I am building some basic log parsing and cannot figure out a way to get this regex right. I want each regex to match only one of the logs below. The first one listed is the one not working, and the others are provided as examples to what is working.
I have provided a sample log, the regex used, and what it is returning. Any help would be greatly appreciated
In these examples: The first regex to match if the log does not contain a "\" or an "@" before or after the login. The second regex will match logs with a "\"before the login The third regex will match logs with an "@" after the login
Log:
04:52:59,1,"bob"theRestOfTheLog
Regex:
[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2},[0-9]{1,3},"(^(?!.*?\\|.*?@)<login>[^"])
No match, Want it to return:
login=bob
Log:
04:52:59,1,"abc\bob"theRestOfTheLog
Regex:
[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2},[0-9]{1,3},"(?<domain>[^\\]+)\\(?<login>[^"]+)
Returns:
domain=abc login=bob
Log:
04:52:59,1,"[email protected]"theRestOfTheLog
Regex:
[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2},[0-9]{1,3},"(?<login>[^@]+)@(?<domain>[^"]+)
Returns:
login=bob domain=xyz.org
I think for the first regex you could use exclude matching the \ and @ for the login to get that as the only match and not matching the other ones.
[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2},[0-9]{1,3},"(?<login>[^"\\@]+)"
Note that when using a negated character class [^"\\@] it will also match newlines. If you don't want to match those, you could extend it to [^"\\@\r\n]
If you don't want to allow newlines or whitespaces use \s instead of \r\n