rex syntax to parse source path for a sub-directory name and the file name

vincenty — Thu, 18 Apr 2013 18:22:20 GMT

I am trying to parse source path for a sub-directory name and its file name. My source files are as follows:

source=/home/sd1/sd2/sd3/(subdir1)/file1.out
source=/home/sd1/sd2/sd3/(subdir1)/sd4/file2.log
source=/home/sd1/sd2/sd3/(subdir1)/sd4/sd5/file3.out
source=/home/sd1/sd2/sd3/(subdir1)/sd4/sd5/sd6/file4.out

I can't seem to get the syntax correct with the following:

Exception sourcetype=EDGDC2 | rex ".*?(?<exception>(?:\w+\.)+\w*?Exception).*" | rex field=source "(/\w*)+(/\w*)+(/\w*)+(/\w*)+(?<subdir1>(/\w*))+/+(?<fname>(\w*+\.+\w*))+" | stats count by exception, subdir1

The above rex will always get the last sub-directory where the file is. Tried several different variation but the above is the closest I get...

Re: rex syntax to parse source path for a sub-directory name and the file name

kristian_kolb — Thu, 18 Apr 2013 18:33:10 GMT

rex field=source "(/[^/]+){4}/(?<subdir1>[^/]+)/.*/(?<fname>.*)$"

should work.

EDIT: missed that you wanted the filename as well...

topic rex syntax to parse source path for a sub-directory name and the file name in Getting Data In

rex syntax to parse source path for a sub-directory name and the file name

Re: rex syntax to parse source path for a sub-directory name and the file name