2
powershell.exe abc :emil user	{"exec":"powershell", "tags":["purearg_abc","user_emil","purearg_user"]}
cmd.exe word /progfiles	{"exec":"cmd", "tags":["purearg_word","arg_progfiles"]}
ls.exe -a -f -n20	{"exec":"ls", "tags":["arg_a","arg_f","arg_n20"]}

Browser not supported