Solved: Re: Help with regex needed

damucka · ‎11-15-2021

Hello,

We have Django logs in following format:

11/15/2021 08:34:38 [INFO - 171 ] - [tenant_move.py] - [STOP_PROCESS] : STOP_PROCESS(HANA Tenant Move Alerts) completed successfully - Rows affected : 1

and we would like to extract the following fields using regex, on the above example:

TYPE=INFO

LINE=171

SCRIPT=tenant_move.py

MODULE=STOP_PROCESS

.. ideally using single regex expression and not 4 separate.

Could anyone help?

Kind regards,

Kamil

gcusello · ‎11-15-2021

Hi @damucka,

please try this regex:

| rex "\d+\/\d+\/\d+\s+\d+:\d+:\d+\s+\[(?<TYPE>\w+)\s+-\s+(?<LINE>\d+)[^\[]+\[(?<SCRIPT>[^\]]+)[^\[]+\[(?<MODULE>[^\]]+)"

that you can test at https://regex101.com/r/cM1Jwj/1

Ciao.

Giuseppe

View solution in original post

gcusello · ‎11-15-2021

Hi @damucka,

please try this regex:

| rex "\d+\/\d+\/\d+\s+\d+:\d+:\d+\s+\[(?<TYPE>\w+)\s+-\s+(?<LINE>\d+)[^\[]+\[(?<SCRIPT>[^\]]+)[^\[]+\[(?<MODULE>[^\]]+)"

that you can test at https://regex101.com/r/cM1Jwj/1

Ciao.

Giuseppe

gcusello · ‎11-15-2021

Hi @damucka,

good for you, see next time!
Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

Help with regex needed

regex

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

What’s New in Splunk Observability Cloud: January Feature Highlights & Deep Dives

Join the Conversation

Help with regex needed

regex

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

What’s New in Splunk Observability Cloud: January Feature Highlights & Deep Dives