[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Extracting a username from logs files using Regex

Posted on 2012-04-04
10
Medium Priority
?
387 Views
Last Modified: 2012-06-27
Hi im trying to extract domain usernames from my juniper log files using regex however depending on the log message the fully qualified domain name isnt always displayed

See example below:

line 1:      juniper -ive -] domain/user1(realm) etc. etc.
Line2:      juniper -ive -] user2(realm) etc. etc.

i would like to extract just the username into a group so i'm trying to exclude the word "DOMAIN/" so far i have this:

\]\s(?!DOMAIN\/\b)([a-z_0-9]+)

however it only seems to capture user2

Thanks,
0
Comment
Question by:kchall
  • 5
  • 4
10 Comments
 
LVL 23

Expert Comment

by:wdosanjos
ID: 37806488
Please try:

(?<=]\s(\w+/)?)\w+(?=\(realm\))
0
 
LVL 74

Expert Comment

by:sdstuber
ID: 37806499
'\] (domain//)?([a-z_0-9]+)'

with a back reference of 2,  exact syntax for the back reference will depend on the language/library of the regexp
0
 
LVL 1

Author Comment

by:kchall
ID: 37806551
Wdosanjos that returned no matches,

I should add im using Rad software Expression Designer to test my regex's

Sdstuber im not sure what you mean, i'm using regex so i can pull out fields in my splunk log analyzer

Thanks,
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
LVL 23

Expert Comment

by:wdosanjos
ID: 37806581
Here is my test code (C#):
var rx = new Regex(@"(?<=]\s(\w+/)?)\w+(?=\(realm\))");
var tests = new string[]
{
"juniper -ive -] domain/user1(realm)",
"juniper -ive -] user2(realm)"
};

foreach (var test in tests)
{
    rx.Match(test).Value.Dump();
}

Open in new window

Output
user1
user2

Open in new window

0
 
LVL 1

Author Comment

by:kchall
ID: 37806743
screenshotHi Wdosanjos

when i run that it does in fact match user1 and user2 however i need to group the matches as well.

Also the word "realm" cannot be referenced as this can change as users logon to multiple realms
0
 
LVL 23

Expert Comment

by:wdosanjos
ID: 37806777
The expression to address multiple realms is:

(?<=]\s(\w+/)?)\w+(?=\(\w+\))

What do you mean by "group the matches"?  Please give an example.
0
 
LVL 1

Author Comment

by:kchall
ID: 37806849
Grouping Constructs using the ( and ) symbols
IE. if i wanted to just capture domain/user1 and user2 i would use \]\s([a-z0-9\/]+)
0
 
LVL 23

Assisted Solution

by:wdosanjos
wdosanjos earned 400 total points
ID: 37806946
Checking the ExplicitCapture option should resolve the grouping issue.
0
 
LVL 1

Accepted Solution

by:
kchall earned 0 total points
ID: 37810231
Sorry Wdosanjos i couldnt get your string to work. In the end i used the following

\]\s(?:DOMAIN\\*)?(.\w+)

Thanks anyways
0
 
LVL 1

Author Closing Comment

by:kchall
ID: 37826734
huh!
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In real business world data are crucial and sometimes data are shared among different information systems. Hence, an agreeable file transfer protocol need to be established.
We are witnesses that everyone is saying that our children shouldn't "play" with a technology because it is dangerous. This article is going to prove that they are wrong.
Six Sigma Control Plans
Loops Section Overview

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question