Group dynamic criteria regex usage


#1

I am looking to create a custom group based on devices NOT being of a particular type. By default, it will only match if it is a particular type. In my test case, I am trying to create a group consisting of devices that are not gateways. And another that is composed of http servers that are not gateways. I noticed that the criteria is displayed as regex, so I created a group that only had gateway devices, then used the regex it produced to create an “everything except gateways” match. The negation I would normally use in regex does not seem to work. The criteria:
/.(?!gateway)./
just returns every device, including gateways.
The criteria:
/^(?!gateway)extrahop.device.http_server$/
gets me all the http servers but, sadly, this still includes the gateways.

Does anyone have either an explanation for the regex behavior or a better way to accomplish this?


#2

This isn’t specifically what you’re looking for, but perhaps it can be of some assistance.

If you want a dynamic group that has everything other than gateways you can use this regex expression:
/^node$|^http$|^firewall$|^load_balancer$|^file_server$|^custom$|^remote$|^pseudo$/

Unfortunately I can’t come up with a way to get you a dynamic group of only HTTP servers that excludes all gateways.


#3

Thanks. That is about what I thought. I don’t know, though. It doesn’t seem in the proper regex spirit to have to do all of that explicit typing. :slight_smile: