I have created a rule using Kibana rules, by following the below steps:
Created a new rule by selecting "Rule" under the "Security" section
Then selected the rule type as "Event Correlation", wherein I added the index pattern and wrote the EQL (which included the where condition to include the events)
Added the required fields in the Action section, and then saved the rule.
I am getting the email alerts based on the condition written, but the alerts are such that:
Suppose a single mail contains the below content -
ClientName: ABC
HostName: ABC
ClientName: ABC
HostName: ABC
ClientName: DEF
HostName: DEF
But I want to group the mail so that each mail should have data related to only 1 clientName. As in this case email should have contained data of only those clients whose name is ABC
Whereas the data of clientName DEF, should be sent in a different mail.
Is there a way to achieve this type of grouping based on the clientName? This similar situation can be done using watcher as given in this answer, but can anyone please let me know what the ideal way to do that in my case ?
Related
In Google Analytics, I have a view for a web site in which I'm trying to use Advanced filters to codify a transformation on the "Request URI" field:
if the Request URI matches "/product/[productid]/someproductscreen" then
I want to strip "/[productid]" from the Request URI so I can combine all
visits to /someproductscreen across all products
all Request URIs that do not match the pattern above should be passed
into the view unmodified
When I view the traffic in the Site Content..All Pages report, I don't want to see any values of "/[productid]" in the URIs in the "Page" column - I'd like all visits to a particular product page to roll up under a URI like "/product/warranty" or "/product/description".
Unfortunately I find it difficult to try figuring this out on my own because of the lag in seeing results in Google Analytics after making a change combined with my shaky grasp of how regular expressions are utilized in Advanced Filters.
GA Advanced Filter
Assuming your [product id] was 3 or more consecutive digits, ie: /product/123456789/someproductscreen then this would work:
Advanced Filter
Field A: Request URI: ^/product/\d{3,}(.*)
Field B:
Output to: Request URI: /product/{id}$A1
Check Field A Required and Override Output Field
The above configuration will rewrite the Request URI from:
/product/123456789/someproductscreen
/product/12345
/some/other/url
to:
/product/{id}/someproductscreen
/product/{id}
/some/other/url
You mention you'd want to see /product/warranty. This would obscure the edit. My suggestion is to leave a placeholder with the edit. I use {id} but it could be any string, ie. <product id>
Level Up the Regex
Link to regex101 example
Regular Expressions are used by GA Filters, in the above example we used regex to match a product ID that is all digits. We did this using the regular expression:
^(/.*/)(\d{3,})(.*)
This is true when Request URI has root folder (/.*/) followed by three or more digits: (\d{3,}) Finally, we capture the remainder of the URI using (.*). We used groups so we can access the values in a later step.
GA Advanced Filters can persist groups extractions from Field A and Field B. We use this feature to rebuild a Request URI using the Output To -> Constructor. Below is an example of condensing dynamic Ids to a static string:
$A1{id}$A3
$A1 will extract 1st group from Field A. $A3 would extract the third group from Field A if it were to exist. {id} is a static string that is a placeholder for the dynamic value.
If your product id was a mix of alphanumeric, then we'd simply need to find a pattern that matched. You didn't provide any examples of ID, so here are a few examples of common ID patterns found in URLs:
[A-Z]-\d+ // matches Z-764537389
\d{4}-\d{3}-\d{2} // matches 1234-123-12
Easy mode right? What about if you have a RFC4122 compliant UUID in the URL you need match? No problem:
[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}
// matches 0df98a02-c438-4c57-8d1c-2f6041804e2c
Note: GA Advanced Filter Regex is case insensitive by default, this can be overridden in the filter settings.
Here https://regex101.com/r/kRUJnU/1
Start playing with this tool it ll become really helpful on the future since personalized filters with regex matching and capturing groups are REALLY important in GA.
EDIT: How to go from regex101 to GA.
In the image below you can see how i deleted the last part of URLs when they are something like:
www.mysite.com/vuelos/carrito/checkout/46787654567898765
Or something like:
www.mysite.com/vuelos/carrito/46787654567898765
I have an exercise I'm working to complete; previously it was de-batching multiple XML messages from one file into individual files. Then I had to route individual files based on a field value which had been promoted using filters on a port. Now the exercise has evolved into taking a multi record XML file, breaking it down to individual XML records, and routing their output to different folders based on a value in one of the fields. The hurdles are as follow:
I can't promote a repeating field such as the one I have to use to sort the outbound messages
The value of the field is a system.int32; I am sorting on a "equal to or more than 900" and "less than 900" so I need the int type.
Beyond simple "idNUm >= 900" I am in over my head with the necessary expression(s).
I have the basic orchestration design down, I am just lacking the expressions. The node I am looking to validate against is IDNum, and occurs in each record.
UPDATE: Still not working
I put in the following in my expression: IDNumDefined.Customer.IDNum >= 900
and I get "identifier Customer does not exist in "IDNumDefined"; are you missing an assembly reference?" and "unexpected token '>=' "
Ideas? (sorry about not updating question here)
The debatching has to occur using an Envelope and Body schema.
Once you have this figured out, the debatching can occur using a simple XML disassembler. In the body schema you can quick promote your idNum field by associating a PropertySchema with it.
Once this is taken care of, it is easy to use 2 send ports in order to set your filter subscription(s).
Using Meteor, I like to get suggestion to use profiles with input variables defined in it.
When using it, I wanted to prompt all the input variables in the profile.
Finally I wanted to replace input variables with the customer inputs and generate a config file.
Same profile:
Section A:
City Name {{CityName}}
Name {{Name}}
Section B:
Device Ip {{deviceIP}}
Device Name {{deviceName}}
With User inputs, I wanted to generate the config file:
Section A:
City Name Dallas
Name Chris
Section B:
Device Ip 99.99.12.111
Device Name DAL_1
I am using a lookup table to successfully apply different UA-ID codes to the same universal analytics tag. However, for one particular UA-ID, I need to send data from all pages with the exception of data from a particular sub domain. i.e. something like this:
input variable : *.example.com except abc.example.com
Not sure how to implement this logic for the input variable of a lookup table.
Also, if I specify "example.com" as an input variable, does it capture all subdomains?
Edit in Jan 2018 for latest info.
For lookup tables you need to know 2 things:
Lookup table input variables do a hard match. I.e. its simply an 'equals' only, no 'contains' or 'starts with' or regex etc.
Lookup tables are sequential, the matching starts from the top and stops as soon as a match is found. Much like an if then elseif (without an 'else' available at the end!)
You can apply a default value if none of the rows in the table match.
There are now Regex Tables available as well which will enable you to do partial matches on values and return a value based on that. For full and comprehensive details, read the article by Simo
In your case you have 3 options:
Use a Regex Table Lookup
list each and every hostname (inc subdomain) you want to match and apply the correct UA number to each. You should end up with as many lines as you do sub-domains.
Create a new custom javascript variable which inspects the current host (inc subdomain) and returns whether its 'abc.example.com' or '.example.com' (indicating any other sub domain) and then you'll just need a couple of lines in your lookup table.
I am creating a few Notifications in Gravity Forms and I would like to use some "if/else" logic based on field entries.
For example, I have a Buyer 1 Name field and a checkbox that asks "Would you like to add another buyer?" When they check it, a new Name field appears for Buyer 2. In my Notification I would like to say "The following buyer...." if only the first name is completed, and "The following buyers..." if the 2nd name is filled in. Basically make buyer plural. I could give about 10 more examples of needing logic INSIDE the merge tags, really surprised this isn't available. Thoughts?
You want to use a Gravity Forms conditional shortcode in your notification message. It looks like this:
[gravityforms action="conditional" merge_tag="{Field:1}" condition="is" value="desired value"]Show this content if the field is equal to the field value I specified earlier[/gravityforms]
You can also check out this full tutorial (images included).