comma separate syslog regex
Hello,
First of all im completely new to the whole regex world:)
I have a syslog line comma separated and i want a regex pattern which for example will extract everything after the 18th comma until the 19th comma:
Jul 22 17:36:52 filterlog: 115,16777216,,1433788744,e
its(my app) using java-based regex
thanks
First of all im completely new to the whole regex world:)
I have a syslog line comma separated and i want a regex pattern which for example will extract everything after the 18th comma until the 19th comma:
Jul 22 17:36:52 filterlog: 115,16777216,,1433788744,e
its(my app) using java-based regex
thanks
ASKER
i don't think that is possible in vmware log insight
http://pubs.vmware.com/log-insight-20/index.jsp#com.vmware.log-insight.user.doc/GUID-5553DE45-6871-4F28-85C2-867D0F72AAA1.html
http://pubs.vmware.com/log-insight-20/index.jsp#com.vmware.log-insight.user.doc/GUID-5553DE45-6871-4F28-85C2-867D0F72AAA1.html
It seems you are interested in the first IP address. Try:
\d+\.\d+\.\d+\.\d+
In the actual java code, you would need to escape the backslashes, so if the above doesn't work, try:
\\d+\\.\\d+\\.\\d+\\.\\d+
\d+\.\d+\.\d+\.\d+
In the actual java code, you would need to escape the backslashes, so if the above doesn't work, try:
\\d+\\.\\d+\\.\\d+\\.\\d+
ASKER
no im also interested i the second IP, and the ports and the interface and the rule number and if its in or out and if its blocked or passed
and so on... that why i need to be able to say get the chars after this amount of comma's
and so on... that why i need to be able to say get the chars after this amount of comma's
please state your requirements clearly.
In your original post I can see
In a subsequent post you state
In another post you state
In your original post I can see
for example will extract everything after the 18th comma until the 19th comma:
In a subsequent post you state
i need to be able to say get the chars after this amount of comma's
In another post you state
i don't think that is possible in vmware log insightCan you explain why not?
ASKER
i need a regex which in which i can say after you came a cross x amount of comma's (no matter if it were ,,, or ,1234,12345,123,) give me everything after that comma until the next comma.
In vmware log insight i can extract field. The field extraction is done for me, i just need to tell log insight where it is in the text
the problem is the only consistent thing is the number of "," in front of it.
see the attachment.
so it is about the pre and post context
2015-07-22-21-17-32.png
In vmware log insight i can extract field. The field extraction is done for me, i just need to tell log insight where it is in the text
the problem is the only consistent thing is the number of "," in front of it.
see the attachment.
so it is about the pre and post context
2015-07-22-21-17-32.png
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks a lot, I have one more question.
(?:[^,]*,){8} after the 8th comma there will always be a 4 or a 6.
is it possible to only get lines where there is a 4 after the 8th comma.
(?:[^,]*,){8} after the 8th comma there will always be a 4 or a 6.
is it possible to only get lines where there is a 4 after the 8th comma.
Using the example input string you provided, if you enter the following in the Pre-Context box:
(?:[^,]*,){8}4
and then:
([^,]+)
In the Extracted Value box, then it should capture "0x0" (again, I am using the example string you posted. If the sample string had a 6 instead of a 4, then it wouldn't match that row.
(?:[^,]*,){8}4
and then:
([^,]+)
In the Extracted Value box, then it should capture "0x0" (again, I am using the example string you posted. If the sample string had a 6 instead of a 4, then it wouldn't match that row.
Open in new window