Using Expressions and Wildcards to create groups, author rules and monitors, create console views and notification subscriptions, and in the Command Shell

We posted a great document on OpsManJam a couple years ago entitled “Regular Expression Support in SCOM 2007”.  I believe this document was originally authored by our very own Dan Rogers.  I have referenced this document more times than I can recall over the past couple years, because I’m terrible at remembering finer details like regular expression syntax.

Regular expression is not standardized, and SCOM uses slightly different implementations for different modules.  So it can get a little frustrating without knowing what is legal.

I thought the information in this document needed a refreshed exposure, and I wanted to present it in HTML format for easy access.  I only changed up the format to something a little more practical in terms of where and when to use which syntax.

 

Expression Filter – MP Authoring and Groups

Construct

Syntax

Any Character

.

Character in Range

[ ]

Character not in range

[^ ]

Beginning of Line

^

End of Line

$

Or

|

Group

( )

0 or 1 matches

?

0 or more matches

*

1 or more matches

+

Exactly N matches

{n}

At least N matches

{n, }

At most N matches

{ , n}

N to M Matches

{n, m}

New line character

\n

Tab character

\t

Note: Wildcards (below) can also be used in group calculation to match patterns.
Note: Be aware that if you are creating groups by using ‘matches regular expression’, this operator matches string with case sensitivity by default.  In these cases, you can turn off the case sensitivity matching by using syntax as follows.

Case insensitive syntax:   (?i:pattern)

 

Criteria Expression – Command Shell

Operator

Description

= , ==

Evaluates to true if the left and right operand are equal.

!= , <>

Evaluates to true if the left and right operand are unequal.

>

Evaluates to true if the left operand is greater than the right operand.

<

Evaluates to true if the left operand is less than the right operand.

>=

Evaluates to true if the left operand is greater than or equal to the right operand.

<=

Evaluates to true if the left operand is less than or equal to the right operand.

LIKE

Evaluates to true if the left operand matches the pattern that is defined by the right operand. Use the characters in the wildcard table later in this topic to define the pattern.

MATCHES

Evaluates to true if the left operand matches the regular expression defined by the right operand.

IS NULL

Evaluates to true if the value of the left operand is null.

IS NOT NULL

Evaluates to true if the value of the left operand is not null.

IN

Evaluates to true if the value of the left operand is in the list of values defined by the right operand.

Note: The IN operator is valid for use only with properties of type Guid.

AND

Evaluates to true if the left and right operands are both true.

OR

Evaluates to true if either the left or right operand is true.

NOT

Evaluates to true if the right operand is not true.

Note: Be aware that criteria expression ‘matches’ operator is case sensitive.
Note: Wildcards (below) can also be used in criteria expression to match patterns.

 

Wildcards – Views, Subscriptions, Command Shell, Groups

Note: The resultant view query sent to the operational database is in the form of a literal pattern match.

Wildcard

Description

%

A wildcard that matches any number of characters.

_

A wildcard that matches a single character.

[]

A wildcard that matches any one character that is enclosed in the character set. Note: Brackets are only use to match a MonitoringObject Name property. See below image for explanation.

[^]

A wildcard that matches any one character that is not enclosed in the character set. Note: Brackets are only use to match a MonitoringObject Name property. See below image for explanation.

Brackets in views will match a MonitoringObject Name property only.  For example, take a look at the Discovered Inventory view in the Operations Console.  Scope to something like Windows Server 2008 Logical Disk.

Brackets match MonitoringObject Name
image

So if I wanted to create an alert view showing all alerts that were generated by any drives except for A, B, C, D, E, F or G drives, I would form the expression as follows.

Example of alerts raised by logical drive instances
image

The resultant view of the criteria above 
image

If I took the carot symbol (^) out, then I would see alerts related only to A, B, C, D, E, F or G drives.