Prop Config Issue

Jiamin — Mon, 28 Sep 2020 15:49:27 GMT

Hi, I currently writing prop configure to validate my event

Events

Feb 03 13:22:23 Jessica-Ubuntu kernel: [ 7098.424722] usb 1-1: Manufacturer: SanDisk Feb 3 13:22:23 Jessica-Ubuntu kernel: [ 7098.424725] usb 1-1: SerialNumber: 200522427013E6812147 Feb 4 22:11:46 Jessica-Ubuntu kernel: [ 2.710593] usb 2-2.1: Product: Virtual Bluetooth Adapter Feb 4 22:11:46 Jessica-Ubuntu kernel: [ 2.710597] usb 2-2.1: SerialNumber: 000650268328

PropConfig Settings

[source::linuxusb]
SHOULD_LINEMERGE = true
BREAK_ONLY_BEFORE = Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec
EXTRACT-date = (?i) .*? (?P\w+\s+\d+\s+\d+:\d+:\d+)\s+\w+
EXTRACT-description = (?i) Product: (?P.+?)\s+\w+\s+\d+
EXTRACT-device_mfg = (?i) Manufacturer: (?P[^ ]+)
EXTRACT-serial_number = (?i) SerialNumber: (?P.+)

Result for SerialNumber

200522427013E6812147 Feb 4 22:11:46 Jessica-Ubuntu kernel: [ 2.710593] usb 2-2.1: Product: Virtual Bluetooth Adapter Feb 4 22:11:46 Jessica-Ubuntu kernel: [ 2.710597] usb 2-2.1: SerialNumber: 000650268328

I only wan 200522427013E6812147. How do i grab this data only. Please help

Re: Prop Config Issue

kristian_kolb — Fri, 07 Feb 2014 06:43:57 GMT

Is this one, or four events? If it's supposed to be four events, then your line-breaking isn't working either.

For the REGEX extraction of SerialNumber, just be a bit more specific - instead of .+ try \S+ (i.e. anything but newline, tab, space) or even [A-Z0-9]+ depending on what characters you can expect to find.

Re: Prop Config Issue

Jiamin — Mon, 28 Sep 2020 15:49:32 GMT

Thanks for the help! i solved this problem by using:
EXTRACT-serial_number = (?i) SerialNumber: (?P.[^ ]+)

topic Re: Prop Config Issue in Getting Data In

Prop Config Issue

Re: Prop Config Issue

Re: Prop Config Issue