Detecting devices by CDP/LLDP is one use case, yes. My question though is general, I want to understand EEM script capabilities enough to develop sustainable solutions and not just blindly copy what other people have done that may work but I don't know why.

For the example above with the 9164 AP, CDP output looks like this:

switch#show cdp neighbors gi1/0/2 detail
-------------------------
Device ID: ap1
Entry address(es):
  IP address: 10.1.1.93
Platform: cisco CW9164I-E,  Capabilities: Router Trans-Bridge
Interface: GigabitEthernet1/0/2,  Port ID (outgoing port): GigabitEthernet0
Holdtime : 142 sec

Version :
Cisco AP Software, ap1g6a-k9w8 Version: 17.12.5.41
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2014-2015 by Cisco Systems, Inc.

advertisement version: 2
Duplex: full
Power drawn: 30.000 Watts
Power request id: 2193, Power management id: 2
Power request levels are:30000 15400 0 0 0
Management address(es):
  IP address: 10.1.1.93


Total cdp entries displayed : 1

https://www.cisco.com/c/en/us/td/docs/ios/12_2/dial/configuration/guide/dafaapre.html

Offical doc you need

MHM

Thanks! But it is 20 years old... but I cant find any info that regex actually has evolved since version 1, so maybe that is srtill accurate. I may also have found the list of variables. In this doc, accurate for the IOSXE version Im running, the different features of various EEM versions is listed (and also that EEM is backwards compatible):

https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/syst-mgmt/b-system-management/m_eem-policy-cli.html 

There one can see that CDP was added in EEM version 3.2. The documentation for that is here:

https://www.cisco.com/c/en/us/td/docs/ios/netmgmt/configuration/guide/nm_eem_3-2.html

... and lo and behold, a list of variables!

CW9164I-E

Your regex must match 

CW91(any number)(any letter)-(any letter)

^CW91\d+[A-Za-z]-[A-Za-z]$

Note:- way I mention above is how regex understand what you need

Note:- /d+ is same as [0-9]+

MHM

I tried it briefly, but when I run the command to point to the file on flash: I got an error message. GPT said TCL requires 9300 and up and I did not verify that. Considering GPTs accuracy on EEM scripts overall there is a good chance it lied to me.

Switch#debug embedded event manager action cli

Run this debug after add regex as event abd action as anything like puts hello message.

I dont think it issue of regex any more 

MHM

For what it's worth, I asked GPT the same, and it told me this as well.
When I challenged it, it said that while guest shells are not supported on 9200, sometimes people may (incorrectly) interpret that as TCL scripts also not being supported, and changed its mind.

Just for reference, this is the snippet I made and tested today

::cisco::eem::event_register_neighbor_discovery interface .* cdp add

namespace import ::cisco::eem::*
namespace import ::cisco::lib::*

array set arr_einfo [event_reqinfo]

set platform $arr_einfo(cdp_platform)
set interface $arr_einfo(local_intf_name) 


if {[regexp {C91[0-9][0-9]} $platform]} {
    puts "Matched CDP platform: $platform on $interface"
}

Which gave me this log line:

*Jul 30 10:34:13.199: %HA_EM-6-LOG: myscript.tcl: Matched CDP platform: cisco C9120AXI-E on TenGigabitEthernet1/0/48

And my cdp nei looks like this:

switch#sh cdp nei
[...]
Device ID Local Intrfce Holdtme Capability Platform Port ID
AP[...] Ten 1/0/48 169 R T C9120AXI- Gig 0

This DOC was my reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/eem/configuration/xe-16-10/eem-xe-16-10-book/eem-event-reg-tcl.html#GUID-C5FC21FE-C9F6-417C-8713-033857204C9F

personally I favor TCL scripts over in-config EEMs for more complex scripts, both because of the flexibility and you have error handling (try/catch).
But this of course depends on the overall team you're in, as others may need to be able to work and troubleshoot this functionality.