Extracting a username from logs files using Regex

Hi im trying to extract domain usernames from my juniper log files using regex however depending on the log message the fully qualified domain name isnt always displayed

See example below:

line 1:      juniper -ive -] domain/user1(realm) etc. etc.
Line2:      juniper -ive -] user2(realm) etc. etc.

i would like to extract just the username into a group so i'm trying to exclude the word "DOMAIN/" so far i have this:

\]\s(?!DOMAIN\/\b)([a-z_0-9]+)

however it only seems to capture user2

Thanks,
LVL 1
kchallAsked:
Who is Participating?
 
kchallConnect With a Mentor Author Commented:
Sorry Wdosanjos i couldnt get your string to work. In the end i used the following

\]\s(?:DOMAIN\\*)?(.\w+)

Thanks anyways
0
 
wdosanjosCommented:
Please try:

(?<=]\s(\w+/)?)\w+(?=\(realm\))
0
 
sdstuberCommented:
'\] (domain//)?([a-z_0-9]+)'

with a back reference of 2,  exact syntax for the back reference will depend on the language/library of the regexp
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
kchallAuthor Commented:
Wdosanjos that returned no matches,

I should add im using Rad software Expression Designer to test my regex's

Sdstuber im not sure what you mean, i'm using regex so i can pull out fields in my splunk log analyzer

Thanks,
0
 
wdosanjosCommented:
Here is my test code (C#):
var rx = new Regex(@"(?<=]\s(\w+/)?)\w+(?=\(realm\))");
var tests = new string[]
{
"juniper -ive -] domain/user1(realm)",
"juniper -ive -] user2(realm)"
};

foreach (var test in tests)
{
    rx.Match(test).Value.Dump();
}

Open in new window

Output
user1
user2

Open in new window

0
 
kchallAuthor Commented:
screenshotHi Wdosanjos

when i run that it does in fact match user1 and user2 however i need to group the matches as well.

Also the word "realm" cannot be referenced as this can change as users logon to multiple realms
0
 
wdosanjosCommented:
The expression to address multiple realms is:

(?<=]\s(\w+/)?)\w+(?=\(\w+\))

What do you mean by "group the matches"?  Please give an example.
0
 
kchallAuthor Commented:
Grouping Constructs using the ( and ) symbols
IE. if i wanted to just capture domain/user1 and user2 i would use \]\s([a-z0-9\/]+)
0
 
wdosanjosConnect With a Mentor Commented:
Checking the ExplicitCapture option should resolve the grouping issue.
0
 
kchallAuthor Commented:
huh!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.