Background Script to Search Pattern Log Messages from the Discovery Pattern Log [sa_discovery_log] Table Using Regular ExpressionsSummary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } This background script uses Regular Expression to match Pattern Logs on using an encoded query to target specific records from either the Discovery Pattern Log [sa_discovery_log] or the Discovery Pattern Log (History) [sa_discovery_log_history] tables. The usefulness of this script is only limited by working knowledge with creating regular expressions, however some Regex examples are provided that will match on a few common errors like 'Permission Denied' and 'Failed (Pre) Conditions'. A syslog record for each error message will be created and a url linking to them will be returned in the scripts output. Regular Expression Resources: • https://regex101.com/, Can be used to check if a regex is valid or will match on a character string. (Make sure "Flavor" is set to "Java 8") • https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_expressions Has a simple guide on creating Regular Expressions. Regular Expression examples that can be used in this script: 1. Failed Pre-Condition: Value of variable does not match value in the condition. /Failed Condition\(s\): \[\(\$\{\w+(.\w+)?\} : value=.*$/gmi; Example Match: Failed Condition(s): [(${isConnection} : value=false) EQUALS \"true\"]" 2. Failed Pre-Condition: Value of variable failed specifically because it was null/empty. /Failed Condition\(s\): \[\(\$\{\w+(.\w+)?\} : value=\).*$/gmi; Example Match: Failed Condition(s): [(${isCDB} : value=) EQUALS \"yes\"]" 3. Permission Denied /^.*[P-p]ermission [D-d]enied.*$/gmi Example Match: Command result: bash: /opt/rapid7/nexpose/nsc/nxpgsql/pgsql/bin/postgres: Permission denied" 4. Bounced/Stopped Running Process /ls -l \/proc...exe/gmi; Example Match: Coming Soon :) Facts<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Disclaimer: Please make sure any new regexes input to the script are tested in a sub-prod instance as a bad or invalid regex could potentially cause a performance issue. Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } All Instructions<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } ///////////////////////////////////////// // Description //////////////////////////////////////// /* This background script uses Regular Expression to match Pattern Logs on using an encoded query to target specific records from the either the Discovery Pattern Log [sa_discovery_log] or the Discovery Pattern Log (History) [sa_discovery_log_history] tables. The usefulness of this script is only limited by working knowledge with creating regular expressions however some Regex examples are provided that will match on a few common errors like 'Permission Denied' and 'Failed (Pre) Conditions'. A syslog record for each error message will be created and a url linking to them will be returned in the scripts output. Regular Expression Resources: • https://regex101.com/, Can be used to check if a regex is valid or will match on a character string. (Make sure "Flavor" is set to "Java 8") • https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_expressions Has a simple guide on creating Regular Expressions. */ ///////////////////////////////////////// // Instructions //////////////////////////////////////// // 1. Go to table sa_discovery_log and filter the list for the pattern records you want to parse from. // 2. Right-Click and copy the Encoded Query from the bread crumb filter on the list. // 3. Set the encQry variable with the Encoded Query. var encQry = "pattern_name.cpattern_type=1"; // 4. Changing the history variable to 'true' will search the [sa_discovery_log_history] table instead of the [sa_discovery_log] table. var history = false; // 5. Create a Regex to match on the line you want to parse from in the Discovery Log and set it to the rgx variable. (Use regex101.com if needed) rgx = /^.*[P-p]ermission [D-d]enied.*$/gmi; ///////////////////////////////////////// // Regex List //////////////////////////////////////// /* [ 1 ] Failed Pre-Condition: Value of variable does not match value in the condition. /Failed Condition\(s\): \[\(\$\{\w+(.\w+)?\} : value=.*$/gmi; Example: Failed Condition(s): [(${isConnection} : value=false) EQUALS \"true\"]" [ 2 ] Failed Pre-Condition: Value of variable failed specifically because it was null/empty. /Failed Condition\(s\): \[\(\$\{\w+(.\w+)?\} : value=\).*$/gmi; Example Match: Failed Condition(s): [(${isCDB} : value=) EQUALS \"yes\"]" [ 3 ] Permission Denied /^.*[P-p]ermission [D-d]enied.*$/gmi Example Match: Command result: bash: /opt/rapid7/nexpose/nsc/nxpgsql/pgsql/bin/postgres: Permission denied" >> Bounced/Stopped Running Process /ls -l \/proc...exe/gmi; */ /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// parseVariable(encQry, rgx, history); function parseVariable(encodedQ, regex, history) { var matches = []; var encQ = encodedQ; var instanceUrl = instanceUrlBuilder(); var table = ""; // Get GDT StartTime to create link to syslog var gdt = new GlideDateTime(); currentTime = gdt.getDisplayValue(); timeSplit = currentTime.split(" "); startDate = timeSplit[0]; startTime = timeSplit[1]; // Add 5 Minutes to the GDT var gt = new GlideDateTime(currentTime); gt.addSeconds(300); endSplit = gt.toString().split(" "); endDate = endSplit[0]; endTime = endSplit[1]; var source = "SNCDEBUG__" + Math.floor((Math.random() * 90000) + 1).toFixed(0); // Create a link to syslog table to view the logged error messages gs.print("\n\nURL Link to syslog records\nhttps://" + instanceUrl + "/syslog_list.do?sysparm_query=sys_created_onBETWEENjavascript:gs.dateGenerate('" + startDate + "','" + startTime + "')@javascript:gs.dateGenerate('" + endDate + "','" + endTime + "')%5Esource%3D" + source + "&sysparm_view=\n"); if (history) { table = 'sa_discovery_log_history'; var gr = new GlideRecord('sa_discovery_log_history'); } else { table = 'sa_discovery_log'; var gr = new GlideRecord('sa_discovery_log'); } gr.addEncodedQuery(encQ); gr.query(); while (gr.next()) { var name = gr.pattern_name.getDisplayValue(); rgx = regex; logMessage = gr.log; stringMatch = logMessage.match(rgx); if (!stringMatch) { continue; } else { try { if (stringMatch.length > 1) { splitString = stringMatch[0].split(","); matches.push("\nPattern = " + name + "\nManaged IP = " + gr.managed_ip + "\nPID = " + gr.pid + "\nLog Message =\n" + splitString[0] + "\n\nhttps://" + instanceUrl + "/" + table + ".do?sys_id=" + gr.sys_id + "\n\n"); } else { matches.push("\nPattern = " + name + "\nManaged IP = " + gr.managed_ip + "\nPID = " + gr.pid + "\n" + table + " sys_id = " + gr.sys_id + "\nLog Message =\n" + stringMatch + "\n\nhttps://" + instanceUrl + "/" + table + ".do?sys_id=" + gr.sys_id + "\n\n"); } } catch (error) {} } } if (!matches) { gs.info('No Pattern Logs found matching ' + regex); } else { for (i = 0; i < matches.length; i++) { gs.log(matches[i], source); } } gs.print('Records Queried: ' + gr.getRowCount()); gs.print('Matches: ' + matches.length); } function instanceUrlBuilder() { var instanceName = gs.getProperty('instance_name'); var domainSuffix = gs.getProperty('glide.register_server_url'); nscRgx = /servicenowcloud.mil/gmi; gccRgx = /servicenowservices.com/gmi; if (domainSuffix.match(nscRgx)) { domain = domainSuffix.match(nscRgx); } else if (domainSuffix.match(gccRgx)) { domain = domainSuffix.match(gccRgx); } else { domain = "service-now.com"; } return instanceName + "." + domain; } Related Links<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Additional Background Scripts to Search Pattern Logs: KB1585474 - Background Script to Get All Failed Pattern Error Messages from a Discovery Status KB1585475 - Background Script to Search Failed Pattern Error Messages from the Discovery Pattern Log [sa_discovery_log] Table