The regular expression (regex) mapping is similar to a lookup table mapping but uses regular expressions to define the replacement rules. To define a regex mapping the Function type needs to be set to "String functions" and the function needs to be set to "regular expression". The attributes that need to be set in a regex mapping are:
Attribute | Required | Description |
|---|
from | Y | Defines the field name before mapping. |
to | Y | Defines the field name after mapping. |
precedence | N | Defines the precedence used when mapping. |
Function type | Y | Defines the function type. Needs to be "String functions". |
| Function | Y | Defines the type of mapping. Needs to be "regular expression". |
| Regex | Y | Defines the regular expression used.
Mode modifiers are also allowed for i.E. for make the dot match all characters including line break characters add (?s) at the beginning of the regex.
|
Replacement string | N | Defines the resulting field value (as a string function of the capture group(s) in the regex). If this field is not defined, the value is replaced with the first capture group found. |
Regex mappings can also have a value map associated, in which case it needs to be nested. Capture groups defined in the regex attribute can be used in the "Replacement string" attribute. The capture groups are numbered with the format "$n$" in the "Replacement string" attribute. Regular expression mappings are very powerful, especially when used in combination with other mappings. For example, the Zabbix API exposes multiple attributes in a single field. To monitor disk space, it produces a value vfs.fs.size[/,free]. Using the mapping definition in the example, this value is parsed and propagated into the fields:
In this example the result/key_ field is parsed to extract the slash "/" and insert it into the ci/element field of the normalized message and to extract the rest "vfs.fs.size.free" and insert it into the metric/type field. Then the lookup table is applied, converting the value from "vfs.fs.size.free" to "disk_free".
Image 1. metric/type mapping.
Image 2. ci/element mapping.
Image 3. Message mapped with these regular expression mappings.
The To field of the regular expression mapping can also include a capture group.
Image 4. Regex mapping with a capture group result in the "To" field.
If the From field has also a capture group define, the Replacement string needs to be changed to $n# to not get the capture group result from the From field.
Image 5. Regex mapping with a capture group in the "From" field.
