• Products
  • Get started
  • Documentation
  • Resources
Products
Get started
Documentation
Resources
Atlassian Support
/
Opsgenie
/
Resources
/
Integrate Opsgenie with your IT tools
/
Learn how to use Opsgenie's integration framework

Regular expressions for customizing and filtering alerts

Opsgenie provides opportunity of using Java-like regular expressions to strengthen filtering and extracting information to define alert fields that both can be used in integrations, alert policies and callbacks. You can extract the desired information in a more powerful way by using regular expressions on many cases.

Regular expressions can essentially be used for two purposes: Defining a filtering rule with Matches operator and extracting data to set for an alert field with extract string processing method.

Regular Expressions for Filtering with 'Matches' Rule

The conditions with Matches operator are fulfilled if whole string value matches the pattern of given regular expression. If type of the input value is List, then the condition will be matched if at least one of list items matches the given regular expression. This operator provides ability to define complex filtering in a single condition rule and reduces your dependency to already-defined condition operators. You can refer Action Filters for further information about condition operators.

The following are some examples for common use cases in which using Matches condition operator makes sense:

  • Combining multiple rules with AND/OR
    To create an alert via your email integration if the subject contains Daily Report and the message contains one of CriticalError or Down, the following regex can be used within Matches rule:

 

.*(Critical|Error|Down).*

An image that shows combining two rules to create an alert.

Preventing duplication for similar rules
To renotify for an alert if its description starts with one of the server names server1, server2, ..., server100, the following regular expression can be used within a single Matches rule instead of 20 Starts with rules:

^(server(100|[1-9]\d?)).*

An image that shows how to prevent duplication of rules.

Defining complex rules
To run a Webhook callback if the alert message contains a valid e-mail address, the following regexp can be used:

.*(\s+.*)?([a-z0-9_\.-]+)@([\da-z\.-]+)\.([a-z\.]{2,6})(\s+.*)?

 

An image that shows how to create a complex rule.

Regular Expressions for Setting Alert Fields with 'Extract' String Processing Method

You can use extract string processing method to extract desired matching group according to given regular expression to set into an alert field. You can refer here for further information about string processing methods.

Working with extract method may require understanding of Capturing Groups to get desired results. It has two definitions:

  • field_name.extract(reg_exp)

    : Gives part of the string that matches the first parenthesized section (group) of the given regular expression. If the string does not match the given regular expression, it returns empty string. If the given regular expression matches the string but does not contain any parenthesized sections, it returns the whole string.

  • field_name.extract(reg_exp, index)

    : Gives the string that matches the indexth parenthesized section (group) of the given regular expression. If the string does not match the given regular expression, it returns empty string. If the given regular expression matches the string but does not contain at least index number of parenthesized sections, it returns the whole string.

The following are some examples using both method definitions:

messageHost: First Second

  • message.extract(/Host: (\S+)/)

     = First

  • message.extract(/Host: (\S+) (\S+)/)

     = First

  • message.extract(/Host:(\S+)/)

     = Empty value

  • message.extract(/Host: (\S+)/, 0)

     = Host: First Second

  • message.extract(/Host: (\S+)/, 1)

     = First

  • message.extract(/Host: (\S+)/, 2)

     = Host: First

  • message.extract(/Host: (\S+) (\S+)/, 2)

     = Second

  • message.extract(/(\S)+/)

     = Host:

  • message.extract(/\S+/)

     = Host:

descriptionsome value server3

  • description.extract(/(server(100|[1-9]\d?))/)

    = server3

  • description.extract(/(server(100|[1-9]\d?))/, 1)

     = server3

  • description.extract(/(server(100|[1-9]\d?))/, 2)

     = 3

  • description.extract(/(server(100|[1-9]\d?))/, 3)

     = server3

  • description.extract(/server(100|[1-9]\d?)/, 0)

     = server3

  • description.extract(/server(100|[1-9]\d?)/, 1)

     = 3

  • description.extract(/server(100|[1-9]\d?)/, 2)

     = server3

  • description.extract(/(server(100|[1-9]\d?))/, 2)

     = 3

To be able to set the desired alert field using extract method, the written text into the Alert Field should be in one of the following patterns:

{{ field_name.extract(/reg_exp/) }}

{{ field_name.extract(/reg_exp/, group_number) }}

An image that shows where to enter the expression within an alert field.

Additional Help

On this pageRegular Expressions for Filtering with 'Matches' RuleRegular Expressions for Setting Alert Fields with 'Extract' String Processing Method
CommunityQuestions, discussions, and articles