How do I split a filename using Logstash Grok?
One of these days I'll learn regex.
I have the following filename
PE-run1000hbgmm3f1-job1000hbgmm3dt-Output-Workflow-1000hbgmm3fb-22.07.17.log
I'm able to get this to work so...
(?<logtype>[^-]+)-(?<run_id>[^-]+)-(?<job_id>[^-]+)-(?<capability>[^(0-9\.0-9\.0-9)]+)
logtype: PE
run_id: run1000hbgmm3f1
job_id: job1000hbgmm3dt
But I'm getting
capability: Output-Workflow-
...though I want it to be
capability: Output-Workflow-1000hbgmm3fb
...that is, all the text after the job_id up to the timestamp HH.mm.ss. Any help please? Thanks!
It is because you cannot negate a sequence of symbols with a negated character class. [^(0-9\.0-9\.0-9)] matches any single char other than (, digit, . and ).
You may replace your (?<capability>[^(0-9\.0-9\.0-9)]+) with (?<capability>.*?)-\d{2}\.\d{2}\.\d{2} to get the right value.
Now, the (?<capability>.*?)-\d{2}\.\d{2}\.\d{2} will match any 0+ chars (and capture them into "capability" group) as few as possible (since the *? is a lazy quantifier) up to the first occurrence of -, followed with 2 digits, and then 3 sequences of a dot (\.) followed with 2 digits.
See the regex demo at regex101.com.
- Python RegEx: match words in a string only if they are not preceded by a specific character
- Regular expression that ignores HTML entities
- Allow access to page only from certain referrer
- Regex to match string containing two names in any order
- Matching boot times from log using sed -E
- Validate Bangladeshi phone number with optional +88 or 01 preceeding 11 digits
- Split address and numbers
- Using setCustomValidity stops input from validating
- Use dynamic (variable) string as regex pattern in dart
- Regular expression matching Android package name
- Replace commas not inside single quotes with an @ symbol
- Visual Studio Code Search and Replace with Regular Expressions
- Split string on commas not inside double quotes
- Replace inner letters inside words that start with and end with a specific letter with the same amount of a specific character
- regex for expression with one separator hyphen
- Extracting specific data from a string with regex and Powershell
- Parse datetime string in Ydm.His format
- Extract all words double wrapped in curly braces
- Parse dot-delimited video filename to extract show title, series number and episode number
- Split a string into words, preserving contractions but removing leading apostrophes from words
- Split string on pipes which are not between square braces
- Simple regex pattern for email
- How to extract filename without extension in Makefile
- Regex pattern containing backlashes causes failure in preg_replace()
- preg_replace() pattern starting with < and ending with > doesn't find HTML comments as intended
- Split a string on spaces and/or commas after a word which may be preceded by a small word
- How to convert split() to preg_split()?
- Parse a string without delimiters into a 2d array
- Regex to extract WordPress wp-config database information and automating it with ansible to update a shared hosting environment
- Input regex for UK postcodes constantly invalid