Re: [Simple-evcorr-users] look-up a string in a hash, then write hash value

Thu, 03 Aug 2017 11:53:15 -0700 

Hi Risto,

OK, I’ve made progress on this.  But I don’t understand the incantations I’m 
typing; would you offer insights?

To dig into my example in more detail … I am not actually mapping numbers to 
colors.  Rather, I am mapping something called ‘Array IDs’ to “Logical Node 
Numbers”, a concept relevant to the Isilon storage systems I manage.  
Basically, the ‘Array ID’ is the actual, unique identifier for a node in an 
Isilon cluster, while the ‘LNN’ is what we administrators tend to care about.  
Log messages tend to contain lines like this:


2017-08-03T06:07:31-07:00 isilon-cluster-10 /boot/kernel.amd64/kernel: 
[gmp_info.c:1863](pid 38910="kt: gmp-config")(tid=103609) new group: <3,2302>: 
{ 3-6:0-34, 8:0
-20,22-31,33-34,36-37, 9:1-21,24, 10-11:0-21, 12-13:0-34, 18:0-21, 21:0-34, 
22:0-21, 24:0-34, down: 23, smb: 3-6,8-13,18,21-22,24, nfs: 
3-6,8-13,18,21-22,24, all_enabled_protocols: 3-6,8-13,18,21-22,24 }

Where I care about the string “down: 23” … except, I want to translate the 
Array ID ‘23’ into the LNN ‘7’ … because I want to notify the admins that Node 
7 has just gone down … [we don’t know or care about the Array ID, generally 
speaking]

aidc-isi1-15# isi_nodes "%{name}: LNN %{lnn}, Array ID %{id}"
aidc-isi1-1: LNN 1, Array ID 21
aidc-isi1-2: LNN 2, Array ID 24
aidc-isi1-3: LNN 3, Array ID 3
aidc-isi1-4: LNN 4, Array ID 4
aidc-isi1-5: LNN 5, Array ID 5
aidc-isi1-6: LNN 6, Array ID 6
aidc-isi1-7: LNN 7, Array ID 23
aidc-isi1-8: LNN 8, Array ID 8
aidc-isi1-9: LNN 9, Array ID 9
aidc-isi1-10: LNN 10, Array ID 10
aidc-isi1-11: LNN 11, Array ID 11
aidc-isi1-12: LNN 12, Array ID 12
aidc-isi1-13: LNN 13, Array ID 13
aidc-isi1-14: LNN 14, Array ID 18
aidc-isi1-15: LNN 15, Array ID 22
aidc-isi1-1#

But this is fine – a classic challenge, which sec is prepared to meet.

So, I created a global hash using SEC_STARTUP / SEC_INTERNAL_EVENT

# Global variables for Isilon
type=Single
ptype=SubStr
pattern=SEC_STARTUP
context=SEC_INTERNAL_EVENT
desc=initialize array-id to node mapping hash
action=lcall %o-> (sub {\
                         %array_to_node = (21 => 1,\
                                           24 => 2,\
                                            3 => 3,\
                                            4 => 4,\
                                            5 => 5,\
                                            6 => 6,\
                                           23 => 7,\
                                            8 => 8,\
                                            9 => 9,\
                                           10 => 10,\
                                           11 => 11,\
                                           12 => 12,\
                                           13 => 13,\
                                           18 => 14,\
                                           22 => 15,\
                                          )\

                                          )\
                        }\
                    )\


Question:  What is this “%o->” syntax doing?  I don’t recognize it.  Reading 
the ‘lcall’ section in the man page … am I correct in understanding that this 
‘action’ is assigning the hash ‘%array_to_node’ to the hash ‘%o’?


--sk


From: Risto Vaarandi [mailto:risto.vaara...@gmail.com]
Sent: Tuesday, July 25, 2017 2:47 PM
To: Stuart Kendrick <stua...@alleninstitute.org>
Cc: simple-evcorr-users@lists.sourceforge.net
Subject: Re: [Simple-evcorr-users] look-up a string in a hash, then write hash 
value

hi Stuart,
you are on the right track and the PerlFunc pattern in your rule properly maps 
the integer into a string. As explained in the documentation section of 
different pattern types (see http://simple-evcorr.github.io/man.html#lbAG), 
return values from the PerlFunc pattern function initialize match variables $1, 
$2, etc. It is similar how RegExp pattern sets match variables, but this time 
the variables and their values are not defined by regular expression capture 
groups, but rather by values that you return from the function.
Since your rule returns only one value, it sets the $1 variable ($0 is set to 
the entire matching line automatically by SEC). For example, the following rule 
will write the string "down event with color <colortext>" to standard output 
for each matching event:

type=Single
ptype=PerlFunc
pattern = sub { \
  my %hash = ( 1 => "red", 2 => "green", 3 => "blue" ); \
  my $line = $_[0]; \
  my ($node) = ($line) =~ /down: (\d+)/; \
  my $color = $hash{$node}; \
  return $color; }
desc=extract color
action=write - down event with color $1
One side note -- if you are going to use %hash with integer-color mappings in 
more than one pattern, I would recommend to make it a global hash that is set 
once when SEC starts (this also requires --intevents command line option). That 
would avoid unnecessary creation of the same hash in each rule:

type=Single
ptype=SubStr
pattern=SEC_STARTUP
context=SEC_INTERNAL_EVENT
desc=initialize integer-color mapping table
action=lcall %o -> ( sub { %hash = ( 1 => "red", 2 => "green", 3 => "blue" ) } )

type=Single
ptype=PerlFunc
pattern = sub { \
  my $line = $_[0]; \
  my ($node) = ($line) =~ /down: (\d+)/; \
  my $color = $hash{$node}; \
  return $color; }
desc=extract color
action=write - down event with color $1
Using a global hash would also allow to convert the integer into color not just 
in PerlFunc patterns, but in any part of the rule where Perl code can be 
executed. For example, here is another version of the above rule which uses a 
RegExp pattern for matching the event, and employs the 'lcall' action for 
obtaining the color in the action list. The 'if' action is then used to output 
a string only if the integer has a corresponding color:

type=Single
ptype=RegExp
pattern=down: (\d+)
desc=extract color
action=lcall %color $1 -> ( sub { $hash{$_[0]} } ); \
       if %color ( write - down event with color %color )
I hope these examples are helpful.
kind regards,
risto

2017-07-25 15:53 GMT+03:00 Stuart Kendrick 
<stua...@alleninstitute.org<mailto:stua...@alleninstitute.org>>:
I want to grab a string from a log line, return a hash value, and write that 
hash value

e.g. I grab an integer from a log line and want to write a color


LOG LINE
2017-07-25T04:31:10-07:00 server-foo … down:  3 ….


PSEUDO-SEC CONFIG
%hash = ( 1 => red, 2 => green, 3 => blue );

type=Single
ptype=RegExp
pattern=down: (\d+)
{somehow translate ‘3’ into ‘blue’}
action = write - “Blue is down”


MAN PAGE
I’m reading https://simple-evcorr.github.io/man.html , focused on the Perl 
Integration section.

type=Jump
ptype=PerlFunc
pattern = sub {
  my %hash = ( 1 => red, 2 => green, 3 => blue );
  my $line = $_[0];
  my ($node) = ($line) =~ /down: (\d+)/;
  my $color = $hash{$node};
  return $color;
}


QUESTION

  *   Am I headed in the right direction?
  *   Where would you point me next, in terms of reading about how to propagate 
“$color” into an ‘action’ line?

--sk

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net<mailto:Simple-evcorr-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to