Thanks @Seb Rupik.  Your suggestions gave me a few things to try.  I added another OR statement.  I found out that the first bracket matches the first digit and the second bracket matches the second digit.  For it to be true, both digits have to be found in their respective positions.

Thus if 16 weeks or more is needed, I did this:

Last in.* [1][6-9]w

...First digit can only be a 1 and the second digit can be a 6,7,8,9 resulting in 16,17,18,19

In order to continue with 20 and after, another OR statement was needed.

Last in.*[2-9][0-9]w

...Now first digit can be 2-9 and the second digit can be 0-9 resulting in 20-99

This statement now give me unused ports 16 weeks or greater.

show int | i proto.*notconnect|proto.*administratively down|Last in.* [1][6-9]w|Last in.*[2-9][0-9]w|[0-9]y|disabled|Last input never, output never, output hang never

I like it, good regex-fu!

Unfortunately this command does not work 100% properly. It showed me a port which is only unused since 2 weeks.

GigabitEthernet1/0/25 is down, line protocol is down (notconnect)
Hardware is Gigabit Ethernet, address is 580a.20dd.8c99 (bia 580a.20dd.8c99)
MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 2w0d, output 2w0d, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
31066381 packets input, 8796519066 bytes, 0 no buffer
Received 620213 broadcasts (348900 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 348900 multicast, 0 pause input
0 input packets with dribble condition detected
63243708 packets output, 43477234713 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
1663 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

Do you know why this happens and can this be fixed?

Can you share the exact show command that you are using?

cheers,

Seb.

I tried the command from the first post.

show int | i proto.*notconnect|proto.*administratively down|Last in.* [6-9]w|Last in.*[0-9][0-9]w|[0-9]y|disabled|Last input never, output never, output hang never

It is matching 'protocol is down (notconnect' with the regex:

proto.*notconnect

Perhaps you want to strip the regex down to search just on the Last input value:

show int | i Last in.* [6-9]w|Last in.*[0-9][0-9]w|[0-9]y|Last input never, output never, output hang never

cheers,

Seb.

Thanks for your answer. Your suggestions works better but unfortunately now the interfaces are not shown anymore.

However I tried only proto.*down and this worked in my first approaches.

show int | i proto.*down|Last in.* [0-9]w|Last in.*[0-9][0-9]w|[0-9]y|disabled|Last input never, output never, output hang never

Seb,

I am running the command: 

show int | i proto.*down|Last in.* [0-9]w|Last in.*[0-9][0-9]w|[0-9]y|disabled|Last input never, output never

However, it is showing me every port that is down (even if it has only been down for a few days).  Is there any way to make it not show me ports that are down unless it has been down for 2 weeks?  Or is there a document that dives further into what the values inside of the brackets mean?

Here is what it looks like when I run the code:

XXXXXXXXXX#$n.* [0-9]w|Last in.*[0-9][0-9]w|[0-9]y|disabled|Last input never, output never
Vlan1 is administratively down, line protocol is down
GigabitEthernet0/1 is down, line protocol is down (notconnect)
GigabitEthernet0/2 is down, line protocol is down (notconnect)
GigabitEthernet0/3 is down, line protocol is down (notconnect)
Last input never, output never, output hang never
GigabitEthernet0/4 is down, line protocol is down (notconnect)
GigabitEthernet0/5 is down, line protocol is down (notconnect)
Last input never, output 1w4d, output hang never
GigabitEthernet0/6 is down, line protocol is down (notconnect)
Last input never, output never, output hang never
GigabitEthernet0/7 is down, line protocol is down (notconnect)
Last input never, output never, output hang never
GigabitEthernet0/9 is down, line protocol is down (notconnect)
Last input never, output never, output hang never
GigabitEthernet0/11 is down, line protocol is down (notconnect)
Last input never, output never, output hang never
GigabitEthernet0/12 is down, line protocol is down (notconnect)
Last input never, output never, output hang never

Here is port 1:

XXXXXXX#sh int gi0/1
GigabitEthernet0/1 is down, line protocol is down (notconnect)
Last input 5d01h, output 5d01h, output hang never

Hi there,

The reason Gi0/1 is showing is that the show int output is matching on:

GigabitEthernet0/1 is down, line protocol is down (notconnect)

...using this element of the regex statement:

show int | i proto.*down

As for the numbers in the square brackets, that represents a numeric range for a single digit. ie [0-9] will match one of 0,1,2,3,4,5,6,7,8,9 

[4-7] will match one of 4,5,6,7 .

Now if you want to find the switchports which have been 'down' for 2 weeks, all we have to go on is the last input/output values. So the following regex would work:

show int | i Last in.*[2-9]w|Last in.*[1-9][0-9]w|Last in.*[1-9]y|Last input never, output never

This will look for the digit preceeding the week value. Notice we have a regex OR operator, so we are first looking for a value 2 to 9, OR 10-99 OR 1-9 years.

cheers,

Seb.

this only returns the status Seb.  how would you determine which interface actually matches the last input value given

Hi there,

I don't have a way to test this currently but it looks like we have forgotten to match on the first line of sh int output which would give us the interface ID:

show int | i proto.*down

...once we have that we can start adding the remaining conditional statements:

show int | i proto.*down|Last in.*[2-9]w|Last in.*[1-9][0-9]w|Last in.*[1-9]y|Last input never, output never

Does it work?

cheers,

Seb.

Good morning Seb,

so i was working in Python the entire time vs. just the CLI of a given Cisco device. 

i used netmiko and TEXTFSM templates to pull the interface data.  

then i did some regex within python to determine the interfaces that i wanted to see which had not been active in two weeks.  here is a test i was doing which i think integrated into my python script.

your post here made it easier for me to create my regex pattern along with a regex generator. 

Thanks again. 

Any mention of years and you can assume it is longer than 2 weeks. You also seem to have repeated '[1-9][0-9]w'. The two digit week number can be solved using the ? operator.

I think you could condense your regex down to just:

[0-9]{1,2}+y|[1-9][0-9]?w

...and pass the same number of test cases.

cheers,

Seb.